2
1
I'm trying to troubleshoot the network at the SME of my girlfriend: the previous network admin was more or less trying to blackmail them (for example refusing to give the passwords of the various devices: NAS etc. unless he'd get money) so they got rid of him.
Now we're changing all the passwords from all the computers, cams, NAS, etc. and I found something weird in the cellar, next to the rack I found a little enclosure (not looking very professional, with apparently a hand-made hole to allow cables to pass into it): I opened it and it contains a Raspberry Pi hooked by USB to what is apparently a harddisk. There are two connections to that Raspberry: one USB cable to the harddisk and one ethernet cable which plugs into a TPLink VPN (the cable going to/from the Raspberry plugs into one of the four ethernet ports, not into the WAN port).
What would be the role of such a device in a "normal" company which has nothing to do with IT: it's a tax accounting company which has two small offices (hence the VPN)?
How can I find exactly what this Raspberry PI is used for? (I'm concerned that by turning it off I'd mess the network config)
Could this be some backup thing?
Note that I don't know if superuser is the correct stackexchange site to ask such a question and seen that I don't know what this Raspberry is used for, I don't know which tags to use.
Any help is very much appreciated.
1Well if it doesn't seem like an essential function, I would unplug it NOW. If something breaks, you can plug it in - it might be a way for the guy who just got fired to get back into the network. – cutrightjm – 2014-06-22T15:15:09.980
Raspberry Pi is a mini 25$ computer, which can easily run some Linux versions. If you plug it to network, practically you can do everything. If it's owner is a hacker, he can get into your network and steal info easily (including files, passwords etc). So my recomendation is - unplug it and look what's inside hard drive. – Searush – 2014-06-22T15:31:23.857
@ekaj: and SEARAS too... Thanks, I did unplug it and everything seems to still be working fine. I'll see what the HD contains and if it's encrypted or not. Same for the SD-Card (?) that I found inside the Raspberry PI. – Cedric Martin – 2014-06-22T15:39:07.627
@SEARAS: I did as you said. Labelled all the cables so in case it's an important feature I'll be able to plug it back in. – Cedric Martin – 2014-06-22T15:39:43.533
Yes, check SD-card too. There can be hack-tools. If you know Linux and if you are hacker, then you can determine hack-tools easily (or give it to a hacker and he will tell you). Also having a (mini) computer attached to target network enables anyone to get very sensitive information (e-mail,social site passwords etc), and he can even get full control of network and all network computers (if he is smart enough). So if you find such hack-tools there, you must change all your personal passwords too (gmail, fb, etc) – Searush – 2014-06-22T17:31:35.100
Hackbox for allowing remote access to your network. MyLittlePwny or similar probably. – Fiasco Labs – 2014-06-22T18:00:33.870
Another form of it here: http://www.tunnelsup.com/raspberry-pi-phoning-home-using-a-reverse-remote-ssh-tunnel/ And there's even a custom OS over on SourceForge: http://pwnpi.sourceforge.net/ It's a heads up to watch for when you are dealing with a crook IT fool.
– Fiasco Labs – 2014-06-22T18:06:39.623A torrent seedbox perhaps? – usr-local-ΕΨΗΕΛΩΝ – 2016-02-16T22:05:33.810