Shadow on metal
For security and privacy reasons, some details may be misrepresented to varying degrees.
Since I have a private practice, people come to me for various services from time to time: help with training, how to navigate and where to start in information security, help with investigations, ordering analytics/verification, searching for different performers, and so on.
Interesting orders are rare, and even rarer are those that can be published even with changed data. But today we will see one of them.
Act One
Once I was approached by an amateur aviation engineer. One of the important components of his job is to be able to work with serial numbers of parts, so his professional eye automatically paid attention to such things.
Just in case, let me explain: aircraft engineers work with serial numbers in the context of maintenance, repair and operations (MRO). This helps keep track of the origin, maintenance, and compliance of parts with regulations.
One evening, an engineer was leafing through websites with classified ads that sold aircraft parts. Usually there were decommissioned or used parts from disassembled airplanes, but what caught his eye was an ad for a new <company name> hydraulic pump at a discounted price. The engineer talked to the seller, but the seller insisted that the pump was new and was being sold simply because it was not needed.
Act Two
The photo of the part was not the best quality, but had the potential for improved clarity and sharpness to identify the serial number.
We spent some time messing around with photoshop and watching instructions on what settings and how to tweak to improve the clarity of the image. And we managed to extract partially blurred symbols of the serial number: L/R 571-0087 and O/N 34629-AB (numbers and number format have been changed).
We started searching for the number in aviation parts databases (such as PartsBase, ILSmart, Aviall), but it was not listed as a sold part. That wasn't the only thing that made us suspicious. More often than not, these pumps come with strict technical documentation and maintenance history, but there was no mention of that in this ad.
We started looking for official photos of similar pumps from <company name> and found a pattern in the numbers: the original numbers had a different format - they did not contain a two-letter suffix, which was present in the part from the ad.
Now for the sake of curiosity we started to check telegram channels, onion markets, aviation forums, where unofficial spare parts deliveries are discussed. And we did manage to find strange ads for spare parts with unknown past, without documentation and with other suspicious signs.
We began to think how to check the origin of the part? Is it a scrap, a write-off, a pure fake....
Then we decided to search on the manufacturer's website in the documentation with the help of dorks, because often companies post documents, in which, among other things, may be mentioned serial numbers. And we managed to find the same serial number, but without the two-letter suffix. We did not find any mention of what it means.
We also found an old manufacturer's manual, which indicated that the original pumps have laser engraving, but the photo from the ad didn't show the engraving - most likely it had been erased, and additional photos from the seller didn't cover all angles of the part (as if it was done on purpose, but not a fact).
Act Three
The customer later wrote a letter to the manufacturers and to the competent air transportation authorities. A few weeks later the ad disappeared from the site, but whether this was due to the sale or the proceedings with the seller is unknown.
We do not know how this story ended. As is often the case, unfortunately, we were not given any feedback.