1. 14

  2. 4

    This script is raspberry pi specific, and relies on that the raspberry pi has a default password (which is “raspberry”) and that sudo is set up so that no password is needed (which is also the default in raspbian).

    Well, honestly, that is not at all surprising that someone compromised this system. This is in the same category as folks who run routers with default user/pass set, except in this case SSH is probably enabled by default.

    The author basically (unknowingly?!) deployed a honey pot at his girlfriend’s parent’s home, and wrote a story about what happens next.

    1. 2

      TBH, the amazing part is not that it got pwned, but that the attacker was incompetent enough to drop a simple easy-to-read shell script in plain sight. With passwordless sudo, it would have been beyond trivial to instead install a rootkit that can hide every shred of evidence that the host was compromised. In fact, it’s fairly likely that one already is installed and the author just doesn’t realize it yet.

      1. 1

        The author said he’d wipe the pi and reinstall next visit, with an SD card reader to handle that.

        1. 1

          Sure, but in the meantime a probably-compromised raspberry pi is sitting out there on the internet.

      2. 2

        What any reasonable person SHOULD do is: wipe the pi and reinstall. I would have done that if I had an sd card reader with me. I might do it on next visit. But for now, this seemed enough.

        No. What a reasonable person SHOULD do is not running a machine with default credentials; especially when you are handing that thing to a layman a. Unless he used that pi as a honeypot.

        Also I hope he reported the issue to the police. I know that there wouldn’t be any outcome but in the long run the police will only be able to get knowledgable officers for such kind of crime if the numbers rise. At least that’s what I have taken away from multiple chats I had with the force in Germany.

        1. 3

          In the US, you would be laughed right out of the police station if you came in to report that somebody uploaded a malicious program to your $35 raspberry pi that you forgot to change the default password on. And rightfully so.

          1. 1

            The point of the officers I spoke with was that there’s basically not enough budget for the “cybercrime” department and the more crimes are being reported the better (but still slim) are the chances to change that. But maybe this is not representative even for Germany.