WWYCD: The Raspberry Pi Incident

[Mister Trent]

Your character is at the team's base in the recreation room/lounge when he or she notices an odd device plugged into a wall outlet next to the coffee machine. It's some kind of circuit board inside an clear plastic casing. The more tech savvy member(s) of your team recognize the device as a cheap mini computer called a "Raspberry Pi". The device has a USB wi-fi card plugged into one of its ports and it's later discovered that someone has set up some unauthorized port-forwarding in one of the base's routers. An attempt to further examine the device and determine what it was configured to do triggers a self-destruct; not the Ka-Boom! kind of self-detruct, but rather a program on the device formatted the SD card it was using for memory, wiping everything out. Reviewing secuirty camera footage turns up no clue as to who could have brought the device into the base; the cameras just show it suddenly appearing sometime in the wee hours of the morning, already plugged into the wall. Asking around, you find out that other super teams have found similar devices set up in their bases.

 

WWYCD?

[Grailknight]

Investigate as we could but not really worried about it. The computers that handle anything important in our base don't have WiFi and cant access the internet unless a series of manual switches are thrown.

 

It's not paranoia when there are supervillains out to kill you.

[Old Man]

The computers that handle anything important in our base don't have WiFi and cant access the internet unless a series of manual switches are thrown.

 

LOL what do you think the Raspberry Pi is for?    We just got a report this morning of malware that hijacks the host's mic and speakers to communicate with other copies of itself using ultrasonic communication.

 

My character would hand the device over to someone who might be able to analyze it, maybe a friendly superhacker or a sorcerer type who can do some kind of psychometric aura detection.  Shrug.

[Tasha]

Given the Special effect of 13 Black's Cyberkinesis (reading the electricity's magnetic fields within the circuit). She might just be able to read what the device does without setting off it's self destruct. Given that SD cards are not that fast to write to, it may just be possible to yank the card before the OS 0's the data on the card. Even then there are rumors of devices that can read latent data on an SD card.

 

Also yanking the power from the device should prevent the device from overwriting the SD card. Though again probing it with her powers should give her a good idea what powers the device JIC it's got some sort of battery backup. She should be able to use her TK to cut power to the device again without tripping it's self destruct.

--------

[Grailknight]

LOL what do you think the Raspberry Pi is for?    We just got a report this morning of malware that hijacks the host's mic and speakers to communicate with other copies of itself using ultrasonic communication.

 

My character would hand the device over to someone who might be able to analyze it, maybe a friendly superhacker or a sorcerer type who can do some kind of psychometric aura detection.  Shrug.

 

When I say manual switches, put emphasis on the manual. It's possible to physically throw some levers but there is not an electronic or remote way to do so. The security and team database computers have no Wifi ever and no internet except when these switches are thrown. 

[FrankL]

Bolt likes to play with computers but doesn't go that deep into the specs. Everyone on the team would turn to one character, Null Space. Not only can he hack into just about anything, but he can make fantastic computer defenses. If the device has gotten past the defenses he set up, he will be at once most impressed and most pissed.

 

As far as is Null Space a black hat or white hat hacker, no one asks. Hints are he plays both sides when it suits him.

[Old Man]

When I say manual switches, put emphasis on the manual. It's possible to physically throw some levers but there is not an electronic or remote way to do so. The security and team database computers have no Wifi ever and no internet except when these switches are thrown.

You misunderstand, sir. I'm saying that the strange device provides its own wireless connection. Any physical switches would be irrelevant.

[Grailknight]

You misunderstand, sir. I'm saying that the strange device provides its own wireless connection. Any physical switches would be irrelevant.

 

I think we're both assuming something about the other's builds.

 

In the case of our base.

 

The security and science computers are all wired in a closed system. There are no USB or media card ports and no Wifi hardware installed on them.  These computers are able to be manually connected to a buffer server  which can connect to an io computer which does have access to the outside world. The buffer server can connect to only one of the computers at a time unless there are 3 team members present to flip switches while turning keys. There are CD and DVD drives.

 

There is a separate system for recreation use  but it's not WIFI. All the team tablets and laptops have built in aircards and we have cell towers on the property.

[Old Man]

So basically, all a hacker has to do is compromise your "io computer" and your secure systems are owned as soon as the keys are turned. Got it.

 

And that's assuming your secure systems really are as secure as you say, and that a resourceful bad guy hasn't thought of a creative way to get to them, such as the ultrasonic exploit I mentioned earlier, or TEMPEST, or compromising the IC hardware that the secure systems are built out of.

 

Anyway you port security policy is a good one, since in theory that invalidates the whole premise of this thread.

[Tasha]

BTW the Raspberry Pi Device described in the OP does basically exist IRL. Though it's set up to be plugged into a wired network where it allows someone to log into the network. It doesn't have the self destruct, which IMHO is the most unlikely of the features of the OP's scenario.

 

"

June 17, 2013 2:25 PM

John Koetsier

 

You gotta love security geeks — they can make it so easy for you. At least, if you’re a black-hat hacker.

 

Network security engineer “Richee” posted complete details about how to make a tiny Raspberry Pi computer look like a ordinary laptop power brick — and then give himself a physical backdoor into corporate networks.

 

Technically, the job is laughably easy.

 

raspberry P trojan horseThe Pi is a tiny computer that could fit in the palm of your hand. But it’s got a 700 MHz processor, a half a gigabyte of RAM, and runs a custom version of Linux. It also has HDMI and USB ports and — critically — Ethernet. Kids, geeks, white-hat hackers, and case-modders buy the cheap $25-$35 computer and build beautiful cases for it, install apps from the Pi Store, and craft robotic bartenders with it.

 

With a little soldering and gluing, Richee fit the tiny Pi into an old power brick, hooked up a black Ethernet cord, and jimmied up a power supply out of a plug and a USB converter. Voila: an inconspicuous ET-phone-home hacker’s best friend.

 

Of course, the software is the critical part.

 

With a few lines of code, Richee built a little script that will phone home to his designated server over SSH (secure shell). Once the Pi phones home, he’s got an insider’s access to the network it’s on.

 

ET phone home

 

Of course, Richee doesn’t have nefarious intent — it’s simply a tool for remote support. In the wrong hands, however, it could go unnoticed for weeks, if companies have lax security oversight, and offer very tempting access to ostensibly-secure data.

 

There is one problem, of course: Laptop power bricks don’t normally have Ethernet cords hanging from them. Richee has a solution for that:

 

It looks weird when you stare at it, but put it behind a plant and nobody will ever notice it (except the guy who waters the plants).

 

And the guy who waters the plants is unlikely to know to much about network security."

http://venturebeat.com/2013/06/17/this-tiny-raspberry-pi-trojan-horse-could-be-a-cute-little-backdoor-into-your-corporate-network/

[Grailknight]

Any security can be cracked. The problem with this scenario is that it assumes that someone has undetected physical access to your base. Spying is the least of your problems.

[Old Man]

That's right! My character would instantly suspect one of the other members of the super team, and would start a campaign of rumors among them in order to sow suspicion and try and flush out the mole. What could possibly go wrong?

[sinanju]

Neither Iron Maiden (the flying brick version) nor the Black Knight nor Hell's Angel nor Man-Ape nor Rose Hancock nor Legion nor Black Mask nor The Dark would know how to deal with this problem.  In fact, most of my PCs are not computer hackers or techies. They would have no choice but to defer to the opinions of teammates more technically inclined than they.

 

Doctor Syence, a suuuuuuper-genius, would probably be able to crack the problem. But she's really the only one. Iron Maiden (the powered-armor version) probably could too, but as she's a villain, she's more likely to have planted the device than to help deal with it.

[Cancer]

Get the team uberspeedster to bring it up to 0.98 lightspeed and record what states its time-dilated innards pass through at your leisure, secure in the knowledge that that also doppler-shifts all its broadcast signals way out of their receivers' bandwidths and defangs whatever nefarious purpose was intended by the builders of the device.

[BoloOfEarth]

Move the device to Wally's computer.

[Vondy]

I deal with business systems and databases all day long. I avoid tech-centric characters during my free-time. My characters would hand the device off to the geek-squad and wait for some field investigative work to present itself.