It may not be the Forensic Files, but it’s not bad
Our managed services customers sometimes ask about the little GNoC icon they discover on their computer after we begin taking care of them. GNoC stands for our Guaranteed Networks Operations Center, and clicking the symbol in the corner of their display lets them open a service ticket with our Global Support Desk. But the toolset that drives the technology does a whole lot more.
It enables us to monitor the computer’s performance. To verify that the anti-virus solution has been updated. To notify us when a critical security patch has been missed. To allow our engineers to remotely troubleshoot an issue when the user gives us permission to do so.
It’s also a crime-fighting device, as we demonstrated last week.
SLPowers Field Engineer Chris Fettig reports:
“Basically, a laptop was stolen from a construction trailer on one of our client’s job sites. My expectation was that the laptop would be formatted and rebuilt from scratch, which would have eliminated our agents.”
Chris set GNoC to monitor for the computer anyway, and was pleasantly surprised to get a hit a few days later.
“I received an email notification on Sunday that the computer had powered up.” Since GNoC had been set to monitor for the stolen laptop, SLPowers was able to ascertain the IP address the laptop was checking in from, and trace it to the provider, which in this case happened to be Time Warner. We also captured the username and new computer name of the stolen asset.
“We continued to monitor the laptop,” Chris explained, “collecting screen shots and Internet address information and providing them to the authorities.”
Chris worked with Stephanie Wheeler of the Durham (NC) Police Department, who sought to obtain a court order to compel Time Warner to match the IP address to the user’s identity. As part of those efforts, Investigator Wheeler reached out to Chris for specific times and port information related to the laptop’s activity.
“One of our screenshots captured the users’ homework assignment, with a title page,” Chris said. “Another showed them logged on to a specific school website, which we also provided.”
That particular school was located 2,500 miles away from where the laptop had been stolen, raising the likelihood that it had been sold.
As the legal process plods forward, GNoC continues to track the laptop’s activity.
Guaranteed Networks by SLPowers: Fighting spam, fighting downtime, and fighting crime.
— Michael Gavaghen