Cyberstrike by James Barrington (best english books to read .txt) 📗
- Author: James Barrington
Book online «Cyberstrike by James Barrington (best english books to read .txt) 📗». Author James Barrington
Hackers targeting a particular company or organisation won’t usually waste their time trying to suborn a paid employee because that would be unlikely to work, job security and a regular pay cheque being far more attractive than an extremely dodgy one-off payment, and any such approach would very probably result in increased security being applied to the website. Instead, they’ll approach the contract workers on minimum wage, the cleaners, the guards and night watchmen, and ask them to photograph things like post-it notes stuck on the screen of a computer, cards bearing apparently random characters left in unlocked drawers, all that kind of thing, and quite often they will strike gold and identify both a username and password.
Karim Ganem and his fellow hackers in AnArchy An0nym0us didn’t usually even bother with that sort of messing about, because it was too hit and miss and there was always a chance that the cleaner or whoever they approached would have an unexpected streak of loyalty to the company and report what had happened to a security officer or even to the police, and that would lead to potentially unwelcome consequences. Instead, working with other members of his hacking group, he had devised a fairly simple and virtually foolproof way of achieving exactly the same result, of gaining access to protected company websites through their unwitting employees.
What he relied upon could best be described as a combination of technological snobbery and almost juvenile showiness. He had realised that it was almost a given that the most senior employees of any major company would invariably either be provided with the very latest, fastest and thinnest laptops around and the newest and flashiest mobile phones, or they would purchase the same items for themselves.
Ganem wasn’t interested in the laptops, but he knew that the mobile phones could offer a way of getting inside even the most heavily protected computer network. Even if the only call a senior company executive was likely to receive on his mobile at a breakfast meeting was a complaint from his wife about something he had done or equally possibly had failed to do, it was still important to people like that to be seen to be using the very latest mobile when he placed it on the table beside his plate and coffee cup.
And in this Ganem was also helped by the target companies themselves, which often used publicly available corporate documentation to list the names of their senior executives and other people likely to have seats on the main board, or who would at least be in a position to make decisions. The movers and shakers of the organisation, in other words. Who also, by definition, would be more likely to have much more wide-ranging access to the company website than a normal coalface worker.
So Ganem had decided on a two-pronged approach. Working from readily available information, he would compile a list of the full names of every senior member of the target company that he could identify. Then, using inside sources he had cultivated at the biggest couple of telecommunication companies in America, he would cross-reference the names he had obtained with their customer records. That usually produced several pages of names with linked cell phone numbers, and that was all he had needed to begin his attack.
Using a burner phone to ensure that his message would be untraceable, he would send a very brief piece of text – an SMS – to each number he had identified. It was simple, to the point and most importantly was exactly the kind of message that most businessmen would receive on a daily basis and that would not arouse their suspicions. A typical text would read something like: ‘I’ve got an idea I need to run past you. James.’
The four commonest first names for male children in America are, in order, James, John, Robert and Michael, with William bringing up a distant fifth, and Ganem guessed that almost every recipient of the message would know a ‘James’ somewhere in their organisation. No doubt some slightly confused conversations would follow within the company when a ‘James’ would be contacted by a fellow executive and would have not the slightest idea what they were talking about. But that would probably be mentally written off as a misunderstanding and dismissed as unimportant.
In fact the content of the message was the least important part of the entire process. The simple act of opening the message to read the text was all that was required for the breach to be created. That activated a small piece of software that was immediately transferred to the target phone. That software was designed to do three things. First, it remained entirely hidden and covert to avoid being detected by any antivirus program. These worked primarily on virus signatures, by identifying recognisable lines of coding, and Ganem had been careful to ensure that no part of the code he had written resembled any known virus that he was aware of.
Second, almost everybody these days either uses their mobile to handle their emails, or at the very least they have a duplicate mail program running on their mobile so that if they are away from their desk they can still check their messages. So the tiny program was set up to identify and then access their email account, using an algorithm to record the target’s email address or addresses – business and private – and crack the password. And, third, once the software had done its job, it then created its own SMS which contained only the relevant email addresses and password in plaintext, and which it sent to Ganem’s burner.
This was not a technique that he had developed himself. The basic concept was well over a decade old and had most notoriously been used in 2010 by Chinese government-sponsored hackers who successfully forced their way into Google. This was one of several hacking techniques commonly referred to as brute force attacks, and was both comparatively simple to
Comments (0)