Bug found in copying machine
BM-2cU9mrw7HhBEshBL8Ga3s6r5AZSPePxN1z
Mar 17 07:38 [raw]
When dismantling our office faxing/copying/printing/scanning machine I found small green "brick" inside connected with few cables to machine motherboard - half of the size of usual cigarettes pack. Cables were connected to various points on motherboard using soldering. It wasn't original element of machine, it was simply hanging on cables under motherboard. The green stuff was some kind of epoxy, but I was able to dissolve it. Inside I recognized battery, GSM module with SIM card (one of cables was its antenna), 32GB microSD card in small socket and three black chips without any markings or descriptions on them. Battery was not the only power supply for this device, it was a backup, recharging from motherboard power. MicroSD card was FAT32 formatted and it contained all documents ever scanned/copied/sent/received in our office during last few months. These files had PDF, JPG, BMP, TIFF, RAW, OCR and FAX extensions and their names were large decimal integer, which I recognized as Unix-timestamps. There was also additional text file named ".meta" which contained the list of number-named files files, prepended with shorter decimal number (always in range 31-127) and a space. These smaller numbers repeated in many lines - many files on the list had the same numbers prepended. Background: I was told to dismantle this machine to provide our struggling with budget cuts office with spare parts for new one of the same model already working here. I checked this new machine and obviously it had no green epoxy brick inside. Our local small IT department doesn't support such equipment on site, we have outsourced service company for this. Knowing that our office equipment was bugged, how to proceed with my own investigation? I never connected this SIM card to anything and I want to know how to proceed with tracing whoever is on "listening side". Obviously, I don't want to have police involved.
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Mar 17 21:46 [raw]
> Obviously, I don't want to have police involved. The police probably already were involved and would cover up whoever planted the bug. This stuff does not happen in a vacuum.
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Mar 18 13:42 [raw]
This sounds like something you would want the police involved in, to catch the leaker. https://www.youtube.com/watch?v=ocJ4_4ZlHQs http://www.forensicswiki.org/wiki/SIM_Card_Forensics