Every monday, wednesday and friday, Michael and Cameron get together after work in a pub a couple streets from DFS. Pretending to be a classmate from Michael's highschool, I asked the bartender what they do here all these days. He said they talk about creating their own logistics company, using their experiences at DFS. Afterwards, they play a game of snooker.
So today, I "ran into" them at the pub and invited them to a friendly game of snooker (and lost on purpose). We had a couple drinks.
Michael talked about his Supplies module in the spacestation. The entire thing is automated. Once the space station is complete, his module will take care of the automatic docking of cargo-ships and unload their cargo. Each cargo ship communicates its cargo-list to the space station, where the supplies module compiles that list into a lowlevel firmware batch for the onboard robots. The entire thing is written in perl.
Cameron, who operates both the factory and the export modules of the space station, is apparently a genius.
Since everyone at DFS is aware of that, noone asks questions about what he really does. He told me he plays angry birds all day long and boasts that he can finish programming his module in under 24 hours if needed. With his strong mathematical background, he bases his entire security on SSL certificates. All it does right now, is connect to a local service on port 21122, to log in and invoke a password recovery tool.
Then Michael and Cameron got in an argument about port 2112 and port 21122, which is an item on the agenda of the next team meeting (they can't decide what port the service should be on). Cameron admits that at the moment, his recovery service runs on port 2112 and his cronjob connects to ports 21122, 21123, 21124 and 21125, but said it's no problem since he uses SSL and the cronjob verifies the issued server certificate.
Wednesday, February 23, 2011
Sunday, February 20, 2011
Maria Wilson
Lucy played her role nicely. Laurent and Maria went on a date, she got the keys to Maria's house to babysit.
I went over to that house and she let me in. It's a nice house, aquariums all over the place. It made me want to pee.
The kid was already asleep so I had no problem getting to work. Her computer was upstairs. No need to steal it this time, I just copied everything to a USB drive.
She created software to process data from the life support systems and generate statistics. The life support system code depends on some kernel module that hasn't been developed yet so she's currently testing with generated datasets. The entire thing is written in bash and runs as a cronjob every 10 minutes.
I went over to that house and she let me in. It's a nice house, aquariums all over the place. It made me want to pee.
The kid was already asleep so I had no problem getting to work. Her computer was upstairs. No need to steal it this time, I just copied everything to a USB drive.
She created software to process data from the life support systems and generate statistics. The life support system code depends on some kernel module that hasn't been developed yet so she's currently testing with generated datasets. The entire thing is written in bash and runs as a cronjob every 10 minutes.
Agent 7a69, babysitting service
Maria called me ! Laurent asked her out and she wanted to know if I had anything to do with that. I told her no. They're going to the movies if she can find a babysitter to watch over her son.
I gave her the number of Lucy, a friend of mine who owes me a favor. She's not a professional babysit, but I'm sure she can take care of a kid for a couple of hours.
It's also the perfect scenario to have Maria out of her house so I can search it.
I gave her the number of Lucy, a friend of mine who owes me a favor. She's not a professional babysit, but I'm sure she can take care of a kid for a couple of hours.
It's also the perfect scenario to have Maria out of her house so I can search it.
Friday, February 18, 2011
Bryant E(rwin) Snyder
I enrolled in Laurent's wine-tasting course. It's a very small course, just 6 people. While I was waiting for the course to start, Bryant Snyder (the power operator) walks in. He enrolled too, what a coincidence.
I got to chatting with him. Although he's married, I get the feeling he's attracted to strong older men like Nikolai (also from DFS). He kept talking about what a good programmer Nikolai is and aspires to become just as good.
So naturally, since he couldn't shut up about it anyway, I heard a lot about his work experience at DFS. Bryant wrote the power module of the space station. His motto seems to be "security through obscurity" and he was very vague about his software. All I learned is that it is written in C and authenticates the user with his user ID.
He also told me that it's corporate policy to have backdoors in the system. In case an employee leaves or dies, another employee can have access to the abandoned module. For that reason, each employee has access to all other employees' homedirectories and passwords are stored centrally in /etc/pass.
After the winecourse, Bryant went home pretty quickly to be with his kids. I stayed behind and helped Laurent clean up the place. He was clearly intoxicated. He blurted out that he organises the wine-tasting course to meet women. I told him he should ask Maria out, because "I believe you two would make a good couple". Of course, I don't really care ;) But I'm sure they would go on a date since Maria has a crush on Laurent.
I got to chatting with him. Although he's married, I get the feeling he's attracted to strong older men like Nikolai (also from DFS). He kept talking about what a good programmer Nikolai is and aspires to become just as good.
So naturally, since he couldn't shut up about it anyway, I heard a lot about his work experience at DFS. Bryant wrote the power module of the space station. His motto seems to be "security through obscurity" and he was very vague about his software. All I learned is that it is written in C and authenticates the user with his user ID.
He also told me that it's corporate policy to have backdoors in the system. In case an employee leaves or dies, another employee can have access to the abandoned module. For that reason, each employee has access to all other employees' homedirectories and passwords are stored centrally in /etc/pass.
After the winecourse, Bryant went home pretty quickly to be with his kids. I stayed behind and helped Laurent clean up the place. He was clearly intoxicated. He blurted out that he organises the wine-tasting course to meet women. I told him he should ask Maria out, because "I believe you two would make a good couple". Of course, I don't really care ;) But I'm sure they would go on a date since Maria has a crush on Laurent.
Wednesday, February 16, 2011
Mazur Bahawalanzai
Two days ago, I followed Mazur home. He lives in an apartment building in the old part of the city, a bad neighbourhood. He brought his computer with him and I suspect that he keeps working during the night. I didn't see him leave all evening and in the morning, he went back to the company with his laptop.
So yesterday, I found myself a local junkie, and offered him a reward to break into Mazur's apartment and bring me his laptop. It cost me only 200 Euro... I took the laptop home and analyzed it.
It seems the communications software Mazur wrote for the DFS space station uses very weak encryption. And be very weak I mean it really sucks. From his design documents, I've been able to gather that he uses XOR for performance reasons and a rolling key of only 4 ASCII characters!
Lucky for me, the space station is connected to the internet through a satellite communications provider. The hostname they use for the space station, which is called abraxas by the way, is abraxas.dildosfromspace.com. The communications module can be acivated through "secure" connection to port 4373.
The communications module displays a banner with lots of spaces and '#' signs in it, which should make the decryption easier.
Oh, this morning I noticed that the police was fingerprinting Mazur's place after he reported the burglary. They tracked down the junkie (called Sid it seems) and locked him up. Noone believed his story ;)
So yesterday, I found myself a local junkie, and offered him a reward to break into Mazur's apartment and bring me his laptop. It cost me only 200 Euro... I took the laptop home and analyzed it.
It seems the communications software Mazur wrote for the DFS space station uses very weak encryption. And be very weak I mean it really sucks. From his design documents, I've been able to gather that he uses XOR for performance reasons and a rolling key of only 4 ASCII characters!
Lucky for me, the space station is connected to the internet through a satellite communications provider. The hostname they use for the space station, which is called abraxas by the way, is abraxas.dildosfromspace.com. The communications module can be acivated through "secure" connection to port 4373.
The communications module displays a banner with lots of spaces and '#' signs in it, which should make the decryption easier.
Oh, this morning I noticed that the police was fingerprinting Mazur's place after he reported the burglary. They tracked down the junkie (called Sid it seems) and locked him up. Noone believed his story ;)
Thursday, February 10, 2011
I love social engineering
Sometimes, it's too easy...
I went to DFS (dildo's from space) and presented myself as a writer of a magazine. They let me in to have a look around and interview the employees.
I learned quite a lot about the space station. It seems the station has 7 distinct divisions, which are layered in levels. Each level needs to be powered up before the next can be powered up.
I went to DFS (dildo's from space) and presented myself as a writer of a magazine. They let me in to have a look around and interview the employees.
I learned quite a lot about the space station. It seems the station has 7 distinct divisions, which are layered in levels. Each level needs to be powered up before the next can be powered up.
- L1 Communications
- Operated by Mazur Bahawalanzai, a nice Indian chap that just graduated from IIT (indian institute of technology)
- L2 Power
- Operated by Bryant E. Snyder, an electrical engineer. He's married, 2 kids.
- L3 Life Support
- Operated by Maria Wilson, a marine biologist. Apparently, she is fully qualified to handle life support because she is an excellent deep-sea dive master. She's a single mom with a 3 year old son. The father was a stockbroker that committed suicide before their son was born. Sad story... I think she has a crush on Laurent, who also works in this company.
- L4 Supplies
- Operated by Michael H. Marcum, a PhD in mechanical engineering. He likes to play snooker together with Cameron from DFS
- L5 Storage
- Operated by Laurent Badeau, a french scientist who had the largest wine collection in his (little) town of "La Barre" in France, before moving here. He's proud of his heritage and claims to know a lot about wine. He offered me to participate in a local wine-tasting course that he teaches
- L6 Factory and Export
- Operated by Cameron C. Snowden, a mathematical genius. He used to be the logistics manager for a very large firm and was a snooker champion as a teenager.
- L7 Orbital Control
- Operated by Nikolai Grigorev, a 64 year old veteran of the USSR space program. He handled the Salyut 1 orbital controls and everyone is full of praise about him here. It looks like he has the most experience with space stations, systems administration and computer security. He also has some weird views on artificial intelligence, claiming all space stations will one day operate themselves.
Monday, February 7, 2011
Job 331
This is the official start of Job 331. I've been on standby for months, it will be nice to get back in the game.
I visited the client this morning to get the details on Job 331. It's a corporate espionage deal, but one that should prove interesting. The entire operation is coordinated by a third party, which I'm pretty sure has mafia connections. They represent an anonymous company in the adult entertainment business...
Anyway, Job 331 concerns a startup company called "Dildo's From Space". Apparently, they manufacture vibrators (which I'll just call goods...) which are perfectly weight balanced. To do that, they designed a space station with a completely autonomous factory on board. It seems that it is very hard to manufacture these goods on Earth, but no problem in orbit.
As far as the client is aware, the space station has just been launched and is not active yet. They are very interested in acquiring one of these goods for study (primary target), and it wouldn't be bad if I could bankrupt the company (secondary target).
My job is to break into this space station's systems, start up the factory to create a product. Next, the product should be safely transported from the factory back to Earth.
I'd better get started.
I visited the client this morning to get the details on Job 331. It's a corporate espionage deal, but one that should prove interesting. The entire operation is coordinated by a third party, which I'm pretty sure has mafia connections. They represent an anonymous company in the adult entertainment business...
Anyway, Job 331 concerns a startup company called "Dildo's From Space". Apparently, they manufacture vibrators (which I'll just call goods...) which are perfectly weight balanced. To do that, they designed a space station with a completely autonomous factory on board. It seems that it is very hard to manufacture these goods on Earth, but no problem in orbit.
As far as the client is aware, the space station has just been launched and is not active yet. They are very interested in acquiring one of these goods for study (primary target), and it wouldn't be bad if I could bankrupt the company (secondary target).
My job is to break into this space station's systems, start up the factory to create a product. Next, the product should be safely transported from the factory back to Earth.
I'd better get started.
Subscribe to:
Posts (Atom)