THE BROTHERHOOD
Page 15
‘Give me thirty seconds before you try it. I’ll go to the front desk and distract the guard. He’s got a direct view of this door and if he sees you walking in we’ll have Greg to deal with.’ He looked at his watch and gave Aazim a sign to count down.
Bill approached the reception desk from the side so that he had a view of the monitors. He could see a number of screens displaying images from various locations and one of them had an angle on the data room.
‘Excuse me, mate, do you know where John and Vinh keep the toilet paper? We didn’t bring enough with us and there’s none in the supply room.’ As the guard swung around, Bill looked past him and made out Aazim’s image on one of the screens.
‘There’s another supply room on the west side of the building,’ the guard said, about to face the screens again.
Bill quickly said, ‘Which side is that?’
The man pointed. ‘East is the direction you came from, and west is on the opposite end. All sides are clearly marked on the walls.’ The guard wasn’t impressed with Bill’s apparent stupidity.
‘Oh yeah, I see it now.’ Aazim was still in the shot and needed more time. ‘Just one more question. Do you know where we can get a decent meal in this town? We haven’t been to Ballarat before and we want to grab something to eat on our way home. Sick of junk food, you know what I mean?’
‘Depends on what you want.’
Bill took his time answering and finally replied, ‘Chinese or maybe Indian.’
‘There’s plenty of that in town. Just head towards the centre and you’ll find something,’ the guard drawled lazily.
Bill saw that Aazim was no longer in view. ‘Thanks a lot,’ he said and shuffled off to get the toilet paper he didn’t need. Looking at his watch he saw that they had less than two hours to get what they’d come for. Any longer and the guards would get suspicious.
Inside the accounts room the familiar noise of electronics put Aazim at ease. He would have given anything to go back to his daily tasks of maintaining servers and fixing bugs. The room was much smaller than the main data centre of Aust Global Fund: four by four metres with two server racks full of hardware. Each rack, about the size of a fridge, was designed to hold anywhere between two and twenty servers. It was well lit, cool, and as sterile as an operating theatre.
It took him a few minutes to locate AccountsClass01Bak. He pulled up the only seat available and grabbed the keyboard. Taking a deep breath he pressed a key and a box appeared with login and password fields. He made a note of the time and began his first login attempt. Five incorrect entries and the console would lock up, barring access for three hours. Every IT department had system accounts and that was what he planned to use. They were username and password credentials associated with programs as opposed to employee names reserved for servers running specific tasks that needed to gain access to other servers. Their use was restricted but a handful of entrusted administrators knew the login details and Aazim was one of them.
He tried with the first account and saw LOGIN FAILURE on the screen. Still confident, he entered the second one and got the same result. A little worried now, he tried the third and the same message appeared.
‘Come on, don’t do this to me,’ he muttered and slowly pressed the last character of the fourth account. To his horror the same message flashed: the passwords of all four accounts had been changed.
To allay his panic he took a deep breath and tried to clear his head. He had one more login attempt and if he got it wrong it was all over. Suddenly an idea came to him. It seemed unlikely but it was worth a shot. He typed TestBackupServ01 for the username and StartSched01 for the password field. A test account he’d used once when a problem appeared in the backup process, he had created it for temporary use but had forgotten to remove it from the system.
The screen changed and the Oracle icons appeared.
It was a satisfying moment but a greater challenge awaited: cracking the Oracle password and downloading SWIFT data. He reached into the overalls and pulled out the Softbreach report along with a couple of USB flash drives he had bought at the internet cafe. On one of them he had downloaded the cracking tools known as Brute Force and Dictionary Attack. He wasn’t sure which would be more effective. Brute Force ran computations of all possible passwords up to a certain number of characters, and Dictionary Attack would target typically chosen words that would eventually guess the correct password. The latter compared the hashed value to a hashed dictionary word and matched the characters.
He decided to try Brute Force first, a program named OraBrute. It could process over a million passwords per second and nearly twice that of Dictionary Attack. Since it was probable that Sam had used words other than English, and with mixed case, it seemed the better choice.
Locating the hashed value of the password was the next step. Checking his watch, he saw he had another hour and a half to find it, crack it and download the SWIFT data. He read through paragraphs of the Softbreach report and found several methods of finding the hashed value. One location was the Oracle SYS.USER$ table used to store password hashes on the Oracle databases. The account was a member of the Database Administrator Role, which gave him the required access. He opened the SYS.USER$ table as instructed by the step process on the report and a smile spread across his face. There he found a 7-ASCII-character combination of the hashed value. Further reading explained that this single-byte character encoding method used for text-based data represented 128 possible characters.
Aazim had no idea what it meant. All he cared about was how long it would take to calculate a result. According to the report, it would take the program two hours to match the password on a Pentium 4 with a 3-GHz processor. The server had twice that processing power and it would cut the time in half. On the console command prompt he typed c:>orabrute 10.1.1.156 orcl 100 and the crack program initiated. He sat back and waited for a password file to be created. The console cursor disappeared as the program ran through millions of possible combinations.
All day the phone rang hot: congratulatory calls came from politicians, lawmakers and diplomats. Even the prime minister himself sent his regards for a job well done and urged Barry to keep up the good work fighting the war on terror. But as much as he enjoyed the pats on the back and what he called arse kissing, Barry had another problem on his mind. He stared at the map of Melbourne’s outer suburbs as though the answers he was looking for were about to reveal themselves. The location where Bill and Aazim had last been sighted had no significance to Aust Global Fund.
A field agent called to report his findings. ‘Sir, we interrogated the cafe staff and a waitress revealed the suspects were there for about an hour. Apart from a vague description of the two they couldn’t give us anything else.’
‘They were there for an hour so find out what they were looking for!’ Barry snarled.
‘A credit transaction was made to purchase two USB flash drives and we’ve removed the flash drive from the computer they used. Our technician was able to recover URL links and websites – it seems they didn’t have time to cover their tracks. Some links led to Warez sites that contain crack programs and hacking tools. Most of their search was based around the Oracle application and password cracking.’
‘Oracle?’
‘Yes sir, and a report was printed out from a UK site. I’ve got a copy of it here. I’ll fax it to you now. A technical team calling themselves Softbreach had compiled a report on Oracle’s password weakness.’
Barry’s fax machine beeped and the first page came through. He grabbed it and started reading. ‘What the hell are you up to, Bill?’ he muttered under his breath.
‘Sorry sir?’
‘Did anyone see where they went?’
‘A backpacker says they turned right when they passed him by the exit. He remembers being rudely ignored when he tried getting directions.’
Barry looked at the map and followed the road in a northerly direction. If they turned right it would lead them to the Western Freeway
on-ramp. He grabbed his hat and jacket and on the way out directed his secretary to forward calls from his agents only.
‘The Oracle password? That’s ambitious.’ Sam reacted calmly to the news of Bill and Aazim’s internet research. ‘However, I don’t see how they imagine accessing the data centre.’
‘I doubt your data centre is the target. Bill isn’t dumb – he knows every cop in the city is on the lookout for them. That bastard’s up to something else.’
‘Like you said, Mr Donovan, it’s only a matter of time. We’ll be waiting for them. As long as your men do their job I doubt they’ll make it to the entrance.’
‘That doesn’t worry me. The longer they’re out there the harder it’ll be for them to hide. He hasn’t made a move or been in touch with law agencies that we know about. They were last seen heading north towards the Western Freeway. Where’s he going, for fuck’s sake?’
‘Where did you say he was heading?’ Alarm bells rang in Sam’s head.
‘North to the Western Freeway. Outbound they could be running anywhere interstate, Geelong –’
‘Ballarat?’
‘Yeah, I guess.’
‘Send your men to Ballarat. That’s where you’ll find them.’
‘Why Ballarat?’
‘Our disaster recovery centre is in Ballarat and it’s where our backup servers are located.’
‘And you tell me this now?’ Barry screeched.
‘We don’t have time for this, Mr Donovan.’ Sam hung up the phone. He’d been focused on destroying The Brotherhood leadership and had left this mess for Barry to clean up. Aazim and Bill had proven to be a thorn in his side and were well exceeding his expectations, especially at surviving for so long. He dialled the Ballarat data centre and gave the security guard instructions.
A nervous Aazim looked at his watch. He had just under an hour left and there was still no result. He was busting to go to the toilet but popping out for a leak wasn’t an option. He looked around the room and found a small rubbish bin. He hesitated for a moment, but muttering ‘What the hell’ he stood up, unbuttoned his overalls and relieved himself. The smell of urine in such a confined space was very strong and holding his breath didn’t seem to help. He cringed and tried to put it in the back of his mind.
A beep came from the server and the console cursors flashed at the end of a newly displayed line. He pushed the bin further away and sat back. OraBrute had created a file: thepasswordsare.txt. He opened it and found a sequence of characters similar to those Kareem had given him. There was no time to waste so he launched the SWIFT database. When a login screen appeared he entered the password.
Bill had no idea how Aazim was going and time was running short. He continued mopping and cleaning room by room so as to avoid suspicion, while at the same time keeping an eye on the guards. Occasionally he would walk past the entrance and check the monitor screens over the guards’ shoulders. It was time for one of those walks.
He took a couple of garbage bags and made his way to the front reception. He stopped as soon as he looked over at the monitors and noticed that the screens had been switched off and there were no guards. He dropped the bags and ran back to the accounts room. As he turned the final corner he found the reception guard standing in front of the accounts room with a drawn weapon. In a split-second reaction he dropped to the floor and used his momentum to inflict a slide kick on the guard’s shins. With a yelp the guard buckled to the floor, discharging his weapon. They grappled for the gun and the guard managed to get up on his knees, holding onto it with both hands. Using all his strength, he twisted and lowered it towards Bill’s chest. With his back to the floor and pinned down, Bill was fighting a losing battle. Raising a knee, he kicked the guard in the kidneys, managing to inflict a sharp pain. He kicked again and again until the guard finally loosened his grip. Placing a hand on top of the guard’s wrist he pressed down, twisting hard. The sound of crunching bone was followed by screams. Bill snatched the gun away, buried the blunt end in the back of the guard’s neck and knocked him out cold. He stood up and was about to turn around when he received a king hit to the head that sent him flying into the accounts room door.
Inside, Aazim was alarmed at the bang and waited for the door to open. A progress bar on the screen displayed eighty-five percent completed. He only needed a few more minutes and the SWIFT data was theirs, but he knew that obtaining the information wasn’t enough and he searched through the databases for a way to cause damage or slow them down. A page opened up with over two hundred accounts with identical sum of funds. He began making changes. He reconfigured the backup server and scheduled a replication back to AccountsClass01, hoping the updates would apply on the main server in Aust Global Fund.
On the floor outside, Bill extended his arm, trying to reach the gun before Greg kicked it away.
‘I’m gonna rip your fucking head off!’ The big man picked him up effortlessly by his neck and threw him across the room like a bouncer tossing out a drunk.
Landing hard next to the cleaner’s trolley, Bill knocked out its contents and tipped it over. He felt around for anything he could use as a weapon and found a squeegee handle. When Greg stood over him Bill grabbed him by the neck and jabbed him in the eye with the sharp end of the squeegee. The guard screamed in pain, letting him go to cover his bleeding wound. But the blow only seemed to enrage him and he reached for his holster.
Bill summoned all his strength and got to his feet, knowing he had to get to the gun before Greg could aim. But he was already exhausted from the blows and was too late: the guard already had the gun pointed at him.
‘Hey!’
Greg turned around and warm liquid splashed in his face, causing his injured eye even more pain and momentarily blinding him. Bill gave it all he had and pushed the big man into the accounts room. Aazim shut the door behind him and quickly jammed a mop in the door handle.
‘What’s that smell?’ Bill asked.
‘Don’t ask.’
Aazim was surprised to find Bill so beaten up. He supported him by the waist with one arm and held the thermal-imaging device with the other. The flash drives were in his pocket and it was time to get out. There was no other sound in the hallways apart from their heavy breathing and their shuffling overalls. Upon reaching the front exit they discovered the thick glass doors were locked. Aazim tried the cleaners’ tags but they wouldn’t register.
Bill knew they had no chance of breaking the bulletproof glass. ‘This way.’ He turned and found another door that led to the car park, this time a wooden one with keypad entry.
‘Shit, now what?’ Aazim stared at the lock and wondered how to get around it.
Bill reached into his overalls and pulled out his gun. Following a deafening blast and a hard kick, the door splintered and they were out. They jumped into the van and drove to the front gate, thankful the tag still worked on the boom gates. They headed for their car, looking around for any signs of police. Bill was mildly surprised that the whole place wasn’t already surrounded but he expected Sam’s men to be there at any minute. He knew the alarm hadn’t been raised because the last thing Sam wanted was local police snooping around and questioning the trespassers, but Barry posed a bigger problem. If Bill were in his place he would already have his men in the city, giving instructions to local authorities. Driving out of Ballarat now was a risk, if not impossible. With every passing minute their chances of escape diminished.
Bill parked the van behind their Ford and unlocked the rear door before driving off, the least he could do for the bound occupants.
‘Shouldn’t you be driving away from the city?’ Aazim asked.
‘That’s no longer an option.’ Bill drove and at the same time studied a small tourist map of Ballarat.
‘Why? I can’t see any cops,’ Aazim said. ‘Come to think of it, that’s a little strange.’ For some reason he didn’t feel scared. He thought that either he was getting used to danger or he was still rushing from the excitement.
‘
Exactly. Those guards were tipped off by someone – someone who wanted us taken care of without cops getting in the way. If Sam knew we were here I’ll bet Barry had something to do with it. That road leads us away from Ballarat,’ Bill said, pointing to the map, ‘but in the wrong direction. We can’t risk heading for the freeway.’ He kept a steady eye on the road and took quick glances at the map.
‘Where are we going?’
‘The city centre.’
A large van with tinted windows nearly ran Bill and Aazim off the road as it sped past at high speed. It turned into the business estate and parked in front of the Aust Global Fund data recovery site. Two bearded men jumped out and ran inside the building. A few minutes later they came out again and screeched back onto the main road. They stopped suddenly when they noticed the cleaners’ truck parked in the emergency lane. Opening the rear doors they found bound men in the back, looking relieved and gesturing to be released.
Sam’s men looked at each other. One of them pulled out a gun and placed a silencer on its tip.
Their business done, they closed the doors and continued on their way.
Bill drove down the main road for a while and turned off into back streets as soon as they approached Ballarat city centre. Marked and unmarked police cars were visible, most of them outbound. He noticed one following them and kept a close eye on it as he drove past the city shopping centre. He turned right before the public library and the unmarked car continued to the freeway. That was too close, he thought, and pulled into the train station parking lot. He bought one-way tickets to Melbourne and they boarded the V/Line train.
Chapter 20
‘We have the whole of Ballarat locked down. We’ll find ’em soon enough,’ Barry said. ‘They snuffed two guys and the local police aren’t happy.’
‘Yes, I know. The deceased were Aust Global Fund employees,’ Sam replied.
‘It seems your boys were the first ones on the scene.’
‘What are you implying, Mr Donovan? May I remind you of the ramifications we face if that data were to be made public?’