Deadly Conception
Page 6
Gabriel smiled like a wire hanger was stuck in his mouth. The start-up meeting went really well. Asrani was decisive, smart, and pushy…like most CEOs. The rush-job data security hack would mean a quick 50 thousand in unexpected short-term revenue, maybe more.
I can make payroll! I can pay at least the first IRS installment! Christ Almighty, I dodged a bullet this week, he thought. Kinda dirty how he dug into my personal finances to try and leverage a whitewashed report. Oh well. I got the account and I’m running it squeaky clean. Maybe things are turning around for me…finally.
The tension in Gabriel’s shoulders subsided.
Chapter 13 – New York City
“Pablo, the Ropa Vieja was incredible. Thank you.”
“Gabriel, I tell you too many times. Cooking is my therapy. I do this para me. But I’m glad you like it because if eat it all myself then I would be a very fat man. Tecate?”
Gabriel grinned as he accepted the cold bottle of beer. Pablo’s accent always gets a little thicker when he drinks, he thought “Thanks. I think the tequila is finished.”
“I think is enough for one more toast. We save for later. Now, we talk business.”
Gabriel spent the next few minutes briefing Pablo on the bank hack.
Pablo smiled. “When I got your message, I checked with my team. It is a good thing, this job, but timing no…is not so good. DefCon is in two weeks. I never miss…never. But my team? Maybe? We can do it if, and only if, we start Monday. Otherwise, is no. We not to miss DefCon. No.”
“CEO’s got the paperwork. I expect to have a fully executed contract this weekend, and that means I can sign you immediately after. Sunday night, at the latest.”
“I trust you. One more thing. Rush job, yes? More money.”
“How much?
“10 for me, 5 each for my team. 25 thousand total.”
“Done. Anything else?”
“I don’t start until I see signed contract. I trust you for the money, but I don’t trust the Bank.”
“Agreed. I assume you want the usual perk in your contract, yes?”
“Of course. A bottle of Tres-Quatro-Cinco Tequila each, for me and my team.”
Gabriel laughed and stood up from the shabby lawn chair. Enrique Fonseca was the renowned Tequila producer of the expensive 3-4-5 liquor. Each bottle was a masterpiece of taste and art, making it one of the most expensive Tequilas world-wide.
“You got it.” He shook Pablo’s hand, sealing the deal. “If all goes as scheduled, when do you think you and I can present the results to the CEO?”
“You say the board meetings are the sixth and seventh, yes? Then we do the dinner with the CEO on the sixth. That is the best I do.”
“Okay. That’s tight but I’ll make it happen. Thanks, Pablo. Very much. It’s late. I better get going.”
“Yez, you must go. But first we toast.” Pablo emptied the last of the Patron into a pair of paper Dixie cups, handed one to Gabriel, and raised his own.
The two men spoke in unison… “When life gives you a song you better dance, because the song is going to end for everybody.”
They drank, and then threw the cups into the fading fire creating a momentary blaze that quickly died.
Chapter 14 – Monday, July 30 (New York City)
“Blueline, here’s your ticket to Boston. Text me when you are in place with Pilgrim Trust’s Chief Technology Officer. How long will your part take?” asked Pablo, handing over a printout of his colleague’s itinerary.
The mid-60s bird-like Blueline Altmann was vegan-skinny, sporting an eight-inch gray ponytail, and deeply tanned skin. He’d been in the legitimate hacking business for more than a decade. Before that, Blueline had been an activist hacker. He earned national notoriety in early 2001 when a worm he created shut down the integrated systems of the world’s largest fast-food hamburger chain, effectively disrupting more than 20,000 outlets. Blueline’s anti-meat protest led to a conviction under the Computer Fraud and Abuse Act of 1990, three years of probation, 1,000 hours of community service, and $250,000 fine.
“A day to set up. Plus, three attacks over two days. I should have results to you by Friday,” Blueline coughed, quickly taking a swig of a repulsive looking greenish liquid in his Yeti tumbler.
Blueline was the perfect person to work with Chief Technology Officers to complete penetration tests. The man was a legend. People like Pilgrim Trust’s top data security executive considered running an authorized simulated attack on their company’s computer system with “the” Blueline Altmann the equivalent of jamming with your favorite rock-n-roll legend at your own house with all your friends.
“Okay. Good. Food and all other expenses are on your dime. So, call your favorite vegan raw bar and let ‘em know you’re coming,” Pablo chuckled.
“Carnivore,” retorted Blueline with a sly smile.
Pablo turned to the two other team members. “Smudge, Joanna. You two will test the bank computer system software for flaws. Smudgey, you do the vulnerability probe. JK, you’ve got a new network security scanner tool, right? Use that to search the bank’s entire network and its nodes for security loopholes. Good?”
Smudge Zatkode was a brilliant computer analyst and chess player. He was clean. No criminal record. Working at a leading mathematics think tank straight out of Columbia University, Smudge authored the original password cracking software. His work later identified flaws in code injection, exploitation of embedded systems, and cryptanalysis of commercial systems. He published and consulted about his discoveries. He was successful enough to retire early, and comfortably. But to stay current, he liked working with Pablo where he could legally conduct field research for the latest bugs, defects, and weaknesses in the systems of big corporations.
“Yesssss. A bank!” Smudge cheered. “This should be fun, especially after that huge robbery a few weeks ago.”
“Okay, Smudge, I know this is hacker-porn for you. Take it easy. JK, how about you?”
“I’m ready, Pablo. I have three new toys, too. I think you’ll like them.”
No one in the room needed to ask. Joanna never took a breath before proudly telling the team all about the latest equipment, especially her favorite. The Swiss-made ImmuniWeb relied on state-of-the-art machine learning and artificial intelligence automation to detect the most sophisticated flaws in websites and web applications.
“Very impressive, JK. How do you pay for all of these things?”
“Are you kidding, me? The companies pay me to use them, in exchange for my testimonial.”
Joanna Kowska – a 29-year-old graduate of MIT, adjunct professor at Rensselaer Polytechnic Institute in Troy, New York, and a Microsoft consultant – was an expert in operating system security. As an undergrad, she attended her first DefCon and demonstrated a simple method for hacking into the Windows 7 beta. Her work has always been non-criminal. She loved working with Pablo for the extra money, and it kept her current with Microsoft.
“So, I’m paying you. These scanning tool companies are paying you. Microsoft is paying you. And RPI is paying you. I guess you’re saving for a rainy day, huh?” chided Pablo.
“No…I’m paying off college loans…and feeding my love for Burberry clothing.” JK giggled. “It’s damp in Troy.”
“If you say so…can you two get me your results by Friday at noon?”
Smudge beamed. “Shouldn’t be a problem, boss.”
“Easy peasy, lemon squeezy,” peeped JK.
Pablo smiled. “Excellent. I’ll handle the social engineering. Okay, everybody. You have your assignments. Get going.”
Chapter 15 – Boston
“Okay baby, let’s do our thing,” Pablo mumbled as he backed his Lincoln into a space on the darkening east side of the empty roof top parking lot of the Massachusetts General Hospital Professional Office Building at 275 Cambridge Street, directly across from the Pilgrim Trust Bank.
He opened the large, black sedan’s trunk, grabbed a navy-blue nylon “Parking Security” win
dbreaker and put it on. It wasn’t much of a cover disguise, but it was sufficient to satisfy the casual onlooker.
Moving steadily, he opened his large Pelican Air Case. The sturdy polymer travel trunk was watertight, crushproof, and dustproof…and protected thousands of dollars’ worth of tech gear, computer equipment, hacker kits, and social engineering paraphernalia.
Like every other furtive, solo hacking gig, Pablo curbed his anxiety by running a whispered status report to an imaginary control room at NASA.
“Houston, I am T-minus 9 minutes.” Pablo hummed as he retrieved a drone controller and a customized DJI Phantom 4 drone equipped with a payload hook and release mechanism, a Zenmuse X5 Night Vision Camera with a 15mm f/1.7 lens mounted on a 3-axis gimbal. The futuristic-looking drone could carry a variety of payloads, precisely transport, and drop the goods above a specific target area.
“Houston, we have green lights. Prepare to load and launch.” Pablo grinned and sorted through his equipment for the engraved, metal flash drives with the pre-loaded malware. He attached about 20 of the custom-branded USB drives to the Phantom 4 drone.
The seven-story Pilgrim Trust Bank office building was older and had limited on-site parking, about 40 spaces over two, below-the-ground floors. That was enough for the senior executives and a few long-time employees, but it was not someplace Pablo wanted to covertly fly his drone to drop the flash drives.
Thankfully, the office’s regional president used some of his narrow budget to provide parking for mid-level and junior staff across the street, next to the hospital building, where an open lot provided additional space. That was Pablo’s target.
“Houston, we have lift off.” He launched the drone about 100 feet above his head while checking the resolution on his computer screen to make certain his camera provided a clear view of the target area.
“Here we go,” declared Pablo on the dark rooftop under a moonless sky. He flew the drone across the street in a circling pattern and initiated a steady decent to about 50 feet above the ground level parking lot, well above the security cameras watching the near-empty area.
“Bombs away.” A shower of metallic objects briefly fluttered through the evening sky before tinkling to the ground and spreading across the southeastern half of the near-empty lot, the section closest to Pilgrim Trust Bank.
“Houston, the Eagle has landed.”
Pablo wasted no time. He flew the drone back, landed it, and packed it away. He removed his “Parking Security” jacket and stuffed it into his luggage. Back in the car, he started the engine, drove down the six levels to the street exit, and made his way to the bank’s underground parking lot.
The facility was unchecked, the valets off-duty. Pablo leisurely snaked his car around both levels of the near-empty lower-level lot, dropped the engraved flash drives near the white parking space guidelines where they were less likely to get run over by the BMW’s and Audi’s preferred by senior-level banking execs.
“Okay little birdees, come and get your seeds.” Pablo sneered, knowing that there was always, always, at least one person who unquestioningly would pick up a flash drive and plug it in, especially a 10-gigabyte drive.
When he ran out of stock, Pablo drove out of the lot and checked his watch.
8:45…I think I have time. Pablo made his way out of downtown Boston. He drove about three miles through Back Bay, Columbus, and the South End before arriving at the Doña Mantanzas Restaurant, were he parked and went inside.
“Table for one?” he asked.
“Yessir, please follow me,” the young hostess responded with a smile that made Pablo suck in his gut and add some swagger to his walk. I’ve still got it, especially compared to those flabby bank executives riding a desk all day long.
“I hope you have some Fufú Relleno De Camarones left. I hear it is very good.”
“I’m sure we do. It’s a favorite,” she winked and directed Pablo to the small table near the window.
Pablo took a seat, ordered a Tecate and a shot of Patron, and texted Gabriel.
The seeds are all planted.
He settled in for a good Cuban meal. He had a week to plan the Pilgrim Trust break-in. Pablo turned on his tablet, connected to the restaurant’s WiFi, and searched the bank’s last five years of Schedule 14a filings with the Securities and Exchange Commission. He also brought up the bank’s website on his smartphone and scanned the board of directors.
By the time he’d finished eating he had the basics of his plan.
Chapter 16 –Tuesday, July 30
Kevin Florian managed the Pilgrim Trust home loan division. Hard-working and dedicated, it wasn’t unusual for K-Flo, as his buddies called him, to arrive at the bank before 7 am and leave after 8 pm, especially on Monday nights following a weekend of closings.
This week was no different. K-Flo stayed so late Monday night he didn’t see Pablo’s drone, nor had he noticed the metallic drives sprinkled around the parking lot that night.
But when he arrived at the open-air lot early the next morning, he spotted and picked up a few of the Pilgrim Trust-engraved flash drives.
These are new.
K-Flo had only ever seen the 2G plastic USB drives he used to provide clients with digital copies of home loan documents.
I can use these 10 gig drives for my premium clients. Very cool. I’ll have to ask our IT guys where I can get some more.
At his desk with a fully packed day ahead of him, K-Flo quickly inserted a flash drive into his computer and attempted to load it with client loan documents. Nothing happened.
Piece of crap.
He trashed the lot, making a mental note to check with IT about the faulty drives. But K-Flo’s busy day overtook him and by mid-morning he forgot all about the drives.
***
Ninety minutes later, Kelly Mullen arrived for work, parked, and picked up one of the booby-trapped drives.
Cool!
She was a 22-year old recent graduate of Northeastern University and thrilled she had been hired by Pilgrim Trust Bank as an entry-level marketing associate just a few weeks earlier.
It never crossed her mind that the thumb drive was loaded with malware.
The bank did not hand out laptops to associates, but they did provide free parking – a nice perk.
So, when she found the bank-branded, metal, 10 gig flash drive on the pavement of the outdoor parking lot she immediately made mental plans to use it to save drafts of image-heavy power point presentations to take home and edit on her personal laptop.
She plugged it into her desktop before her first sip of coffee on Tuesday morning.
***
At the same moment, Jerry Schrader pulled into Pilgrim Trust Bank’s underground parking lot. He loved driving his fast, two-seater Audi TT, even if he mostly sat in traffic. He’d just returned from a week of travel conducting site inspections at two of the nine potential new locations for the bank.
After he opened the door of his coupe, he nearly stepped on one of the engraved metal flash drives. Jerry picked it up and assumed it belonged to the bank’s CFO, who had the parking place next to his.
I’ll return this right after I take a look at what’s on it.
He secretly hoped to see the payroll and bonus data for the office. He plugged in the USB drive at 9:17 am, right after shooting the breeze with some of the younger, female staff in the office kitchen while getting a mug of coffee and a bran muffin.
Meanwhile, the malware was invisibly spreading – exploiting code and opening back doors for Pablo and his team of hackers to take control of the bank’s computer systems.
Chapter 17 – Monday, August 6
“Good morning, I’m Gonzalo Calderon. I’m here for the board meeting. I believe I’m a bit early. If you don’t mind, I rushed here from Logan Airport and I really need to use your facilities. I’d appreciate it if you could check me in and give me my credentials as quickly as possible.”
The Pilgrim Trust Bank concierge, who doubled as a security guar
d, nervously looked at the immaculately tailored, middle-aged Hispanic man in front of him. He knew there was a bank board meeting today, and he didn’t want to offend anyone.
“I’m sorry Mr. Calderon. It says here that you are not attending the meeting.”
Pablo stared impatiently back at the security guard for a long, privileged moment. Pablo had spent several days learning who the Pilgrim Trust Bank board members were, what they looked like, and if they were ever in Boston. He discovered that Calderon wasn’t attending.
In fact, Pablo learned that Calderon rarely attended these meetings, preferring to give his proxy to a like-minded board member and spend more time on his sailboat in the Caribbean. That’s when Pablo decided to pass himself off as the much older Gonzalo. He only needed to convince the security guard, who definitely hadn’t met Calderon, let alone any other board members.
“Young man, as you can see, I am here. Please do your job and provide me with my credential, and a bathroom key. I have a presentation to set up for the members of the board and it will take some time. This is why I am here early. I also have urgent business to take care of in your rest room. If you continue to delay then I’d be happy to call Mr. Patel, the CEO of the bank, to assist you.”
“Um, just a moment, Mr. Ca-cah-calderon,” the guard stammered.
“Pfft.” Pablo took out his smartphone and started scrolling, as if he were going to dial the bank CEO. He was getting impatient and uncomfortable. He needed to get past this security guard quickly.
The longer it takes, he had learned, the less likely you will succeed.
Pablo’s discomfort was real, too. The trim-fitting suit and snug power-tie squeezed the portly Cuban’s frame. However, Pablo could see that the security guard had already interpreted his fidgetiness as confirmation he needed a bathroom quickly.
Pablo swallowed his smile. He saw the young man re-checked his clip board, some other files, and noticed the growing line of people who waited to check through his gate. Once again, the combination of ‘arrogant privilege’ and ‘common need’ worked.