Law in Motion : Cyber Crimes - 7

Rupin Sharma, IPS 

We have dealt with stolen/lost mobile in the preceding article. Tablets which can connect to the internet are actually enlarged smartphones.

Now let us turn our attention to stolen/lost laptops.

Q 22: How can I secure my laptops physically?

Ans 22: Besides a good laptop bag and a laptop lock, the only way to take care is to be careful. Usually, laptops do not get misplaced but are more prone to being stolen.

Q 23: How can I prevent access to data/information stored on a laptop?

Ans 23: Some methods to secure data on laptops are as follows:

•    Note down Serial Number of the laptop and its Model/Manufacturer details and keep them secure;

•    Use access login passwords;

•    If you store sensitive data in your emails/cloud, do not use the ‘always logged in’ option. You can surely spend a few seconds to re-login;

•    Secure your important files with password – password protect files/data;

•    For highly sensitive files, besides passwords, encrypt and secure files/data;

•    Use ‘full-disk encryption” if your laptop contains sensitive data on the hard-drive;

•    Frequently or at least periodically change passwords. Frequent change of passwords prevents future leakages or stealth of data. If someone has already stolen the data, before the change of password, he may have to crack the password again to access further data;

•    The passwords should not be easy to guess and should be alpha-numeric with special characters and at least 8 characters long;

•    Do not save passwords of important files/emails in the browser from where these can be retrieved by the thief – the automatically save passwords option should be ‘turned off’;

Q 24: What can a person do with a stolen/misplaced laptop?

Ans 24: Your vulnerability and that of the laptop varies depending on what purposes you put your laptop to besides upon what is the purpose and capabilities of the person who comes to possess your laptop. Some of the damages can be:

•    Simply using the laptop

•    Re-selling the laptop to others including in the black-market

•    Disassembling the laptop and re-selling its parts or recycling them

•    Re-selling the laptop after refurbishing it or deleting the data

•    Copying the data and re-selling the data

•    Using the data especially the privacy data to blackmail the original owner

•    Using the data and passwords etc., to access your private information

•    Using the data and passwords to carry out financial transactions on your bank accounts or even on apps like BHIM, UPI, Mobile Banking, GooglePay, PhonePay, PayTM etc

•    Planting viruses and malware in the laptop and returning it to you to keep a watch on/surveillance your activities or even access sensitive data/information

•    Sell your information to your adversaries or enemies

•    Block your own access to the data or information on your laptop or the ‘cloud data’ by changing your passwords or authentication data

Q 25: Can a stolen Laptop be found?

Ans 25: Technically, YES.

Every Laptop has a unique ID software and serial Number. These can be helpful in recovering the laptop.

On the other hand, when the stolen Laptop connects to internet either through LAN or wifi, there is an outside chance that the location of the laptop can be narrowed down, provided, the user uses the same password/login or if the browser automatically connects to the internet using some default login-password combination.

However, locating a stolen/misplaced laptop is a very difficult task. 

Q 26: What are the precautions I should take when my laptop is stolen or misplaced?

Ans 26: If your laptop is stolen/misplaced, it is impossible to recover it and is best to pursue measures which would help mitigate your losses/damages. Some of the measures which can be taken are as follows:

(a) Change Your Passwords:

This is the first thing you ought to do - if someone can log in into your laptop, you too are compromised. If passwords are not changed, the user would have access to all your online accounts, especially if you have used the browser – Chrome or Microsoft Edge or Internet Explorer or even Mozilla etc to “autosave” or “auto-fill” your username and passwords for various online accounts/activities;

It is recommended that you first change the password for your email address/addresses. This is important because in many cases, you may have used your email address to authenticate other online activities or even receive OTPs for accessing other online accounts or even your financial transactions. If the email password is not changed, the thief can simply use your account to even rest your information and carry out other online activity. This would also mean that you are denied access to your vital information

It is also advisable to enable two-factor authentication (2FA) on your email

Check and change passwords for other global logins like Apple ID or Microsoft Accounts or even Facebook or other Social media logins and passwords to your bank Accounts and Online or Internet Banking. Make these passwords stronger and difficult to guess.

(b) Clear Autofill from the Browsers:

To facilitate users, web-browsers have autofill features. These features store your frequently used details like name, father’s name, mother’s name, addresses, mobile numbers and even aadhaar numbers or passport numbers etc., to facilitate you. However, if you have chosen to enable autofill feature, immediately ‘turn-off’ auto fill and delete the passwords. The web-browsers usually sync data and searches across devices and hence the autofill data would also be enabled and accessible across devices. It is, therefore, advisable to delete autofill data and disable these features if the laptop is lost or stolen. 

To do this in Chrome, do the following:

Go to Chrome: Chrome://settings/passwords and toggle off the Auto-Sign-in.

Similarly, it is also advisable to clear your browsing data from all devices and remove the saved logins from the devices which sync the data automatically, by doing the following: 

Sign out remotely

You can remove your account from one of your devices, even if you don’t have that device with you. You’ll be signed out from any computer you’ve used before, including the one you’re using now.

1.    On your computer, open Chrome

2.    Go to your Google Account to manage apps with access to your account

3.    Under "Google apps," click Google Chrome Remove access

Sign-Out of Chrome devices remotely. Firefox, safari and even Microsoft Edge have similar features.

(c) Track your Laptops’s Location and Using Remote Wipe Features:

If your laptop has ‘Find My Device’ feature installed on it, it can be used to trace and track the location of the laptop once it goes online.

For Apple users, if “Find My” is enabled by the user before the laptop is lost/stolen and the iCloud feature is synchronized on the laptop/computer, exact location of the laptop can be marked on the map when it goes online.

For Windows users (Window 10 and above), besides inbuilt features, there are applications like Prey can be downloaded and installed and can help in remotely controlling the laptops, including getting their location. 

When your laptop or tablet is missing, you can track the lost/stolen device by visiting account. microsoft.com/devices. Type in the same MS account you used when you enabled the device tracking feature. When you activate the search, a list of the devices recorded under your account will show. Choose the missing device and verify its last location.

Settings: Update and Security: Find My Device : Change (Enable it) 

However, it is also advisable to activate the “Save my device’s location periodically” option when prompted and your Windows 10 PC will regularly and automatically send its location to Microsoft. Besides this, the device should also be named in an easily identifiable manner to help you to locate and trace it.

This is only a device-tracking solution, and it won’t allow you to remotely wipe or lock your PC. It is not possible to play an alarm or snap a photo of the person using your device with the webcam. You can have your computer automatically check in and report its location, but it needs to be powered on and connected to the Internet to do so. It’s also possible for a thief to wipe your device, restoring it to factory settings.

Additionally, some of the anti-virus programmes also provide laptop tracking features, if they are installed before the laptop being lost/stolen.

(d) Immediately Inform your Financial Institutions, Banks etc.

Sizeable number of people are shifting to electronic/digital means of financial transactions in the recent past. Our laptop is a virtual gateway to our banking and financial institutions. Therefore, it is advisable to notify your banks and financial institutions about the loss of the laptop and request them not to authorize/allow financial transactions and also to let you know about any suspicious activity.

Important details which may get compromised could be your passwords to mobile or internet banking or even your credit/debit cards or also the credit/debit card details saved on e-commerce sites like Amazon, Flipkart, Snapdeal, Nyka, Myntra, Zomato, Swiggy etc or any other e-commerce sites where you may have paid online.

Q 27:    Should I report to the police? Why? 

Ans 27: Yes, you should.

The reasons may vary from a police report being a precondition to claiming insurance to requesting police to help recover the laptop, or reasons of protection of sensitive data or software etc., or preventing or pre-empting the misuse of the laptop or the data it contains etc.

In case of Dell or Asus and even Microsoft, if a police report is filed by including the device serial number, the chances of retrieval or recovery of the device are higher because these companies record the device details when someone comes for servicing or even resale through authorized sales agents.

The writer tweets as @rupin1992