Network Backdoor

Network Backdoor

A network backdoor refers to a secret or unauthorized method of accessing a computer network, usually for malicious purposes. It’s essentially a hidden entry point into a network that bypasses normal security controls, allowing an attacker to gain unauthorized access, control, or manipulate network resources.

Network backdoors pose a significant cybersecurity risk to organizations, as they can be difficult to detect and can lead to data breaches, financial losses, and damage to reputation. Preventing and mitigating the risk of network backdoors requires a combination of strong security practices, including employee training and asset risk management cyber security technologies.

Zero Day Vulnerabilities

In this day and age, everyone is hyper-vigilant about cybersecurity and the latest attacks and zero-day vulnerabilities. They are both exciting and frightening for anyone involved in information technology. Yet, even though they are shiny, sometimes coming across something more traditional can still raise eyebrows.

Discovering the Network Backdoor

We recently deployed Sepio platform for a multi-campus organization and came across something interesting. In this particular case, the former network manager at this organization had left sometime within the last few months, and the organization had yet to find a suitable replacement. As such, we worked with their IT staff to install the netpollers, also known as network polling tools or network performance monitoring tools, which would scan their various networks and provide visibility.

A Raspberry Pi Connected to a Switch

We immediately came across a Raspberry Pi connected to a switch on another campus, thousands of miles away (Raspberry Pi Security). This was a cause for concern, because the IT staff was unaware of this device or its purpose. As such, they had someone on the respective campus go down to the network room in question and take a photograph.

Raspberry Pi connected to a switch
Raspberry Pi connected to modem and adapter connected to a switch

And this is where things became interesting. The Raspberry Pi was connected to a USRobotics modem which was connected to a phone line. In addition, the Raspberry Pi was also connected to a USB RS-232 Serial Adapter which was connected into the console port on the network switch. A backdoor into the network had been discovered.

Network Managing

To understand what had transpired, we did a search after deploying the Sepio Agent onto all of the IT office computers. On one particular Linux machine, we found another modem. This computer, of course, had been used by the former network manager, and no one had touched it since their departure. Given my curious nature, I asked if anyone could log into the system. The network manager had documented many things, although unfortunately not this backdoor, but had left credentials for the machine. A young helpdesk technician was able to login using the credentials, as other technicians watched.

Remote Connectivity

Finding nothing notable in the applications, one of the other technicians mentioned that the former network manager had used terminals a lot. Scrolling through the applications again, we came across Terminator, and the delighted helpdesk tech eagerly launched the application and then sat stumped at the prompt. I told him to try minicom, and the program opened as soon as the tech pressed ENTER. After a couple of attempts at getting the CTRL-A then Z combination right, the menu appeared, and I asked the tech to press “D.” A single number appeared in the dialing directory. I asked if we could attempt the connection. Much to my delight, the request was granted by the manager. The helpdesk tech selected the number and pressed ENTER. A dial-tone came to life and numbers began dialing. . .

Auto dial screen
Auto dial screen

Shortly after, the screech of data scratching its way through the phone lines filled our ears!  The helpdesk tech asked, “What’s that?” Everyone else laughed, having at least grown up knowing those sounds intimately. I smiled and told him to search for modem sounds later. And, then they stopped.

Auto dial Modem Connected screen
Auto dial Modem Connected screen

Connected. Connected! We had a connection! Pressing any key, we were greeted with our spoils! The helpdesk tech logged into the Raspberry Pi with another set of credentials!

Login into the Raspberry Pi
Login into the Raspberry Pi

It didn’t take long, but we found our way into the switch.

Connection to the switch
Connection to the switch

Forgotten Network

From thousands of miles away, we had dialed a phone number and been connected to a remote network using a modem. One of the other technicians recalled that the Internet connection on that particular campus was problematic at times. The former network manager had installed the Raspberry Pi and modem as a backup. We had opened that door and walked through; a door that had been hidden until uncovered by the network visibility provided by Sepio. It may sound silly, but I felt like a digital archaeologist, having navigated a hidden maze to uncover the mysteries of a forgotten network.

May 24th, 2022