Authors: Ian Sutherland
Social Engineer (9 page)
“That makes sense, doesn’t it?” asked Brody. “No more to it.”
Tim Welland, the man who’d waxed lyrical about his new restaurant concept a few minutes before, was strangely silent. He clasped his hands together.
“Welland, what’s going on?”
“It’s as Chu said.”
“It’s called corporate espionage, Mr Lamont.” Brody said, sitting back down. “And your company is guilty of it right now. The last time I heard about a case like this was in the hotel industry. Hilton settled out of court with Starwood for $85 million.”
Lamont blew his top, spittle flying everywhere. “What the fuck is going on here?”
All the executives silently studied their hands.
“The funny thing about the presentation you’ve just heard from Mr Welland is that I’ve already read about an exceptionally similar concept for a grille-based barbecue restaurant chain. But in the documents I read there was one significant difference. Your number one competitor’s logo was all over them. Would you like to know where I found these documents, Mr Lamont?”
“Go on . . .” said Lamont tightly.
“As I’ve already mentioned, your security defences are so weak I was able to give myself access to each of your email accounts and —”
“You’ve read our private email?” shrieked Fielding.
“Well, yes. Fascinating reading. But the most interesting were the documents I found in Mr Welland’s account.”
“I can explain . . .” pleaded Welland.
As Welland attempted to defend himself under constant barrage from his CEO, Head of Legal and most of the other board members, Brody zoned out and read the email that had popped into his inbox earlier. It was from one of the members of CrackerHack entitled,
Favour Required - Will Reciprocate
. CrackerHack was an online forum used by computer hackers from all over the world to brag about their exploits and swap ideas, tips and techniques. Brody spent much of his spare time on there. The message was from a member called Crooner42, a username that Brody vaguely recognised from some of the discussion threads. Crooner42 had blasted it out to all of the subscribers to a forum entitled ‘Advanced Pentest Techniques’. In it, Crooner42 explained that he had built an experimental live video-feed based Internet site that was likely to attract unwarranted attention from law agencies around the world. He’d hardened it as best he could, but needed someone deeply skilled to pentest it thoroughly, to ensure it couldn’t be broken into or brought down.
Brody wondered what the ‘experimental’ site was for.
Crooner42 requested that members of the forum declare their interest in carrying out the work. He would then choose from one of the respondents. Brody expected that Crooner42 would select someone based on reviewing his historical activity on the site. Brody knew he would be a strong candidate and, with the Atlas Brands job now pretty much finished, was sorely tempted to offer his services. In return, Crooner42 was bartering a week’s worth of his own coding services. That could always come in handy. It wasn’t a bad trade for what would probably amount to just a few hours of work.
“Do you have proof of this allegation, Mr Taylor?”
Brody looked up. Lamont had asked the question.
“Well, yes of course. Give me a second.”
Brody opened a new browser tab and brought up an email he had drafted earlier. He pressed send.
“I’ve just forwarded you all some emails sent to Mr Welland from a Janis Taplow. I believe she’s a relatively new employee within the marketing organisation. Where did you hire Janis from, Tim?”
Tim Welland replied flatly. He named their number one competitor.
“The email contains the whole launch campaign for their grille restaurant concept, presentations, financial plans, target countries, demographics, everything. And, if you open up the main presentation, you’ll notice that even the concept art is very similar. In fact, the only main difference is the name of the restaurant chain.”
“Got it,” said Lubber, Chu and Fielding in concert, from three different locations around the world.
As they read through the offending material, Brody flipped back to Crooner42’s request. He was tempted by the job, but hesitant to put himself forward until he reviewed the site in question. It was the reference to it receiving unwarranted attention from law agencies that intrigued him.
Incredulity rang in the voices from the screen as they absorbed the material Brody had just emailed them.
He checked Crooner42’s profile. He presented himself as more of a coder than a hacker, someone who spent far more time programming than trying to identify exploits in systems. He’d been active on CrackerHack for three years. Satisfied, Brody clicked on the hyperlink to the so-called ‘experimental’ site. It was called www.SecretlyWatchingYou.com. It seemed to be a random collection of network camera and webcam feeds. Brody clicked on one, making sure his computer’s speakers were muted. It showed some people working in an office, layers of desks and desktop computers. Another feed showed some fish swimming around in a fish tank. Not particularly interesting.
The Internet was full of webcam sites, the majority of which were either for viewing public places from afar in real time or for pornographic purposes. But this site claimed to have hacked into private network cameras in peoples’ homes and workplaces. It was certainly unusual. It charged fees for access beyond the free taster webcam feeds on the front page. Brody couldn’t really see why anyone would want to pay or what all the fuss about law agencies was about.
Surely Crooner42 was over-egging the protection the site needed to have? Who would bother to attack it? And publicly requesting help like this on CrackerHack was definitely out of the ordinary. But then Brody remembered that after this meeting, his diary was looking concerningly clear. If Crooner42 selected Brody over other forum members for the job, his elite status in the hacking community would intensify — doubly so if he quickly broke through the website’s security countermeasures.
Ah, what the hell!
He returned to the original email and pressed the link Crooner42 had provided. In the blink of an eye, he had registered his interest in carrying out the pentest on SecretlyWatchingYou. Now it was down to whether Crooner42 chose him over another offer.
Brody returned his attention to the video conference.
“Looks like I’m done here,” said Tim Welland, getting to his feet in Munich.
“That’s the understatement of the day,” commented Chu.
“You’ll have my resignation in your inbox within the hour, Mr Lamont.” They all waited while Welland gathered his belongings and left the room in Germany.
“Well, Mr Taylor,” said Lamont. “A bit unorthodox, but I’d like to thank you for saving our company from a very embarrassing predicament, not to mention the potential law suits.”
“Just doing my job.”
“I think we should delay the presentation of your findings report until I’m back in the UK, which will be Monday week. I’d also like to personally shake your hand. And if everything is as insecure as you describe, it looks as though Chu will see a lot more budget going his way.”
“Sounds good to me,” said Brody.
“And me,” said Chu, his relief evident.
Ten minutes later, Brody drove out of the Atlas Brands car park in his metallic orange and black, custom-designed Smart Fortwo coupe. It would take a good few hours to get back to London. His phone vibrated. He slowed, looked down and glanced at the message header. It was from Crooner42 and entitled ‘Pentest Outcome . . .’
Brody stopped the car and clicked on the message, fully expecting to see his name in lights.
He couldn’t believe what he read.
ABOUT IAN SUTHERLAND
Ian Sutherland is a crime thriller author, living in London with his wife and two daughters. Leveraging his career in the IT industry, Ian's stories shine light on the threats we face from cybercrime as it becomes all too prevalent in our day-to-day lives.
Invasion of Privacy
is his first full-length novel and was professionally self-published in August 2014, along with it’s prequel, a novella entitled
Social Engineer
.
Learn more about Ian at
www.ianhsutherland.com
Join his mailing list at
www.ianhsutherland.com/stay-in-touch
Follow him on twitter at
www.twitter.com/iansuth
Like his Facebook page at
www.facebook.com/ihsutherland
