Book Read Free

The Loyal Nine

Page 9

by Bobby Akart


  “You know that’s not a problem for me,” said Steven.

  Sarge led him down the hallway, where he stopped one-third of the way down and pressed an unobtrusive wainscot panel below the chair rail. The hinged panel popped open, revealing several shelves. A puck light automatically illuminated the treasure inside.

  “There is a great big world out there for you, son,” their father’s words during “the talk” to his sons long ago rolled through Sarge’s mind. “Always wear protection.”

  Sarge doubted his beloved Heckler & Koch HK45C was what Pop had in mind, but his father had lived in a different world. Sarge placed his hand on the biometric safe to reveal its contents. Together with the .45-caliber compact, a well-worn Galcon double time holster and a 5.11 Tactical belt finished out the ensemble. Sarge had been issued a concealed-carry permit in Boston for many years. Massachusetts had been a “may issue” state for a long time, although “may” had become more like “sorry, screw you and your second amendment rights.” Over the past few years, Sarge felt more and more comfortable carrying the pistol as his country edged closer to chaos. Carrying a firearm felt as natural as wearing pants in public. His peers at Harvard would probably faint at the thought of a weapon in their hallowed halls, not that he’d ever let them know. Firearms or weapons of any kind were strictly forbidden by university policy. He transferred the pistol to a secret compartment in his briefcase when he entered the campus—a gun-free and “safe” zone. A new world indeed.

  He removed the 5.11 belt and converted the Galcon to its tuck-in-the-waistband mode. The cold leather shocked his skin, but the feel of the weapon warmed his heart. He stood out of the way to let Steven make his selection. He chose the Glock G38 together with a paddle-style right-hand holster, tucking the combination in his jeans. No surprise there. Steven was also a .45 kind of guy. The brothers were protected.

  “Are you sure you don’t mind me crashing here until winter takes a hike?” asked Steven.

  He’d stayed on the boat last winter and bitched to Sarge incessantly about it. Having him at 100 Beacon would avoid the complaining, and allow them to hang out.

  “Absolutely, but keep the wine, women and song to a minimum,” said Sarge, knowing full well Steven’s shore leave would be a challenge.

  Sarge led them into his study to gather his briefcase and lecture notes.

  “No prob, bro,” replied Steven, likely unmindful of the point Sarge was making.

  Sarge’s study, the professorial equivalent of a home office, was his pride and joy. Despite being single and not having to succumb to the decorating whims of a significant other, he always felt the need to have his own space. A retreat within a retreat. The two floors below the penthouse, which he also occupied, did not count. They fell under the category man cave. The study was a special place. Bookshelves adorned the entirety of the west and north walls. Sarge, embracing his lineage, was compelled to collect old works. The authors dated back to the turn of the eighteenth century and included the names Hawthorne, Peabody, Minot and his namesake, Sargent. This is history. History must be preserved.

  Sarge gathered the notes located on his pride and joy—a nineteenth-century partners desk crafted from oak, with tooled leather inserts and decorated with brass appointments. The desk was a gift to Winthrop Sargent Gilman when he opened the banking house of Gilman, Son & Co. in New York City around 1900. It had been passed down through the years to his father, and then to Sarge. He was honored to be a lineal descendant of 250 years of American history. It had its perks and great responsibilities.

  Chapter 13

  January 5, 2016

  The Hack House

  Antrim Street

  Cambridge, Massachusetts

  Lau dropped his briefcase next to the oak foyer table and tossed his keys by the Tiffany lamp. Home sweet home. Pushing up the red sleeves under his jersey, he bounded up the stairs and opened the solid wood, double doors of the home’s master bedroom turned hacker’s heaven. The entire second floor of the Antrim Street house had been gutted and furnished with modular workstations, each housing a powerful computer and one of MIT’s finest student hackers—the Zero Day Gamers.

  “Good afternoon, class,” said Lau sarcastically.

  He was greeted with a few laughs, a couple of good afternoons and a paper wad that barely missed his head. The crew was handpicked by Lau and his graduate assistants, Anna Fakhri and Leonid Malvalaha, from the top computer coders and programmers at MIT. Lau was fluent in Korean. Fakhri spoke a variety of Arabic languages, and Malvalaha spoke fluent Russian. The three had unofficially worked together for more than a year, until last fall when they took their hacking enterprise to a new level. As with any business, in order to grow and prosper, you need more employees. There were now a dozen hackers rotating in and out of the Hack House daily.

  Lau’s business plan was relatively simple, unlike the strings of code typed on the screens in front of him. A zero-day threat is an attack on a computer operating system that uncovers a previously unknown vulnerability. Hackers conduct reconnaissance of the systems applications and look for openings known as vulnerability windows.

  The Zero Day Gamers, like seasonal hunters, might spend days or weeks searching for their prey, without meeting success. But once a hacker discovered an initial compromise opportunity, the entire team looked for a foothold in the computer network. Once a foothold was established, a hacker team consisting of a coder and a programmer escalated privileges within the network until they reached an administrator’s status or higher. Once in place, the hacker could navigate the entire system, making changes. Then the game began—the zero-day game.

  The term zero day was used because the system programmer had zero days to fix the flaw. A patch for the vulnerability was not readily available. Over the past several years, an underground gray market had arisen, where a hacker contacted the system administrator and made them an offer they couldn’t refuse—pay us to leave you alone, or we will sell our information about your vulnerabilities to the highest bidder. Buyers included Fortune 500 firms, foreign intelligence services, terrorists and even the United States government. Payment was non-negotiable, and the consequences of nonpayment were strictly enforced.

  Lau looked up at the chalkboard on the back wall of the Hack House. The end game, the mission statement of the Zero Day Gamers, was succinct:

  One man’s gain is another man’s loss; who gains and who loses is determined by who pays.

  Lau applied the same philosophy to his employees. The Gamers were paid handsomely for their efforts—and to buy their silence. The students came to Zero Day Gamers for a number of reasons. Some needed the money and were trying to monetize the in-class research they conducted for others. Some participated for the thrill and feeling of compromising another’s private world. Others simply enjoyed “sticking it to the man.” There were similar operations to the Hack House all over the world. Underemployed techies looking for lucrative paydays and a chance to have their talents recognized among their peers. They were located in Russia, Eastern Europe, the Middle East, North Korea and especially China. Hunting for software holes was grueling drudgery, but it was the most lucrative security job available to them. Symantec or McAfee might start a new technology graduate at eighty thousand dollars. At the Hack House, an employee could make that in a day, if they played the right “zero-day game.”

  “I’m in!” exclaimed one of the Gamers, holding his hands high over his head.

  Lau snapped to attention and turned his Red Sox cap backwards. Game on!

  “Talk to me,” said Lau.

  “I’ve been pen testing these guys on and off for days. My gut told me there was an opening, so I kept trying,” said Herm Walthaus, an MIT grad student.

  Lau had not been particularly impressed with Walthaus thus far. His best hack was entering the Applebee’s Restaurant servers. They were unable to secure any funding from Applebee’s, and eventually settled for scrambling their computerized register system known as Squirr
el. Within an hour of being denied payment, and finding no interested buyer for the vulnerability, Lau settled for changing all of their menu items to some form of nut. Applebee’s Burgers became Walnut Burglars. Sizzlin’ Fajitas became Spoiled Veruca, paying homage to Willy Wonka. The restaurant chain was forced to close their doors for days. The economic impact to the company was reportedly in the millions and hammered their stock on the NASDAQ. They should have paid us something.

  Pen testing was just what it sounded like—a test to see whether you could penetrate a network. Pen tests had huge value when done correctly. Even if done incorrectly, pen testers enjoyed the thrill of the hunt. If thwarted, the hackers could disrupt a system using denial-of-service tools—DoS. These tools might simply fire off an attack on the system, causing internal reactions to seal network vulnerabilities, which resulted in the unintended consequence of destabilizing the entire network. At a minimum, a visitor to a website might receive a “Page Cannot Be Displayed” error message. At worst, the entire network misfired, requiring a reboot and repairs of possible network damage.

  “Okay, Walthaus, settle down,” reassured Lau.

  Walthaus was sweating, and his face was getting red from excitement. The extra weight crowding his waist didn’t complement the scene. The last thing Lau needed was a heart attack victim at the Hack House. He calmly placed his hands on the young man’s shoulders.

  “Tell us what you have going on. Slowly,” said Lau.

  “Professor, I have breached the firewall of TickStub,” said Walthaus.

  Lau leaned over and surveyed the screen. It appeared TickStub utilized a Windows-based RRaS server—routing and remote access server. This was not uncommon. Windows servers were the most widely used, a piece of cake for a novice hacker. Walthaus was well beyond the RRaS firewall, having penetrated the TickStub ordering system. Step one, the initial compromise was complete; now Lau needed to evaluate what was exposed. Once he gained a foothold in the system, he could expand his perusal of the network later.

  The screen read:

  Welcome to the TickStub ordering system.

  You must login to start.

  Username:

  Password:

  The room was deathly quiet. All keyboard activity had ceased, and full attention was upon Walthaus and Lau. Lau stood upright and adjusted his cap.

  “Listen up, everybody,” said Lau. “As you know, we have a limited time frame now. Once we start this process, it’s rock-and-fuckin’-roll, got it?”

  A few yes, sirs were audible over the tension.

  “I’m going to let Walthaus take the lead on this one. He’s done a good job so far. But everyone will play a role in the next critical steps. I will be giving a lot of direction, and the requests will come to you fast. Pay attention, do your jobs and, above all, learn. This is a classroom, remember,” said Lau.

  His subtle joke eased the tension, and he could feel himself exhale a little.

  “Malvalaha, I want you to coordinate the DDoS attacks on my go. Once we’re in, we need to confuse the network to think they’re receiving heavy volume,” said Lau. “Use the Russian handlers, they’ll get the blame. Sorry, Malvalaha.”

  “I don’t care, I was born in Brooklyn,” said Malvalaha with a shrug.

  DDoS, or distributed denial of service attacks, were used to temporarily or indefinitely interrupt a web server’s ability to connect to the Internet. The common method of attack saturated the target network with external communications requests to the point it could not respond to legitimate web traffic. The result was server overload and an excellent distraction while Lau conducted the rest of his “business.” A DoS, denial of service, attack generally involved one attacker. In order to truly overload a system, the DDoS attack was preferable. Lau had established multiple servers throughout the world to act as handlers. The handlers were accessed remotely by the computer systems located in the Hack House. Each computer station controlled multiple handlers, and each handler controlled multiple compromised private computers. On Lau’s signal, if necessary, the entire handler system would be activated to attack the targeted web server at TickStub.

  “Fakhri, have your group on standby for research,” said Lau. “As we begin to elevate our privileges, we may need to implement our password-cracker tools.”

  “On it,” said Fakhri. “I’ll have my guys searching the web to learn all we can about their IT people. We always find them on forums and techie blog sites. It doesn’t take long to put two and two together.”

  “Here we go,” said Lau. “First, now that we’re past the firewall, we’re going to bypass the web server and leave the domain alone. Our first stop will be the database—the SQL server.”

  “Walthaus, initiate an SQL injection. Let’s see how well their coding techniques are. Their DBMS, database management system, may reject the query, but it will return legitimate data in response.”

  Walthaus immediately began entering keystrokes and sat back in his chair to observe the results. Lau watched intently.

  “Now, let’s introduce some cross-site scripting to compromise the DBMS server. In the username field, enter foo’ OR 1=1;-- followed by admin in the password field,” said Lau. The screen changed and now read:

  Welcome to the TickStub ordering system foo’ OR 1=1;--

  “Excellent!” exclaimed Lau. “Now we can use an injection vulnerability to send commands to their back-end database server in order to elevate our privileges. This will allow the DBMS server to run commands for us. It’s time for the next step.”

  Lau knew the web-based server controlling the domain and its web traffic was fully secure and had its necessary patches in place. Most IT departments placed all of their focus on the web server because it was utilized by the public via the Internet.

  “Most likely the web server is secure. Why beat our heads against the wall trying to crack its code, when we can simply give ourselves administrative access by elevating our internal user privileges, right?” asked Lau, playing the role of professor.

  “Let’s pull out our toolbox and make our job easier, shall we?” asked Lau, clearly in his element. “Walthaus, upload Netcat to the DBMS server.”

  Walthaus dutifully complied.

  “Now enter Xp_cmdshell into the command field and we’ll see how complex their administrative system is,” said Lau. Lau watched as the screen changed, providing him the c-prompt he anticipated.

  “Okay, everyone, Netcat has enabled us to attain our first foothold, and we are well on our way to overtaking the network. We are no longer an anonymous user. We are now an insider,” said Lau.

  A few claps were heard from the team.

  “Class, we need a name; who am I?” asked Lau.

  “Whoami,” said Walthaus. “You know like the old Abbott & Costello routine—’Who’s on First?’ Our username should be whoami.”

  Lau laughed heartily. It was perfect.

  “Absolutely, Walthaus, whoami it is,” said Lau. “Okay, Mr. Whoami, run an ipconfig on the system so we can determine the lay of the land. Let’s see what our new system is made of.”

  Lau watched as the server IP addresses scrolled down the screen, including their internal Ethernet connections. He instructed Walthaus to screen-cap everything and print it for reference.

  “We now have effectively taken over the web server. From what I can see here, we have complete connectivity between the web server and the SQL server, which gives us total control over the domain—TickStub.com.

  “Before we go for the big prize, the database, let’s pull another tool out of the toolbox. Dump a Trojan in the web server so we can come back in the front door in the event an administrator busts us and we have to run out the backdoor,” said Lau.

  The Trojan would install a credential manager, which allowed the creation of usernames and access privileges at the highest levels.

  “Final step. Fakhri, how’d you do?” asked Lau.

  She approached him with a printout of potential user names and passwo
rds derived from their Internet search. Lau handed the same to Walthaus and gestured to give them a try.

  “Bingo. I’m in the back-end data center, which contains all of the usernames, passwords and stored credit card information. I went ahead and tried this combo on the TickStub corporate server and succeeded there as well. We have full access to employee files, W-9s, retirement plans and health care records,” said Walthaus.

  Lau took a deep breath and looked around the room. He could feel what they were thinking—big potential payday. He studied the wall for a moment, once again reciting the words in his mind:

  One man’s gain is another man’s loss; who gains and who loses is determined by who pays.

  “Malvalaha, run this by Bogachev’s people in Russia. Fakhri, contact SEA, the Syrian Electronic Army. Discreetly put the word out. This company does nearly half a billion dollars a year in revenue. It’s time for Mr. Whoami to make the call.”

  Chapter 14

  January 5, 2016

  Steps of the Massachusetts State House

  Boston, Massachusetts

  “We are coming to you live from the front steps of the Massachusetts State House in Boston, where we are waiting for first-term Senator Abigail Morgan to announce her bid for reelection to the United States Senate. The announcement comes as no surprise to anyone; however, it does come with its share of controversy. Senator Morgan ran as an independent six years ago, but has consistently caucused with the Republican majority since 2014. Some have accused her of hypocrisy, but as we know, in Washington, hypocrisy is in the eyes of the beholder. Massachusetts Democrats have made it clear; should Senator Morgan be tapped as a possible vice presidential nominee on the Republican ticket, which is a good possibility, then she will receive a stern challenge to her senatorial candidacy. Back to you, Chris,” said the CNN reporter.

 

‹ Prev