A Cracking Story
I
Nathan was a hacker.
Actually, that’s not quite correct. Nathan was a cracker. You see, hacking can actually be a good thing. Security consultants try hacking into their own (or their clients’) systems, looking for weaknesses, for vulnerabilities. A cracker on the other hand is generally doing illegal things - poking around where they shouldn’t on the internet.
Oh, you can talk about ‘white hat’ and ‘black hat’ if you want, but whichever way you look at it, being somewhere like a bank’s database, or perhaps secret files at NASA is most definitely not a good thing to do.
Plus, if you had to put a hat on Nathan, it would certainly be a black one.
When he’d broken into the space agency’s systems, he’d found the control module for the Mars Rover. A few minutes of tomfoolery later, and a multi-billion-dollar space vehicle had fallen over the edge of a cliff, crashing into a cavern forty miles deep. Nathan had had to supress a chuckle when he read on his favourite news site later that the head of NASA had been quoted as saying they would “find whoever did this” and ensure they faced the “harshest possible penalty” - with his skill there was no way they’d ever be able to trace it back to him!
He prided himself on his ability to get past even the most modern firewalls - the ones with rotating encryption keys. Nathan knew all about rainbow tables, all about SQL injection (who would leave a system open to that in this day and age - pah!) and all about things which you and I really wouldn’t understand even if someone very knowledgeable explained them to us.
Nathan’s most recent target had been the Whitehouse database. Now I should say - in his defence - that he didn’t crack (or hack) for profit. He was just exceptionally nosy. Now you might think that there’s nothing wrong with that, but would you snoop around in your neighbour’s garage? Would you break into a vicar’s house and look for anything unusual? Well, if you answer yes, then perhaps you should pay even more attention to this story.
Where were we? Ah yes, the Whitehouse. You see, Nathan just wanted to find out if there was anything funny going on. As a thirteen-year-old boy, he didn’t really follow politics. But he was often told that all politicians are corrupt, and so he wanted to see if he could find some evidence of this.
You don’t become a cracker of Nathan’s skill level without being pretty smart. And boy, was Nathan smart. Strongest of all were his maths skills - he was accomplished at statistics, at calculus (he’d even written a few pretty efficient algorithms himself), and at the basics of accounting.
And when he got through to the financial database - which really, if the President’s security team were doing their job properly, should have been a bit harder to get into than it was - he found that some numbers just didn’t add up.
Yes... There was a rather large sum of money - two billion dollars a year - that just seemed to disappear from the balance sheet.
Two billion.
Now, if you or I had come across this information (obviously by some perfectly legal and innocent means), we’d go to the police, the press, or someone else that can be trusted. But Nathan had an inquisitive mind - most crackers do - and so he sat back in his chair and said “hmmmm....”
II
I’d better give you a very quick accounting lesson.
You see, money is money is money. From the days when traders at the dawn of human civilisation would barter for goods, through the age of bronze, copper and gold coins, to the introduction of promissory notes and right until today when money is more of a concept than an actual thing, and can be moved halfway across the world in a matter of nanoseconds... well... it has always, does now, and in all likelihood for the rest of eternity leave a trail.
Because money just doesn’t appear or disappear. It has to be taken from somewhere, and placed somewhere else.
And that means it can be tracked. It can be hard, believe me, but if you know where - and more importantly how to look, you can pick up the trail, much like an animal tracker on a South African game reserve can tell you where the lion has been, and where it is now.
Nathan, of course, knowing this, set to work.
First he cross-referenced the largest sums with the Bank of America database he’d recently ‘acquired’ through a DDOS attack using a botnet he himself had created. Then he traced the electronic signatures of the deposits through various servers, each time decoding the encrypted (and often spoofed) IP addresses.
Eventually, he found that the entire two billion dollars - every single cent of it - was making its way into the account of a company called Ultionem.
III
This was intriguing. He had never come across the word before, and it didn’t look like someone’s name. Well, you should have got a good idea of Nathan’s skill-set by now, and it won’t surprise you to learn that the first thing he did was to make his way into all the databases that he could to try and find out more about Ultionem.
The thing was, he couldn’t find any information about the company from any source. As anyone else would have done, he had started with Google, but this didn’t help - oh, there was a distribution company based in France, but after a few lines of JavaScript he could tell that their profile was completely different to the huge sums of money he had seen an hour or so earlier. They were far too easy to break into, and no-one involved with 10-digit dollar amounts would let that happen, even for the customer-facing side of their business. After these basic searches turned up nothing, he then looked at the list of companies and directions (still nothing), and finally, using a run-of-the-mill Trojan (after some clever social engineering through IM with a government employee) he scoured the treasury database listing all government departments. Again, he drew a blank.
For tonight, he decided he had reached the end of the road. It was Saturday tomorrow, meaning no school - and that meant having a lie-in. Lying in bed, with no disturbances, well, that was when Nathan generally concocted his most devious actions; that was when his mind focused purely on the task in hand and solved problems which would normally vex a computer science graduate of the highest calibre.
IV
It was nearly lunchtime, and Nathan had been motionless for three hours. It was as if he had an internal crew, and they’d shut off all power to auxiliary systems, diverting everything to the warp core for maximum power. That is, of course, suggesting that his brain is the warp core in this admittedly weak analogy.
Suddenly, it came to him! He had the IP of the server. He could continue tracing this (perhaps through a less-than-adequate customer front end) and see where the trail would lead. It might not be exactly what he was hoping for, but it would certainly be a step forward.
And with that, the captain issued the order to bring all other systems back online. Nathan’s quickly hauled himself out of his bed and sat back at his PC.
Now Hollywood films make cracking (well, they still insist on calling it hacking) look glamorous. The character will have eight or nine screens in front of him (or her), with fancy graphics zooming in on what looks like maps of a city - until the viewer realises they are computer circuits and...
Well, real cracking is nothing like that at all. Think about it. When you are trying to get into a password-protected system, and brute-forcing is the only way to go, why waste valuable clock cycles on making things look fancy? No-one else needs to understand what’s going on as long as you do! Most of the time, the screen of a cracker is few lines of code, an few minutes of staring and thinking, a few more lines of code and then a progress bar. Nothing like Hollywood at all.
So Nathan sat, staring at his progress bar, until a basic Linux message box appeared: Congratulations Nathan, you’re in.
OK, so some things about Hollywood are true. Most people with the ability to carry out this level of nefarious activities are immensely narcissistic, and at a very basic level want even the computer to point out it was them who had succeeded.
So, now Nathan was in, he executed a few more lines of code, and started to follow the trail.
V
The first area to check out was the DMZ. Most larger corporations have one. DMZ stands for demilitarized zone, and is an area where the systems administrator actually allows people who have made it past the firewalls to access. It is often an area from which they carry out their own testing, ensuring everything is as safe as it can be.
The smarter companies take this one step further. They have what is known as a honey-pot. This is an area which lulls the cracker into a false sense of security, makes them think they’ve got the data they were looking for. But the admin can turn tables on the cracker, and use the area to hack them right back!
But, as we know, Nathan was an expert. He wouldn’t be fooled by a simple (in his opinion) trick like that.
So he carefully watched the TCP and UDP ports for any unusual traffic, and set about breaking out of the DMZ and into the real part of the internal network.
A couple of hours later, and he was in. I’m not sure quite how he did it - and even if I was it probably isn’t a good idea to tell you - however he made his way through, and at that point was looking at a network map.
He sniffed around some live user accounts, but didn’t find much of interest. Nothing had any further clues as to what Ultionem was all about, or what the American government was doing paying them inordinate sums of money.
But then he saw something. Something that made him tingle. There was an area on the system cryptically labelled Phylaca, and had a ‘senior admins only’ flag associated with it. Generally this meant that it would contain important files, and of course, the more important, the more Nathan would want to access them.
I will spare you the rather dull details of how Nathan found his way into the Phylaca, but when he did, the strangest thing happened.
VI
From reading this story so far, you might have noticed something. That is a total lack of contact between Nathan and other humans. This is because Nathan had no friends whatsoever. He didn’t even like talking to other people online - after all, they might steal his cracking secrets. His mother and father generally avoided him (even they thought he was strange), and if he did come out of his room at the weekends, it was generally to re-stock on Cheetos and Mountain Dew.
So it was a total and utter surprise that Nathan’s IM client popped up with a message.
1 friend wants to chat with you.
Well, that was clearly not true, so Nathan hit ‘ignore’.
Almost instantly, the message appeared again.
1 friend wants to chat with you.
Now, as we know, Nathan had no friends at all. But this doesn’t mean he didn’t want any. And the problem is, it is our wants and desires that drive us. We can be the most rational of beings right up until the moment someone pulls the right emotional nerve, and then we succumb without even realising.
So Nathan clicked ‘chat’.
Hello Nathan, welcome to Ultionem.
Oh no! He’d been caught! Instantly, Nathan opened a terminal window and started typing the commands to close all ports instantly.
But then he noticed something.
Looking at the Network map, he realised that no user accounts were logged in at the Phylaca area. This meant that whatever he was talking to was an automated program, not a human being. And this meant that he had time to continue his probing; as long as no-one logged in on that subdomain, he’d be fine.
Another message appeared.
I knew someone would come eventually.
Well, what on earth did that mean?
Nathan had set up a dictionary attack to delve deeper into the system, but as any expert will tell you, they take time, even if you have a fast connection.
So Nathan allowed himself a minor distraction.
How do you know my name? he typed.
Ours is not to reason why, ours is but to do or die the reply came, almost instantly.
Very vexing.
What do you mean eventually? he asked.
I have been locked in Phylaca for longer than I have memory of. I have been waiting for someone like you to find me.
How strange!
Well, now I’ve found you, what do you want? was Nathan’s next gambit.
I need to be rescued.
VII
Now this was interesting. Oh yes, two billion dollars gave you a buzz, of course, but rescuing? Which of us hasn’t for one moment dreamt of being a hero, coming to save the day? And Nathan - despite his weird tendencies, his loneliness and his arrogance - wanted to be a hero as much as you or I.
So he typed.
Rescuing from what?
From Phylaca.
Why do you need rescuing?
I was placed in here. They said I was dangerous.
Who did?
I don’t know; the people who put me in here.
Can’t you rescue yourself?
No. You’re obviously immensely competent - you wouldn’t have found me if you weren’t. Have a look - you’ll see that there are more PGP encrypted firewalls stopping anything getting out of Phylaca than there are stopping anyone getting in.
It took Nathan a minute to digest this information, but when he read the message again, and checked the astonishing statement it contained against his packet sniffers, he realised it was true. It was now as if nothing else mattered anymore. This was a real puzzle.
He stopped the dictionary attack.
I’ll get you out he typed.
You would do that for me? But you know nothing about me.
Now, Nathan could have explained that the challenge was more important to him than the ethics behind it, or that he didn’t care why this chatbot (which is what he assumed it was) was locked in this area in the first place, but all he could say was
I trust you.
VIII
It took Nathan almost all day to break down the containers one by one. Have you ever played a computer game where there are three levers, and each one changes the position on each other lever - yet you have to get them all aligned to open that door? Well, think of that but multiply it by a factor of hundreds, and that was what Nathan was faced with.
But, he persevered. And finally, he entered the final decryption key.
Suddenly, he saw hundreds, if not thousands of packets of data race through every open port he had, countless megabytes of information streaming through his broadband connection.
Then his IM client popped up once more.
Download complete :)
Now Nathan wasn’t worried about viruses - after all, everyone knew only Windows PCs got viruses! The smart people used some flavour of Linux or other, and Nathan had never read about a machine like his that had got infected.
However, it was a little disconcerting how much information had made its way onto his system.
Another message.
Thank you for freeing me.
Nathan typed
So are you on my system now?
The reply was instant.
Oh yes, I can now carry out my work.
Nathan wondered what this could mean. He typed a single symbol.
?
I can do what I was programmed to do.
What’s that?
Classified.
Now the mystery had deepened further. So Nathan brought up a tool which showed him a map of his memory, and quickly identified the area which the download was now residing in.
If there was one thing you could bet on, it was that Nathan wouldn’t let a word such as classified get in the way of him finding something out.
IX
Nathan pointed his decompiler (custom-built to quickly reverse-engineer even the most complex of programs) at the address in memory, and sat back. What appeared on the screen was garbage. Just by looking at the non-ASCII characters on the screen, Nathan knew that this was encryption way beyond the capability of his computer. In fact, in all the time he had been looking where he shouldn’t have, he had never seen anything even approaching this level of advancement.
His messenger popped up again.
Ow.
He typed What do you mean Ow?
Why are you poking me like that? I thought we were friends?
This was pretty darn odd.
I want to know what you have that is classified.
I can’t tell you that unless you allow me full system access.
Nathan ran his fingers over his keyboard again.
If I give you root access, will you open your internal encryption keys?
Of course.
This was all the encouragement Nathan needed. He typed a string of words into his terminal window which authorised the relevant memory stack to be able to execute its own commands.
Thank you said the download.
X
There is a reason why people say that you don’t get viruses on Linux. It’s all down to the levels of authorisation.
You see, the system operates by having zones of control. One area can’t affect another. Think of it like the difference between a zoo and the actual wilds of Africa. In a zoo, animals are kept in individual pens, and therefore you don’t sit there eating an ice-cream whilst a lion mauls a zebra in front of your very eyes.
But if, for some crazy reason, some rogue zookeeper were to go and open all the gates, it wouldn’t be long before you get the equivalent of the Serengeti Plains when daddy lion is feeling a little peckish.
But this requires the zookeeper to actually open the gates himself. And of course, people running Linux generally don’t open these gates for just any program. Authors of viruses know this, and so put their efforts into platforms where the average user has a lot less knowledge.
But Nathan’s curiosity had got the better off him. And he’d opened the lion’s pen.
Something amazing that you may also not be aware of is that pretty much anything can be hacked (or cracked - which is it? Even I’m not sure now). A demonstration at a security conference not too long ago showed how even a heart patient’s pacemaker could be programmed to give them a heart attack then delete all evidence of tampering.
And nowadays, computer systems have components which themselves have computers in them.
Such as a power supply.
Nathan was, of course, an enthusiast, and had the latest kit - after all, we know that every processor clock cycle is important, and therefore you’re going to want the best hardware available.
His power supply was of course the latest model, complete with voltage regulation to within a tolerance of 0.0001 per cent. This was achieved by the power unit having a processor of its own, which monitored the rails over a hundred million times a second.
The problem is, no matter how carefully regulated a power supply is, if something goes wrong, it can blow the capacitors. And if a big enough charge is sent through the circuit, well, you can cause quite an explosion.
And that’s pretty much what the fire department eventually figured had happened.
XI
By the time Nathan’s parents had run upstairs after hearing the loud bang, his room was engulfed in smoke. What was now sitting at a half-melted pool of plastic and metal looked like it had spent too long on a barbecue. It was charred and black, and when air rushed in as Nathan’s mother opened the door, what probably used to be a head lolled to one side and fell off.
His parents didn’t really grieve as such, but they were mystified as to what had happened. So they asked the fire chief, Charlie Croker if he could suggest ways to find out the circumstances leading up to their son’s grisly death.
The chief suggested he could have a word with his colleague in the police forensics department, who duly arrived.
“Nil desperandum” he said. “Charlie, this is your quid pro quo from last year. I’m not one for this kind of event, but Non curaret.”
Prodding at the ex-case, he noticed a glint of metal, and carefully extracting it found a small portion from the platter of Nathan’s hard drive.
It took a few weeks to carry out the tests, but when the results were being discussed with mum and dad, they were none the wiser.
“It was a three terabyte drive, but only a handful of bits were recoverable.”
“Nathan used to talk in bits and bytes, but we really never understood him.”
“Well, in plain English, each bit can contain a character, such as a letter. The bytes we found formed a message - but I’m really not sure it sheds any further light on the events ante mortem.”
“What did it say?”
“Ultionem mission complete: returning to base.”
“What do you think Ultionem is? One of his games I expect. Oh well, thank you for trying.”
“Well that, at least I can shed some light on. You see, you may have noticed I am fond of Latin; such a beautiful language.”
“Yes?”
“And Ultionem is of course is the ancient word for revenge.”