GENESIS (GODS CHAIN) (39 page)

Just the thought of
Jonathan
made her feel sick, let alone
the prospect of
sweet talking the Englishman.

S
he s
tudi
ed
the numbers
on the screen.

0 0

1
212.100.5.60

1 200.221

1 200.232

2 196.196

2 epostol.ecb.int

2 thyarc(I).com

The three sets of numbers and were known as octets
.
212.100.5 suggested that
the device might
be located in the
s
erver room within the Vatican
,
since
212.100.5.anything mean
t
the equipment would normally be found on the fifth floor
,
corresponding to
the
number
five,
and
was
on
a
virtual local area network
,
or vlan 100
,
for short
.

Great!
Francesca shouted silently to herself
.
U
nless it has been moved
, the
first thing is
to
come on
and
find it!

The other addresses did not follow the same convention
s
and seemed likely to be from the outside world.
The numbers 200.221 and 200.232
had
nothing
to do her network!
Studying those addresses again
,
the girl knew that they could be from anywhere
—
anywhere in the world! I
t was i
mpossible to find out anything much; the best thing she could hope for was to block
intruders
at the firewall.

Francesca was worried that the door
to the network
was still wide open at the moment
,
and
that
anyone
with
the
right
technical ability could wander freely through Vatican City without even a by your leave
.
No wonder the auditors were sniffing about!
Nothing was safe.
No system and no secret
...
.

S
he could not tell
how long the door had been opened, but she hated Apostol a little for opening it.
He had
allowed other hackers
the opportunity
to have a field day
at the Vatican
; anybody could have
been
piggy-backed inside after the first breach of security.
But this was all nothing new. What really mattered was what
ever
Michaelangelo
had wanted her to find.

A bit more time on the other external 196.196 address
is
required
,
I think
.
Francesca
used a simple Domain Name Space (DNS) tool to look
up information on epostol.ecb.int.
She
needed a little more time to be able to see where th
e
attacker lived or if
he had
been in any way sloppy.
She would find
him, she knew it
...
she waited for the results
...
.

N
othing!

DATA WITHHELD BY ISP
,
No Authority

Let me try another similar tool
,
she decided.
Si
,
my favourite
—
the Hunter Seeker
.
D
ownloaded from
Michaelangelo
’s
own private hacker website in the United Kingdom that she
’d
found recently with some of her latest updates
, Hunter Seeker was a
multi-system utility with the ability to probe firewalls and manipulate past security policies using advanced heuristic techniques
that
allow
ed
a hacker to
open foreign systems
.
It was
totally illegal to use
,
of course
.
It was a risk taker and a clever little utility
that
would cover up its own tracks.
It was not fail safe
, however,
so
Francesca was, as always,
careful.

Francesca remembered the third rule from the hacker’s code book:
“
A hacker’s purpose is t
o seek knowledge
.
T
his knowledge may come from unauthorized or unusual sources, and is often hidden.”

So be it
...
.

She launched her special unique port
-
scanning tool
,
S
ocks,
a
backdoor strobe with stealth analysis and tracing utility.
She then typed
:
hunter-seeker epostol.ebc.int

Waiting
flashed on the active window.

About 10 seconds passed
, and
then
...
.

RESULTS

Start of Authority Record SOA [TTL=86400]

Primary name server frankfurt1.ecb.int

Hostmaster
e-mail
address mail.ebc.int

Serial#20091025

Refresh 10800

Retry 3600

Expire 7200

Default TTL 3600

All these
numbers
were normally not hidden and would be a typical result,
except perhaps
the
ISP
, if the DNS administrator chose to hide it.
Looking at the results, Francesca
could tell that these were not the
p
arent
s
ervers.

             
The parent name servers came next
.

nsVIVIVI.de.uu.net
             
200.221.101.5

nsIVIVIV.de.uu.net
             
200.232.101.9

Francesca studied
the results
closely.

Ah, a bit of luck for once!
Si!
So out there somewhere
,
possibly in Frankfurt
,
there
are
two responsible “name servers” that should hold a clue!

nsVIVIVI.de.uu.net
             
200.221.101.5

nsIVIVIV.de.uu.net
             
200.232.101.9

Francesca’s
thought processes spark
ed
wildly!
In tune
with the numbers
like a blood hound on the trail of an escaped prisoner
,
s
he
knew she
was
about to find her answers.

Now where might I find our devious hacker?
s
he teas
ed
herself with the data
.
The domain is ecb.int and I can definitely
find out
more about this! The master name servers at the bottom
...
these don
’
t mean much to me
,
but it does confirm their overall authority
.
The
ISP
is
in Deutschland because of the suffix de. Yep.
Definitely hosted in Frankfurt
.

The Internet Service Provider
could
still themselves be totally unaware of this potential hacker on their systems.
I cannot blame them directly for this breach of security.
I must be very careful before making any such accusations or pointing any fingers...
.