A smile spread across midfr0stâ€™s face, things were starting to look better. midfr0st had a server he hacked awhile back, he could probably have told Donald to forward the mail there now. However he had to make sure the server was still his to control and then configure it to store the gantern.com emails as well as forward them to mail.gantern.com. The people at Gantern would spot this if they checked their log files, but most people donÂ´t do that regularly and when they do it would be too late. After verifying and configuring the server midfr0st wrote an email.
Things are looking bright, I should have a package for you tomorrow. The mail flow will be going to the company instead of from it. Hopefully this will be enough.
For the first time midfr0st started to consider the money he got from Dae as his own. He was probably going to buy an Origami / UMPC but that would only eat a small slice of the $24.000. Feeling content with his work and not being able to sleep, midfr0st considered doing something about the dust puppies, though only briefly. Instead he went out for a pack of smokes and a meal. He had stopped thinking in terms of breakfast, lunch and dinner. For normal people it would be around lunch time. But why call it lunch if you havenâ€™t eaten breakfast or dinner the day before? A coffee is just a coffee regardless of when you drink it.
Tech support: “Hello this is Brenda how may I help you?”
midfr0st: “Hi, do you have Donald there?”
Tech support: “He is busy on another line, do you mind holding?”
midfr0st: “No, Iâ€™ll wait”
After a few minutes Donald came to the phone.
Donald: “Hello Donald here, how may I be of service?”
midfr0st: “Hi Donald this is Dick, we spoke yesterday.”
Donald: “Was it for gantern.com?”
midfr0st: “Thatâ€™s the one, we have everything ready on our side here and would like to go forward with the move.”
Donald: “Sure, which ip do you want to use?”
midfr0st: “Wait a sec and let me find it. Oh, by the way Iâ€™m trying to keep our network documentation up to date. Do you have our contract number there?”
Donald: “Sure do, itâ€™s IBL047-65BT”
midfr0st gave Donald the IP address and thanked him for all the help. Shortly there after mail going to gantern.com was routed through a server under midfr0stâ€™s control.
Subject: Re: Progress
The information looks promising, I will keep you posted.
Three weeks later there was another email.
Subject: All done
We have everything we need. Pleasure doing business with you.
midfr0st called the Anti Spam provider again and told them to point the email flow to gantern.com back to mail.gantern.com. He made sure he didnâ€™t talk to Donald, and when asked for the contract number he provided the one Donald gave him.
Two months later midfr0st came across an article stating that Wiamra Group had won a bid for a building contract worth $88 million. Thinking of his paycheck of $24.000 midfr0st felt heâ€™d been had.
Daeâ€™s people at Wiamra Group were able to gather enough details from the replying emails Gantern Construction had sent to the Buyer.
The people at Gantern never figured out what happened. After seeing that the Wiamra bid almost mimicked their own they started an internal investigation. They fired a newly hired assistant in the Sales department but never got close to finding out what had really happened..
Please note this is a purely fictional story any name found here are made up. Iâ€™ve written this because I like writing, if someone reads it and enjoys it great. If they get more conscious about security, thatâ€™s a bonus too.
The SANS Security Policy Project
[tags]security, stories, social engineering[/tags]