Swiss Technical Experts: Drips Under Pressure

Submitted by admin on Thu, 06/16/2016 - 01:51

These guys insisted on having the password to my Zyxel NAS: a NSA325-v2 model. You don't need that, you can physically pull the disks and read them, they are not encrypted. Equally, there is a RESET button; hit that sucker for 3 seconds during boot and the master password is reset to default.

What really floored me thought was their next question : "What is the IP address of your NAS?". An IP is like an address or phone number; it's how computers talk. Trouble is, in modern networks, this is handled by a ROUTER. When you switch on the NAS, it uses a protocol called Dynamic Host Configuration Protocol (DHCP) to locate the router, then asks the router to assign it an IP address. Every time I rebooted (or 'bounced') my NAS, it got a new IP address via DHCP.

"Don't play smart with us, it still had an IP address the last time you booted it!"

"Err, no, I don't know it because I use Apple's 'Bonjour' protocol."

Commonly referred to as mDNS in the Linux world, this is another network layer that sits on the ROUTER and translates IP addresses like into something meaningful like "Phil_Work". It's useful because the IP address changes at every boot, so I just refer to the NAS using plain english "Phil_Work".

"You're being evasive. Just give us the IP" They insist.

I'm getting a bit peeved by now, so I say "Listen, guys, you did notice that I have a total of nine (9) NAS servers, didn't you? You cannot possibly expect me to recall every minute detail about them, can you? And you must have worked out by now that you have seized the sophisticated equipment of an IT professional. Did you notice there are ten hard drives in my desktop alone?"

Now, I gave them the password, and explained all of the above, yet they kept asking me for days and weeks on end, what the password to my NAS was. It's all documented in the file.

Either these guys are the most stupid police in the history of all creation; or they were being obtuse on purpose to drag out my case and deprive me of my PCs because -- I told them I was doing my MBA and I urgently required my computers back or at least a copy of my hard drive in order to complete my MBA. They steadfastly refused, and continually asked for the password. Which they already had.

Not enough proof what a bunch of incompetents these guys are? Well, let's move on to my Raspberry Pi B+ model. I was using it as a server as part of a home automation system. The PC experts demanded the password to that too. I said "pull the memory card because the password is saved on my desktop, which you seized already, and my phone, which you seized. you can access it from either of those places, though."

HINT: If you're not technical, I'd like to point out a very important fact. Anyone who has physical access to a machine can pretty easily reset the password unless the disk is encrypted. Even the most insane person I know would never do that on a Raspberry Pi.

"Just give us the password" they started to get angry. So I made something up, because I didn't have it; and you know what, they said it worked fine.

Later when I recovered my equipment, according to my security logs, they never even switched on my desktop. The disk was fully encrypted, and if they had mounted the encrypted partition, there would have been a trace in the security logs.

So, they kept my computers just to wreck my MBA, not to actually investigate anything.