Chapter 15 - April 5-7, 2003 - Episode 2Listen to podcast
From: Det. Marcus Cohen
Sent: Saturday, April 5, 2003 1:03 AMTo: firstname.lastname@example.org
Subject: Your information
I appreciate your openness. It is a sign of good intentions. The audio is an eyeopener. However, your information is stale. I have good reason to believe that the deceased had decided NOT to stage the attack BUT that elements in Jenin may be proceeding on their own with an attack that is NOT victimless. Does the name Yasir mean anything to you?
It doesn’t make sense for you to put yourself at risk as a fugitive any longer since the circumstances have changed. I strongly urge you to give yourself up. You can do that through an attorney if that is what you would prefer.
From: email@example.comSent: Saturday, April 5, 2003 1:10 AM
To: mark cohen
Subject: RE: Your information
yes I know who yasir is. if he is involved in an attack it is more dangerous than i thought. he is exactly the kind of person that might seriously misuse our source code even worse than what larry intended to do. this makes it all the more imperative that i get all of our users updated asap so that the old source code becomes irrelevant and this game can be stopped. you will understand why that means that i cannot allow myself to be arrested during this process just as i understand that you would not be able to give me access to what i need to do what i must do if i were in your custody.
From: Det. Marcus Cohen
Sent: Saturday, April 5, 2003 1:15 AM
Subject: RE: Your informationImportance: High
URGENT URGENT URGENT
It is URGENT that you not do an update of your users! Part of the threat that was made is that the start of any update will trigger a massive attack immediately before the update can take affect. I don’t understand the technology involved. However, I believe my source to be credible.
hackoff will probably receive some demands in some form from collaborators of Yasir although we believe that he, himself, is dead. His death is not verified, however. We know nothing about the exact motives or methods of his collaborators although extortion is quite possible.
Dom reads this email three times. He looks at the ceiling, then back at the email. He twists his sideburns and looks back at the ceiling again. Mousing furiously, he trolls through websites full of hacker esoterica, sometimes cutting pieces of code from one window and pasting them into others. He runs a search engine he wrote himself that crawls through websites Google will never find. Sometimes he must solve a riddle as the price of entrance into a site or give a piece of hacker history known only to a very few people.
Occasionally, he runs an applet, then a ping trace, then an app whose source code he is continually modifying. Streams of numbers cascade down the screen. Sometimes Dom turns the numbers into histograms; some appear to be fractals, others much more predictable. Some of the patterns are superimposed on a recent map of the Internet Dom has accessed from somewhere. Nodes change colors as simulated packets march through them or bounce off. Occasionally, Dom aims a real packet stream at a real router.
At Dom’s first attempt to make coffee, he is nerding so deeply that he spoons the coffee grounds into the basket of the Mr. Coffee without the strainer. The grounds pour onto the floor through the hole in the bottom of the basket for several seconds before Dom realizes that something is wrong. He is unsuccessful in cleaning the grounds off the linoleum floor with a dry paper towel. Finally, he focuses sufficiently to wet the towel and does a mediocre job of cleaning up some of the spill. Straining to keep himself from taking another mental journey, he puts the mesh strainer in the basket and does finally succeed in making a pot of coffee. He apparently doesn’t notice spilling almost as much coffee on the counter as makes it into his cup. He burns his tongue by drinking too soon, but his focus has already shifted out of the room and back out onto the Internet.
Dom’s packet streams are aimed at the servers of the Jenin Group but they are bouncing off a cyber-security fence that Israeli intelligence has built around the Palestinian territories. Even packets that are being beamed to and from satellites directly into the territories encounter this fence. The purpose of the fence is to disrupt terrorist communication and find yet more damning evidence against Yasser Arafat. Now it is protecting the servers of the Jenin Group from Dom’s probes. He goes downstairs and paces clockwise around the block quickly in the cold predawn air. Then he reverses direction and paces counterclockwise as a dirty light preannounces the dawn.
Suddenly, Dom stops, straightens, and runs back to the old lady’s building. He trips on the stoop, trips again twice on the stairs, and a final time on the door jamb.
He is back at his computer. Now his packets pretend to come from the set of Internet addresses that belong to hackoff.com. Dom places an agent just inside the hackoff firewall to redirect the appropriate returning packets to him. His probe is now through the Israeli security fence and in the DMZ of the Jenin Group’s Local Area Network. Dom easily carves a hole in local security, giving him access to all of the servers on the LAN. His crawlers locate several copies of hackoff source code. Dom pauses to replace each of them with authentic-looking but crucially altered versions of the code.
Now he monitors the live packet stream in and out of the Jenin Group LAN. His filters look for the IP addresses of hackoff customers but don’t find any. What he does find is a stream of VoIP packets being exchanged with an address at hackoff.com. Dom picks off a copy of these, runs them through a VoIP decoder, and plays them through his earphones. Looking puzzled, he separates the inbound stream from the outbound stream and plays them separately.
Sent: Saturday, April 5, 2003 6:10 AM
To: chaim roslov
Subject: security information
you and i met at dinner in nyc with larry lazard last november. we had an excellent discussion about the comparative etymology of human and computer languages and why hackers like puns. you also were very informed on encryption and we discussed inventing and patenting an encryption/decryption game. i assume you had no trouble decrypting this email.
since you were such an interesting person to talk to, i used some of my own sources to find out more about you. at first i was surprised at how little i could find, you hardly exist on google and are even more invisible to some other tools i use. i have concluded from the information about you that does NOT exist that you are a member of or closely connected with israeli intelligence. i have information which i think but am not sure is of intelligence value and i intend to make that available to you. i also intend to ask you a favor that is important not only to me but to many other people as well. i believe we have many of the same enemies.
to assure that i am not wrong about you and that you are actually affiliated with security i am sending my information and my request in a following email which will be more strongly encrypted. in order to decode that easily you will need to provide the MAC address of the server called gulag which is used as a filter by israeli security.
[note to readers: If you were holding a physical book in your hand, you would know that you are reading the last chapter. So, fair warning to those of you who like to figure out the end before the author takes you there, you don't have much longer to do that.
If you have gotten this far online, you are apparently one of the people who does like reading online so I have one request and one suggestion. The request is that you tell your friends about hackoff.com by clicking here; your friends will be able to start reading from the beginning, of course. The suggestion is that you look at some of the other blooks listed in the left sidebar of www.hackoff.com. There is no affiliation between us and the other authors but there is now a proliferation of blooks and you may well enjoy some of them since you are a pioneer blook reader. - Tom Evslin]