Magic. My Macbook has been stolen.
My work Macbook got stolen. The how isn’t important really, thankfully it didn’t involve any violence. But the aftermath is what I hope will be interesting for people.
There is a monetary impact of course to the company, but thankfully we have coverage for theft. It’s also a dent in my time, which also sucks. But really, that’s all.
Below is my cheat sheet for why this is not a big deal for me
- I inform people that need to know, straight away.
- I use ‘the cloud’ by default for storing data
- I use ‘log out all sessions’
- I use ‘strong’ passwords
- I use a password manager
- I use ‘remote lock/erase’ functionality
Let me get into this a little more.
My precious files!
I’m sure a lot of people would be terrified by the prospect of some bandit making off with their precious laptop and the mountains of work contained therein, me, not so much.
I’ll explain. I write code, document product ‘stuff’, do software architect ‘things’ and converse and communicate with people digitally and face to face. All the digital things I mentioned have a temporary home on my MacBook, but their true home is in the cloud.
I’m not going to lie, I did lose some stuff. Code for my daft text adventure game is gone (late night coding session led to me not pushing to GitHub).
Some photos that weren’t synced to iCloud or any other online photo store also bit the dust. Lesson learned for me there, need to come up with a better solution to this.
But everything else? Safe and sound on other people’s computers in ‘the cloud’.
How? Here are some examples of services I use (others are available):
- Dropbox for file storage (assets like images, templates for presentations, audio/video content,pdfs,ebooks)
- Google apps for documents, presentations, sheets etc.
- GitHub for code
- Trello for my lists
- Notability synced to google drive for diagrams
- MindMup for mapping
- Office365 for email
- Slack for chat
- Medium for draft blog posts
All of the above are either Software as a Service products or cloud storage, so even though local copies went missing with the theft of the MacBook, it’s fine, I still have everything I need.
Some people may do the ‘in between’ step of copying files to a USB drive or maybe a network file store (think the magic F: drive everyone just saves stuff to).
Honestly, unless you have multiple copies or some very well maintained and super efficient backup and restore processes this is a flimsy security blanket.
USB drives can get stolen. Many a disaster has befallen the humble network file store. Dogs eat memory cards.
What do these evil-doers want?
So my work is safe at least, but the bad guys have my machine!
There are a few things that could be going on now.
- They want to steal my data
- They want to steal my identity/accounts/money
- They want access to my work ‘stuff'
- They want to blackmail me
- They want to sell my MacBook for fun and profit
Let’s take a look at these in turn.
Stealing my data
So I didn’t loose too much work, BUT some scumbag somewhere has my MacBook and by extension the hard drive.
Hard drives are not magic impenetrable data vaults. In fact they are really portable, I have on many occasions rescued data for people from old hard drives on machines that ‘died’. All you need is a screwdriver and a disk caddy, and the hope that encryption isn’t enabled.
This is why I always enable full disk encryption.
It means that if someone does remove the hard drive they can’t actually read any information from it.
FileVault does this on Macs, similar options are available for Windows and Linux.
So, I’m pretty happy that my data is safe, unless the NSA/GCHQ/mega tooled-up bad guys took it. If they did, there are other things you can do but that’s getting into a whole other world of paranoia.
Be careful about what you keep copies of locally at a minimum. For extra points you can learn how to encrypt your files individually if you need to.
Stealing my accounts
So maybe they want my online identity and accounts, not my files, this could be a disaster to be honest.
Thing one, thanks to the aforementioned encryption they can’t just copy off files that might store relevant information.
Thing two they need to log in to my MacBook.
Thanks to some of the security features in OSX I could make it harder for them to do so, once I realised it was missing, I locked it remotely with a code, this adds another barrier for the ‘real bad dudes’.
You can do this on Windows 10 and on Linux, although you may need to install specific software for Linux and older versions of Windows.
The code / password lock was in place whilst I was in denial and hoped in vain I’d get the Macbook back.
Once all hope had faded, I went nuclear, I invoked the ‘remote-erase’ option, this essentially erases data, and for common thieves this is probably enough to keep you safe.
Just as an aside, Find My Mac can help you locate the device, so you can see roughly where in the world it is, but mine hasn’t come back online, and is unlikely to, given i have ‘join wifi networks by default’ switched off. If you do have this enabled, and you do find out where your device is, resist the urge to vigilante the hell out of it and just get in touch with the police.
Let’s pretend for now I didn’t do this.
Passwords and sensible approaches
To gain access to my MacBook they would need to guess my password, which is a super long passphrase so it isn’t easy to guess.
Please make sure you do this.
Ignore the really bad advice that makes people think that P4$$w0rd1 is super secure. It really is not. A long passphrase is your friend! By way of example check out this funny xkcd comic: https://xkcd.com/936/
The National Cyber Security Centre has more detailed guidance on password policies and approaches: https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach
I’m cautious about this stuff so I’m going to assume they will somehow log in to my MacBook, and in doing so, they have access to everything. Well, online stuff anyway, and the few files and source code I have on my machine.
The first thing I did was use the ‘log out all sessions’ options for online apps. This means that even if they did log in to my machine, i’ve logged out of all my apps.
Just google how to do this for your apps (for example google apps does this nicely).
If you are thinking ‘but if they get your password they can log onto everything else really easily!” I’m going to guess that you either:
- Use the same password for everything (or minor variations)
- Save all your passwords and autocomplete using your browser
- Have all your passwords in a file called super_secret.txt
Oh dear.
I have damage limitation in place for this too!
One word, Password Manager.
A password manager, manages passwords for you, it means that you can generate passwords for different websites, which are ‘good’ as in quite long, random characters, very hard to guess.
I use 1Password. There are other good Password Managers out there, yes they cost money, but are they worth the investment? Absolutely.
Always use different passwords. It may sound like hassle, but it limits the amount of exposure you have if one of your passwords are breached.
Begin the process of ‘rotating’ or ‘changing’ all your passwords straight away. Start with the higher value accounts you might have, things that access work stuff, anything that might have bank or credit card details attached to it, important family photos or personal data and so on.
MFA/2FA
Multi-factor or sometimes 2-Factor authentication is also key. This means as well as a passphrase, you also have a second ‘thing’ to enter to access accounts.
For example you may get sent a text message with a code, or generate a code using a separate device or app.
This is good because it means for the evil beings, they have to have physical access to two of your devices, not just the one they stole.
Enable this as a matter of course wherever it exists.
Stealing my work stuff
I work on things that can be confidential or sensitive in nature. That means that source-code, or access keys I might have are particularly useful to bad guys. For example, if they got my private ssh keys they could commit malicious code to my Github repositories.
If that sounds like gibberish think of it like this, if they had access to my email, they could send mails to my company asking for secret info or random abusive messages to the CIO, or even viruses! Imagine they could change the way an application works to silently steal data…bad right?
So, I use different keys for things. I immediately ‘rotated’ all of them. So even IF the bad guys have stolen my keys, they can’t use them anymore.
I also told my colleagues straight away, they had to remove my ‘compromised’ keys where they might be used, and, sensibly changed all the passwords I may have had access to.
They also need to do an incident report, and figure if the ‘theft’ offered a serious risk to them! Thankfully the above measures I’ve taken meant the answer to that was ‘no’.
Blackmail time!
There are various flavours of this, lets talk through a couple.
Pay for your data
This is where they try to coerce money out of you to get your data back. Well, I’m good on that front, because of my cloud first approach. I have it already, so good luck with that bad guys.
Pay for us to not release all your secrets
What if I have some ‘interesting’ things in my online persona, maybe I’m secretly logging in to the Daniel O’Donnell forum using my online persona Misty Flannagan (age 59, spinster, 2 cats, owns own house). This could be deeply embarrassing if it was released to the public, or my loved ones.
This sort of thing can be used to provide leverage over you, to force you to hand over money, work secrets or other useful things. Or worse ruin Misty’s reputation as the foremost authority on Daniel O’Donnell, the Don’t Forget to Remember period.
As I’ve outlined above, i’ve remote erased the machine and rotated all my passwords, so i’m good on that front! Misty is safe…
Straight up thieving for cash
The last bad guy consideration is this. They want to resell your device. Not a lot to do here. I let myself down a little on this one. Im happy my data and online identity and accounts are safe, but I could have gained an extra level of satisfaction by making it extra hard for them to ‘wipe’ the machine and sell it on.
You can do this by enabling a password for the ‘BIOS’ so it is harder to just reformat the machine and use it like it is new. I’ve now enabled this on my own machines, and will do so in future. They got me this time, but never again.
So there you have it. A whirlwind tour through why having my MacBook stolen was more inconvenience than disaster. I hope you found this helpful!
