Lessons I Learned When My Laptop Was Stolen

Lessons I Learned When My Laptop Was Stolen

A month ago, developer Nikhil Kodilkar’s laptop was stolen. He had a few security measures in place, but he also learned a lot from the experience. Here are a few of the more important lessons he learned.

Image by Florian

Let’s go over a “What if” condition. Right now, what if some stranger had access to your personal laptop and they are going over everything you have on the hard drive?

The thought alone is enough to send chills through my spine. Now replace laptop with “Backup storage” or “Desktop”—whatever it is you use regularly—to get the desired effect.

Recently my house was broken into, and along with other valuables, they took my beloved ThinkPad. (Yes, I love those plain black no-nonsense machines.)

My laptop was full of personal & important information. It’s been almost a month since it was stolen, and it still drives me crazy thinking about it. But enough rambling; let me get you to the meat of the story:


As most of you, my laptop didn’t have any hard drive encryption. The only safety it had was my password and luckily fingerprint scanner. This is one reason I like ThinkPads. You can have a pretty long and complicated password, but at the same time have fingerprint authentication. Hence when you want to login to your computer, you just swipe your finger and you are in. Anyone who wants to breakin to the computer has an uphill battle.

Coming back to encryption, I should have had at least rudimentary encryption enabled, so that even if someone gets in, they have to have basic skills to get to your data.

You have a number of options which you can employ to keep your data safer, and I want to get this out, so all my friends can implement them. Here are a few:

1. Hide your personal folders

I know, this sounds extremely lame, especially for all who have grown up with computers, but you will be surprised with how many people don’t know how to “unhide” a folder. I’m talking about PCs here. The person who stole your computer may not even be skilled enough to find your hidden folders. It’s not fool-proof but it is the minimum! I’m kicking myself for not doing even this.

2. Truecrypt

Did you know that there is a free encryption program available on the internet, which you can use to encrypt a part or whole of your hard drive or your backup USB drive ?

Well neither did I.

I started looking into it after the breakin and discovered Truecrypt. Go over this step-by-step process to create a secure directory on your harddrive which is encrypted and private only to you.

For geeks like me who want to get into the details of everything, there is this nice comparison of features.

Ed. note: Check out our guide to encrypting your entire operating system for seriously heavy-duty encryption.

If you are going to buy a new laptop, you have two more options: Hardware encryption and Bitlocker. Bitlocker only comes with Windows 7 Ultimate.

3. Use an encrypted hard drive

There is a saying: “Once your tongue is burnt by hot milk, you will make sure that butter milk is cold”. (Sorry for the ghastly translation, but I guess you get the gist—butter milk is never served hot.)

The point is, I wasn’t satisfied with software encryption, and wanted to get something:

a.) More robust

b.) More unobtrusive

c.) Better performance

Since I was buying a new laptop, I wanted to see if I could fine one that would include hardware encryption, something built into the system. Self encrypting drives (SED), a.k.a. Full Encrypted Disks (FED—Seagate) were my answer.

In FEDs, the encryption key exists within the hard drive controller itself and is not exposed to your computer, operating system, or even you. The key is stored by the controller on the hard drive at a secret location. Also, encryption cannot be disabled from them. The next logical question is: How in the world do I access my own files if I don’t have the encryption key? You have to enable a hard drive password, one that is stored in the BIOS.

FEDs solved an important concern of mine. A lot of HDDs have passwords so you can’t boot from them. However, stick the HDD as a secondary on a separate computer, and boom, you have access to all its data. In the case of FED, if you stick the drive as secondary, all you see is 256 AES encrypted data which you cannot read. And if you try to boot from it, you need a hard drive password. Or, in the ThinkPad’s case, you need to swipe your finger.

This is good enough for the average, non-CIA, non-FBI, non-SPY kind of people, just like you and me.

4. Which laptops have FEDs?

I was trying to find laptops with FEDs and again the ThinkPad came to the rescue. Although I love HP laptops, none of them come with FEDs. Dell has an Inspiron with encryption drives, but ThinkPad has a lot more value for your money.

You also have the option to buy a FED from Seagate and put it into your laptop. The issue with that (or what I’ve learned from the Seagate forums) is that if you buy and configure a FED by yourself, the hard drive is married to your motherboard. This means you cannot take that drive and stick it into another laptop. With a Thinkpad, you can.

5. Let’s catch a thief

Think like a thief to catch a thief, right? That may be easier said than done, which is why I bought Lojack. Lojack is software that can help track track a lost or stolen computer.

Ed. note: For a free alternative, you may also want to look into how to track your stolen laptop with Prey.

Take a lesson from me, my friends: If you have your laptop with you, use at least Truecrypt and something like Lojack.

Lessons I Learned When my Laptop was Stolen [Planet Unknown]

Nikhil Kodilkar is a dJango/python enthusiast and part-time web developer who enjoys writing about things that make life faster, productive, more organized, and geekier.


  • I can’t see that you learnt any lessons here. Did the thief *do* anything with all your “sensitive” data? Sure, they could have, but at the end of the day, your average thief wants money. They don’t want to be a more sophisticated criminal because to effectively commit fraud requires more effort than smashing a window and fencing a laptop. I doubt they even turned the machine on. And if their fence turned it on, chances are it was to wipe everything on there so the next “owner” doesn’t notice it’s been stolen.

    Just relax. You’re not a unique snowflake and no one gives a shit about your credit card details anyway.

    • I’d agree here. These are not lessons that have been “learnt” from loosing your laptop. I mean it’s not like someone stole your laptop to steal your identity, they stole it to flog off to get their next fix or whatever. The only people who would bother stealing a laptop to get your personal information would have the resources required to get past these rudimentary safe guards.

      After all that perhaps the most important “lesson” that could have been learnt would be not to store personal information on laptops. That would remove the need for 4 different recommendation on encrypting your data.

  • I haven’t had my laptop stolen, but I’ve previously lost all my stuff due to a virus. Now I put my documents on Google Docs, photo’s onto Flickr and my bookmarks and passwords etc to XMarks. The only thing I have on my laptop now are movies.

    But then again, I don’t have any sensitive information to protect.

  • One of the many reasons I’ve been running TrueCrypt for years.

    However, (sadly), LoJack/Prey is fairly useless if you’ve encrypted your boot partition – the thief will never be able to boot into Windows for the software to activate. They’ll have to format it which will kill LoJack/Prey at the same time.

    Only way around this is to use such software that works from inside the BIOS. Dell laptops have something like this, I forget the name, it’s a menu item in the BIOS somewhere — however, the company who runs it only sells accounts to people in the US.

  • Hmmm… There’s two different issues here:

    1. You want to protect your data from a thief.

    All you need is Truecrypt on your both your system and all data partitions – nothing more, nothing less. It’s that simple.

    Use the same STRONG passphrase (yes, a big old ‘phrase’, not a ‘word’) on all partitions and enable pre-boot authentication caching and all partitions will get automounted for you at system startup. Other than the initial passphrase entry it’s totally, totally seamless and beats using any other security tools within the runtime environment which in my opinion just get in the way of easy PC use.

    With TrueCrypt in place no one is getting their hands on your data any time soon so forget about using Prey, FireFound, Lojack etc. as they’re never even going to get run.

    If you’re really paranoid or doing something really dodgy (like the kid who has gone to jail for refusing to give up his password recently must have been doing) then you go the extra step of a hidden volume but I can’t see any reason for the normal man.

    I suggest you stick your phone number or email address in the ‘custom message’ part of the boot loader if you want to get your kit back. Once ‘someone’ realises the laptop is useless they may get in touch and tell you they’ve ‘found it’!!

    One caveat – if you like to remote connect to your kit then bear in mind that the system doesn’t automatically come back from a reboot (if you get patches installed etc.) as it’ll sit waiting for the boot password as it comes up! Got me first time I did this – thought my Wake-On-Lan was playing up…

    2. You want to find who nicked your kit and get it back.

    Whilst I personally would just do the above and hope someone ‘finds’ my laptop when they see it’s useless to them you might fall into the camp of those who want to catch the bugger who nicked your laptop and don’t care too much about the senstivity of your data.

    In this case go for lojack, Prey or even the recently mentioned hack of automatically grabbing screenshots every so often and uploading them to Dropbox for you to view remotely. With any luck you’ll find them logged into their Facebook page and you’ll have their name and photo!

    What I’d really like is for someone to write a FireFox extension that’ll catch any Facebook login from your PC (other than your own) and email you the userid/password. Now that’d be useful in finding who had your laptop – full access to their Facebook to find their name, address, photo and friends…

Log in to comment on this story!