Wobbling (recording 9)

Sean had been hacked by the Voice. Now he thinks he was mugged by the Voice. He decides that enough is enough. He’s been feeble, he needs to get after it.

The Script

For most people, Fridays were long. But, for Sean, this Friday was excruciating. This woman on the train had stolen his backpack, which had his laptop, his phone, his wallet, and the key plus security fob for his flat. But, he was needed at work, so he had to go in and suffer. Sean suffered, and everyone around him suffered. He was in a foul mood.

As soon as he was clear, which on this day was a quarter to four, Sean bolted. He ran to the train, waited impatiently when the train was late, then ran home. He made it before the doorman and the office went off shift, filled out twenty minutes of paperwork, and had his flat re-keyed and the old key disabled. Then, he took a deep breath and went up the stairs.

He got to the top, walked down the hallway, looking to see if he thought anything was out of place. The doorman said he hadn’t seen anyone matching the description of the woman who had stolen Sean’s backpack, but Sean was wary anyway. If the woman from the train was really The Voice, his tormentor of late, Sean wouldn’t put it past her to have snuck up the side of the building like spiderman. He keyed his door with the security fob to open the electric deadbolt and used the physical key to unlock the manual deadbolt. He pushed the door open. He looked around. His flat wasn’t ransacked, that was clear right away. But, had someone been there? That coffee mug, hadn’t he put that in the sink when he left for work? It wasn’t like him to leave something like that laying around.

But, if the Voice had really paid him a visit, why would she move the mug from the sink? Had she taken a drink from a dirty dish? Or… she probably stole his fingerprints! Or, DNA! Dammit! Sean felt like he was going crazy. All he wanted to do was to sit down, pull up metasploit, get a reverse shell in some Third World bank and transfer some funds from some rich dictator to a few needy peasants. Redistributing wealth in Third World banks was therapeutic. Distinctive loved how powerful hacking made him feel.

Distinctive hated when that power was used against him.

He wanted that power back, but he knew it wouldn’t be easy. First, he had to get his stuff back, and find out who this Voice was. She had upped the stakes repeatedly, and he had been feeble in his response. He fought the urge to hide, to just hide from it all. He needed to stand up for himself.

His best laptop was where he left it. He needed to run some scans and do a memory dump, to make sure it was okay. But first, he needed to get a message to #TheCollective. He opened Irssie, fired off a coded message about being mugged and shutting down IRC, then fired up the back door to the server the chat was hosted on. It was a server they had hacked a couple of months before. The message he had just sent included a coded section telling #TheCollective to move to a new server. They had the drill down pat. Distinctive would kill the IRC server on this machine, find another host, and set up IRC there. Everyone would update their clients to connect there and they would be back online. It took about an hour. The job of finding a new host and dropping on a backdoor and an IRC server was assigned to Prairiephire.

Then, Distinctive went to buy a new computer. He needed to hack his own laptop, his own network, and make sure it was still clean. Then he’d hack the security camera recordings from the lobby and his hallway, and see if The Voice had in fact come to his flat. It freaked Distinctive out, to think that this Voice hadn’t just hacked him, but also followed him. Stalked him. Maybe, was spying on him.

There were three second hand computer stores within a mile, and Distinctive picked one randomly, bought a laptop, walked
to a hotel next to a three-story walk-up where he knew the wifi was fast, and secure, and he set up Kali on the new machine. By the time he was done, he visited the ESPN.com front page, clicked “View Source” and found, in a base64 encoded string hidden in the attributes of an HTML tag in the footer, the IP address of the new IRC server. Prairiephire had hacked ESPN.com years ago and they always kept the IRC IP address there. Hopefully the Voice did not know this.

Distinctive got back on IRC, on the new host, and told them what happened that morning. He had been mugged. He was sure it was the Voice. Then, Distinctive conferred with Q and Stoney about the best way to get into the security camera feed in his building’s lobby. Stoney was great with Shodan and gave Distinctive a quick rundown about search techniques and what to look for. Then, when Distinctive said he was going to head back to his flat to scan his LAN, Stoney told him to wait, Stoney told Distinctive that Lita wanted to talk to him. Distinctive still didn’t have a phone and wasn’t too interested in having one. So, he downloaded the Signal desktop app for Linux, set it up, and called Lita.

Lita and Stoney had remained in the Bay Area, still trying to track Avanta. In two days, Lita told him, there was nothing. No sign. But, Lita said, they tracked the burner Distinctive had given Sam Fishburne and found him drunk, in a bar. Lita said they then rented a hotel room and Sam was crashed on their couch, sleeping it off. Apparently, Lita said, this was Sam’s way of handling Avanta’s kidnapping. Lita planned to point out that it wasn’t terribly helpful. She also said that Sam Fishburne did drunkenly admit that Avanta had hinted at being a hacker. He said their theory she was really Exclusivor might be dead on.

Back in IRC, Bitslapt posted that he had instructed Prairiephire to go to Plan B. Instead of brute-forcing Sindictive’s ex’s iCloud contact list, Plan B was to Social Engineer in using the Bereavement Hack. This was how they hacked into Claire’s iCloud account. It involved creating several fake funeral and news web sites, and calling and convincing Apple support you were family, and wanted to get into your dead daughter’s photos. Just one last look. If you cry at the right time, and have some convincing supporting evidence, it’s usually pretty easy. Except that, Sindictive’s ex was still alive. Claire had really been dead. Prairiephire fired up setoolkit in a terminal and cloned, edited and posted a dozen web sites to support their story. They were now waiting for a response.

Then, because he had brought up Claire, Bitslapt said he had determined there are about 2000 missing images from Claire’s hacked iCloud account. Looking at the dates and incrementing file names, Bitslapt determined all the missing photos were from around the time of Exclusivor’s BASE jump in Dallas. But what did it mean? Someone else had gotten to Claire’s account first. But, who? Sindictive? Exclusivor herself? The FBI? Did Claire delete them?

Distinctive said goodbye, set up a Kali Live USB stick, read only, and stole home. At his flat, he felt… weird. He felt watched, like maybe the place was bugged. Was the Voice looking at him right now? It was in play, right?

He dumped his laptop’s memory, nmapped his entire network, which took a long time as it was the 172.16 subnet with over a million possible devices. A hidden device could be almost almost anywhere, sniffing his network traffic. He then port-scanned the handful of devices that he found, dumped memory, scanned for known rootkits, checked every port and then all the software on those ports. As far as he could tell, it was all clean. It was all his own stuff, just as he had left it.

He was surprised. It made more sense that he should find something. Still thinking, he located the hidden SSID his building’s security cameras connected to, bruted the login and scanned the recording backwards at 5x speed. The cameras were a recent addition, and he wasn’t a huge fan. Nearly nodding off while watching the last sixteen hours, he found nothing useful. He did manage to find three of the cameras on Shodan.io and planned to report that to management. Probably the Voice had found them on Shodan, too, and had been watching him for weeks, maybe months. Distinctive had gotten lazy. His OpSec had become lax.

It was daylight on Saturday morning before it was all said and done and Distinctive sat back, surprised. Surprised and tired. Why hadn’t she come here? Did this woman from the train assume he would come back to the flat, instead of going to work? Probably. Maybe she didn’t realize how sensitive the lathes had become. She for-sure knew that Avanta wasn’t coming in Monday. The Voice had heard all of that, maybe more. Sean thought of how he’d lived with the Voice hearing just about everything he had said or had heard himself for the last two weeks. He thought of the security cameras easily found in Shodan and how anyone could have been watching his hallway. Privacy was dead. Anyone who had the time and knowledge could be their own personal NSA.

Distinctive caught some sleep and when he woke, he went out toward the train. He’d seen the woman three times, and each time it was right around the train station near his flat.

He walked around, looking, ruling out what he knew about her, narrowing down a few possibilities. He wondered why the Voice kept dropping off the radar like she did. She would be silent for days, then surface again and become a chatterbox. Did she travel? Was she listening, but being silent? What did it mean? He tried to remember her saying something revealing, something about where she was, how she felt, what she was doing. She never said anything revealing.

By midday Distinctive had made no progress. It would be little more than dumb luck for him to find her. That was what he was thinking when he saw her. Not the Voice, but his boss Geri. But what was Geri doing at his train station on a Saturday? She lived all the way over in Arlington Ridge with a husband and two teenagers. He thought for a moment about ducking away, but she saw him before he had decided what to do.

Sean said, “Hey, Geri, what brings you here?”

Geri grabbed his arm and said, “We have to talk.” She pulled him to the edge of the street, where traffic was loud and there was no chance they could be overheard.

She said, “We’ve been calling you all morning! Who is this woman who has been answering with all that random gibberish?”

Sean explained about not having a phone. That he’d been mugged the day before. Geri asked if he’d gotten a look at the mugger? Sean told her that he had, it was a woman. He apologized for not reporting it to her.

Geri swore and said, “We’ve lost a lot of time. We need to get to the office. I’ll explain in the car.”

Geri and Sean got into a black sedan with a driver who took out a red strobe light, put it on the dash, and sped off.

In the back of the Sedan, Geri told Sean they had three lathes causing problems: Potomac, Lake Michigan and Longbeach. They had been trying to get a hold of Avanta, too, but she was also off the radar, and had been since midweek. Geri wondered aloud if Sean’s mugging was related. Someone seemed to be making a play at their lathes.

Sean doubted that, and he also knew where Avanta really was, but he didn’t dare say anything about any of that, yet. Geri said they needed to go in to work. Sean could take care of the Potomac, and walk Karl through fixing the lathe in Milwaukee. Benjamin was knee-deep in working out the problems with Longbeach.

Geri told Sean that there was evidence they were actively being hacked. The hacker was good, someone who knew Atomal and was routing through devices in at least four countries. Incident Response was trying to contain the damage, but they hadn’t yet succeeded.

Sean knew the networks each lathe was on were segmented, isolated, firewalled but they had long ago made the decision to connect them to the Internet. They were hard to hack, but Sean knew a good hacker always finds a way in. They just need to win once.

Sean didn’t tell anyone anything, but he knew this had to be the work of the Voice.

Geri and Sean made it to the office in less than twenty minutes. The only thing the Voice had not gotten from Sean was his work security badge, which had already been around his neck, under his suit jacket. Sean was grateful; this would have been so much worse without it. They passed security and Sean went to work. The last time they had an emergency like this, Avanta handled it all. Sean wondered to himself, was Avanta behind all of this? She had been kidnapped, right? Was Sindictive pressuring her to hack into the lathes? He had imagined Sindictive to be angling for a big payout on auto-driving cars. But, maybe this his real angle.

It was well past midnight before IR felt like they had remediated. Sean had fixed his lathe straightaway. Despite what Geri said, it didn’t appear the hacker knew his or her way around Atomal or their networks at all. If this was Avanta, she had to be deliberately messing up. Was she resisting Sindictive? Or, was it not Avanta at all?

Sean rubbed his eyes and started to drift off. The next thing he knew, Geri was shaking him awake and said she would take him home. Sean didn’t want to risk what that meant, Geri walking him to his door, so he said no, he would take a cab. He wanted to think. Geri gave him a phone and told him to keep it with him, always, in case they needed him in again. Geri told him she would be glad when Avanta was manning the Longbeach lathe. She said, “Monday can’t come soon enough.”

Sean couldn’t disagree more. As if he needed more things to worry about, he took the cab home and walked up to his flat, dead tired. He opened his door, disabled his alarm and walked toward his bedroom. But, something was different. He looked around. There, on his chair: It was his backpack. There on his desk was his phone, his keys, his wallet.

Warily, and suddenly awake, he crept around his place. The kitchen was empty, there was no one in the living room. He tip-toed to his bedroom.

In his bedroom, stretched out on his bed, propped up on every pillow he owned, was the woman from the train.

The Voice was in his bed.