- Home
- Ian Sutherland
Invasion of Privacy: A Deep Web Thriller #1 (Deep Web Thriller Series) Page 13
Invasion of Privacy: A Deep Web Thriller #1 (Deep Web Thriller Series) Read online
Page 13
Other than losing the challenge, Brody personally feared little from Matt_The_Hatter. He had the experience and knowhow to make himself completely untraceable back to RL – real life. Other weaker forum members, hackers with limited skills, had been known to fall foul of Matt_The_Hatter’s wrath. In one extreme case only two months before, a newbie forum member called Queen_Xoltan had accused Matt_The_Hatter of claiming credit for her friend’s hack. In an online fit of rage, Matt_The_Hatter declared that Queen_Xoltan was dead in the online world and that he would track her down and publicly ‘out’ her. Four days later, Matt_The_Hatter cheerfully posted Queen_Xoltan’s real world name and address for all to see, including the numerous law enforcement agencies that anonymously prowled the hacker forums trying to track down black hat hackers. To Matt_The_Hatter’s evident delight, Queen_Xoltan turned out to be a confused teenage boy from the Faroe Islands.
Brody’s Samsung Galaxy phone beeped. It was a message from Doc_Doom, checking to see how he was getting on with the challenge. There was a link to a private secure online chat site in case he “wanted to knock about any ideas or just needed some moral support”. He’d be there for the next hour or so.
Brody genuinely appreciated Doc_Doom reaching out to him like this. It wasn’t the first time either. Brody doubted whether his friend would have any ideas that he hadn’t already tried, but he was gratified by the moral support from someone who understood more than anything else. Perhaps just talking things through for a few minutes would help.
He switched to his tablet PC and clicked on the link. The chat screen took over the centre monitor, the ones on either side still displaying network maps and dumps of the SWY site.
Fingal: Hi Doc.
Doc_Doom: You winning?
Fingal: Not yet. SWY’s a tough nut to crack. I think Crooner knew what he was doing all along.
Doc_Doom: Yup. Think you’re right there, man. It certainly was a strange way to ask for help. You think this is all about him showing off on the forums?
Fingal: Yeah. Looks like it. Just hope Matt_The_Pratt is having as tough a time as I am.
Doc_Doom: He’s all talk. Not a squeak from him since the challenge. Anyway, why’d you offer to help in the first place?
Fingal: Bit stupid, really. I was on a high from a job I’d just finished.
Doc_Doom: Yeah, I’ve been there too, man. You feel like you can do anything.
He was spot on. The bravado whipped up from successfully completing a hack was addictive. But, for Brody, the biggest high came from social engineering, where he combined hacking computers with hacking humans. They added the extra dimension of putting his physical, real world self in the firing line, hugely increasing risk, but exponentially intensifying the euphoria from success. Last week’s Atlas Brands job had been one of his slickest yet and he now realised that his ego had got the better of him. In the Atlas video conference he’d hacked into this morning, he’d shown off. A lot. The euphoria had become arrogance and he’d allowed it to affect his judgement. And one impulsive click later, he’d registered his interest in Crooner42’s pentest without doing any of the normal due diligence.
And so here he was.
Stuck.
Fingal: Any ideas, Doc?
Doc_Doom: Does the site use Java?
Fingal: Yes
Doc_Doom: Have you decompiled the Java bytecode?
A bit obvious. Of course, he had.
Fingal: Yes, but there were no passwords, application paths or anything sensitive.
Doc_Doom: I’ve heard about a new exploit for Java on the Eastern European forums. Give me a minute, I’ll search for it . . .
This could be promising.
Brody waited, drumming his fingers on his desk. He looked up at the TV screens to see if anything interesting was happening in the Saxton household. Mrs Saxton sat next to the cot in the baby’s bedroom, reading aloud from a picture book. The baby lay quietly in the cot. Audri was in her bedroom, getting changed.
Now that was interesting.
He wheeled his chair over to the laptop connected to the TV, maximised the video stream from Audri’s room and unmuted the volume.
Audri dropped her bathrobe onto her bed, revealing white bra and panties. She opened her wardrobe and withdrew a bright red coat. She held it against her and stood in front of a mirror, checking the length. Satisfied, she dropped it on the bed and quickly removed her bra and stepped out of her panties.
Brody licked his lips and then realised he’d done so. He’d never have guessed that voyeurism could be so thrilling. A moment like this, a girl undressing, was the reward for hours of monotony. The whole thing was beguiling.
Audri picked up the red coat from the bed and put it on, directly over her naked body.
Now Brody was intrigued. And, he realised, quite turned on.
She stepped into a pair of black high heels and grabbed a matching handbag. She picked up something from her bedside cabinet. Brody looked more closely. It was the unstamped letter she’d received earlier that day. She opened the envelope, glanced at the letter it contained, stuffed it back in the envelope and slid it into her coat pocket. Checking herself once more in the mirror, she nodded and spoke something in Swedish to her reflection.
Brody thought he heard a slight noise, like a car driving over gravel. Audri obviously had, as well. She looked down out the bedroom window, then turned and flew out of the room.
Brody swiftly minimised the screen, revealing all seven feeds from around the Saxton household. No cameras covered the stairs or hallway, but he saw light appear in the baby’s bedroom from the doorway. He clicked on it to hear the audio. Mrs Saxton paused her reading and looked towards the light. Although not visible onscreen, Audri’s voice whispered, “My taxi’s here, Mrs Saxton. I’ll be late tonight.”
Hilary whispered back, “Okay, Audri. Have fun with Ornetta.”
“Will do. And don’t worry; I’ll make sure I’m up by 8:00 a.m. tomorrow. I haven’t forgotten.”
Mrs Saxton smiled. “Thanks, Audri.” The room grew darker again. Then she added, “Don’t forget your keys.”
“Got them. Bye.”
A few seconds later Brody heard a large door bang shut. Hilary Saxton paused a moment, checked on the baby and then resumed reading aloud.
Brody muted the audio again and mused over what he’d seen. There was no way the au pair was going out to see her girlfriend dressed, or more literally undressed, like that. The mysterious letter she’d received earlier that day had something to do with it. Brody recalled Mr Saxton kissing her that morning. He didn’t need to be Sherlock Holmes to work this one out. She was off to meet the husband somewhere else for a night of illicit sex.
Brody wondered what she saw in the man. He was probably twice her age and married. But then, as Leroy always pointed out, he was hardly an expert on understanding what made relationships work.
He looked back at the online chatroom to see if Doc_Doom had finished his search. A string of messages awaited him.
Doc_Doom: Got it. It’s an exploit based on Java applet same-origin policy being bypassed via a HTTP redirect. You heard of it?
Doc_Doom: Fingal, you there?
Doc_Doom: Earth calling Fingal . . .
Just as Brody was about to type a response another entry appeared.
Doc_Doom: Fine, I’m off.
Fingal: I’m back. Sorry about that. Pizza delivery just arrived.
Doc_Doom: Ah, the food staple of champion hackers. Pepperoni and mozzarella? Or do you Brits not do pizza like we do here?
Fingal: Told you before, mate. I’m Australian. Which means shrimp and bbq sauce toppings.
Doc_Doom: Not buying it Fingal. But don’t worry, I understand your need for stealth. I’m the same really. But wouldn’t it be great to actually meet in person one day and actually talk to each other, f2f, over a Bud or something. No typing. Online is great, don’t get me wrong, but . . .
Brody had had a similar conversation with Doc_Doom a month ago
. He’d been taken aback at his suggestion then. After two years of building their friendship online — knocking around hacking challenges like this one, amiably debating whether the Empire from Star Wars could kick the Federation from Star Trek’s ass, whether Marvel’s superheroes were more rounded characters than DC’s, or exploring how limiting it would have been in the eighties to write assembler programs on the old eight-bit chipsets used by Sinclair and Commodore — Doc_Doom had proposed meeting up in person.
Brody had briefly been tempted. Their online friendship was great. They shared opinions on many subjects. They convivially disagreed on others, each defending his corner with deep personal knowledge or rapid searches on the Internet to unearth facts and examples to bolster his viewpoint. It had become a real friendship and Brody was confident it would survive the transfer from the online to the offline world.
And he was tempted again now.
Instinctively, Brody looked up at the framed poster of Vorovskoy Mir’s most wanted list and his gaze fell on his own online name, Fingal, listed under the third silhouette.
Fingal: You know my policy, Doc. It’s just too dangerous to mix physical and virtual.
Doc_Doom: I understand. One day maybe, eh? Anyway, what about that new exploit? Any use?
Brody hadn’t heard of anyone using HTTP redirect to bypass Java’s same-origin policy. He quickly searched on the phrase and found more details of the hack, first published only two weeks ago. It was quite an interesting approach. Yes, it might work. Excited, he dropped over to Oracle’s website, the vendor of Java, and linked through to the pages listing their latest versions. The most current patch for Java was released just four days before. Shit, they might have plugged it. He searched through the accompanying release notes for details of what had been fixed and, sure enough, there it was.
The hole was blocked.
But, if he was lucky, there was still one chance. If Crooner42 hadn’t installed this newly patched version of Java onto the SWY site, he could still use the exploit. After all, the patch had only been released four days ago. He ran one of his utilities against the web server to identify the version of Java.
Damn. It was at the latest patch level. The hole was plugged. Deflated, Brody replied to Doc_Doom.
Fingal: Thanks Doc. But Crooner’s already blocked it.
Doc_Doom: Jesus, that was fast. Very fast. He’s better than I thought.
Fingal: Tell me about it.
Doc_Doom: Have you tried session hijacking?
Fingal: I can’t, he’s got server side session id tracking enabled.
Doc_Doom: Dictionary attack?
They carried on for another half-an-hour, back and forth, throwing ideas out for consideration, and quickly knocking them down. Brody felt even more disheartened. He hadn’t really expected Doc_Doom to come up with anything, but going through everything like this had reconfirmed his predicament.
Doc_Doom: Jesus, this site’s more secure than Fort Knox. Who the hell is this guy?
Fingal: You’d know better than me.
Doc_Doom: What’s that supposed to mean?
Fingal: Just that you seem to get on better with the other forum members.
Doc_Doom: Better than you, you mean? Yeah, well that’s because I’m less of a threat to them than you are.
Fingal: Don’t be so modest, Doc. Do you know anything about Crooner? I’m thinking if I can identify another website he’s built, maybe it’ll be less secure but some of the configuration will be the same. Which means I could use what I learn there to aid in cracking SWY.
Doc_Doom: I like your logic. But all I know about Crooner is what you see on these forums. He’s been around for a couple of years. He’s never been that forthcoming about what he does. As far as I’m aware, this is the only site he’s mentioned. I guess he’s just one of those who mostly stay in the background, mopping up everyone else’s thoughts and ideas. Looks like we all underestimated him.
Fingal: True enough.
Doc_Doom: If it helps, I think he’s British.
Doc_Doom: Like you :-)
Fingal: Okay, let’s have this out once and for all. What makes you say that? About me and him?
Doc_Doom: The letters ‘u’ and ‘s’.
Fingal: ?
Doc_Doom: Color. Flavor. Personalize. Realize. Recognize.
Fingal: Ah, because I don’t use Americanised spelling like you do. Maybe it’s a deliberate ploy by me. Or, as I said earlier, maybe it’s because I come from Australia. Or New Zealand. Or any other ex-British colony.
Doc_Doom: And then there’s your use of slang. Or your lack of use of Australian slang.
Fingal: Strewth. And there’s me thinking we were just chewing the fat. Fair dinkum, mate. So you think Crooner’s a Pommie, then?
Fingal: (That enough Oz-talk for you?)
Doc_Doom: Okay, okay. I’ll stop over-analyzing. But yes, I think Crooner’s a Brit.
Fingal: Interesting. But not sure how it helps me.
Doc_Doom: Would help if you’re a Brit too and you could somehow track him down in meatspace.
Fingal: Hmmm.
Brody bristled at Doc_Doom’s shrewd analysis of his spelling and slang usage. He made a mental note to better disguise himself going forward, especially on the more public forums on CrackerHack. He’d google a list of obscure Australian slang terms and occasionally insert them into his future posts.
As for Crooner42 also being British, that was interesting, but unlikely to be of any use. The technical ability he exhibited in securing SWY meant he was most likely every bit as good as Brody in protecting his real world identity. Which meant tracking him down in meatspace — real life — would be next to impossible. And supposing he did, what could Brody actually do? Threaten him? That would only work if he turned out to be a meek teenage kid. And even then Brody wasn’t confident. He had no training or experience in any form of physical combat. He certainly had no idea how to physically coerce anyone against his or her will.
No, he just needed to keep going as he was.
Or admit defeat.
Or wait for Matt_The_Hatter to announce he’d got root first, and face the inevitable fallout. The public humiliation. The wrecking of his hard-earned elite status.
No. He needed to keep going. Surely there must be a way?
Of course there was. He needed to come up with a new zero-day exploit, something he hadn’t done in well over two years. He needed to identify a brand new vulnerability that no one had ever come up with before and use it to crack through the site’s defences.
The only problem was that it was incredibly difficult to do. Unless you fluked it, creating a zero-day exploit was incredibly time-consuming. It involved fuzzing — an inconsistent technique whereby he inserted random data into memory, attempting to force an application to crash, from which he could then analyse the results to see if there was a flaw he could exploit by substituting his own commands — but it was completely hit and miss. Usually miss. With no guarantee of success at all. And usually days or weeks of work.
And all the while, Matt_The_Hatter could break through.
But what choice did he have?
Brody stared at the seven feeds on the huge TV screen. Hilary Saxton lay in bed, reading. Izzy Saxton slept in her cot. Audri the au pair was still out with Derek the cheating husband. Life in Middle England carried on as normal.
Middle England?
England?
He had a thought.
He was approaching this from the wrong direction. Perhaps there was another way after all. He just needed to stop thinking like a typical computer hacker.
* * *
Jenny fought to overcome the overwhelming desire to run. To hide. Her eyes darted from left to right as she searched for exits. There were none. She scanned the room for something defend herself with. Nothing obvious. She’d been trained for this, she told herself. Trained to run towards danger not away from it. To attack not fly.
Attack. That was it.
Jenny
pushed herself up from the bed.
Everything seemed to happen in slow motion.
The knife protruding past the door became a hand holding a knife. The door continued to swing open. She rushed for the door, slamming her full body weight onto it. The door slammed against the wrist. The knife clattered to the bedroom floor. A bread knife.
“Argh!” a female voice screamed.
Then the door was shoved back into Jenny’s face, knocking her backwards. She fell to the floor. The hand withdrew. Landing on her bum, Jenny kicked the door with both her feet. It banged shut. A clattering noise from the other side.
“Police!” she shouted, realising she should have done that earlier.
Jenny climbed back to her feet and readied herself to open the door. She kicked the knife under the bed, counted to three and threw the door open.
Crumpled in a heap in the hallway and cradling her wrist was Kim Chang. Crying.
Jenny felt helpless. And stupid. “I’m so sorry, Kim!” She knelt down beside her. “Are you alright?”
Between gulps of air, Kim said, “I thought it was Anna. I came home, opened the front door, heard the music and I thought it was Anna.” She stared helplessly into Jenny’s eyes, tears falling freely. “And then I remembered what had happened to her . . . I grabbed a knife. I thought you were her . . . her killer.”
Jenny wrapped her arms around the girl. Kim leaned into her chest and sobbed.
“I’m so sorry, Kim. I thought maybe . . .” she didn’t finish her sentence. She had been going to say that she thought Kim was Anna’s killer also. “How’s your arm?” she asked instead.