[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Help: Can anyone identify what this is?



On Fri, Mar 20, 2015, at 03:50 AM, Max R.D. Parmer wrote:
> Leidos, being a subsidiary of SAIC, makes me concerned this man might
> be working on contract to perform non-destructive entry of your
> facility. Newbish to not have a pretext, unless the pretext is being
> from Leidos, in which case maybe the intent is just to induce fear.
>
> Is the door he was seen at shared with other parties? If so, having
> building management reach out to other tenants with a photograph of
> the man and the device would be a good way to enhance situational
> awareness around the building and to make any later attempt at
> whatever he was doing more difficult without explicit collaboration.
> Sharing these details and concerns may possibly aid in correlating the
> activity with authorized activities from the other tenants. If it's a
> single tenancy area, be sure to share these details with your
> management and co-workers if you haven't already.

Sorry, I should have mentioned that Leidos are in the same building as
us. However, they are not on our floor and are seperated by a few
floors, so he had zero business being on our level. We're considering
getting building management to setup swipe access to our level.

> Is the door, or any nearby door, secured via a prox-card system? If
> so, my first assumption is this might be an attempt to record RFID
> transactions.

Yes, you need RFID to get into our office space.

> Does your business have wireless access points reachable from the
> device location? This may be targeting that traffic if so.

Yes. This was our main concern. Seeing the antennas made me immediately
think that it was some sort of pentest into our wifi.

> Naturally, several of these questions have potentially operationally
> sensitive answers and you shouldn't answer them here. Just some things
> to consider.
>
> I think your business should:
>  - share all information with other tenants/coworkers/building

Already done. I've shown the video to the other tenants on the same
floor and they have all turned on the awareness.

>    management to increase situational awareness and potentially reveal
>    the reason for this event.

Management were as suspicious as I was. Since Snowden, we (I work at
FastMail) have upped our paranoia for obvious reasons as I would
consider us to be in the same boat as the other targets.

>  - begin considering doing a TSCM sweep

This makes sense. Never considered it before.

>  - consider enlisting counsel to reach out to Leidos to get them to
>    affirm or deny participation in this escapade

Yeah, that's why I was asking for info on the device. We wanted to know
what it was so we knew how to approach them.

>  - consider contracting with a firm to provide heightened guarding

Yep. Considering our options.

Thanks for your response.

Alfie

-- 
  Alfie John
  [email protected]