The case of the Raspberry Pi found in the network closet #PiDay #RaspberryPi
Via Christian Haschek’s blog we have a case of where finding an unknown Raspberry Pi with a strange dongle on it in a business’ network closet could be a concern:
Last week I got a message from a co-worker with an image attached.
I asked him to unplug it, store it in a safe location, take photos of all parts and to make an image from the SD card (since I mostly work remote). I have worked on many Raspberry Pi projects and I felt confident I could find out what it does.
At this point nobody thought it was going to be malicious, more like one of our staffers was playing around with something.
The parts found included A Raspberry Pi b first generation, a mysterious USB dongle. and a 16GB sd card.
The first thing one asks is: who has access to this network closet?
Next: What IS that USB dongle?
The investigators take the USB card and do some interesting forensics. Little bits of information from various files coupled with Google information pointed to the culprit.
I checked the DNS logs and found the exact date and time when the Pi was first seen in the network. I checked the RADIUS logs to see which employee was at the premises at that time and I saw multiple error messages that a deactivated account tried to connect to wifi.
That deactivated account belongs to an ex employee who (for some reason) made a deal with management that he could still have a key for a few months until he moved all his stuff out of the building (don’t ask..).
Legal has taken over, I did my part and the rest is over my pay grade.
For me it was a very interesting challenge and I’d like to thank every person on reddit who helped me with one piece of the puzzle.
Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, TinyGO, or even use the Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for CircuitPython, MakeCode, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.