U3Hostage

[chown]

I'm writing an (open source) application called "U3Hostage", in C#.  (Don't start.  I would prefer to do it in C, but when it comes to GUIs, I tend to make a mess). 

The idea is that when someone steals your U3 drive it overlays the desktop with an impossible-to-close login screen stating that the thief's computer is being held hostage until such time that he or she calls a predefined phone number and receives the password from the owner.  This part I have completed. 

What I am working on is having it install itself to automatically start every time the computer does (and overlay the windows login screen).  Also, I am working on making it send an email to a predefined (hard-coded?) email address stating such data as it can find on the thief's computer involving his or her identity. 

If anyone wants to help, let me know, and I'll upload it to SourceForge.

[remkow]

Nice idea, if I knew C# I'd help :p

[digip]

Have it make registry entries to add itself as a service and start automatically. Name it something like "Windows Uninstaller" so it doesn't look too obvious. There is a legit service called "Windows Installer" so the unsuspecting might not notice it.

If you cant do it from with the program, just have it write out the reg file and then make it execute the reg file, then delete the reg file. Then have it start the service. Also, make it so ctrl+alt+del do not work so they can't cancel out the program. It will not stop them from going into safe mode and stopping it, but they woul dhave to know that it was added as a service, and not just something in the standard startup locations.

[trustme]

First and foremost, I don't think its necessary to create something with all of this functionality, such as locking the users computer.  Besides it looking a heck of a lot like malware, especially by hiding its registry entries and an intentionally confusing service name, what if someone innocent picks up your flash drive?

Say you left it in starbucks or school or the like.  That person may need to be able to access his computer to do something important, say work...  And on the occasion where someone has their cell phone turned off, say they're at home, or the default is they're home number and they're out.  If that happened to me, the chances of you ever seeing your flash drive again are very, very small.

[digip]

First and foremost, I don't think its necessary to create something with all of this functionality, such as locking the users computer.  Besides it looking a heck of a lot like malware, especially by hiding its registry entries and an intentionally confusing service name, what if someone innocent picks up your flash drive?

Say you left it in starbucks or school or the like.  That person may need to be able to access his computer to do something important, say work...  And on the occasion where someone has their cell phone turned off, say they're at home, or the default is they're home number and they're out.  If that happened to me, the chances of you ever seeing your flash drive again are very, very small.

"what if someone innocent picks up your flash drive?" - Then they shouldn't be using it in the first place. An "innocent" person would probably turn it in as lost to the manager of a cafe or teacher in a class environment, etc. Anyone who swipes it should really think twice about plugging it in anyway. If you don't know what is on it nor who it belongs too, why would you be using it?

That's like finding the keys in a parked car. Are you innocent if you drive away in it? What right do you have to it? Your no longer innocent once you decided to take it.

[trustme]

Once upon a time, people in school wrote word documents for homework assignments.  In that glorious and strange time, they also revealed their name at the beginning of said document.  With this name, I now had the power to find them and return it to them...  Besides the first thing my teachers do when someone turns in a flash drive is plug it in and look to see who's it is.

Also by allowing that to happen, I believe you're breaking several laws relating to misuse of information and computer systems, whereas you deny the school, the owner of the computers the ability to use said computers for educational purposes.  Something along those lines.

[digip]

Once upon a time, people in school wrote word documents for homework assignments.  In that glorious and strange time, they also revealed their name at the beginning of said document.  With this name, I now had the power to find them and return it to them...  Besides the first thing my teachers do when someone turns in a flash drive is plug it in and look to see who's it is.

Also by allowing that to happen, I believe you're breaking several laws relating to misuse of information and computer systems, whereas you deny the school, the owner of the computers the ability to use said computers for educational purposes.  Something along those lines.

This isn't meant so much for lost drives as much as it is meant for stolen drives. If someone swipes the drive, they deserve whatever they get.

How are you breaking the law? It is your physical device, not theirs. They have no reason to touch it in the first place other than to maybe ask who's it is.

Here is an idea. Put some masking tape on the outside of the drive, grab a sharpie, write your name on it and warn them not to plug it in. If they do, it is their fault. Either way, it is their fault for taking it and plugging it in when they do not know where it came from. The teacher has no reason to plug it in. They can keep it at their desk until they ask the class next time if anyone lost it. What if there were private files or confidential information on there. Who really has the right to look at it in the first place?

[trustme]

How does someone steal your drive?  The only thing I can think of is that you left it somewhere.  My first thought upon finding my flash drive missing would not be that someone took it out of my bag, but that I had left it somewhere.  Admittedly I wouldn't activate the payload immediately, so much of my concern is irrelevant, and besides, if I intended to steal your flash drive, I would take it, copy over information/files i wanted, then reformat it.

Your breaking the law by impeding and disrupting the use of the schools computers.  Also, the school automagically can confiscate any item you own/take possession of it just on the fact that you brought it into school.

[digip]

How does someone steal your drive? 

How does someone steel anything? It happens the same way you steel anything else. You take what isn't yours.

Your breaking the law by impeding and disrupting the use of the schools computers.  Also, the school automagically can confiscate any item you own/take possession of it just on the fact that you brought it into school.

I think the person taking it is breaking the law and had they not inserted it, there would never have been a problem in the first place. malware is something that isntalls itself without your knowledge for their personal gain. Your not doing anything other than locking the screen until they understand that the need to return the device and you will send them the unlock upon returning the device. I don't feel sorry for anyone who takes the drive because it is arisk they are taking in the first place.

Like a car thief, there is no joyride that I know of that is legal.

It doesn't matter what content you have on the device, its is private property and wasn't meant for your eyes to begin with. And thee is no garuntee that opening any files on the device will tell you who owns it. Unless you plan on leaving them a text file on the device giving them your info(which is nto too smart to begin with) then how in the hell would they know whos it is anyway just by seeing what is on the drive?

I'm sorry, but if all it does is protect the contents of the drive so you can get it back and is not doing anything malicious, either way, it is still not theirs to take or use in the first place.

[trustme]

How does someone steel anything? It happens the same way you steel anything else. You take what isn't yours.

The point was that it was your own fault (most likely) that the person had come by it.  If you hadn't left it somewhere, they wouldn't have picked it up.

I think the person taking it is breaking the law and had they not inserted it, there would never have been a problem in the first place. malware is something that isntalls itself without your knowledge for their personal gain. Your not doing anything other than locking the screen until they understand that the need to return the device and you will send them the unlock upon returning the device. I don't feel sorry for anyone who takes the drive because it is arisk they are taking in the first place.

Like a car thief, there is no joyride that I know of that is legal.

It doesn't matter what content you have on the device, its is private property and wasn't meant for your eyes to begin with. And thee is no garuntee that opening any files on the device will tell you who owns it. Unless you plan on leaving them a text file on the device giving them your info(which is nto too smart to begin with) then how in the hell would they know whos it is anyway just by seeing what is on the drive?

I'm sorry, but if all it does is protect the contents of the drive so you can get it back and is not doing anything malicious, either way, it is still not theirs to take or use in the first place.

I'm only going to respond to the parts that sound like you actually read my posts.  Just going to again reiterate that the "authorities" have a right to take your stuff and access it.  If you have your car stolen, the police are going to ask you to identify the car, how will you prove the flash drive is yours if they don't have the right to look at it.  Also stealing a car and accessing a flash drive are not the same thing, come up with a better analogy. 

When I said malware, I simply meant something that installs/does stuff without my knowledge that I didn't want to happen.  Furthermore, I identify malware as something that impedes me doing something I want to or puts my personal property in danger (my pc).  Simply disabling access to the flash drive is certainly more acceptable than installing something into windows that is going to prevent me from doing work.

[digip]

I don't think his idea does any real harm since it isn't spreading any virusses or stealing anything from the user, although it might piss someone off that they have to return the device to get the answer on how to disable the lock (although I think most people would figure a way around it eventually), I don't think they are going to call the police to say "Hey, I took this USB drive that wasn't mine and when I plugged it in it locked me out of my pc".

I'd say we can just agree to disagree.

I don't want to be in a shouting match with you over opinions on the subject. We kind of hijacked the topic and I didn't mean for that to happen. The original post asked for some help with the program and instead we pretty much got into a debate of ethics over what the payload does, when really it's up the person who owns the device to decide how they want it handled. I think if it is handled in a responsible way that does no real harm to the pc, like maybe have it unload the lock when they unload the drive, then that would be a good compromise. Then everytime they plug it back in, they get the same message to return it until they take it out.

[chown]

Uhh, aaanyway.

Regardless of your view on this, I'll let you know when I release it along with the source, and you can use it as you see fit.

[snip] Also, make it so ctrl+alt+del do not work so they can't cancel out the program [/snip]

Already done. (By opening taskmgr.exe for exclusive access)

[trustme]

Yeah, sorry about the thread...

[sablefoxx]

You should post what you have so far so others can help!

[SloPOS]

I'm writing an (open source) application called "U3Hostage", in C#.  (Don't start.  I would prefer to do it in C, but when it comes to GUIs, I tend to make a mess). 

The idea is that when someone steals your U3 drive it overlays the desktop with an impossible-to-close login screen stating that the thief's computer is being held hostage until such time that he or she calls a predefined phone number and receives the password from the owner.  This part I have completed. 

What I am working on is having it install itself to automatically start every time the computer does (and overlay the windows login screen).  Also, I am working on making it send an email to a predefined (hard-coded?) email address stating such data as it can find on the thief's computer involving his or her identity. 

If anyone wants to help, let me know, and I'll upload it to SourceForge.

The only problem i see, is that when the drive is removed, and the computer is restarted, it will disable the login lock, and then they can just hold shift to disable auto run, then format your flash drive.  if they're stealing flash drives, they must be some sort of geek that could think of this. best of luck though.  would be great for ipods, or other mp3 players.

[GonZor]

if they're stealing flash drives, they must be some sort of geek that could think of this. best of luck though.

Don't be so sure, most of the people I know that have stolen a flash drive are quite the opposite. I was actually asked a question once by one of these people "why did they create two internets?" he was referring to Internet Explorer and Firefox, he believed they were 2 different internet's.

[Razor512]

it would be cool if it had the ability to update it's settings from a ftp server  (that way if it is stoled, you can make a few changes on your server so when the person plugs it in, it will get the new settings which can make it really mess their windows install up (there many registry keys that you can change that can really make windows quite unpleasing to use)

because wouldn't it be annoying if you got a login screen each time you used the drive?  (most people are usually connected to the internet anyway)

[sablefoxx]

Don't forget about Safe Mode!  Perhaps just encrypt their whole hard drive (yes i know very cruel and unethical), that way they can't even recover their files with Knoppix, ect...  That would be kinda time consuming though...  Just a thought

[Razor512]

or just have it delete ntdll.dll from the system32 folder