Operation n

I began packing away my laptop. John, the security manager popped his head round the door. “You off Michael?” “Yes sir, I will be back tomorrow to continue.” “One of the network engineers just informed me that there is a new administrator account on the network.” “Ye, looks like one of your boys secured the primary domain controller with a Microsoft SQL sa password of ‘Startrek’.” John sighed. “Do people ever follow policy? Sarah wants to know if you’re still coming around for dinner tomorrow night?.” “Absolutely!”

It was good seeing John again. He was like the father I never had. John and his darling wife Sarah had taken me in. I don’t remember much about my past. All I remember is that John had caught me after attempting a skimming attack at an ATM machine not far from his house. I was only 17 years old. My heart sank as I thought back to the event.

Skimming back then wasn’t as fancy as it was today. I would approach an ATM machine and carefully place matchsticks into the card readers. An unsuspecting victim would slip their card into the machine and enter their PIN number, only their card would become jammed. I would agree to wait as they called for help. John was a little too streetwise to fall for that one. How things had changed I thought to myself. These days we have organised criminal syndicates setting up fake card readers and micro cameras. Interesting times…

I finally got to Victoria station. I hopped on the train and turned on my XDA. I looked over the Bluetooth message I had received earlier. I felt odd as I looked over the message. “Those characters! I know them”. I began searching my mind deeply in an attempt to recollect the void which was before me. I started to feel dizzy.. I continued pushing for the answer.. flashes… memories… my vision became blurred.

“Michael… Michael Daw… welcome home lad.”

References:

• http://www.bankrate.com/brm/news/atm/20021004a.asp?prodtype=bank

“That was a really cool trick you did with your phone”, Michael said, slightly deepening his voice and passing a credit card to the waitress.

She looked up, “please enter your PIN number sir”, “What trick?” she inquired.

“Didn’t you send that bluetooth message to my phone?”

“Ermm.. you lost me sir?” the waitress answered with a curious look on her face.

Lost for words, Michael ignored her question and kept his eyes on the device in her hands. The transaction was certainly taking its time… the wait reminded him of those Sunday morning soap opera’s his grandmother use to insist he watch.

he head of the receipt appeared from the top of the POS Data Collector. Michael took the card and receipt and exited the restaurant without saying another word.

Emabarrassed he made his way back down the road toward the bank he had been commissioned to test for the day.

Relaxing in front of his laptop, Michael eagerly looked at his screen, trying to forget his silly restaurant experience.

“My port scans should be just about done by now,” Michael groaned, raising his arms to the air and letting out a yawn.

The test was to simply locate critical vulnerabilities in some of the banks key servers, or atleast a duplicate of the key servers built on a VMware test lab. The idea behind using a VMware test lab, was to prevent downtime or data corruption from any of Michael’s simulated attack scenarios.

nmap had almost finished its port scan…

Michael looked over his typescript file, containing the arp-scan fingerprinting results:

$ for I in `cat hosts.txt` ; do arp-fingerprint -o "-I eth0" $I ; done

10.1.9.1   01000100000     Linux 2.2, 2.4, 2.6
10.1.9.5   01000100000     Linux 2.2, 2.4, 2.6
10.1.9.9   11110110000     Solaris 2.5.1, 2.6, 7, 8, 9, 10, HP-UX 11
10.1.9.10   11110110000     Solaris 2.5.1, 2.6, 7, 8, 9, 10, HP-UX 11
10.1.9.11   11110110000     Solaris 2.5.1, 2.6, 7, 8, 9, 10, HP-UX 11
10.1.9.12   11110110000     Solaris 2.5.1, 2.6, 7, 8, 9, 10, HP-UX 11
10.1.9.15 11110100000 FreeBSD 5.3, Win98, WinME, NT4, 2000, XP, 2003

• http://www.nta-monitor.com/tools/arp-scan/

I sat at a nearby restaurant called, “Joeys bar and grill” enjoying a succulent medium rare steak. The one perk when doing onsite work from the office was the company paid lunches. I finished my meal and sat quietly sipping on an ice cold Coke. “always seems to taste better in a bottle”, I muttered with a satisfied smile.

I had recently switched my pay as you go mobile phone-if that is what you could call it, for a new 02 XDA II Mini. “It has WIFI capabilities”, I remember the cunning sales clerk saying. It was light, compact and cute I thought. I had been waiting a long while for a reason to upgrade my old piece of rubbish.

I had often used my phone to scan for insecure wireless networks nearby. It was a free and easy way to move around on the Internet and remain anonymous-if done right. Once connected, I could access websites or log into anonymous servers using pocket putty. I am always careful never to access personal resources across these channels, it just isn’t safe. I knew that rogue or malicious access points could be setup and monitored. There is also always the danger that if I chose to play around with something on the Internet they may attempt to track me down. So I stayed away from accessing email and other information that may point to me. I had also changed the hardware or MAC address via the cell phone software. This made it virtually impossible to trace my connection should it be logged on a network device somewhere to be used later by the authorities.

I was getting ready to give a sign to the pretty looking waitress that I was ready for the bill when I heard a beeping sound. I immediately identified the sound and glanced down at my phone. A Bluetooth device was attempting to establish a connection with my phone or to pair - as they call it. Only, the name of the device connecting, identified itself as “hows the meal?”, it also had an array of odd-looking characters appended to the end. “Bluejacking”, I said with a smile, how fun! I remembered reading a oddly titled article, “how to pickup girls with Bluetooth.”

I had often left bluetooth enabled on my phone with varying names just to see if anything would ever happen. Unexpectedly though, this was the first time. I also had a worrying nagging feeling that this may be some kind of worm or virus propogating via the Bluetooth protocol.

I knew that most Bluetooth devices had a limited range of about 10 meters. So I scanned my surroundings. No one was around. I scratched my head and felt rather confused. I looked around again only to find the waitress stairing at me with a smile and a bill in her hand. “It must be her” I thought. This was certainly my day. A cute waitress who understands Bluejacking. What a combination.

References:

• http://www.seeo2.com/product/XdaIImini/template/Product.vm
• http://www.bluejackers.co.uk/