看到「The curious case of the Raspberry Pi in the network closet (2019) (blog.haschek.at)」這篇消息,這篇是 2019 當時的新聞,我當時就有看到,不過好像沒寫下來... 原文在「The curious case of the Raspberry Pi in the network closet」,基本上是個在機房裡面發現奇怪的設備,然後追查兇手的故事。
先整理一下事情,作者的父親 (看起來與作者都是這個行業的人) 在機房裡面發現一個奇怪的 Raspberry Pi 設備:
跟能夠進入機房的人確認後發現這不是他們帶進來的設備。另外他就請他爸把 SD card 裡面的東西倒出來再傳給他分析 (因為作者當時在遠端):
I asked him to unplug it, store it in a safe location, take photos of all parts and to make an image from the SD card (since I mostly work remote).
後面就是抓出這個設備是誰擁有的過程了,最後找到人交給 legal 處理。(這樣講好像太簡單了,但有興趣的人可以回去看作者的說明)
另外當年作者就有提到這個單位的 IT team 不大 (只有四個人),加上 BYOD 的政策,導入 802.1X 反而會帶來太多人力成本:
Good points. The problem is, there are over 1000 people coming and going every day, the site has a BYOD strategy and the IT team is 4 people. We tried implementing 802.1X for LAN devices but it was soo much overhead that we dropped that.
The thing of this case is that the person was only able to place the Pi there because he had a key to the network closet. That's game over no matter how many security protocols you implement
We did change the server passwords though
結果六年以後在 Hacker News 上被提起來,作者又來補充了一些事情,在 id=38923967 這邊提到這個點是一間學校,而他們是 contractor 的角色,所以有很多事情沒辦法直接推動:
OP here. What I didn't mention in the article is that this actually happened in a public School (small-ish for US standards as there are just ~1000 students and 100 teachers)
Hard to get the budget for serious switching hardware, even harder to get people who know how to manage them as I'm just an external contractor but can't exceed the alotted budget for my work there
另外在 id=38923991 這邊則是提到是歐洲,另外似乎是私下解決了,沒有上到法院:
OP here. Court records are thankfully not public in europe and it's even illegal to name names in public (unless it's about a public figure)
As far as I know there also were no court proceedings as this was handled internally
算是稍微補充了當年的一些難處...