Christian Haschek found a Raspberry Pi attached in a network closet at the company he works for, and since nobody knew what it was or where it came from, he and his colleagues decided to investigate.
I asked him to unplug it, store it in a safe location, take photos of all parts and to make an image from the SD card (since I mostly work remote). I have worked on many Raspberry Pi projects and I felt confident I could find out what it does.
At this point nobody thought it was going to be malicious, more like one of our staffers was playing around with something.
Interesting – but worrisome – story.
I assume nobody there had watched Mr. Robot.
“This circuit board, if installed, behind the thermostat…”
“We all know what a Raspberry Pi is, what’s your point?”
I died laughing at that scene, and it was obviously a shot across the bow of too much technobabble in TV.
SPOILER WARNING
..
..
..
hack your old employer, and leave your user name, and home wifi information in there. does not sound like a very smart move.
btw, what could people gain by doing these kind of actions? don’t get attached, and just move on… (easier said than done, though).
Sounds like the gifted person may be more “special” than gifted.
At first glance, I assumed this was a different story where the library had deployed highly suspicious looking R-PI units throughout the library:
https://www.youtube.com/watch?v=UeAKTjx_eKA
These were running as a mesh network, but it turned out they were just monitoring foot traffic and nothing more nefarious than that. It raises the point that it’s difficult to know the true purpose of these devices without reverse engineering them – the same hardware can be used for either legitimate or nefarious uses.
Well, yeah they can be used for good or evil, but if there is a device in your environment that shouldn’t be…. That is a pretty good indication its not benign. Its like steak knives can be used to cut steak, so don’t assume that the person holding one intends to murder people ( unless the blade is inside of another person).
Bill Shooter of Bul,
I assume you didn’t watch the video, but the library confirmed that they had sought the services of Waitz to provision these devices to estimate traffic throughout the library, and the reverse engineering basically confirmed it wasn’t nefarious. The library probably placed them where they would be most effective rather than in utility closets where they would be safer. The problem is that library patrons found them near trash bins, etc, and decided to take them apart themselves.
Had they been placed in more professional looking enclosures (like a thermostat box, smoke detector), they likely would have been less suspicious looking.
I agree these devices should have been deployed better but It amazing me patrons were taking it upon themselves to “steal” one of these devices and analyze it. No one thought to ask the staff?
I work in the IT department of a public library and patrons messing with the PCs drives us nuts to no end. One of these days I am going to lose it and break someone’s fingers. LOL
MJ,
Yea, that would have been the right thing to do. I guess they were too curious to do that.
I’d like to hear about your stories some time 🙂
Some libraries have software to lock down the environment, and I used to see how easy it was to get around. Usually they force internet explorer, which was ironic because it was especially vulnerable, haha.
@ post by Alfman 2019-01-18 3:37 pm
Maybe you would like to hear my story: the library of my department at uni had, in a secluded room, a PC with IE limited, IIRC by some ~firewall, to viewing only the webpage with library search …but I discovered it was based on app blacklist, not whitelist, set so that ~unknown software could have full access to the internet, so few times I brought on weekend (on weekdays a room with many internet-enabled PCs was available, so there was no need for “hacks”) a floppy disk with Opera and browsed in peace. 😀 (though the lady got suspicious once, why I spend so much time searching for books 😛 )
Hmm, not gifted enough not to leave a trail someone a lot less gifted could follow. Doubt he’ll be blackmailed by the spooks to work for them instead.