Help: Can anyone identify what this is?

Thu Mar 19 09:50:42 PDT 2015

On Thu, Mar 19, 2015, at 05:24, Alfie John wrote:
> On Thu, Mar 19, 2015, at 07:32 PM, grarpamp wrote:
> > On Thu, Mar 19, 2015 at 1:23 AM, Alfie John <alfiej at fastmail.fm> wrote:
> > > If anyone has info on what this device could be or where I could go to
> > > get more info, that would be much appreciated.
> > 
> > Well whatever it is it looks like maybe 6 freq/id labels and
> > one of them doing 20dB. This stray porcupine needs a
> > nice warm home on your lab bench.
> 
> I don't think we'll see him again any time soon :)

Haha, ya you'll probably just see his more discrete senior next time!

Leidos, being a subsidiary of SAIC, makes me concerned this man might be
working on contract to perform non-destructive entry of your facility.
Newbish to not have a pretext, unless the pretext is being from Leidos,
in which case maybe the intent is just to induce fear.

The thorough rubber banding is weird. They seem like independent
devices, but it looks like the intention is to deploy them as a set (if
you're deploying three surreptitiously through an area, why not undo a
bit more of the packaging first?)

The boxes appear to have two labels on top of them, the second label is
only somewhat visible on the rightmost box. All three labels visible
appear to start with 0x3, left to right I can read: 0x3[f/1?]e[]2,
0x3[f/1?][e?][] and 0x342[f/1?]2. Searching for these preliminary
transcriptions doesn't yield anything substantial.

Is the door he was seen at shared with other parties? If so, having
building management reach out to other tenants with a photograph of the
man and the device would be a good way to enhance situational awareness
around the building and to make any later attempt at whatever he was
doing more difficult without explicit collaboration. Sharing these
details and concerns may possibly aid in correlating the activity with
authorized activities from the other tenants. If it's a single tenancy
area, be sure to share these details with your management and co-workers
if you haven't already.

Is the door, or any nearby door, secured via a prox-card system? If so,
my first assumption is this might be an attempt to record RFID
transactions.

Does your business have wireless access points reachable from the device
location? This may be targeting that traffic if so.

Naturally, several of these questions have potentially operationally
sensitive answers and you shouldn't answer them here. Just some things
to consider.

I think your business should:
 - share all information with other tenants/coworkers/building
 management to increase situational awareness and potentially reveal the
 reason for this event.
 - begin considering doing a TSCM sweep
 - consider enlisting counsel to reach out to Leidos to get them to
 affirm or deny participation in this escapade
 - consider contracting with a firm to provide heightened guarding

-- 
0x7D964D3361142ACF