Read an Excerpt

Dissecting the Hack

Syngress

Chapter One

Monday, 10:11 a.m.

"Yes! We've got the bastard!"

Mark pushed his chair back from the table and punched at the air. He had just spent the last four hours searching through piles of papers and books taken from Randolf Jamison's house the day before.

Randolf was sitting in a cell at the Houston federal prisoner transfer facility. He had been arrested on suspicion of trafficking in child pornography. Mark was the FBI agent from the Houston Computer Crime Task Force assigned to go through all of the hard drives taken from Randolf's three computers.

Unfortunately, Mark had hit a wall immediately. Most of the information on the computers looked normal, but on two of them, two-thirds of the storage space was filled with an encrypted volume. There would be no way to read the data, and what they had found in his house was not sufficient to keep him in custody. This case wasn't big enough to task some of the Bureau's special resources for such problems, so Mark had to find another way into these encrypted files.

"Try telling that to the little kids this pervert used to make his money!" Mark had snapped back at his supervisor when told he would have to find another way. Mark knew the math. There was no way he would be able to break into these drives - unless Randolf Jamison was stupid.

"If they were smart they wouldn't be doing this stuff in the first place," he told himself as he began. Mark went through every piece of paper they could find in his house. Sure enough, it was late-afternoon on his first day when Mark found it. Mark had been digging through magazines, bills, letters, books, and even saved junk mail trying to find a clue. For a pervert, Jamison kept a pretty plain-looking collection. They had only found a few pictures – just enough to confirm the statement they had from a probable victim's mother. But Mark finally noticed something that didn't belong. A Gideon Bible – obviously stolen from a hotel – stood out because it didn't fit the pattern of other material. There was a single piece of paper left inside the back cover. What Mark found there was the key to putting Jamison away.

"Thank God criminals can be so sloppy!" Mark exclaimed to the empty conference room. "If you record an encryption key, someone can always find it!"

Mark stood up from the table and started walking around the room. His body was moving on its own accord while his mind began to process what he had just found. Agent Jackson knew that he needed to start cataloging the contents of the once-encrypted drive he had been pounding on. But he had too much energy to be still. He started marching down the hall to get some coffee. Maybe he would run into someone on the Cyber-Crimes team he could talk to. After all, what's the use in solving a puzzle when you can't brag about it?

* * *

"There he goes now," Special Agent Thompson said as he pointed at the glass wall of the conference room. The cluttered room had a large table running down the middle with two glass walls and hallways on either side. Mark was on his mission for hot caffeine on the opposite side when his boss noticed him. Agent Battle hardly had time to get a look at the blur as Mark disappeared down the hall.

"You'll find that Agent Jackson is a little ... intense."

"Is he good?"

"One of the best investigators we have on the Cyber Crimes Task Force."

Special Agent Fredrick Thompson had been with the Bureau for nearly 20 years. After five years of fieldwork, he had shown the mental flexibility to adapt to technology better than most. That led to particular case assignments, the Houston Field office and, eventually, a command with orders to establish the Cyber Crimes Task Force for the South-Central United States.

For several years most of their work had been on drug cases. The Columbian and Mexican organizations bringing in drugs were constantly looking for an edge – and often that meant sophisticated communications gear and computers to track their business. But since 9/11, everyone in the Bureau was spending more time on anti-terror activities. And his team was no different. Agent Jackson's current case was almost a throwback with an old-fashioned pervert trafficking material across state lines. The only thing new was the technology used to hide the activity.

Thompson had a reputation in the Bureau for bringing together a strong team of more traditional FBI agents and technical talent he had personally recruited from the Air Force.

"Agent Jackson was one of my finds from the San Antonio Air Force Base 'Tiger Team.' They're an elite group of warrior-geeks who specialize in breaking into military networks and facilities to test security."

"That explains why he's so skinny. Does he know what to do with a gun?" Agent Battle asked with obvious skepticism.

"He's qualified for field work, but that's not his specialty. That's why you're here. Let me show you around some more. We'll catch up with your new partner in a while."

* * *

"So have you met Battle yet?"

"No. Have you?" Agent Jackson replied as he sipped on his coffee.

"Yeah. Impressive. Marines, then NYPD. Battle's even spent some time on anti- terror work with our NYC office before Thompson decided we needed more muscle."

Mark was standing outside a cubicle talking to Agent Frank Adams, another member of the Cyber Crimes Task Force. Mark had just finished his tale of how he had found the encryption key that was going to send another pervert to jail. Frank hadn't been impressed. In fact, Frank had looked like he was holding something back as he listened to Mark. As soon as Mark had finished his story, Frank had cut him off to ask about Agent Battle. Mark even thought he saw a slight tension in Frank's face – kind of like a kid who had a secret.

"So what kind of name is 'Battle' anyway? Could there be any more testosterone than a Marine named 'Battle'?" Mark asked.

Frank smiled. "Probably not," he replied and started to turn back to his work with a slight shake of his shoulders. Mark wasn't done yet.

"More muscle is the last thing I need. I had my fill of jarheads when I was on the Tiger Team in San Antonio. I bet all Agent Battle could do with a hard drive is use it for target practice" (*p. 316 ).

"I think I'll take that bet, Jackson," Frank replied, careful not to look at Mark.

Mark turned to see his boss standing next to his new partner. As his brain tried to process what he saw, he could hear Frank suppressing a laugh as he shrank further into his cube. Standing next to Special Agent Thompson was a tall, athletically built woman. She stared slightly down at Mark as they measured each other with an intense stare. Agent Chris Battle clearly won as she had the element of surprise. Mark broke the eye-lock as Special Agent Thompson interrupted the slightly too-long silence.

"Agent Jackson, this is Agent Chris Battle. She is going to be joining the Cyber Crimes Task Force and will be your partner. Why don't you start bringing Battle up to speed by giving us a briefing on your progress on the Randolf Jamison case."

"Uh, yes sir. I was just heading back to the conference room. If we go back there I can show you what I found. I think we will have everything we need on Jamison before the end of the day."

As Mark led the way to the conference room he heard snickers from several cubes. He allowed himself one thought as his boss spoke. Oh, this is going to be a long day.

"Really? Is that why I saw you shooting out of the room so fast a while ago?" Thompson asked his subordinate.

"Yes sir. Well, I needed some coffee, actually. I just figured out the encryption key for Jamison's computers." Mark said as the three of them walked into the conference room.

"Good. Maybe the rest of us will get this room back, Jackson. How did you find it? This morning you told me we didn't have the tools to get to the data."

"We don't, sir. I spread all of this stuff out in the conference room to get a better perspective on what Jamison had in his house. An encryption key is the only way into the drives, and Jamison didn't strike me as very cautious. I made an assumption that he wrote down his key somewhere, just in case. Agent Battle, do you want to take a shot at this pile and see if you can find anything interesting?"

While Jackson had been talking, Battle had already started lifting magazines and books from the table. "Sure," she responded. As Agent Battle made it to the end of the table, she turned and asked, "I thought I heard you say earlier that Jamison was a pedophile. I don't see anything here but an average, boring single guy. What led you to him in the first place?"

"We got a tip from Perverted Justice. They're today's online version of the Guardian Angels from the 1970s. They got into a discussion with this pervert in a chat room. He claimed he had some "content" that he had personally created, and they talked him into giving a sample. When they got that, they called us. Jamison had given Perverted Justice a Yahoo! e-mail account (*p. 316 ). The Bureau checked it out and found that account was last accessed from here in town. That's when I got the case. We sent an e-mail back to the account with a hidden embedded link to a Web page we controlled. When Jamison opened the e-mail, it forced his computer to hit our Web page and we were able to log his IP address," Mark explained.

"Why didn't you just subpoena his e-mail account?" Chris asked.

"We knew he was using an e-mail with a Russia-based e-mail server – it's a little hard to execute a subpoena over there. We already knew he was local. We used the IP address we recorded to identify his ISP and then we used the subpoena to get what we needed," Mark answered. "From that, we were able to track him down through his Internet Service Provider. Jamison had a DSL line under his own name. For all of his precautions on the encryption software, he didn't think about us tracking back through his e-mail."

"What about this?" Chris cut off Mark's story as she picked up the Gideon Bible.

"Not bad, Agent Battle." Mark said with a smile. "Why that?"

"If we are dealing with a pedophile, then this is the one book that doesn't belong here."

"You're close. But how do you find a pass phrase in there?" Mark asked.

"Agent Jackson, we're impressed you figured it out. Just tell us what you found so I can get back to work." Special Agent Thompson said impatiently.

"Yes, sir." Mark took the Bible from Chris and opened it. "My first clue was what Chris noticed. The Bible didn't belong here. And look. There was a handwritten list of verses folded and tucked in the back."

"So, every one of those verses makes up the encryption key? That doesn't make sense – it would be too much to remember or type, and most criminals are lazy." Agent Battle pointed out.

"You're right. I looked up all of the verses in the list and wrote them down. Here, look at the list." Mark handed Chris a sheet from a legal pad with a list of handwritten Bible verses. Throughout the verses were circled words, numbers, and lists of names scratched in the margin.

"So where is the secret in all of this?"

"The first thing I noticed was that the verses weren't in the order they come in the Bible. They looked random. That made me think there had to be something that they all had in common. I played with the numbers of the verses and chapters, but that didn't work. I highlighted all of the names and then noticed that all the verses had a 'bad guy' from a Bible story. In fact, Jamison had taken the time to put the verses in alphabetical order by the name of the bad guy. So I took all of the names and typed them in. I got it on my second try – he didn't use any capitalization for the names, and no spaces between. So his pass phrase was 'beastcaindelilahgoliathherodjudas'."

"Clever Jackson. You and Agent Battle can clean up the mess you made of my conference room and then start going through the data Jamison was nice enough to save for us."

As their boss walked out of the room, the new partners looked at each other for a moment then they turned to opposite ends of the room and started stacking up the papers, magazines, books that Jackson had spread around the room.

"Do you always make this much of a mess?" Battle asked.

"I didn't think it was a mess. I was just trying to see if I could find a pattern."

"I can't think with clutter. I thought an Air Force guy would be a little more organized."

"I am organized, but that doesn't mean I'd pass inspection in a Marine barracks."

"No, you wouldn't. So where do we take all of this?"

"Back to the Cyber Crimes area. Come on, I'll show you where we work."

The two agents each made a couple of trips carrying boxes back to a large room. The space was filled with cubicles, all just high enough to give some privacy when seated.

"So what's with all of this junk on everyone's desks?" Battle asked.

"What do you mean?"

"This." Battle said as she picked up a can of Diet Pepsi wrapped in an R2-D2shaped plastic holder.

"That's not junk, that's ambiance. I don't like this place to look too government issue."

"Looks like none of you in this area are government-issue," Battle commented as she held the R2-D2 holder with one hand and pointed to a black T-shirt pinned to the inside of Jackson's cubicle just above the desk.

"What does 'I am the Fed' mean?" Battle asked as Jackson reclaimed his drink and took a swallow of the now-warm Pepsi.

"I was 'spotted' at DEFCON this summer" ( ?p. 317 ).

"You let your cover be blown?"

"I didn't have a 'cover.' I'm not a field agent, at least not in Las Vegas." Jackson sat down in his chair and looked at Battle. "So do you have a PC at home?"

"Yes."

"Figures. What operating system do you use?"

"Okay, I know where this is going. You want to know if I'm 'geek' enough to work here. I'll give you 10 questions, and then I'm done. But first, I want to ask you just two questions."

"I can handle that. What's your question?" Agent Jackson responded.

"Have you ever had to fire your sidearm in the field?"

"No."

Battle allowed her face to show her disappointment at the first answer. She also realized she didn't start at the beginning. "Have you even had to draw your sidearm in the field?"

"No."

With a roll of her eyes, Battle walked over and sat in the extra chair in Jackson's work area. "You're just what I expected. And if you want to ask, my answer to both of those would be 'Yes' – and both in my first week."

They stared at each other for a moment. Then Jackson broke the silence.

"How about if we just go get some pizza for lunch? I'll skip the geek questions."

GETTING STARTED

Tuesday, 3:30 p.m.

Pavel sat down at the desk in his room at the Houston JW Marriot. He knew this job was a big deal for Vlad because of the nice hotel room and the complicated logistics. Vlad had him fly to Houston by way of New York, then a day in Chicago just waiting in another hotel room. Now he was supposed to get settled in Houston and wait for Vlad to come pick him up the next day. Vlad had told him they would have a couple of others working with them on this job. Pavel's only other U.S. trip with Vlad had been DEFCON in Las Vegas. That was a simple, but long flight with no side trips.

Pavel knew that this was the continuation of the work they had done back in Chisinau a couple of weeks before. He didn't know what else Vlad had learned after he left him at the hotel that day. He also didn't know exactly what Vlad wanted him to do in Houston.

He was just told to bring whatever technical tools he needed for a network penetration. Pavel had an idea how to figure out some of the details.

Pavel reached into his backpack and pulled out an IBM Thinkpad. He pressed the power button and started fishing through his backpack while he waited to see what kind of operating system was loaded.

"Windows – typical," he mumbled to himself when the familiar splash screen appeared. He pulled out his CD case and started looking for his Ubuntu install disk. As he flipped through the case, his mind drifted. When Pavel left the hotel in Chisinau, he had to leave his laptop with Vlad. The next day they met at a coffee shop and Vlad returned his laptop, along with this Thinkpad.

(Continues...)

---

Excerpted from Dissecting the Hack by Jayson E. Street Kent Nabors Brian Baskin Marcus Carey Copyright © 2010 by Elsevier, Inc.. Excerpted by permission of Syngress. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

---