You are here: Home / Featured / Catching the thief with a touch of Prey

Catching the thief with a touch of Prey

Wednesday, 5 January 2011 By

If you have ever had your laptop stolen, you know the feeling. All those really important files on that machine : gone. All the data about yourself : exposed. The chance for capturing the thief: very small. Well, it might be time now to fight back and give them some serious taste of their own stuff.

The answer to this is called Prey, and it’s completely free. As the people from Prey say themselves:

Prey lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen. It’s lightweight, open source software, and free for anyone to use. And it just works.

And it’s available on main operating systems such as Windows, Mac OS, Ubuntu, Linux and Android. Apparently an iOS (iPad/iPhone(?)) version is on its way as well.

Our focus

First off, in our test we focussed on the use of Prey for the recovery of PC’s and laptops. Be aware that Prey can also protect your Android phone if you happen to have one, and in the future also your precious iOS device. We will certainly come back to Prey and give it a try again :)

So how does this work?

Installation

I’ve installed Prey on three machines, a Windows XP machine (called DUBAI), my iMac and a MacBook Pro. You just select the proper OS on the Prey website (www.preyproject.com) and follow install instructions. I had no problems whatsoever in installing the software. It’s very “light” as the developers say. Of course you need administrative access to your system in the first place to be able to install it.

The idea behind it all is that you just install the Prey client and afterwards that you forget about it.

Prey account and control panel

On the first machine, I have created my account at Prey, which allows you to access your control panel.

From the control panel you later on have access to your devices and you can:

  • access the alerts and incident reports that your machines generate when you say they are missing
  • configure the kind of alerts and report modules
  • get information about your hardware (great to file a police report – see image above)

Action modules

In the control panel you can define the actions which should take place when you have marked the machine as missing:

  • Sound an alarm : When this is set, your machine will make a sirene like “really loud” noise.
  • Alert: When set, a dialog box is displayed to the person sitting in front of the machine. This is perhaps not the thief, but somebody who bought your stolen PC on eBay … so you can enter your contact details here.
  • Lock : You can lock the machine from being used until a password you decide is being entered. This is quite nice as you can disable it from a distance.
  • Secure: If all fails, you can remove all your data from the machine, including cookies, credentials, and data (Firefox, Chrome, Safari, Outlook, Thunderbird) and have the machine shutdown.

Report modules

And now for the really nice stuff … you can configure what is audited each time the machine goes into alert mode.

The reporting modules are split into two sections: network related and session related.

Network reporting:

  • Lists the active connections
  • Looks for SSIDs of nearby Wifi hotspots
  • Performs a traceroute

Session reporting:

  • Takes a screenshot, so you might catch the user in entering his credentials in some application! Unlikely, but you just might get lucky.
  • Get modified files lists out the files modified during the last polling interval with Prey
  • Get the running programs on the machine
  • Gets a shot with the webcam (if the PC has one)
  • Gets the PC’s physical geolocation. This will show up on Google Maps.

So if this works, you know where your PC is at (if the PC supports geolocation), might get a picture from the user in front of the PC, get to know his IP address … you are now ready for action and go to the police.

Case study : My laptop is missing!

In the control panel I have marked my laptop as missing.

After waiting a while (20 minutes by default, but you can shorten this), my MacBook started to make a loud noise and a dialog box was displayed on its screen telling me to contact the owner (me in this case). But that’s not the most interesting stuff. More interesting was the report that Prey had sent me (by email with a link, or accessible through the control panel).

It contained everything I had hoped for …

Location

It mentions all the details about the network connection I am on, but it also displays a really accurate Google Map with the location of my missing portable.

How cool can things get around here ?

So police know immediately where they need to be to catch the thief and to get my stuff back.

Payback time has arrived!

Screenshot

Also a screenshot of what was on the laptop’s screen is taken.

Nice to see my pussycat back. This is the screen at which the thief is currently looking at.

User seen by webcam

And the user at that time in view by the webcam of the portable is nicely photographed (oops, that’s me too :) in my home office). As my good fortune wants, I was just adjusting my glasses … so no real positive ID here but the world ain’t perfect all the time.

Other additional info

The SSID (SQIT001) and the channel (6), and the encryption used to access the Wifi (WPA2-PSK) are all clearly mentioned.

All real nice information which would help to identity and catch the user (or thief) of your precious computer.

Conclusions

Prey is free. That’s perhaps the best thing about it.

It is also lightweight. I did not notice any degradation in performance whatsoever on any of the machines on which I have installed Prey. It hides itself so if you are not sure that Prey is installed, you will not notice this. Thieves getting into your computer will normally not notice that Prey is installed until they see the side effects : alarms, message and if needed a total lockdown.

It’s easy configurable via a centralized control panel and therefore you can even intervene on missing equipment when it’s already gone as Prey checks in at regular intervals when an internet connection is available.

In the free version, you can monitor 3 PC’s, but you can lift this limitation if you upgrade to a Pro account.

Some problems

Need for internet access

In order to have Prey work it needs an internet connection. So if your thief never goes surfing or connects to the internet, you will never see that precious computer again. Also, you need to install Prey before your computer gets missing. Afterwards you can do nothing anymore.

Prey not always launched on Windows

On Mac and Linux PC’s, Prey doesn’t need that there is an active session as it is run by the root user. On Windows Prey does need an active session because that is what triggers the networking system — required for making a connection to the Control Panel.

For this reason Prey encourages users to keep a non-privileged guest account just to lure the thief in. Because even if Prey does work with no active session, if a thief cannot log in he’ll probably just turn off the PC and your chances of gathering evidence are much smaller.

Reformatting the PC

If the thief reformats the PC’s disk, then that’s also a different story.

Prey encourages you to add a BIOS password and disable booting from removable devices on your PC, so that the thief will be forced to boot into the previous installation and thus, not be able to format your hard disk easily. If you have a Mac, there’s a firmware password utility on your Mac OS installation DVD. You can find it in in Applications/Utilities on the disc.

Prey suggests setting the BIOS password to prevent the BIOS settings from being modified so thus not to disallow booting. The point is to make it hard for the thief to format the PC, so Prey’s recommendation is to disable booting from other devices other than your primary hard disk, so he’ll be forced to boot into your Prey-protected OS.

The verdict

But our overall verdict is a big thumbs up !

We give Prey an 9.5/10

I will leave it on my computers and forget about it. Until perhaps one day …

More information : www.preyproject.com.

They have just released their version 0.5. We did our testing with 0.4.4, nothing real substantial has changed besides Offline actions support, which enables you to force the actions to be kept running even if the device goes offline.

You can also subscribe to their RSS feed here.

Thank you!

To Tomás Pollak from Prey for the answers and support during this review.

Picture gallery

Improve our visibility and share this article with your friends !
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • RSS
  • Slashdot
  • Twitter
Filed Under: Featured, Reviews Tagged With: ,
About Danny Bisaerts

Danny Bisaerts has grown over the past decades from a development background into the world of Information Security and Physical Security. He has spent a lot of time in the world of finance, government, consulting, manufacturing, telecommunications and utilities ...

Danny is currently the editor of www.itsecurity.be. Email : editor@itsecurity.be
LinkedIn : Public Profile

Comments

  1. Kathy says:
    Monday, 25 April 2011 at 09:36

    Liked your post!
    Information Security is something not to omitted indeed!

Trackbacks

  1. ITsecurity.be - Prey 0.5.2. is out! says:
    Thursday, 27 January 2011 at 18:30

    [...] those who don’t know Prey, we did a full review of their software beginning of this month ( and we loved it ) Improve our visibility and share this article with [...]

  2. ITsecurity.be - Looking back on our first month says:
    Saturday, 5 February 2011 at 21:15

    [...] Catching the thief with a touch of Prey [...]