How to Remote Wipe a Linux Computer When It Is Stolen

Are you one of the many who carries your laptop with you everywhere? According to the NSW Bureau of Crime Statistics and Research, there has been a sharp increase in the rise of laptop thefts this past decade – and not just with people who travel. There has also been a sharp increase in the number of computers being stolen when houses get broken into, mostly because of the value of the data kept in most systems. What do you do if you’re one of the unfortunate few who have had a computer stolen? Unfortunately, there is almost nothing you can do if your Linux system was stolen from you if you didn’t put any safeguards in place beforehand to protect your data. However, if you take, or planning to take, precautions, you may be able to wipe your data before the hackers got their hands onto it.

Remote-Wipe-Linux-Beware

There are some computer programs that you can use to wipe your data remotely if it gets stolen. However, the functionality of most of these programs is limited. They don’t wipe all your files, but you can wipe lock your computer and wipe your files. Prey is one such anti-theft, open source program that works with Linux. Prey tracks your computer if it gets stolen. It installs an agent on your system that can be triggered remotely to lock your computer or track it. You can even use Prey to click photos using the laptop webcam. The Pro version of Prey (5$/mo) let you remotely wipe some files and passwords from your computer remotely. However, according to the developers, remote wiping should be attempted only if everything else fails, as Prey wipes itself out along with everything else.

Remote-Wipe-Linux-Hacker

Is Prey a foolproof solution to your problems? No, it’s not. A clever thief would just format your computer before using it, rendering Prey impotent. It’s possible to set up a BIOS password, however, which will prevent a thief from formatting the computer. But then a really clever thief can just remove the hard drive and copy the contents to another.

If you don’t have any safeguards in place and your computer has been stolen, you can try logging in remotely and using the hard-disk wipe command. In most cases, the chance that you will be able to access your system will be low. If, by some miracle, you manage to log in, try typing the hard disk wipe command:

dd if=/dev/zero of=/dev/sdabs=1M

This command overwrites all data, master boot records and all partitions. It fills your disk with unintelligible zeroes. All your data will be lost, of course, but at least a thief won’t be getting his hands on it. You can also set up an “init” process that begins to wipe your hard disk when invoked (something along the lines of the Prey agent). The problem with this approach is, again, getting access to your computer remotely. The only way you can truly protect your data is by encrypting your entire hard drive.

You can keep your data safe by encrypting your entire hard drive – all of it. Your system performance will probably take a hit if you do that, of course, but at least your data will be safe, even if your computer happens to get stolen. How do you encrypt your hard drive? You can use a software product that encrypts your hard drive at the file system level or at the block device level. You can try the eCryptfs encryption software, which is a file system level software. It uses a key that is stored in the Linux kernel keyring to encrypt and decrypt files. Metadata is stored in the header of an encrypted file, which lets it be copied between hosts.

Remote-Wipe-Linux-Encrypt

If you’re looking for block device level software, you can try TrueCrypt. It lets you encrypt an entire hard drive – the entire process is done automatically. If you own a powerful system, it will be easier for you to run TrueCrypt because of the hardware-application support. Let’s face it – losing your computer is not a good situation to be in. But you can at least make sure no one gets their hands on your data by taking adequate precautions.

Image credits: Perspecsys Photos, Andy Singer,  Berishafjolla @ WikiMediaChris Dag, System Lock