Everyone’s favourite single-board microcomputer, the Raspberry Pi, just got sinister, as cybercriminals have been spotted selling software for the devices catering to inexperienced criminals looking to dabble in financial crime.
Don’t try this at home, obviously, but the ‘GEOBOX’ software, with proxy and network traffic routing capabilities, is being sold on Telegram for pretty extortionate prices.
For just $80 a month, or $700 as a one off fee, you too can be investigated for theft and fraud offenses by the security firm Resecurity, who supposedly uncovered the use of GEOBOX in ‘a high-profile banking theft impacting a Fortune 100 company’.
And they would have gotten away with it too...
Detailing the discovery in a blog post (via BleepingComputer), Resecurity explained that “[Pis running GEOBOX] served as proxies, significantly enhancing their anonymity. This approach complicated the investigation and tracking process, especially since, by default, GEOBOX devices do not store any logs.”
There’s nothing less cool than a ‘highly capable tool that can complicate law enforcement tracking and investigation’, but that’s what Resecurity says we’ve got on our hands. Well, even less cooler would be buying software that law enforcement agencies are now almost certainly aware of and actively trying to kill.
However it might be more complicated than that, as GEOBOX doesn’t contain any features that you can’t find in existing software or operating systems. GPS and IP spoofing, Wi-Fi access-point emulation and VPN protocol support might seem scary on paper, but can be of legitimate use, and aren’t anything that you won’t find in other tools or operating systems.
Still, the problem with GEOBOX is that it packages these features in a lightweight Linux distribution with a UI that massively lowers the barrier of entry to committing evil. Resecurity suggests that crimes well-suited to the GEOBOX include the operation of dark web marketplaces, disinformation campaigns, and, of course, financial fraud. Unsurprisingly, we don’t have buying guides for crime.
We’ve run stories like this before, and we suspect this one won’t be the last: Raspberry Pis are cheap and small, so disposable and easily concealed - which are all legitimate strengths of the device.
This writer likes that Pis can be hidden behind a monitor or television, be basically forgotten about as they’re near-enough silent, and doesn’t think that stories like this should put you off looking into them if you think they seem neat.