Ogenstad.net

The Broken NDA – Part 5

patrick.ogenstad — Fri, 31 Aug 2007 19:35:15 +0000

midfr0st was smoking a cigarette just below a DiMavia logo, yesterday he had scouted the area and reluctantly decided to set his plan to action.

Here they come, he thought as some employees were returning from lunch. His back was aching, the better part of yesterday he had spent to create the outfit he was now wearing. He had gone to a hardware store and bought some paint cans and working clothes. midfr0st had “aged” the clothes to his best effort by trashing them and splashing paint on them. He had been crouched on the floor for hours and was paying the price today. midfr0st threw his cigarette to the pavement and stepped on it just as the employees walked past him. He pulled down his baseball cap and followed them into the building, in his hands he had two buckets of paint and something that from the outside looked like a toolbox.

The receptionist looked up at the approaching crowd and smiled, her gaze swept by midfr0st. For a moment his heart skipped a beat, but she didn’t take any notice of him. A man held an rfid key above a sensor and a small gate swung open, the group walked through the gate. midfr0st was close to panic as he saw the gate beginning to close. He was about to turn around and leave when a woman looked over her shoulder straight at him. When she saw that he had both hands occupied, she held the gate for him to pass through.

“Thank you” he whispered as he walked by trying to avoid eye contact. midfr0st slowed down and allowed the group to walk away from him.

He wasn’t sure of where he was going, he just knew which side of the building he wanted to aim for. While walking around he mostly just tried to avoid people. It was hard to avoid everyone and soon he started to relax. I’m invicible, midfr0st realized as people was walking passed him seemingly without taking any notice at all.

Soon he saw an office door with a yellow post-it note, “On Conference Until Next Monday”. midfr0st walked into the office and shut the door behind him. He opened his toolbox and produced a wireless router, crawled under the desk and unplugged the Ethernet cable from the computer and connected it to a switch port on the router. He took another cable from his toolbox and connected it to the switch port and the computer, after connecting some power to the wireless device he placed it on the computer hoping no one would see the intruding object.

midfr0st left the room and headed for the exit. If they’re using some layer 2 NAC, the timeframe will be too short for this to work anyway and all I’ll have lost is a wireless router.

The Broken NDA – Part 4

patrick.ogenstad — Tue, 31 Jul 2007 21:18:17 +0000

midfr0st sat on his balcony, digesting what he had overheard earlier that evening. The smoke filled his lungs and he was starting to get stiff from the cold. But that was of no concern to him. The music from his iPod just vaguely touched his mind.

He had gone over the plan in his head several times and after doing a quick risk analysis he knew it was a very dumb idea. Still, those security consultants were very stupid. In some strange way he didnâ€t feel he could reward that kind of idiotic behavior by not taking action.

Thomas and Hans had said they were handing over the security assessment report on Wednesday at 10:30 am, which gave midfr0st just under 80 hours until DiMavia would start addressing their security problems. From what he could tell the consultants had just installed a new firewall, and even if he didnâ€t hold those people in high esteem they might be monitoring the freshly installed box and it would be a bad idea to start pounding it. The time factor made social engineering the best approach, however, lack of information prompted a physical visit. The mere thought of it made midfr0st uncomfortable.

It intrigued him that he hardly found any information about the company on the web, aside from their website which claimed they offered some sort of financial services. He found a few people at LinkedIn who had worked there in the past.

Damn itâ€s cold, he thought and left the balcony. Compared to the restaurant his apartment looked like a total mess, there must be around twenty boxes here. midfr0st switched on the lights and suddenly was disgusted by all the dust, he missed the harmony from the restaurant where everything was so clean. Though he had enjoyed the music while dining, he picked up his Sonos controller, soon Satyricon was screaming through the speakers.

The cleaning will have to wait some more, midfr0st opened up OneNote and made a list. Tomorrow he would visit the DiMavia office and scout for cctv cameras, if he saw a single one he would back out. He almost hoped he would spot one, if he didnâ€t it would be time to go shopping.

The Broken NDA – Part 3

patrick.ogenstad — Sat, 30 Jun 2007 19:56:01 +0000

Just sitting there enjoying the atmosphere made midfr0st question his life in solitude. The wine was probably the best he had ever tasted, the starter had been excellent and now he was waiting for the main course.

My office back home seems like a prison in comparison. He missed being out meeting people. midfr0stâ€s gaze swept through the restaurant, he couldnâ€t see any other table hosting a single guest; all of the other tables had at least two people around them. He tried to think of a single person he could have dined with. Aside from the girl next door he came up blank. The realization made him order another bottle.

As he was sitting in all the chatter from the surrounding guests, he heard it clearly, just as if someone had shouted his name.

“vpn”

He almost dropped his glass, the online world came rushing back.

“nat traversal”

Who is speaking?, quickly he tried to focus on the conversation and shut off the other noise.

“Install a Blue Coat. Before we came along they didnâ€t even have a security policy.”

Itâ€s the two guys just next to me!

midfr0st tried to concentrate on the conversation, he realized he was a bit drunk.
“Hereâ€s to DiMavia” one of the guys raised his glass, “I mean, they paid for this.” They both laughed.
midfr0stâ€s food had started to get cold, he was entirely captivated by the conversation. Time after time the one named Thomas did his impression of what midfr0st assumed was their client.
“Money is not a problem”. They would always share a toast after this comment.

“Would you like some dessert,” the waitress asked. Midfr0st looked up at her, stunned.
“No, thank you but Iâ€m not done with my meat,” he grabbed the fork again, “it tastes great.” He put down the fork again when she walked away. He wished he had something to take notes on.

“But the best part was that girl in finance,” the guy named Hans said.
“She was quite a looker, wasnâ€t she!” Thomas made a gesture indicating large breasts.
“Yeah, that too, but do you know what she used for password for their economy system?”
“Some cat?” Thomas guessed.
“The subject name of her certificate!”
“Well, you know how it is with the bean counters.” They both laughed.

midfr0st just smiled, drank some more wine and tried to remember as much as possible of the conversation he had overheard.

The Broken NDA – Part 2

patrick.ogenstad — Mon, 30 Apr 2007 05:38:39 +0000

“Sorry for the delay” the girl smiled at him, “It’s been busy around here lately.”
“Oh, don’t worry.” midfr0st hoped he didn’t sound too annoyed. Feels like I’ve been waiting since bloody Christmas, I hope it’s worth it.

“Do you have a reservation?” The girl asked.
“Yes it’s that one,” midfr0st said and pointed at a line in her notebook. He felt uneasy with his name printed in plain view like that. Stop being so freaking paranoid, he thought, hoping his chills were from the weather outside instead of a product from his demons.
“Will you be dining alone?” midfr0st removed his finger from her reservations list.
“Just me, but you’re welcome to join me.”
Her smile grew a bit, “your table will be ready shortly.”
“The bar it is then.”
“That way sir,” she said pointing in the direction of the bar.
“Thanks!”

The place was fairly crowded so there was a buzz of chatter blended in with some classical music.
“What can I get for you sir?” the man behind the bar asked.
“Red wine, I’ll have that bottle,” midfr0st said pointing to a brand he knew of.
“Excellent choice,” the bartender poured him a drink.
You would have said that regardless of what I drank, midfr0st thought.
After his second glass his table was ready.
“IÂ´ll just bring the bottle if that’s alright?” midfr0st asked not really waiting for the answer. They seated him in the corner of the room where he had a full view of the restaurant. He smiled; it was the table he would have chosen for himself. No one would be able to sneak up on him from behind. If I don’t get too drunk that is.
midfr0st was flipping through the menu trying to figure out what language the meals were written in. At the table next to his a waiter was explaining to two men what they had ordered and how the meals had been prepared. I wonder if that was the French word for road kill?

Soon a waiter was ready to take midfr0st’s order.
“I’ll have number fourteen as a starter and number thirty seven as my main course.”
“Ah, the foie gras and the steak, wonderful. Have you decided on a dessert?”
“I’ll see if I want one later.”
“And what would you like to drink to that?” she asked, midfr0st caught her looking at the empty bottle.
“What can you recommend?” midfr0st asked.
“That’s not really my area of expertise, wait a second and I’ll fetch our wine expert.”

The waiter ran off and a few minutes later a short guy came rushing to midfr0st’s table.
“Good evening, sir” he saluted and opened their wine list.
“What price range were you aiming for?” he asked glancing at the bottle on the table.
“Well if the wine is older than me it’s probably too expensive,” midfr0st confessed.
The man launched into a wild discussion, mostly with himself, about the different wines the restaurant had to offer. It sounded like he had an intimate relationship with the lot of them. In the end midfr0st didn’t really know what it was he had ordered, just that he had probably never paid that much for a bottle of wine before.
I should have a sommelier when I live in a mansion, midfr0st mused watching the guy walking away from his table. But mine won’t be gay as a meatball.

The Broken NDA – Part 1

patrick.ogenstad — Thu, 30 Nov 2006 21:39:22 +0000

It was getting cold on his balcony. The leaves were falling from the trees and his neighbors had stopped having barbeques down below him. But midfr0st endured and defied the cold; he enjoyed his cigarettes too much and didn’t want to smoke them indoors. That environment was bad enough for his computers as it was, he didn’t want to make it worse.

The last few months had been fiercely busy for midfr0st, he hadn’t had any time to relax or really think about his situation. His current projects were done and he was left with a feeling of boredom. He wanted to be productive but his brain couldn’t handle anything besides smoke and music.

Eleanor Rigby was playing in the background; midfr0st thought Pain’s version was much more powerful than the original. He watched a couple walking, hand in hand away from his apartment complex. It’s better to eat porridge together than to eat pork alone. He didn’t remember where the saying came from but it had stuck to his mind.

When his cigarette was all but gone he left the balcony. His apartment was quiet as the grave. All the computers were off and midfr0st realized he wasn’t used to the utter silence. I bet the neighbors’ dog starts off soon though, he thought. Walking by his array of computers he wondered where the itch to turn them on had gone, usually he had millions of things to check. Instead he walked over to check his cupboard for a bottle of wine. Empty? midfr0st didn’t remember taking the last bottle; realizing he didn’t have any wine made him want it even more.

Sure he had plenty of beer and whiskey but what he wanted was a little something called Syrah, someone needs to take care of the logistics here.

Cooking up a meal just didn’t appeal to him without a bottle of red. Briefly he thought of pizza but that would only take care of his hunger, which was a secondary problem.

His plan had been to live as a hermit to avoid being seen by the outside world. He didn’t want to draw any kind of attention to his person and had sworn to follow that plan. midfr0st hadn’t eaten out in well over two years; he had hardly met “real” people during that time. Screw the plan, he thought, or that part of the plan anyway. His cravings overcame his earlier planning.

But where should I go? He asked himself, being out of the grid for so long meant he had no idea where any decent restaurants were located. Google Local didn’t work since that service wasn’t activated in his region. After booting up a computer and doing some searching he found a local search engine for restaurants.

After making the reservation he chose a blue suit from his wardrobe and phoned a taxi. He thought about the pretty girl he had been eyeing and exchanging hi’s with, it would have been nice to buy her dinner and actually talk to someone for a change. I think her name is Jenny… But midfr0st didn’t want to stray that far from the plan.

[tags]security, stories, fiction[/tags]

The Tale of the Disgruntled Employee – Part 13 – Conclusion

patrick.ogenstad — Mon, 25 Sep 2006 18:06:43 +0000

Two weeks later a server from Exibice connected to a box under n3m0’s control. Show time, I wonder if Mark can say â€˜Schema Admin’.

At Beateval

“Hello, this is Thomas how may I help you?”
“Hi, my computer just went all blue. I tried turning off the power but now it doesn’t start.”
“Did you change anything on your computer?”
“No, and my colleagues have the same problem.”
“Huh,” suddenly Thomas saw the counter for incoming calls rising drastically.

Someone shouted behind him when he looked back on his computer screen he saw that the virtual machine he had connected to the Exibice network had crashed. The host machine on the Beateval network was running fine.

At Exibice

“What is happening?” Mark roared.
“We don’t know,” Keith whispered.
“What do you mean don’t know, what have you done?”
“It was just patch Tuesday, one of the updates might have been flawed.” Ben said, his voice not much louder than Keith’s.
“Then remove the damn flaw!”
After a moments silence Keith worked up the courage to answer, “We can’t.”
Mark just stared at him, Ben jumped in.
“We can’t get into the servers, our passwords doesn’t work. Something must be wrong with the AD.”
“The local server passwords don’t work either.”
“Oh, how delightful,” Mark said sarcastically. At least I won’t have to spend a fortune on Christmas bonuses. “Didn’t you write the passwords down somewhere?”
“Yes, but we think someone might haveâ€¦ changed them.” Keith said nervously.
“Thank god it’s Friday then, now you know what to do during the weekend. Let me know when this is fixed, I don’t care what time you call.” Mark walked away.

Ben and Keith exchanged a glance, neither of them looked confident.

Mark called them both several times during the weekend, not once did they have any good news to share with him. When Monday came the network was still a mess, and nobody could work.

Two weeks later the network had been redesigned from scratch. The board of directors wasn’t impressed. Shortly thereafter Mark was sacked and a new CTO was hired along with a separate CIO.

Please note this is a purely fictional story, any names found here are made up. I’ve written this because I like writing, if someone reads it and enjoy it: great. If they get more conscious about security, that’s a bonus. If you have feedback or comments on the story please share them.

Further Reading:

Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures

Disgruntled employees and Intellectual Property Protection

Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft

[tags]security, security fiction, fiction, insider threat, disgruntled employee, physical security[/tags]

The Tale of the Disgruntled Employee – Part 12

patrick.ogenstad — Tue, 19 Sep 2006 17:53:11 +0000

Hours later when n3m0 left the server room, he felt like a plague bearer. Almost everything in the server room had been infested; the sysadmins would still believe they were in control. They needed to be secure in that belief for the time being. n3m0 didn’t want anything to happen while he still worked there. After leaving his employment, n3m0 would be glad to enlighten the network guys and show they who was in control.

He had copied several gigabytes of corporate information, along with the customer database, to Peter’s desktop. Now all he had to do was to transfer it to his external USB drive. It was far too late, or early, to go home. Even if he had the time he would have to use his access card to leave the building and that kind of log entry was unacceptable. Fortunately n3m0 had brought extra clothes in his rucksack, so he changed into “tomorrow’s” clothes. Can’t do much about the smell though, n3m0 thought as he unplugged the USB drive and shut down the computer. Again he headed for the storage room and settled in to sleep.

An hour and forty minutes later he woke up as he heard people talking outside the room. He gathered his things, when the conversation died out he headed for a toilet. His mirror reflection told him he had made a good call going there first, his hair was pointing everywhere. I could star in a zombie movie!

He tried to fix his hair as best he could and headed for his workstation. n3m0 spent the day trying not to fall asleep, he would hand Jennifer his resignation tomorrow. Not having a clue what Exibice offered in terms of employee exit policy he didn’t want to risk being escorted out by security guards, at least not when he had the USB drive in his rucksack.

The second reason he wanted to stay was that he wanted to see if anyone had noticed his nocturnal activities. During lunch n3m0 saw several of the network staff who were smiling and chatting away. They don’t have a clue.

n3m0 crashed in his bed when he came home and slept until morning. He woke up starving, he didn’t have any kind of food at home. As he was going to quit his job today he didn’t feel a pressing need to show up in time. He stopped by McDonalds on the way.

“Good luck in the future, clear your desk and leave.” n3m0 hadn’t expected tears from Jenifer, but perhaps more than ten words.

[tags]security, security fiction, fiction, insider threat, disgruntled employee, physical security[/tags]

The Tale of the Disgruntled Employee – Part 11

patrick.ogenstad — Wed, 13 Sep 2006 15:14:14 +0000

n3m0 inserted the power cord again and started the machine. He placed his CD in the tray and made sure the server booted from it. The boot process seemed to take forever. He jumped when a tape robot came alive behind him and started rotating tapes.

“Damn”, n3m0 screamed. If he was lucky, and the sysadmins sloppy, they might not notice that the server had “crashed” during the night, but if the backup failed someone would check it out. I have to get the server back up again.

Finally the system was done loading, he configured the network, opened up a command prompt and typed:

c:
cd temp
md temp
cd temp
copy c:\windows\system32\cmd.exe

He opened the Opera browser and downloaded srvany.exe which he placed in the C:\temp directory. n3m0 grabbed another tool and double clicked on the application, RegistryEditorPe. When the registry loaded, he browsed to the HKLM\_REMOTE_SYSTEM\ControlSet001\Services key. He added a new key and called it revenge. Under his revenge service he filled in Type, Start, ErrorControl, ObjectName, ImagePath. This will be perfect, n3m0 was humming to himself as he added a new key; Parameters.

Under it he created two entries Application with the value ‘C:\temp\cmd.exe’ and AppParameters with the value ‘/k dsadd user “cn=root,cn=users,dc=exibice,dc=com” -samid root -pwd Password13 -memberof “cn=Domain Admins,cn=users,dc=exibice,dc=com”‘

n3m0 closed the registry editor and clicked start, shutdown options, reboot (eject CDs). Again the boot process took an eternity. He wished he had a blue pill to feed the server. When Windows was done booting, n3m0 issued the three finger salute, and entered root and password Password13. The instant he hit enter he was presented with a message box.

Logon Message
The system could not log you on. Make sure your User name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case.

n3m0 just stared at the message box, this is not happening. He knew he had typed it in right, but tried again anyway. The same message was returned.

Something inside n3m0 clicked and he started swearing and shouting at the server. After a few minutes he calmed down, he was sitting on the switch again talking to the server.

“You know, I wish someone would develop artificial intelligence. That way you’d understand how much I hate you.”

In his imagination the server answered him. “I might be slow, but you’re not the sharpest tool in the box either.”

Slow, of course, n3m0 pulled the power cord and booted from the CD again. He added a parameter to his revenge service; DependOnService with the value; dns netlogon.

After another long reboot n3m0 logged as root, the newly created domain administrator on the Exibice network.

0wned!

[tags]security, stories, fiction, insider threat, disgruntled employee, physical security[/tags]

The Tale of the Disgruntled Employee – Part 10

patrick.ogenstad — Wed, 06 Sep 2006 15:13:04 +0000

The humming servers seemed to sing to n3m0. He walked around the server room watching all the different LEDs. This is what my apartment should look like, n3m0 smiled as he grabbed the CD from his backpack. He was whistling as he began to spin the disc on his index finger, the label read ubcd4win.

On the previous occasion he had had a quick peek inside the server room, this time he walked around and really absorbed his surroundings. He found himself yawning and feeling a bit cold, he only had his t-shirt and the cooling system was a bit too effective for his liking.

n3m0 saw a lot of equipment that he wanted for himself. Thoughts of his own economy were returning to him, if he didn’t take the “job” at Beateval he would be broke. I’m already broke. n3m0 took a seat on a disconnected switch.

I’m not working for Jennifer, he just sat on the switch and stared at one of the racks. n3m0 missed the adrenaline rush he usually felt when breaking into systems. He started seeing images of his land lord kicking him out and he was still pissed at orion’s inability to get him some sort of job. The taste of the coffee felt sour in his mouth.

The spinning sound of a bad fan woke n3m0 up an hour later, he had fallen asleep sitting on the switch. With a severe pain in his neck, he turned his head to see that his pillow had been a server. It had a sticker which read “Exibice Forest Root 2 – EXDC02”.

He inhaled sharply and felt his heart beating faster. Just watching the sticker made him feel the same way he had when Jennifer made eye contact with him that first time. He laid his hand on the server.

“We are going to have a good time.”

While dreaming, n3m0 had seen himself as a powerful man with thousands obeying his will; his worries about his financial situation had vanished.

He felt a moment of panic when he realized the CD had disappeared; n3m0 wiped of some drool on his sleeve and stood up. He saw the CD under the switch, picked it up and carefully wiped away the dust.

He felt the rush coming and sweeping him up, he wondered if Thomas would get any blame for what he was about to do. n3m0 found the thought very amusing. Thomas’ idea of living wild went as far as solving sudoku with a non erasable pen.

“Don’t worry dear, this won’t hurt a bit,” he told the server as he pulled out the power cord.

[tags]security, stories, fiction, insider threat, disgruntled employee, physical security[/tags]

The Tale of the Disgruntled Employee – Part 9

patrick.ogenstad — Mon, 28 Aug 2006 19:36:48 +0000

The wait was killing him. His iPod had gone dead an hour ago. How could I forget to charge the batteries? It was still an hour until show time, n3m0 had considered going before his set out time but in the end he forced himself to stay put. It’s better if no one is around.

The last hour seemed to take longer than the entire day. When the alarm he had set finally went off, n3m0 felt sore and tired. Here goes, he thought while leaving the room.

His first stop was the coffee machine. It tasted like the coffee had been scraped of the wheel of a car before being brewed. But it was late and n3m0 needed to stay awake. He returned to his cubicle farm, booted up Thomas’ computer and entered Thomas’ username and password. n3m0 had been practicing his shoulder surfing skills and didn’t think his coworkers were aware of his exercises. He knew what Thomas’ password was two months ago, if it didn’t match now all he had to do was to increment the last digit by a number or two.

Off to the throne room then. Next to the entry door was a keypad with the numbers 0-9. n3m0 chuckled at the memory of Mark and a sysadmin guy telling the helpdesk staff about the security in place to protect the company assets. When talking about the lock that n3m0 was standing in front of now, Mark had said:

“To pass the door an attacker has to enter the correct four digit code.”
Keith, the sysadmin, filled in, “if someone tries more than five times within half an hour the alarm goes off.”
“And how many combinations were there, three million?” Mark asked with a smile.
“Let’s see,” Keith pretended to think. “It might have been four, well it’s millions anyway.”
“Not even I know the code, and you’re not going to tell me are you?”
“I could,” Keith started, “but I would have to kill you.”
Mark laughed together with the group.
“I guess a good sledgehammer would do the trick.” James pointed out.
“Not true,” Mark said, “if the door isn’t opened by the keypad the alarm goes off.

It might have had millions of combinations when the system was introduced. Mark’s had made the mistake of viewing security as a constant; once in place it would always protect you. The only constant is change, n3m0 thought. The numbers 0, 1, 2, 6, 7, 9 looked like they had never been used, the numbers 3 4 5 8 were so worn that it was hard to make out the digits.

A million different combinations, ha! Try 24! (4*3*2*1) A few months ago n3m0 had wanted to see what the server room looked like, so when he was leaving for the day he had walked by the server room and punched in three different codes. Mark might have lied about the number of codes you could try before the alarm went off and n3m0 didn’t want to risk that by testing five in one go. Anyway, at a rate of three he would have access to the server room in eight days, if he really wanted to it could be done in a day if he went there once every 30 minutes. He had opened the door on the fourth day, but on the third he didn’t even try since someone had been standing outside the door.

n3m0 punched in the code 5834. A green light was lit and the door opened, he could hear the buzz from the servers on the inside.

[tags]security, stories, fiction, insider threat, disgruntled employee, physical security[/tags]