MaxFocus Remote Wipe required. (Urgent)

OaksLabs said:
Only on the C:\ drive. If you'd like a program that zapps every dive I can add it to the future feature list.
Click to expand...
That would be great, also is there a way to make it completely silent? As in the case of the stolen laptop it's pretty obvious that the bright red window is on the screen. And you have to catch it right away, but might be enough time for someone to catch it.
 
freedomit said:
Interesting....not sure how you have managed to get Windows to delete itself but i guess there is a way.
Click to expand...

I can think of at least two possibilities offhand, with some limitations.

The more resource-intensive to develop would likely be something like an automated drive encryption. You'd probably want it tweaked to look at where data is in use and address those regions of disk first if possible, but that might not be feasible. One issue with that is how long it could take - initializing drive encryption isn't precisely fast, and it's not CPU-constrained so there's not a lot to do to speed it up. This could be a valid final step after other tools or parts of the same tool have nuked/overwritten as much data as possible. In addition, with self-encrypting SSDs (most Samsungs, Crucial MX100 & MX200 but not BX100, some OCZs but not the cheapest, etc.) you might be able to do something to enable drive encryption then lose the key/send appropriate "key nuking" commands to the drive. I'm not 100% certain on that part.

The possibly-simpler approach would be something that behind the scenes would remove/overwrite all files in a list of well-known locations; there might be some level of things you could do with the built in defrag-related APIs to zero the disk areas that those files were on as well (the other option might be fill-the-disk, delete-the-file, write-to-the-only-free-space). After clearing data, start on the non-critical-for-boot files that might not be in use while the system is up and running. Then get rid of as much as possible of what's left using the MoveFileEx API call, which lets you schedule files for removal during Windows startup. If the system was up and running long enough, you might be able to do quite a bit.
 
Slaters Kustum Machines said:
That would be great, also is there a way to make it completely silent? As in the case of the stolen laptop it's pretty obvious that the bright red window is on the screen. And you have to catch it right away, but might be enough time for someone to catch it.
Click to expand...

I could. I might build a stolen PC tool (might be a low cost paid program) that would try to e-mail the location information out and nuke the PC in a stealthy way.

I have ethical concerns with blind automation. Yes, destructive tools already exist and I'm not necessarily letting the cat out of the bag, but I don't want to produce a digital nuclear bomb and then make it available to malware developers. I more-or-less have a "do no harm" philosophy, and I was uneasy writing the stock version of OPD.exe (which prompted you twice that you were about to destroy everything).

However, I do see a need for a tool like this and I'll add it to the list of development items.
 
fencepost said:
I can think of at least two possibilities offhand, with some limitations.

The more resource-intensive to develop would likely be something like an automated drive encryption. You'd probably want it tweaked to look at where data is in use and address those regions of disk first if possible, but that might not be feasible. ... you might be able to do something to enable drive encryption then lose the key/send appropriate "key nuking" commands to the drive. I'm not 100% certain on that part.

The possibly-simpler approach would be something that behind the scenes would remove/overwrite all files in a list of well-known locations; there might be some level of things you could do with the built in defrag-related APIs to zero the disk areas that those files were on as well ...
Click to expand...

Well, encrypting and nuking is the same thing as corrupting the files. Don't get me wrong, encryption is better and more secure, but using I/O stream redirection, adding a few random bits to a file (especially the header, although the data would work too) should be enough to make sure that file is never going to open again.

On the fast side of things, multithreaded programing could be harnessed to have one process destroying files while the other process is writing random data to the disk -- thus overwriting the data (not a secure multi-pass/write zero procedure) which would make it almost impossible to retrieve.
 
On behalf of the victims, I'd like to thank all those who have contributed to this thread, the ideas, suggestions and tools.

Ive put out opd via the MaxFocus dashboard. It's just a case of the machines going online.

I appreciate that locating the machines would be preferable, but the owner was more concerned with the data.
They feel better knowing that some efforts have been made to scrub them.

Prey is definitely an option, but we had time constraints so we took the quickest option was a scrub.

The issue is if the thieves have some IT nowse, knowing going online is dangerous to them.

You have to remember that the incident ran across an office block which hosted lots of small companies. All got done.

Just a case of monitoring the dashboard.

Regarding OPD, could a possible (albeit dangerous) option be to use a wifi hotspot as a key, and if it doesn't login at least one a week, or use an alien hotspot, to run the program.
Obviously an idea full of holes, just thinkin out loud.
 
bertie40 said:
Regarding OPD, could a possible (albeit dangerous) option be to use a wifi hotspot as a key, and if it doesn't login at least one a week, or use an alien hotspot, to run the program.
Obviously an idea full of holes, just thinkin out loud.
Click to expand...

I prefer to keep programming as simple as possible -- and something similar to what you're thinking could be done. I'd base it off of IP addresses, and set the DHCP pool to a range that isn't common (like 192.168.120.X). Then, a specialty OPD tool could be made that via a scheduled task looks at the IP address regularly (boot-up isn't a good time because it might take time to get an address), and trigger a wipe if the IP address is foreign.

I'll add this to the low cost paid program list. If anybody would be interested in it send me a PM (I could get a solution rolling rather quickly since the wipe function is already programmed).
 
Yes this is possible, I've successfully done it. Tested & verified.
If you don't hear back from me soon, email me & I'll post the directions on how to do it.
 
On second thought....would it be wise of me to post the script here that would show how to remotely / silently wipe a drive?
Bertie: perhaps you should email me & I can send you the script & deployment instructions.
Let me know.
 
Thanks @drjones

I had a crack myself and couldn't quite get it to work. Could do with said script - well a script to run any .exe would be useful (N-able does this well).
 
You must log in or register to reply here.

Similar threads

YeOldeStonecat
Looking for ideas to give me remote access for this long distance wireless project
Replies
18
Views
2K
YeOldeStonecat
YeOldeStonecat
bertie40
"Handbags at 12 paces" between me and ........ Mel.
Replies
3
Views
2K
gadgetfixup
gadgetfixup
Carl
Beware of this one (Sure you've seen it before)
Replies
16
Views
2K
ComputerRepairTech
ComputerRepairTech
Kitten Kong
  • Sticky
Questions and Answers relating to Microsoft Licencing Guidelines.
Replies
3
Views
12K
Rosco
Rosco
16k_zx81
Your perfect 'customer setup'
Replies
13
Views
2K
CompuMedics PC Repair
CompuMedics PC Repair
Back
Top