“Sorry for the delay, Mr. Calderon. I need to make a temporary badge for you. Here is my swipe card. You can use it for the lobby restrooms, through the gate and to the left. Return it to me when you come back. By then I’ll have your credentials ready.”
“Thank you, young man. Very much,” smiled Pablo as he quick-stepped to the bathroom.
Once inside a stall, he peed before opening his briefcase and using the handheld RFID writer to clone the security guard’s swipe card. He tucked the copy into his pocket, washed his hands and face, then returned to the security desk.
“Thank you so much, young man. I regret being so abrupt with you,” Pablo apologized and handed the guard the security swipe card.
“No problem, Mr. Calderon. When ya gotta go, ya gotta go,” he said and gave Pablo an ‘us guys gotta stick together’ wink.
“Nature’s calling cannot be ignored.”
“Here is your temporary badge. This is a secure building so please wear it at all times. This is your swipe card. It will give you lobby access and elevator access to the top floor only. That’s where the executive conference rooms are for your meetings today. There are guest offices there, too, for you to use as needed. If you need to go to any other floors, then you’ll need an escort.”
“Thank you. I need to meet with Mr. Patel. What floor is he on?”
“The executive offices are on the sixth floor. Mr. Patel will meet the board on the seventh floor.”
Pablo got the message. No access to the sixth floor. Move on.
“Excellent. Thank you again. Have a good morning,” he said and smiled broadly for the young security guard.
Wearing the temporary ID badge with the name Gonzalo Calderon, Pablo stepped onto the elevator and used the swipe card to activate the button for the top floor.
After he stepped off, he quickly found a guest office with a desktop computer. He removed his suit jacket, hung it on the back of the imitation Herman Miller Aeron chair, sat down at the desk, and fired up the computer.
He logged in as a guest, loaded a custom retrieval program to access the port scanning program launched by the Pilgrim Trust Bank-engraved fake flash drives.
While his hacker software was at work, Pablo grabbed his brief case and went back to the elevator bank. Swiping the cloned security access card, he pressed the button for the sixth floor.
It lit.
And here we go.
Pablo casually walked onto the empty executive office floor, noticed the commonplace arrangement of windowed offices on the perimeter, administrative desk in front of each office, and a bullpen of open environment staff cubicles which took up the center floor space.
He found an out-of-the-way, empty cubicle and sat down. No personal items? Must be extra space waiting for a new hire, thought Pablo as he set up the Tastic PCB with its Bluetooth app and proceeded to replay and collect the security access card details of the last person who entered every office on the executive floor. He quickly ported the additional security access code details to the swipe card issued to him by the lobby guard.
Tucking away the Tastic PCB, Pablo closed his briefcase and started walking through the floor. He stopped at the empty Chief Technology Officer’s door, swiped his access card, heard the lock release, and entered the room.
He pulled out a LAN Turtle and plugged it into a USB port on the back side of the CTO’s desktop CPU. The LAN Turtle allowed Pablo to covertly harvest network information. Moving around to the front of the desk, Pablo connected his custom USB keylogger and waited a moment while the device recovered the last six usernames and passwords used on the computer.
He left the CTO’s office and locked the door with his LAN Turtle inside and plugged in.
Pablo returned to the top floor, sat down in the guest office, and checked the computer. He quickly found several open ports and used one to gain access to the bank’s internal systems.
“Like candy from a baby,” Pablo scoffed. “Now, let’s see what I can get.” Pablo hummed as he turned on his laptop, connected to the desktop in front of him, then linked to the LAN Turtle and logged onto the CTO’s desktop computer with the username and password recovered by his keylogger.
Bingo! Pablo opened the CTO’s files and gave himself ADMIN access to several secure servers including credit card services, human resources, commercial banking, the general counsel’s office, financial services, and the CEO’s files.
He needed 15 minutes to download what he needed.
Uh-oh.
Pablo looked up and realized that board members, staff, and executive employees were beginning to fill the top floor office space. Pablo recognized Asrani Patel when he showed up, as well as several of the board members. He quickly shut down his systems, packed up his briefcase, and put on his suit jacket.
I guess I won’t get my LAN Turtle back. But I’ll still have enough material to complete my report.
With the excitement of the board meeting, and all eyes focused on Patel, it was easy for Pablo to make his way to the elevator bank unnoticed. Pablo overheard a cluster of men – board members and senior staff – who surrounded Patel. They giddily congratulated him for skipping the flight into Boston and, instead, driving up from DC in his new Audi R8 Spyder.
Damn. An R8? Lucky bastard.
Pablo knew, and loved, that car. The naturally aspirated V-10 engine produced almost 550 horsepower. But the R8 Spyder was close to $200,000, making it both absurdly expensive and completely impractical for New York City’s pothole-ridden streets. He couldn’t help feeling a little envious of the CEO.
But it did give Pablo an idea, and a way to show off a bit.
He left the offices and moved unnoticed into the elevator and out to the street where he’d parked his car.
Pablo rifled through his briefcase and retrieved the lock pick set. He started the engine of his rented Lincoln Town Car and drove around the block, stopping at the entrance of the bank parking lot. He self-importantly got out of the car and impatiently called for the valet, ordering him to quickly park the long black vehicle. The valet responded promptly and moved even more quickly after taking the $20 bill Pablo offered the young man.
Time for some fun.
Watching his rented car disappear into the garage, Pablo moved swiftly. He stepped into the valet parking attendant’s booth and found the lock box containing the customers’ car keys. He inserted one pick into the lock cylinder, keeping pressure on the barrel of the lock. Using a second pick, he lifted the five-cylinder lock pins, one-at-a-time from the front to the back. Once all five pins were raised, Pablo rotated the cylinder using the other pick until the lock released.
Houston, all systems are go.
He removed his picks, opened the door, promptly found the Audi R8 keys, pocketed them, and walked down the street.
I just need to kill a little time.
He stepped into a local coffee shop and ordered an espresso.
Twenty minutes later, Pablo returned to the bank, used his swipe card to bypass the lobby guard, and took the elevator to the lower level garage. He found the Audi R8 Spyder right away, hopped in, and drove it out of the lot without any trouble.
He piloted the flagship Audi supercar around the block. He enjoyed every red light since it let him launch off the line when the signal turned green.
“Damn, this car has some spunk!” Pablo grinned like a little boy.
He turned into the rooftop parking lot he used to launch his drone a week earlier and eased the Audi Spyder into a corner space. He popped the trunk and search the tiny compartment for something worth taking to prove to the CEO how vulnerable he was.
Patel’s gym back was snuggly tucked inside.
Good for you, Mr. Patel. Staying fit on a road trip.
When Pablo lifted it out, a smartphone fell from the black duffle onto the carpeted trunk bed.
Well, well. Is this a burner phone? Have you got a mistress, Mr. CEO? I’ll enjoy hacking into this.
He took both items, locked up
the expensive car, and hid the key behind the small gas tank door.
Gabriel might be pissed I did this to his client, but it was fun to drive the Audi, Pablo thought. And it’s an extra warning about security! That CEO should be grateful. He returned to the Pilgrim Trust Bank parking lot and picked up his rented Lincoln. After he left the lot, he parked on a side street and quickly hacked the CEO’s phone.
“Oh damn! Asrani Patel, you have been a naughty boy. A very naughty boy.”
Pablo whistled and then called Gabriel. Voicemail.
Hey. It’s Pablo. I guess you’re still in-flight. I’m heading back to the hotel now. I’ve got everything plus a little more. Your client is at risk. Call me when you arrive. I’ll start prepping the report. Let’s meet a little early so I can brief you. Later.
Chapter 18 – Kinshasa, Democratic Republic of Congo
Smeets stopped swimming as soon as he heard the custom ring tone on his smartphone. He hated when his afternoon laps were interrupted. But the mining magnate instantly knew that particular alert meant bad news.
Goddammit to hell!
He lumbered out of his indoor pool, grabbed a robe and a towel, and read the message.
Files compromised.
The text included a source code, and Smeets shivered when he read it.
Damn you, Asrani! Why would you do such a thing?
Smeets immediately forwarded the message to his contact in the United States, adding a simple directive.
Recover the files. Eliminate the source of the breach.
Chapter 19 – Boston
Hampton Dowling’s restaurant was one of the finest, most expensive restaurants in Boston. Located at the tony intersection of Park and Beacon Streets, patrons enjoyed a clear view of the Boston Commons, great food by Chef Michael Anthony, a classic, dark polished wood bar, and private dining spaces.
“Pablo, my man. It’s good to see you.”
Gabriel and Pablo grabbed right hands, pulled into each other, and completed the ‘buddy hug’ by briefly embracing each other across the shoulders using their free left arms.
“You, too, my friend. Did you pick this place…I hope you’re paying?”
“Yeah, I picked it. The client has expensive taste. I also wanted to get him out of the West End to reduce the likelihood he’d be interrupted by board members or senior staff. They’ve had a full day of meetings. Now, they’re all headed over to some trendy bar called Aesop’s to blow off some steam…and try and pick up Boston’s finest. Apparently, it’s a converted slaughterhouse,” Gabriel explained.
“That sounds like more fun to me,” Pablo grumbled and took a sip of his Mojito.
“Sorry, my friend. Maybe next time. For now, Hampton Dowling’s is perfect. Oh, and you’re paying the bar tab,” Gabriel smiled at Pablo. He quickly caught the barmaid’s attention and ordered an Old Fashioned.
“Bourbon or Rye?” she asked.
“Buffalo Trace, please.”
“Now that’s a proper choice, sir. Would you like to start a tab?”
Gabriel turned toward Pablo, who tried his best to ignore the conversation and avoid paying the bar bill.
“Pablo?”
“You suck, Gabriel. Here you go, miss,” the feisty Cuban jokingly groused and handed over his credit card. “Give him the shitty house bourbon. But keep me soaked in the Havana Club rum.”
“Thank you. One mojito with Havana Club rum coming up. And an Old Fashioned with shitty house bourbon,” said the barmaid, who smiled and winked at Gabriel. He smiled back before he turned his attention to Pablo.
“I’m picking up dinner. I’m charging the client a lot for this work but I’m not going to expense drinks and dinner. We’re about to give him some embarrassing news. Not just about his company but also his personal philandering. I’d rather not add insult to injury,” Gabriel explained.
Pablo understood, of course. The data security pressure tests were completed, and the bank hacks were done. Gabriel had reviewed the results earlier, including the treasure trove of Asrani’s mistresses that Pablo found on the CEO’s hidden gym bag phone.
“Okay, my friend. You know best. But do you really think a good steak and expensive wine will be enough to soften the blow?”
The cocktail waitress delivered their drinks, and he took a sip of his Mojito.
“It may not soften the blow, but it certainly won’t make it any worse.” Gabriel said. “Listen, Asrani should be getting here soon. I reserved the back-dining room. It’s a private space. We can talk openly.” He threw back a healthy swig of his Old Fashioned.
“Okay. Good.”
The duo spent the next twenty minutes talking shop. Gabriel shared some highlights about the first day of meetings with the bank board. He hinted that Pablo could have a lot of business if the bank moved forward with opening nine new locations.
Pablo nodded, and then bragged about nicking the R8 Spyder and taking it for a brief joy ride.
“Zero to 60 in three-and-a-half seconds. Holy shit, I nearly wet my pants. And the cornering, oh my God, that sick quattro all-wheel drive hugs the turns like a sinner hugs forgiveness. It’s a pity, though, it does not come with a stick. Just automatic transmission. What a waste,” Pablo sighed.
“I agree. But almost nobody buys a straight drive anymore,” Gabriel spied his client entering the bar. “Drink up. Here comes the man of the hour.”
Chapter 20
Asrani Patel arrived, looking cool and confident. He spotted Gabriel at the bar and made his way over.
“Gabriel, so good to see you. I hope the meetings this morning were not too dull,” he said, shaking hands with the PR consultant.
“Not at all, Asrani. I didn’t nod off once,” Gabriel joked. “I’d like you to meet Pablo Souza. He led the data security test.”
“Pleased to meet you Mr. Souza. I really appreciate you and Gabriel getting the testing done on such short notice,” said Asrani as he gripped Pablo’s hand and then added his other one to emphasize his sincerity.
“Please, call me ‘Pablo’, Mr. Souza is my father,” Pablo said. “I’m glad I was able to help. The timing was tight, but it all worked out.
“Very well, Pablo. And I ask that you call me, Asrani. After all, I believe you have become quite intimate with my company,” joked the CEO, not knowing how accurate his statement was.
Pablo smiled, and Gabriel got down to business.
“I have a private room reserved so we can enjoy dinner, spread out a bit, and go over the results,” explained Gabriel.
“That make sense, Gabriel, thank you. Let’s get started.”
During the next 90 minutes, the men leisurely dined on east coast oysters bathed in Prosecco mignonette; Faroe Island Salmon with truffle cream corn, lobster mushroom, and lardo; Rohan Duck with shishito pepper, quinoa, and marcona almond; and Berkshire Pork with ricotta johnnycake, chanterelle mushroom, and raspberry jus.
During the meal, Pablo reviewed the report. He detailed the in-house penetration test and complimented the bank’s Chief Technology Officer and his systems.
“Yes. He is quite good. I poached him from American Express,” Asrani bragged.
Pablo went on and outlined the short list of exposures detected from the external vulnerability probes and network scans. He paged through the recommended fixes and offered to take care of them himself. But he cautioned that Pilgrim Trust needed a dedicated protocol to pressure test their network around the clock to catch new weaknesses and quickly patch them.
“New hacks are developed almost daily,” Pablo warned, “I suggest you add an automated system for on-going testing plus a schedule of random, but frequent, manual tests.”
“Okay. Is it expensive?”
“It’s not cheap, but it’s less than the cost of a VP’s salary,” Pablo advised.
“Understood. I can make that happen.”
“Asrani, we also did a social engineering hack. Do you know what that is?” asked Gabriel.
“No. Not really,” A
srani replied.
“It’s Pablo’s specialty. Social engineering is the use of deception to get people to give up confidential information that can be used for fraudulent purposes.”
“I see.”
“Pablo used most of these techniques on Pilgrim Trust this morning. He also passed himself off as one of your board members. Gonzalo Calderon, to be precise.”
“Calderon?!” Asrani blurted and dropped his fork. “He never shows up for these board meetings.”
“Precisely. So, nobody knew him. Pablo was able to get full credentials for the meeting…just like your other board members. He used common hacker tools to recover the entry passcodes for the offices, and user logins for the computers.”
“Oh my God.”
“With access to the offices, passwords for the computers, and malware inserted into your network system, Pablo was able to download the entire data file for the bank’s credit card customers whose last names started with ‘A’, all of your employees’ health and payroll records, the entire list of Pilgrim’s $10 million plus commercial banking customers, all your contracts from the general counsel’s office, all your pending litigation files, the last six months of financial services and investment records, and all of your inbound and outbound email for the last year,” Gabriel concluded, and handed over an external hard drive with all the filched data on it.
Asrani took the hard drive from Gabriel.
“Asrani, these kinds of breaches are the most common. Employees are the weakest part of every company’s data security. The only fix is training. There is no technology, no software, no special code that can replace training,” said Gabriel, attempting to reassure the CEO.
But Asrani Patel didn’t seem too upset. In fact, he looked cool as a cucumber.
“I noticed that this was not in your report. Why not?” he asked.
Pablo jumped in. “Asrani, your bank is actually in better shape than most. I’ve done all these tests at several banks. Yours is as good or better than every one of them, including Metrobank and Providence Capital. But they all have similar exposure to social engineering hacks. Routine training is the only solution,” he advised.
Deadly Conception Page 7