back to article What the #!/%* is that rogue Raspberry Pi doing plugged into my company's server room, sysadmin despairs

It's every sysadmin's worst nightmare: discovering that someone has planted a device in your network, among all your servers, and you have no idea where it came from nor what it does. What do you do? Well, one IT manager at a college in Austria decided the best bet was to get on Reddit and see what the tech hive mind could …

  1. sitta_europea

    Some years ago I replaced the IT manager at a large motor manufacturer in Birmingham.

    He left on a Friday.

    The following Monday I noticed he was loged in over a modem that he curiously had forgotten to mention.

    I unplugged it.

    1. Mayday Silver badge
      Holmes

      Some places I've left my corporate email etc accounts on my phone and been able to receive mail for months after I've left, others I get prompted for the password before I've gone through the door (ie account disabled).

      My point being some companies have better exit processes than others.

      1. LeahroyNake Bronze badge

        Sometimes just changing the password doesn't work / Apple devices are a pain for remembering the auth token.

        Disable the account and wipe any connected devices as per your companies BYOD TOS ? Or is that going overboard ?

      2. Ryan D

        A few years back I had access to my old admin accounts for four years after I left my job.

        The scary part? It was a large government........ 'Nuff said.

      3. Anonymous Coward
        Anonymous Coward

        Happens at the NHS. One trust I was at, I could pick up my e-mails for months after I'd left. I'm AC because the tech who was supervising us, who I'm friends with still works for the NHS, but at another trust. She said, quite rightly, "It's not my problem as I told them and filled in the forms informing them you'd left, the day you left. If they can't be bothered to then lock and close your account despite me giving them several warnings, that's their fault".

        Quite right.

        I do enjoy thinking of ways to get back in to places I've left though. Not because I'd ever do it, but to find out if it would be possible without being noticed. Sadly, it being highly illegal, you can't test your ideas out :)

    2. big_D Silver badge

      When I left a couple of previous emplyoers, I ended up telling them to change their damned passwords after a couple of months, because i accidentally logged onto my old OWA instead of the new one and it was still active.

      Or the Amazon or Also account etc. Web hosting? CMS system? Corporate Facebook page? Still Xing or LinkedIn corporate presence administrator... And that was an IT company!

      In that case, I told them quickly, because I didn't want them blaming me for anything! I sent it registered post.

      1. Shady

        Re: easy pickings

        I left a small IT company about ten years ago, and went back about three years ago for a short term contract.

        My email (username) and password still worked. Worse still, the network manager at the time had enforced the use of the company name as password because he was fed up of dealing with reset / forgotten password attempts by the peasants.

        1. big_D Silver badge

          Re: easy pickings

          I went to one company, their previous sysadmin also found a standard password easier than individual passwords for all users. Apart from the CEO, every user had the password 123456 and wasn't allowed to change it...

          Then, the best thing was, every user's email was available over OWA!

          My first day there, I disabled OWA for everybody and set all the accounts to change the password at next login.,

        2. cray74

          Re: easy pickings

          My email (username) and password still worked.

          Wow. At the other end of things, when a downsizing caught me my access was cut-off mid-email the morning I was booted out the door. While I was getting the bad news from HR (over the phone, because the local HR rep had been laid off before me), I had been trying to email coworkers to pick up my remaining tasks and notify customers. But IT had deadlines to cut access and happened in the middle of the call.

          Since the company had been shriveling for some time they had apparently dealt with a number of emails from terminated employees that contained less-than-professional departing comments, hence the hurry to cut access.

          Subsequent emails from the company, such as for termination benefits, went to my personal email address.

          1. J.G.Harston Silver badge

            Re: easy pickings

            In one job I didn't know my contract had ended until I lost network access in the middle of the day in the middle of imaging a dozen desktops.

          2. MachDiamond Silver badge

            Re: easy pickings

            "Since the company had been shriveling for some time they had apparently dealt with a number of emails from terminated employees that contained less-than-professional departing comments, hence the hurry to cut access."

            They would have done better to have sacked you through your immediate local supervisor and offered to pay you a premium (hefty) if you would spend a day with them detailing tasks that needed to be delegated to those that much remain behind. It would be well worth £1,000 or more for them to do that and that sort of dosh can sooth the fury enough to be civil. Multiples might make it possible to at least act friendly. Many companies handle terminations very poorly. It sucks, but any company of more than one is going to have to deal with it.

            I left an engineering job and the COO didn't take my notice seriously. I was pissed at the whole train wreck of a shop and they had finally placed the last straw so I was out of there. 3 days before my final day I got an email asking me about following up on a project. I replied that Friday was my last day and I was currently making sure that all of files were backed up on SVN, my desk was tidy and I would be packing up my computer (BYOC) and personal items on Thursday so I would only have final check out to do on Friday. They did understand, belatedly, that having me spend some time on a hand over would be worth a premium, but they then went on to insist on all sorts of other things I would have to agree to be eligible for the payment. I had to go to the labor board to be paid for unused leave that I could never take. They failed to notice that every time I scheduled some time off, they would book testing that I had to be on-site for and didn't actually get to take that time. It's a damn good thing I keep a journal at work. If your work is independent or isn't subject to continuous supervision, keep a simple daily journal of what you did that day and the times. If you ever get an inquiry about where you were on a particular day and what you were doing, you can page back and tell somebody with some accuracy.

        3. Doctor Syntax Silver badge

          Re: easy pickings

          "I left a small IT company about ten years ago, and went back about three years ago for a short term contract.

          My email (username) and password still worked."

          Been in a similar situation with old client. Some development tools bought by my company and installed on the PC I used still installed....

          This was only after a few months so it might have got cleaned off later.

          1. Anonymous Coward
            Anonymous Coward

            Re: easy pickings

            I once had a work colleague who had previously worked for the same organisation, and then left for another job somewhere else, before finally later returning to a different job in the first organisation again.

            They were not reallocated their old username (despite it still being in the system), because:

            "That username has already been issued to someone else."

            "Yes, that was me."

            "Well, we've set up a new username for you now, we can't change it."

            And one of the reasons that old usernames remained in the system was because the nature of the business meant that a reasonable number of employees were sometimes on temporary contracts and it was not unusual for them to work a number of temporary contracts in various organisations before finding themselves back again (and the people responsible for issuing usernames were supposed to check whether someone already existed in the system before doing so!).

            1. Dr Paul Taylor

              "That username has already been issued to someone else."

              That's the reason why I am "Dr" Paul Taylor on El Reg. There seems to be no way of getting my login merged with my earlier "Paul Taylor".

            2. James R Grinter

              Re: easy pickings

              Its actually a good procedure (or would be if they’d done it intentionally) - the returning person may not be doing the same job as before so giving a new account name can avoid giving access they used to have but no longer need.

              1. Anonymous Coward
                Anonymous Coward

                Re: easy pickings

                After leaving, and maybe even returning again, it would be a rare company that always thought to remove email and phone numbers systematically and immediately from every previous application's configuration in all environments: test and dev as well as prod. So it is hardly surprising if some previous applications continue to send support mail or ticket updates to a reused internal email address, or even occasional SMS messages to a phone, which could be confusing or a nuisance if the address or phone number had a new owner. Content sent out of the app should have been vetted to ensure that it is not sensitive, but it would still be better to watch out for this contact lifetime issue in future and try to think of a way to manage it correctly.

          2. Anonymous Coward
            Anonymous Coward

            Re: easy pickings

            "I left a small IT company about ten years ago, and went back about three years ago for a short term contract.

            My email (username) and password still worked."

            Many years ago, I had set up the company network, servers etc and the last few weeks I was there I did some documentation.

            About five years later I was working there again, but with lower rights than before, as it was a question of trust. Until the network went pearshaped, and no one else to look at it, I was given ..... the same documentation that I created five years earlier, with my hand written notes and passwords....

            Another company wanted all the admin passwords written down, put in sealed envelopes and placed in a safe, just in case of emergency. My colleague did so, I was too busy and never got round to it.

            A few weeks later, there was a meeting about a management buyout, staff will be laid off. While the meeting was going on, some weaselly PHB had opened the safe, took the envelope and changed passwords. My colleague was locked out of his systems and mine still worked.

        4. Anonymous Coward
          Anonymous Coward

          Re: easy pickings

          The BOFH law of password insecurity: all IT Manglers\\\\\agers choose relatively weak passwords for shared resources, because they are too lazy to remember (or record) stronger ones, no matter how often the BOFH attempts to advise that this is not exactly a very good practice.

          (Unfortunately, the lifts in my workplace are not sufficiently reliable for this problem to yet have been rectified. It would be rather unfair if an unexpected object were to fall on an entirely innocent lift engineer.)

          1. Michael Habel Silver badge
            Devil

            Re: easy pickings

            Speaking of what has Mr. Travaglia been up to these many months? November is on the wane, and I'm jonesen for some new BOFH...

      2. MachDiamond Silver badge

        "In that case, I told them quickly, because I didn't want them blaming me for anything! I sent it registered post."

        Wise move. When you leave a company, you want to make sure that your have given up all of your keys, codes and accounts on their computers. You also want to be receipted on that as well. Be sure to insist on that if before you agree to an exit interview, if they do that, or sign any documents.

        If you don't need access to something as a part of your job, don't get keys/codes for it. It can be very unpleasant to have to answer a bunch of questions regarding a crime or breach in an area that isn't part of your normal activities. Get one time or temp access when you need it. If it's a secure area, get somebody responsible to walk you in and check you out or even sit there while you do your work. Even if they deactivate a key card or company ID, make sure you give it back and get a receipt.

    3. Anonymous Coward
      Anonymous Coward

      Before or after calling the FBI?

    4. Mike Friedman

      That's exactly what I would've done with this. Unplugged it, put it in my desk (locked of course) and waited to see who claimed it.

      And then given them a talking to about putting things in MY server room that I don't know about.

      1. Pete4000uk

        'A meeting without coffee'

      2. Cpt Blue Bear

        "That's exactly what I would've done with this. Unplugged it, put it in my desk (locked of course) and waited to see who claimed it."

        And that's exactly what I have done. Mind you, it wasn't anything quite as sophisticated as this. Mine was an old netbook plugged into an open wall socket and tucked behind a filing cabinet. Its sheepish owner got a lecture about professional behaviour, followed by how to throttle a torrent client so it doesn't cause trouble on the network (because no one in IT over the age of 35 hasn't done something similar and incompetence offends me).

        "And then given them a talking to about putting things in MY server room that I don't know about."

        I've also heard that argument from a network manager when organising sanctioned traffic monitoring. My answer was it wasn't "his" server room, it belonged to his employer. Turns out he had good reason to not want us snooping (or should that be snorting?) around "his" network.

  2. Anonymous Coward
    Anonymous Coward

    I would complain more at the seemingly-paranoid security measures currently being rolled out at my place (only code submitted to the main repo may be run at all), if it wasn't clear how much real damage rogue employees can do.

    1. big_D Silver badge

      We only allow signed code, which can only be done on a single computer in the IT department.

      Nothing unusual about that.

      The IT staff can develop on their own test VMs, but the code can only run on those devices, to run it on the core infrastructure, it first needs to be approved and signed.

  3. This post has been deleted by its author

  4. elDog Silver badge

    Leaving routers in dropped ceilings; unidentified phone lines; ...

    Just recounting this for someone I might have worked with.

    He apparently knew someone who worked at some company that was moving to a new location. That someone asked a neighboring business if he could run a TP through the dropped ceiling over the dividing wall for his router to get access to power and LAN. Friendly neighbor said "sure". As far as someone knows, that router is still blinking lights happily. (The credentials might be admin$ad...)

    Another bloke actually left a second modem and phone line in a house that he sold. The purpose was to be able to do remote call forwarding without paying some crazy long-distance charges. The buyers happened to work for some spooky agency but it took a few months for a security scan to find out the leaky bits.

    Or, this may just be hearsay.

    1. Anonymous Coward
      Anonymous Coward

      if you heard it down the pub

      then it must be true - first rule of IT security :)

      I used to drink with the pen test team from a large IT services company. They had some hilarious stories.

      1. Anonymous Coward
        Anonymous Coward

        Re: if you heard it down the pub

        A pet hate of mine is the enthusiasm with which pointy haired bosses and sundry HR rejects, oxygen thieves etc. enthuse about things like Yammer, Tibbr and similar in-house Faecebook lookalikes and how we can get Answers To All Our Problems(TM) by posting on the hallowed turf

        If I'm feeling particularly awkward I ask about the quality implications of relying on advice from complete strangers (it's a large organisation) and point out that it is largely the same as saying "some bloke down the pub told me". The follow-up question is along the lines of how does that square with ISO9000 etc., certification.

        1. Anonymous Coward
          Anonymous Coward

          Re: if you heard it down the pub

          Oi, that's effectively the modus operandi of StackExchange (and in a former era, usenet), or even this forum, that you're dissing there!

          For every random nutter complete stranger out there on the internet, there is at least one kind, helpful stranger willing to offer (hopefully) sensible advice, partly because they are a decent human being, and partly because they hope that someone might return the favour to them one day if need be.

          Sometimes the nutter:angel ratio is even better than that.

          1. Anonymous Coward
            Anonymous Coward

            Re: nutters v angels

            The tricky bit is telling them apart.

            Especially here.

            <Looks around furtively to see if the BOFH is listening>

        2. Vincent Ballard

          ISO9000

          Surely you're fine with ISO9000 as long as you sneak a line about "Consulting outside expertise" into the process document.

        3. d3vy Silver badge

          Re: if you heard it down the pub

          Oh... The arguments I've had with people on Yammer.

          Them "Does anyone know how to resolve issue x on my work laptop"

          Stranger #1 : "just download this thing from www.totallynotmalware.com and install it, fixed my issue"

          Stranger #2 : "I had the same thing and fixed it by deleting files x,y,z"

          Me : "FFS, we have a massive service desk with tonnes of people who do this for a living, why are you trusting Frank the janitors cousin to tell you how to fix your corporate laptop?!?"

  5. Anonymous Coward
    Anonymous Coward

    Not quite as dire

    But I retired from a large corporate workplace a while back.

    I rather think they borked the offboarding (or whatever the trendy HR expression of the day is) as, over two months later, I still had full access, and was still being paid.

    Knobwits

    1. Hollerithevo Silver badge

      Re: Not quite as dire

      Yep, I got paid an extra month's salary and various accounts were still available to me after I resigned. I wemailed, then wrote, asking to whom I should pay back the salary, etc., but heard nothing. The money sits in my account earning whole pennies of interest until they finally get a clue.

    2. DuchessofDukeStreet

      Re: Not quite as dire

      Never been fortunate enough (although the last employer didn't tell HMRC that I'd left and they weren't paying me any longer, with the result that HMRC then changed my tax code to reflect that my salary had doubled....) but about 15 years ago, several employers ago, the Head of IT was let go (following a vile takeover for him to be replaced by a useless PHB). Nine months later, he turned up on site for a service - in his company car. Turns out that, although he'd been let go (and paid a settlement figure to avoid a tribunal) HR hadn't stopping paying his salary (and new PHB hadn't spotted the cost), providing medical cover or asked him to return the car, his laptop, his security pass, etc, etc He'd been putting all the money into a specific savings account so he could return it if asked.

  6. KieranTully

    It's to tell you how busy the wiring closet is, before you visit

    A student in the US found hidden Pis were being used to count MAC addresses to generate busyness heat maps for college facilities. See https://youtu.be/UeAKTjx_eKA

  7. Chris King Silver badge
  8. Destroy All Monsters Silver badge
    Black Helicopters

    Uh-huh. "Former employee with high-level access".

    So what we have is a former employee who for some reason had access to a secure server room in the heart of the organization, without the IT manager being informed, and who installed a fairly sophisticated bit of kit

    It's lucky this isn't some high-value target or very private industry otherwise this could end in a messy kashogghi or a vatican-bank-style suicide.

    Better watch out regardless, it's good that a heads-up has been posted on El Reg already. IT peons are not valued highly.

  9. Throatwarbler Mangrove Silver badge

    LOL Reddit

    Thankfully we have here The Register's army of commentards, who are sure to remain universally calm and rational!

    1. DavidRa
      Joke

      Re: LOL Reddit

      Oi, who are you calling calm and rational!?

      1. Korev Silver badge
        Joke

        Re: LOL Reddit

        OI, WHO ARE YOU CALLING CALM AND RATIONAL!?

        Fixed the capitalisation for you...

    2. the spectacularly refined chap

      Re: LOL Reddit

      Thankfully we have here The Register's army of commentards, who are sure to remain universally calm and rational!

      One would have hoped there were enough clues in the article but not for the first time something like this has clearly gone "whoosh!" straight over the heads of many commentards.

      Seriously, a commodity USB wifi/Bluetooth combo is a "pretty powerful IoT device", and obviously a program called "logger" is automatically suspicious on a Unix system. You expect that on Reddit but you'd expect at least enough nous to recognise satire here.

      1. John Brown (no body) Silver badge

        Re: LOL Reddit

        "Seriously, a commodity USB wifi/Bluetooth combo is a "pretty powerful IoT device", and obviously a program called "logger" is automatically suspicious on a Unix system. You expect that on Reddit but you'd expect at least enough nous to recognise satire here."

        Not only that, but there's no further info on the ex-employee. We don't know if he was sacked or just moved to a new job. For all we know, he left to be a pen tester and was doing the college a favour :-)

      2. This post has been deleted by its author

    3. Inventor of the Marmite Laser Silver badge

      Re: LOL Reddit

      Marmite lasers are neither calm nor rational.

      Beware the blinding beam of brown

      1. fedoraman

        Re: LOL Reddit (Marmite Lasers)

        I've always wanted to ask this - how do you get the population inversion with these things?

  10. herman Silver badge

    So, after all this 'helpful' Reddit chinwagging, has the extremely competent IT Administrator unplugged the RPi yet?

    1. raving angry loony

      Depending on the size of the company, it might take 3 months for the change management request to be approved by an I.T. illiterate management.

      1. Pascal Monett Silver badge

        I.T. illiterate management who seems to be responsible for the whole mess anyway. OK, it's just a school, but still.

      2. Giovani Tapini

        You may be right, but before you can raise the CR to remove it, you first would have to get it added to the CMDB before you can raise the change. You wont be able to get it on the CMDB because you don't know what it connects to and what services it runs.

        this could go on for some time...

        1. Doctor Syntax Silver badge

          "but before you can raise the CR to remove it, you first would have to get it added to the CMDB before you can raise the change"

          If it's not on the CMDB it doesn't exist so it was never removed when you unplugged it. Just following CR logic.

          Following BOFH* logic, just unplug it to see who screams.

          Remove the SD, plug it into a Unix/Linux box, edit the shadow password file to ensure you can log in, replace SD, add monitor and keyboard and find out what it's trying to do.

          *I'm worried. BOFH not been seen for some time. Did a boss finally get him?

          1. A____B

            "just unplug it to see who screams"

            Ahh memories...

            Many years (decades!!) ago I was working at a site which was an old factory 're-purposed' as offices. Nobody had a wiring plan.

            We had some Vaxes and VT100 / VT220 terminals dotted around the place.

            One day I was chatting to one of the operators (remember when operating a Vax was a full time career?) who casually pulled a plug from the patch panel, saying "hold on a mo...".

            Sure enough the phone rand and his side of the call went "suddenly stopped? oh dear I'll see if I can fix it.... where are you located? and which terminal is that? third from the left? great" then he'd write out a sticky label and put it on the cable and plug it back in. He reckoned nine times out of ten there'd be a pathetically grateful call-back.

            Doing once cable every 20 minutes or so from widely different parts of the patch panel reduced the risks of any user cottoning onto what was happening.

            He saved the company thousands compared with getting contractors in to do the wire tracing.

            On the BOFH absence front -- where is Simon? we need to know - has the PFY launched a successful putsch at last?

          2. Anonymous Coward
            Anonymous Coward

            If it's not on the CMDB it doesn't exist

            At a previous job we had a relatively nice (compared to the normal corporate crud) pooled MBP that was used for video editing. But despite being asset tagged it somehow never ended up in the CMDB.

            A year or two and a few role changes later, our team were no longer using it and getting tired of hauling it to new locations in the estate every time we got moved. The call went into desktop support to come and pick it up. But they had no record of its existence. And I got the distinct impression that asking them to pick up a theoretically non-existent asset was akin to suddenly shifting into reverse while doing 70 down the motorway.

            Eventually we got moved again. Left the MBP on a spare desk at the end of the row and after a few weeks it disappeared. I assume IT did pick it up, but honestly couldn't be sure.

  11. Milton Silver badge

    Infosec staff quality

    I'm slightly off topic, or at least the point is tangential ... but I suspect I'm not the only one who's noticed that people in corporate infosec jobs seem to vary wildly in their abilities. IT remains generally infested with cowboys and all-purpose oxygen thieves, but sometimes I wonder whether infosec is the secondary magnet (after management roles, of course) for those who talk a good game while knowing basically nothing.

    I have some tragic familiarity with a major British airline whose infosec team seems to have no clue about risk, prioritisation, mitigation etc and therefore resorts to absolutist dogma whenever challenged, usually because after some probing it turns out they don't really understand the technology or the ramifications of their "policy". It may, for example, seem like a good idea to look tough and competent by blocking all admin-level access to all machines, but have you thought how that might affect agile*¹ development teams? Do you know how many man-months of work are wasted because you didn't think to enquire before implementing such a draconian policy?

    And are you really insisting on 2FA via SMS for 'extra security' ...? Cue, howls of laughter.

    *¹ That's 'agile' with the silent 'FR'.

    1. Pascal Monett Silver badge

      Re: have you thought how that might affect agile*¹ development teams?

      Uh, they won't be able to fuck up so quickly anymore ?

    2. Korev Silver badge
      Terminator

      Re: Infosec staff quality

      >I have some tragic familiarity with a major British airline whose infosec team seems to have no clue about risk, prioritisation, mitigation etc

      Just wondering if it is the same lot who had some "improvements" made to the javascript on their page recently meaning some customers' credit cards got "borrowed"...

    3. Anonymous Coward
      Anonymous Coward

      Re: Infosec staff quality

      <quote>I have some tragic familiarity with a major British airline whose infosec team seems to have no clue about risk, prioritisation, mitigation etc and therefore resorts to absolutist dogma whenever challenged, usually because after some probing it turns out they don't really understand the technology or the ramifications of their "policy"</quote>

      That will be BA then? I can't imagine any other British airline with a worse grasp of IT generally!

    4. 0laf Silver badge
      Holmes

      Re: Infosec staff quality

      Infosec bod here.

      Yes I too know of this dogmatic mentality. However that can stem from corporate culture. If it is the culture of that airline to use the infosec team as blamehounds whenever a project goes wrong then it's not really a surprise. But it can also stem from a lack of confidence.

      I get quizzed every day all day with 'is this ok?'. This will be on every IT subject from server setup (Windows, Unix, Linux and propriatory), cloud architecture, software development, web development, databases, legal and compliance ramification GDPR, PCI, SOX etc etc. I'm expected to be an expert in them all at the moment the question is asked and my answer makes me responsible for the outcome.

      So I have become good at asking questions and mostly all I do is guide the subject matter experts who are asking the questions to the reasonable answer they probably knew in the first place. And I learn a little bit more in the conversation.

      I might identify risks and take them to the right person to sign off but it is not in my authority to say no or yes to anything. Getting is across that the risk is never mine can be quite hard. Speaking to an infosec bod is not outsourcing the risk.

      1. TFL
        Pint

        Re: Infosec staff quality

        This is something that the group I work with actually has worked out. We're part of a fairly large org, with security people in many roles. Ours is essentially internal consulting, where projects come to us for review. Sometimes even before they've done what they wanted.

        PMs are still used to the idea that we approve things, but we don't. We identify risk, document it, and there is a process (still evolving) where this risk is formalized. If needed, the business people are responsible for fixing the problem identified, or accepting the risk.

    5. Anonymous Coward
      Anonymous Coward

      Re: Infosec staff quality

      but sometimes I wonder whether infosec is the secondary magnet (after management roles, of course) for those who talk a good game while knowing basically nothing

      You mean there's a chance for me to move into that field after all?

      1. 0laf Silver badge

        Re: Infosec staff quality

        It's not hard to blag the certs. It just costs money.

    6. Anonymous Coward
      Anonymous Coward

      Re: Infosec staff quality

      > blocking all admin level access

      Except, if it's the airline I'm thinking of, you can raise a request for a "development profile". Unless things have changed recently.

  12. Michael H.F. Wilkinson Silver badge
    Coat

    I am a bit disappointed ...

    there wasn't an saffron-clad, vaguely oriental-looking, elderly man with a broom named Lu-Tse involved.

    Or maybe there was!! Nobody ever notices a sweeper!!!

    Ah-hah!!!!

    I can feel an extra exclamation mark coming up right now!!!!!

    OK, I'll get out of here. The one with "Thief of Time" in the pocket please

    1. Sabot
      Headmaster

      Re: I am a bit disappointed ...

      Who gives their brooms names?

      1. Androgynous Cupboard Silver badge

        Re: I am a bit disappointed ...

        You shouldn't name a broom, you risk becoming attached to it. The same goes for any cleaning product really - before you know it you have empty bleach bottles sitting around because you can't face breaking it to them that they're off for recycling.

        1. Hollerithevo Silver badge

          Re: I am a bit disappointed ...

          @Androgynous Cupboard, you scoff, but it's hard. Their little pale plastic faces, so familiar, so beseeching...

      2. tel130y

        Re: I am a bit disappointed ...

        Trigger probably did...Or bits of it as they came and went

      3. Anonymous Coward
        Anonymous Coward

        Re: I am a bit disappointed ...

        > Who gives their brooms names?

        Errr ... Brummies?

      4. Pedigree-Pete
        Happy

        Re: Who gives their brooms names?

        @Sabot. I'll repeat a recent post of mine.

        I have a wood planer called Nigel. :) PP

        1. Prst. V.Jeltz Silver badge

          Re: Who gives their brooms names?

          Right , i'm gonna call my hammer Mike then, or maybe MC.

  13. Korev Silver badge

    Legality

    In England/Wales, this behaviour would be illegal under the Computer Misuse Act. Is there a similar law in Austria?

    1. vgrig_us

      Re: Legality

      Yes - a POS called cfaa, which is so badly written that you can be criminally prosecuted for even braking ters of use. That the law FBI used to drive Aaron Swartz to suicide.

      It was passed after Regan saw "war games" and panicked.

      1. Is It Me

        Re: Legality

        vgrig_us, I will break it to you gently, no-one apart from you is talking about the US, this happened in Austria.

        Austria is a country in Europe, so the US Computer Fraud and Abuse Act and the FBI have no relevance here.

        Comments like yours are why Americans (and by that I mean US citizens, as people from South/Central America and Canada are actually Americans) get a bad name for thinking that world revolves around them

        1. Anonymous Coward
          Anonymous Coward

          Re: Legality

          Wait, you're telling me there are *laws* outside the US?

          Next you'll say something really ridiculous, like that foreigners are actually people.

          1. vgrig_us

            Re: Legality

            Ah, my bad - somehow read wrong... Blame the sleepy early morning commute, i guess.

            1. Criggie
              Go

              Re: Legality

              Best thing I ever did was stop driving and start exercising. We moved house and I was faced with a 60 minute drive plus pay for parking, or a 60 minute bike ride, or a 90 min bus ride.

              The burst of exersise wakes me up and I'm effective much more - the excuse of "haven't had coffee" is unneeded. Even using the recent Lime scooters is a step up in the personal exercise area.

              And as IT wallahs we all run the risk of chair-sized bums, so adding some blood stirring moments is the best thing you can do for yourself and your work.

              1. Prst. V.Jeltz Silver badge

                Re: Legality

                I guess so , but , yuo know , it sounds like hard work.

                Sound like 30 minute moped ride could be a compromise :)

            2. Anonymous Coward
              Anonymous Coward

              Re: Legality

              No. I blame you for being thick.

          2. ITS Retired

            Re: Legality

            "Next you'll say something really ridiculous, like that foreigners are actually people."

            People with Rights, not subject to United States laws. What a concept, huh?

            People like Julian Assange, even.

        2. Dagg

          Re: Legality - Austria is a country in Europe

          You mean, you mean they don't have kangaroos...

  14. Anonymous Coward
    Anonymous Coward

    Reputation and qualification

    The Reddit angle is interesting - for its abject failure. As a social platform it is supposed to elevate the good comments as it builds the credibility of the posters. Being rated by your peers does not work if your peers are all clowns, at which point you should take a closer look in your mirror.

    Taking it to 4chan would not have made a difference but it might have been more entertaining at least.

  15. muddysteve

    I'm not a sysadm, but surely if you find an unknown piece of kit in your server room and the management don't know about it, then the first thing to do is unplug it, and see who shouts, rather than get on the internet and wait for replies.

    1. Andraž 'ruskie' Levstik

      Why are you involving management into this? They won't know what it is even if they signed off on it 30s before.... Just unplug it, put it in your drawer and wait for the scream test.

    2. Anonymous Coward
      Anonymous Coward

      Unplug it?

      Yeessss, but in some of the historical documents, if you disconnect a suspicious device, an LED flashes 5 times, then remains on for 2 seconds, and then the room goes KABOOOOMMMMMM!!!

      Whatcha gonna do, huh, whatcha gonna do?

  16. chivo243 Silver badge
    Devil

    Burn it, Burn it with fire!

    Then nuke from orbit. Failing that, get a hammer! If it doesn't have our company asset tag, it gets removed, and I've never seen it, wink!

    1. Doctor Syntax Silver badge

      Re: Burn it, Burn it with fire!

      No. It's a Pi. You can always think of something useful for it to do.

  17. Anonymous South African Coward Silver badge

    Had a device dishing out rogue DHCP packets on our network once.

    I bricked it with the wrong firmware.

    Whoops, ahahahaha.

  18. HmmmYes Silver badge

    When Ive found myself cursing at a useless/crooked 'professional' business - lawyers, EAs amainly - Ive sat here brooding about ways I could fuck roaylly fuck them over.

    It used to be stink bombs/hidden sardines.

    These days, a small wireless ARM device deve - those gur plug things, or smething hanging off a USB dongle for power would do.

    IT security? Why have expensive consultants when you a payd an agency cleaner NMW and they work out of office hours.

    1. John Brown (no body) Silver badge

      "These days, a small wireless ARM device deve - those gur plug things, or smething hanging off a USB dongle for power would do."

      Like one of those powerline networking thingies. Just glue a small glass bottle on it with some yellow liquid in and slap an Airwick[1] logo on it.

      [1] other plug-in air fresheners are available.

    2. ibmalone Silver badge

      While on the subject of bugs (of the listening kind), it's always worth taking the time to appreciate the genius of Léon Theremin's "Thing" https://en.wikipedia.org/wiki/The_Thing_(listening_device) (presumably it has a better name in Russian).

  19. Anonymous Coward
    Anonymous Coward

    Reminds me of working in security for a large corporate and came in one day to server room to get console on one of our test/monitoring servers as it had no remote access means by design, noticed our dedicated to security machines 47u rack in the lab dc had a linksys wifi ap plugged into the switch.

    Asked the duty sysadmins what that was, and nobody knew, no asset tags, no records, not even racked properly just plonked on top of one of our boxes so promptly unplugged it and put it in desk drawer after a quick poke about revealed it had default creds and was allowing open wifi access to our isolated dc management network inside a security zone which required elevated access to do some of the things it did. Also alarming because even though we didn't have a route out for it to call home, its range easily reached to the break rooms and across site to the tech park diner with the right kit.

    I heard nothing for ages then suddenly our "security penetration test expert" team sent their boss to sheepishly ask for their access point back as they needed it for another job. It wasn't my place to, but I did suggest to him that perhaps he might want to apply some config in case the next client wasn't asleep at the wheel and spotted it too...

    1. Version 1.0 Silver badge

      The majority of these comments apply to amateur pen-testing, the professionals don't get caught this easily, their kit never hangs off a switch unless they want you to find it ... because then you stop looking for the real one.

  20. W Donelson

    Sounds like a trial run to me.

  21. Stevie Silver badge

    Bah!

    Look, it's very simple:

    The FBI is a domestic law enforcement organization with no legal powers outside the USA, so stop recommending people in Europe call them.

    The people you need to talk to are the CIA.

    Who already know because they put the Pi in your closet in the first place.

    Allegedly.

    1. d3vy Silver badge

      Re: Bah!

      Ring ring, ring ring...

      "Hello, CIA?

      Yeah I found this device I don't recognise in my server room... I've unplugged it but want to know what I should do now... You want me to plug it back in and not worry about it?"

  22. Anonymous Coward
    Anonymous Coward

    Nobody ever expects the cleaners..

    I was working on a secure project and was sat in a caged data centre with access to some secure racks - and was working away. My colleague was remarking on how secure the place was - several locked/key/biometric doors, cages, etc and the fact we had to get clearence when he was interrupted mid-flow by a cleaner walking in to empty the bin..

    I've never laughed so hard.

    1. TRT Silver badge

      Re: Nobody ever expects the cleaners..

      Are they collecting large amounts of bubble wrap and do they have a gas-tight, explosion proof fume cupboard?

      But... it could just be collecting data about the environment in the cabinet, or acting as a radio relay for freezer & fridge alarms...

    2. John Brown (no body) Silver badge

      Re: Nobody ever expects the cleaners..

      "when he was interrupted mid-flow by a cleaner walking in to empty the bin.."

      Seriously? You think that's a potential security weakness? Really? Have you *SEEN* the security checks that cleaners have to go through? No? Me neither :-)

    3. Anonymous Coward
      Anonymous Coward

      Re: Nobody ever expects the cleaners..

      > when he was interrupted mid-flow by a cleaner walking in to empty the bin..

      Pharmaceutical plants require both security and extreme hygiene. So when management of such a plant showed prospective buyers the plant, they were in a special corridor and only looking in through sealed and air tight windows, extolling the security and hygiene where people were wearing clean room suits. That is, until a security dude in security uniform walked in - with a guard dog.

      There are many "invisible" people that somehow escape all clearances. Cleaners, security guards and electricians are in my experience regularly overlooked in these respects.

    4. MonkeyCee Silver badge

      Re: Nobody ever expects the cleaners..

      Some of cousins are cleaners. The ones who have proper security clearances* get paid a hell of a lot more than the ones who don't, and they tend to actually be security conscious.

      If you're running a site, and you don't know the names of your cleaners, security guards, secretaries or EAs (and ideally their partners, kids etc) then you're doing it wrong. A kind word here and there, couple of gifts a year, and you'll be on top of all the company gossip.

      I liked to slip it into the budget under "IT team building". Occasionally I'd get asked why I was buying whisky and gift vouchers with company funds....

      * I'm not sure exactly what level they have, but the PTB did talk to pretty much every school teacher they had and every ex boyfriend...

  23. This post has been deleted by its author

  24. Anonymous Coward
    Anonymous Coward

    NHS IT

    An IT company looks after all GP computers in a city in the UK.

    Due to their secure system of usernames/passwords I can log onto any computer in any GP practice in the city ...

    Anon for obvious reasons

  25. Peter X

    Raspberry Pi

    I thought at the start of the article that perhaps we were being called on to solve this mystery...

    I'd got as far as:

    * The perp. is probably > 6 years old.

    And that's based on the fact that the Pi in question is one of the early ones that still has the single row of header pins near the yellow composite connector and has polly-fuses (that caused USB power problems) near the LEDs. And those ones only had 256MB of RAM too. These Pis were AFAIK only sold for a few months in 2012. Of those, some had Hynix RAM, and some (I believe most), like the one in the picture, had Samsung RAM.

    I am wearing a deerstalker and smoking a pipe by the way!

    1. Prst. V.Jeltz Silver badge
      Holmes

      Re: Raspberry Pi

      I am wearing a deerstalker and smoking a pipe by the way!

      for gods sake man we have an icon for that!

  26. Inventor of the Marmite Laser Silver badge

    I love this place

  27. Archivist

    Shhhh...

    There's an RPI in our server room... It's our GPS Stratum-1 time server. Been running for 3 years so far, untouched. Of course it's fully documented.

    1. Jay 2

      Re: Shhhh...

      Once upon a time we had two RasPi providing NTP at a CoLo as a fudge until we got some proper time appliances sorted. They worked much better than I expected. Once decommed I re-used one as my remote access solution from home using the Raspberry Pi Thin Client Project (Linky).

  28. MJI Silver badge

    When I leave this job

    I expect I will still have log in details and remote access, hopefully still the phone number. might even keep the key.

    There is a way to leave a job but still have access.

    Especially as I may need to help.

    11 years to go then I will finally have time to do the important things.

  29. Anonymous Coward
    Anonymous Coward

    Always lock accounts

    Especially when it's an IT person that's left. A place I was based in London used GSuite. Despite 2FA being on and set to "ask for your login credentials every 30 days" on whatever device you were on (their policy was poor, so you could login to GSuite on any device because they didn't enforce their policy). Despite that 2FA option being on, for some reason, on my account and the device I was using, it never asked for the 2FA again (I'm sure it's a bug in GSuite's 2FA system & cookie related). So for over a year I was still able to access my e-mail. By mistake of course due to Chrome remembering sessions.

    Carried on until I cleared out the cookies on that machine. Now I get prompted for the password and I'm sure, if I tried, it would let me login.

  30. steviebuk Silver badge

    I'm sure I've read...

    ...or a real pen test, I think in one of Kevin Mitnick's books, where they did actually apply to be a cleaner just to gain access to the building to get to the server room.

    Server cabinets always have piss poor locks. They are easy to pick so I don't know why they even have locks.

    1. d3vy Silver badge

      Re: I'm sure I've read...

      Every place I've been to the doors have been locked.. But only on the front of the racks :)

      1. Killfalcon Bronze badge

        Re: I'm sure I've read...

        Most of the time, locks are to remind the honest user that this is a secure Thing, and that they should not be opening the other things. Basically a break on curiosity, who, as we know, often wonders what the big red button does..

        1. Anonymous Coward
          Anonymous Coward

          Re: I'm sure I've read...

          Did some work on a power station some years back. It wasn't IT related, just temperature converters in cabinets.

          The customer had been having trouble with people nicking the internal lamps, presumably for garages, lofts, etc. He insisted we fit padlocks to the enclosure doors, which was all very well and good but it did nothing to stop people unscrewing the bolts on the side panels and getting to the lamps that way.

          Waves at Aberthaw power station

          1. Huw D

            Re: I'm sure I've read...

            Ah, security by WTF-ery.

  31. Marco van de Voort

    database passwords linked to applications are rarely changed

    I came back to an old company to do some updates to an old app and noticed the database password was still the same. After 6 years.

    Application passwords should probably also be regularly rotated, and software should therefore never hardcode them.

    An ex employee who breaches your network (like in the article), might be able to siphon off complete databases otherwise.

  32. ShortLegs

    Just tried my DDI desktop number for the company I left in 2004. It still works, and my company voicemail account still exists.

    Like an earlier poster, I was downsized with no warning. When escorted to my desk to collect personal items prior to 'garden leave', I had intended to setup email auto-responses, email a few colleagues bye, and allocate responsibilities, instead I found I had been locked out of my corporate /desktop/ user account.

    Bless, they had tried following 'best practice' of removing access (a little hasty, given the legal requirement to conduct 30/90 day discussion periods prior to redundancies). IT only managed IT... they didn't manage the 30,000+ devices present in the core... Or the telephones. I ported my company mobile to personal use, and for weeks after was getting customer calls demanding updates on outages, service issues, etc.

    Its not just physical objects one can find.

    Netware's NDS had a 'feature' that allowed one to create hidden superuser admin accounts. Ok, you needed to have admin rights to the root object to do so (but that was trivial enough if you didn't). First task in any role in a Netware shop at the time was to trawl the NDS for hidden objects, and hidden Admin-level accounts. And kill them.

  33. adam payne Silver badge

    It turns out that there was someone else was able to get into the room: a former employee that "still has a key because of some deal with management,"

    What possible deal would allow an ex-employee to keep a key for a server room / network switch cupboard?!?!

    1. A.P. Veening

      possible deal

      "What possible deal would allow an ex-employee to keep a key for a server room / network switch cupboard?!?!"

      Contractor? In this case probably part time.

  34. Anonymous Coward
    Anonymous Coward

    21st century ISDN

    I worked for a major bank that was until recently owned by the taxpayer (but not at the time of the incident). They had a policy that all on-call 3rd line support staff had an ISDN line installed despite the fact both I and the web published support apps were was quite happy to function through my own broadband. I tried the ISDN connection once then stuck to my home broadband.

    I'm betting readers can see where this is going

    I changed companies, leaving said financial institution. I then moved house, actually emailing my old boss to remind him that three months after I had left the company I still apparently had a working ISDN connection straight into their relatively insecure remote access solution (SFA but also for some insane reason had a web browser you could use without authenticating to browse t'internet) and that I was moving home.

    About another three months after moving I got a panicky phone call from the new owners of the house.

    "Did I know I'd left a working phone line that connected in to some financial institution?"

    "Why yes I did, and I no longer worked there. Don't worry about it. I've already told them, it's not your problem nor is it mine. Feel free to rip it out."

    Which I presume they did, as I then got a redirected mail to my old address informing me a BT engineer would be coming out to fix my company ISDN line.

    I never did find out what happened after that.

    Except said financial institution nearly went out of business. Presumably due to all the sub-prime ISDN lines they were still paying BT for.....

  35. ShadowDragon8685

    Entirely unhelpful speculation: the device was planted by a student who takes the 'If you aren't cheating, you aren't trying' axiom to heart and was trying to get hold of the likes of tests' texts in advance of them.

  36. Anonymous Coward
    Anonymous Coward

    British Banks

    One allowed IT contractors to develop on BYODs, plugged in to the banks network!

    Security audit realised and 100s of contractors were sent home and several hundred new laptops were purchased and configured over the Easter weekend at a huge cost!

  37. Tom 7 Silver badge

    I would have powered it down

    And then whipped out the SD and had a look around that. A diff with another raspbian (assuming it was) would have shown what evil lay within,

    And then I would have had another Pi for a local computer club!

  38. Danny 2 Silver badge

    Heist: XKCD

    https://xkcd.com/2077/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019