Read Balance of Power Shifted Online
Authors: Victor Karl
We typically worked in
two person teams by design. The concept was that it was less likely to miss something if you have two sets of eyes reviewing data and dissecting things. My partner for the last 3-weeks was George. George was one of those people that if it were not for computers he probably would have no life at all. George was simply amazing with his ability to shut out all other stimuli and work in a Zen like state on demand. We actually made a good team since I tended to think out of the box and bring in different viewpoints from George.
Geo
rgie, as I called him, knew every arcane piece of information on UNIX and Linux operating systems. I on the other hand knew the Microsoft world well and was intimate with every kind of router, firewall, load balancer and intrusion protection device that may possibly come between my objective and me. Currently I was browsing through log data, located on an unwitting drone server, located in a small data hosting organization out of Toronto, Canada. Based on what I saw, this server may be the last relay point before data routed to the home base server. Whoever was behind the industrial espionage of our client number 3741, knew what they were doing. We never referred to the actual client by name and each client bore a unique identifier in all internal correspondence or conversations.
For the uninitiated, good forensic sleuthing, gathering
intelligence and then trying to gain access to a protected system is a lengthy process. Even though I am a huge NCIS fan, do not for once believe that a system that someone wants to be secure can be hacked in a matter of weeks let alone in hours or minutes. I laugh when McGee proclaims that, “Boss, I am through the firewall” and in seconds is logging onto a secure system. First, a firewall is just a set of rules that determines what type of data gets through, which is based on defined ports as well as specific IP addresses. Under the wrong administrator, firewalls can suffer with the ‘Swiss Cheese’ effect with too many holes to protect or it can be extremely limited to a specific data port or IP address severely limiting a hackers options. Firewalls devices are part of a layered security approach and help create secure zones. Additional utilities implemented at each tier provide different security functions.
The farthest tier from the Internet is typically the most protected and this is where
the most sensitive data may sit such as the crown jewels, which in most cases is a database. If one is lucky enough to find holes to exploit security vulnerabilities or poor administrator practices, there are still a myriad of other security controls to defeat at each layer such as passwords, and encryption at the same time avoiding intruder-monitoring tools that are reporting anomalous behaviors and in some cases automating protection responses. In other words, beware of artistic license when watching entertainment shows with cyber security as part of the plot.
Hey Georgie I said, come look at this as I sent my display to the 60
-inch LED screen. As I did this Jeremy came over, stood behind me and asked “what do you have Mike.” I pulled up a couple of log files and highlighted some entries from the server and from the firewall logs that the hosting vendor was using. Based on the destination IP addresses and date and time stamps it appeared that our old friends, using the moniker ‘The Light’ were at it again from deep in China and with obvious government sponsored support. This organization specialized in stealing trade secrets for use by Chinese corporations. The Light would target a company through their Internet facing systems, but would also target the weakest link of most companies, which are their employees. Using directed social engineered SPAM messages channeled at company 3741 employees, they tried to exploit a person’s normal curiosity by enticing them to open up an email and click on an attachment or link in an effort to install malware. Once malware was active, keystroke loggers will capture credentials, which may include credentials of privileged users, resulting in lost data. This information is then ‘phoned home
’
to a predefined IP address or series of addresses. The information now on the screen took the most part of three weeks to uncover.
“
Gentlemen” I said, “Here is the payload file.” We were lucky in this case because sometimes the hackers use encryption on the files, which was not the case this time. Flipping through a number of files, I focused on a few specific ones, which I thought were the primary target of their efforts. On the screen were a series of specifications and diagrams of what appeared to be part of a satellite system, which was clearly the property of customer 3741.
“
Great job guys,” Jeremy proclaimed loud enough for the entire floor to hear. The customer is not going to like this but at least they know what may have been lost. I will get them on the line right now and see if they want us to remove the data or play some games and substitute bad data. By now, it was just after twelve and I was hungry and wanted to check on Bill. Walking over to our receptionist area, I asked the only female on the floor Susan, to log back out my cell phone. All phones and electronic devices remained in a locker at the front desk and not permitted on the work floor. Grabbing my phone, I headed down the elevators and out into a beautiful sunny day with temperatures around 80 degrees. Grabbing two dirty water dogs and a diet Pepsi from my favorite street vendor, I walked across the road and sat down on a brick wall. I dialed Bill’s cell phone number and heard him say “Rico, que pasa.” “Que pasa yourself, are you making yourself useful?” “We’ve lucked out so far,” he said. “The first supply house I went to had almost everything we needed and I also picked up a few other items that I hadn’t even considered. I am heading over to an electronics supply house to pick up the meters and other test gear. I will call you and let you know how I make out. Ohhh, I guess I can’t,” he said laughing. “Does Colonel Clink still make you check your phones at the door?” “Yes he does,” I said and it can wait until I am done at work. You can get me though Susan if you need to, but remember all calls are recorded.” “Talk to you later” Bill said as he hung up on me
Taking my time with the last hot dog
, I thought about my next steps. I would need at least 2-weeks to see where this was potentially going and if it was to be a Eureka moment, it was worth following through to the end. If at the end of two weeks it did not look like it would pan out, I would come back to the job with disappointment, but I actually did enjoy working here and the type of work I did. Thinking about it another minute or so, I made up my mind to talk to Jeremy.
Heading up to the
eighth floor, I rode the elevator with two analysts from the seventh that I was familiar with enough to say high. The seventh floor people were the onsite team. We sent them to customer locations to clean up any malware as well as to install any hardware or software to help mitigate any future occurrence. They were also our hands on forensics gathering experts. Acting as consultants, they designed physical security controls and specialized in CCTV systems, secure entranceways and access technologies, including biometrics. I was a little shocked to hear them discussing a client’s situation in detail in a public area, which was against strict company policy. I made a note give our security officer a heads up and let him deal with the issue.
Leaving the elevator on my
floor, I headed to the far right corner office where Jeremy ruled his kingdom. Jeremy was in his office staring intently at his screen, which was facing him. I rapped on the doorframe lightly to get his attention. Glancing up from the monitor, he saw it was I and nodded me into the office. Without saying a word, he tweaked his eyebrows and forehead in a manner that implied to me that he wanted to know what was on my mind. “Jeremy,” I started, “do you have a few minutes to discuss something with me?” “Sure Rico, have a seat” he said as he pointed to two chairs stationed in front of his desk. “Thanks” I said as I slid into the one closest to me. Before I could say anything, he asked if we were still on for Saturday night. It took a split second for me to remember what he was taking about and I replied “sure.” For the last year and a half, we had built a group of guys and a couple of women who liked to mix it up MMA style. Many people were ex-military or in law enforcement and thought it was a great way to round out their skill sets. Some started as boxers or had some form of martial arts training but all wanted to work towards a being true mixed martial artist and my home gym was a perfect place to do it.
Jeremy said
“great,” and then said, “What you have on your mind.” While trying to keep some of what I was doing secret, I gave Jeremy enough information about my intentions so he understood this was a once in a lifetime shot that may not pan out. Jeremy knew every detail of who was working on what around here and did not have to look up anything to know that I had no immediate commitments and said that he had no problem with it. He did say that I had piqued his curiosity and was hopeful that I could share more about what I was up to so he could gauge his chance of losing me. Not being the bashful type, I knew that I was good at what I did and could appreciate Jeremy’s concern in the possibility of losing me.
I thanked Jeremy and as I was getting up to leave, he jokingly told me I better get Fiona out here to California to show you more moves or I was going to start getting my butt kicked on a regular basis. I laughed at the thought of Fiona, because Fiona was an expert martial
artist, had been doing it since she was five, and on more than one occasion easily beat me to a pulp. During a round of drinking I must have told Jeremy that she kicked my butt and he must have remembered. She was highly sought after to teach martial arts to local law enforcement, schools and women’s organizations. Fiona started teaching me back in high school and made me the humble person I am today. Looking back over my shoulder, I told Jeremy to be careful what you wish for and that it was his turn to bring the pizza.
I
arrived back at my place a little after six in the evening carrying two rotisserie chickens, a pound of potato salad, and a container of mixed green salad from the local food market. As I pulled into the garage, it was obvious from my vantage point that Bill had been busy. Transformation of the shop area into a working lab included a grouping of tables and shelves providing a reasonable use of the space and equipment. Some of the stuff moved was extremely heavy and I smiled to myself knowing how pumped up Bill must be to do all that work.
Getting out of the Camaro
, I walked over to where Bill was sitting with his back to me. Dumping tonight’s dinner on one of the tables, I told him “it looks great in here.” Bill just grunted and continued to work on assembling the microscope he had purchased earlier. While he was doing that, I noticed he had split up the specimen solution into equal amounts and placed them in airtight jars. Each jar had a number between one and four affixed to it with tape. There was a smaller vile of about 2 ounces of the liquid, which was in a specimen bag labeled with our address and Bill’s cell phone number. I assumed this was going out to a lab that could perform comprehensive analysis of the composition of the liquid.
Eventually
, Bill looked up from his current task, and sniffed his nose a few times. “Is that rotisserie chicken dude?” he asked. “Yes, it is professor and why don’t we take it upstairs and eat it while it’s good and hot and you can fill me in on what you have done today. After your update, I will let you know what I did.” With a silent agreement, we grabbed the dinner and hiked it upstairs.
Grabbing a couple of sodas out of the fridge and a couple of plate
s we proceeded to wipe out dinner in about 15 minutes without so much as ten words spoken between us. Sometimes you just had to concentrate on the primary objective and not multitask. Talking would happen after we were satiated, which on cue to the last bit of chicken picked off the bone, Bill started to fill me on today’s adventures. He told me that acquisition of all the items on the list is complete and that he spoke to a lab to perform the water analysis with a sample provided to them tomorrow. Next, he told me that he split up the specimen to ensure we had at least four control samples and he wanted to stop any evaporation that may have been going on. He also thought that he would be able to view some samples under the microscope tonight and send the pictures and video in high-resolution directly to our computer.
I was
very impressed at the amount of work Bill accomplished as well as the intensity shown in his eyes. When he was done, I simply told him that I was off for the next two weeks. By the end of the two weeks, I needed to know if we had a winner to either go back to work dejected or give Jeremy my resignation. “That’s excellent” Bill stated, we should have a good idea on what is at stake at the end of those 2-weeks.” He got up from the kitchen bar and headed for the stairs saying he had work to do, leaving me to clean up dinner. By the time I returned down stairs he was already fussing with the microscope and had a cool looking image on the screen of the PC. With a snort, he said “dude that is a sample of my spit. I just wanted to dial in the scope before I put a real sample in.” “Man, don't ever show that picture to a girl you are serious about. It looks like there are all kinds of live organisms running rampant in your mouth,” I warned.
Bill cleared out the current slide and placed a new one on a clean cloth on the bench. Grabbing a similar vial to the one destined for the lab, he placed a drop on the slide and put the
little square doohickey thing over the drop. Placing it in the scope cradle, he placed his eye on the monocle and adjusted the scope to bring the image into focus. The image on the PC was clear and sharp with the power he had the scope set. You could see different shapes and slight movement on the image. “That” he said “is what typical South Pacific water looks like.” “Lucky I still had a sample from my trip.” Bill reached over, punched a few keys on the keyboard saving the image to file, and did the same thing at different magnifications. With a strange gleam in his eyes, Bill looked over at me and asked if I was ready. Knowing what he was referring to, I shook my head yes and watched as he reached over with slightly shaking hands to the test vial going to the lab. He repeated the same steps he had just performed, but this time is was with a sample of the specimen. When he brought the first image up on the screen, I was at as much of a loss for words as he was. For what seemed like five-minutes, we just looked and observed at what we saw on the slide.