
Seems Legit (Suspicious Craigslist Ad) - gmikeska
http://southjersey.craigslist.org/cps/5184080755.html
======
striking
That's pretty darn clever. Either they're DDoSers or they want to steal
everything from your network.

I mean, chances are that they won't be able to penetrate your computers or
break through any of your HTTPS data anyway, but it's still extremely
dangerous.

Anyone mind buying one and analyzing the payload or connecting it through an
isolated network tunnel and watching the packets fly through?

~~~
x5n1
Well you could just put it on your DMZ network and limits its ability to
connect to just any random host, but people who do this for $50 are not that
smart.

------
greenyoda
The routers that most of us use are also essentially black boxes with
unverified software that could be spying on us (e.g., via some back-door known
to its manufacturer, your ISP or the FBI). And if you think that a reputable
company wouldn't distribute malware with their product, you've already
forgotten about Lenovo's little stunt.

------
ChrisCinelli
Apparently they lowered the reward ... it used to be $100.
[http://slumz.boxden.com/f244/dude-wants-to-pay-
me-100-month-...](http://slumz.boxden.com/f244/dude-wants-to-pay-
me-100-month-2251331/) \- There is a copy of the email that they sent back to
a guy that asked for info and and somebody had the conspiracy theory: "They
are just setting up a network of computers where all the box does all day is
just click on their Google ads. They need unique hits to either make more ad
money or make their sites appear to be worth more to sell them."

They most likely want to use it as a proxy so they can have a good pools of
different IPs.

------
DvdGiessen
Looks like a Raspberry Pi 2, given its connectors. Should be relatively
straightforward to figure out what the device does by just getting the
microSD-card out of the case and taking a peek at its contents. Chances are
there's nothing of interest on it though, except a small script setting up a
SSH-connection to a remote server, allowing them to do pretty much anything
later on.

------
rabble
The question is will these folks ever get brought before law enforcement for
such a brazen attempt to infiltrate networks?

~~~
striking
It's not provable without actually hooking it up to a consumer ISP while
watching the packets that it's an attempt to infiltrate networks. Who knows,
maybe it's a stealth P2P startup.

------
sigmar
Definitely a scam, but I'm not sure exactly how it is a scam. Could it be
distributing malware to other devices sharing the network? Maybe messing with
the router firmware and phoning home (allowing for a follow-up remote attack)?
Sniffing for non-SSL logins/credit card info?

------
weinzierl
The RIPE Atlas project[1] does something similar, except that they pay you
with data instead of money - and RIPE is 100% legit of course.

[1] [https://atlas.ripe.net/](https://atlas.ripe.net/)

