0

The case of the Raspberry Pi found in the network closet #PiDay #RaspberryPi

Via Christian Haschek’s blog we have a case of where finding an unknown Raspberry Pi with a strange dongle on it in a business’ network closet could be a concern:

Last week I got a message from a co-worker with an image attached.

I asked him to unplug it, store it in a safe location, take photos of all parts and to make an image from the SD card (since I mostly work remote). I have worked on many Raspberry Pi projects and I felt confident I could find out what it does.

At this point nobody thought it was going to be malicious, more like one of our staffers was playing around with something.

The parts found included A Raspberry Pi b first generation, a mysterious USB dongle. and a 16GB sd card.

The first thing one asks is: who has access to this network closet?

Next: What IS that USB dongle?

The investigators take the USB card and do some interesting forensics. Little bits of information from various files coupled with Google information pointed to the culprit.

I checked the DNS logs and found the exact date and time when the Pi was first seen in the network. I checked the RADIUS logs to see which employee was at the premises at that time and I saw multiple error messages that a deactivated account tried to connect to wifi.

That deactivated account belongs to an ex employee who (for some reason) made a deal with management that he could still have a key for a few months until he moved all his stuff out of the building (don’t ask..).

What now

Legal has taken over, I did my part and the rest is over my pay grade.

For me it was a very interesting challenge and I’d like to thank every person on reddit who helped me with one piece of the puzzle.

See the entire process on the blog site.


Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, or even use Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for MakeCode, CircuitPython, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.

Join 12,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

CircuitPython 2019!

Have an amazing project to share? The Electronics Show and Tell with Google Hangouts On-Air is every Wednesday at 7:30pm ET! To join, head over to YouTube and check out the show’s live chat – we’ll post the link there.

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Follow Adafruit on Instagram for top secret new products, behinds the scenes and more https://www.instagram.com/adafruit/


Maker Business — SiFive is a startup to pay attention to. RISC-5 is here to stay.

Wearables — Swatch it up

Electronics — Code like everyone’s watching

Biohacking — Stroboscopic Visual Training

Python for Microcontrollers — CircuitPython takes flight! All aboard with datum, Bluefruit CPX, and more! #Python #Adafruit #CircuitPython #PythonHardware @circuitpython @micropython @ThePSF @Adafruit

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !



1 Comment

  1. Real life Mr Robot story line right there.

Sorry, the comment form is closed at this time.