Step 2: How to crack a laptop

Laptops with sensitive data are getting stolen every day. Contributor Kevin Beaver says the best way to secure your laptops is to understand how they will be attacked. He provides the basic attack methods and a set of contingencies in this step-by-step guide.

Find Passwords
If they're already in, hackers can look at stored passwords that may lead to other sensitive information -- especially those stored in VPN clients that could provide a direct link into your network. You can find this type of information using a tool such as ElcomSoft Ltd.'s Proactive System Password Recovery. It will recover logon passwords, network passwords, wireless encryption keys, dialup/VPN passwords and more that can be used against you. Figure 1 shows the Proactive System Password Recovery interface.

Figure 1: Proactive System Password Recovery

Crack passwords
If you've done the right thing and require Windows logins combined with Windows-enforced strong passwords, you're probably wondering how else someone could possibly get in. Well, never fear, it can be done. It is simple password cracking, and you don't even have to buy a commercial tool to do it. There's a relatively new tool I've been using called Ophcrack that uses rainbow tables for really fast Windows password cracking. Ophcrack has a bootable "Live CD" version that you can use without having any other access to the Windows system. So, think about this: The bad guy finds/steals your system, boots it up using a tool such as Ophcrack and -- viola! -- in just a few minutes, he's got one or more Windows account passwords. It's all over after that. Try running the Ophcrack Live CD yourself and see what you can find.

Figure 2 shows the Windows version of Ophcrack - the Linux version on the Live CD is essentially the same.

Figure 2: Windows version of Ophcrack

Laptop Hacking

 Home: Introduction
 Step 1: How it can happen
  Step 2: How to crack a laptop
 Step 3: How to secure a laptop
 Step 4: Laptop security summation

About the author:  Kevin Beaver, CISSP, is an independent information security consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments. Beaver has written five books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, (Wiley) and The Practical Guide to HIPAA Privacy and Security Compliance(Auerbach). He can be reached at [email protected].

Dig Deeper on Mobile Security