Daemon
is what we know right now. At approximately eleven thirty this morning, the body of Joseph Pavlos, an employee of CyberStorm Entertainment, was discovered in a canyon off Potrero Road in Thousand Oaks. At approximately two p.m., a second CyberStorm employee was electrocuted in what we now know to be a deliberate act. We are withholding the identity of the second victim pending notification of next of kin. We also believe Mr Pavlos’s death was a homicide and have requested assistance from the FBI.’
Shouted questions erupted again. Sebeck motioned for silence. ‘It appears these employees were specifically targeted, and we have no reason to believe that the general public is in any danger. I caution CyberStorm employees to be particularly vigilant and to report suspicious objects or packages to the police. I’ll take questions now.’
The parking lot erupted in shouting.
Sebeck pointed to an Asian woman. He’d have to admit that he chose her first because she was drop-dead gorgeous.
‘Sergeant, you said you’re bringing in the FBI. That means there’s more to the case than the two murders?’
‘The FBI has the resources and jurisdiction required to properly investigate this case.’
Another reporter spoke up. ‘Can you describe precisely how the victims were killed?’
‘We can’t divulge precise methods at this time.’
‘Can you give us a rough idea?’
Sebeck hesitated. ‘At least one of the victims appears to have been murdered through the Internet.’
A buzz went through the press corps. That was their sound bite.
‘That’s all we’re prepared to say right now.’
Chapter 4:// God of Mischief
From his vantage point at a coffeehouse, Brian Gragg gazed across the street at the darkened windows of a French provincial mansion. The lush River Oaks section of Houston’s Inner Loop had more than a few of these aging beauties, restored and pressed into service as quaint professional buildings. They sheltered doctors’ offices, architectural firms, law firms – and branch offices of East Coast stockbrokers. It was this last species of suburban tenant that attracted Gragg. They were the weakest link in a valuable chain.
One of the brokers there had installed a wireless access point in his office but failed to change the default password and SSID. Better yet, the broker couldn’t be bothered to shut his machine off at night.
Gragg glanced down at his own laptop and adjusted a small Wi-Fi antenna to point more directly at the office windows. The broker’s computer screen was displayed as a window on Gragg’s laptop. Gragg had compromised the workstation days ago, first obtaining a network IP address from the router, and then gaining access to the broker’s machine through the most basic of NetBIOS assaults. The ports on the workstation were wide open, and over the course of several evening visits to the café, Gragg had escalated his privileges. He now owned their local network. Clearing the router’s log would erase any evidence that he had been there.
But all that was child’s play compared to how he would use this exploit. In the past year, Gragg had evolved beyond simple credit card scams. He no longer prowled bars passing out portable magstripe readers to waiters and busboys and paying a bounty for each credit card number. Gragg now stoleidentities. His buddy, Heider, had schooled him on the intricacies of spear-phishing. It opened up a whole new world.
Gragg was using the broker’s workstation to conduct an email campaign to the firm’s clientele. He had cribbed the phony marketing blather and graphics from the brokerage’s own Web site, but what the e-mail said was irrelevant. Gragg’s goal was that the phish merely view the message. That was all it took.
Gragg’s e-mail contained a poisoned JPEG of the brokerage logo. JPEGs were compressed image files. When the user viewed the e-mail, the operating system ran a decompression algorithm to render the graphic on-screen; it was this decompression algorithm that executed Gragg’s malicious script and let him slip inside the user’s system – granting him full access. There was a patch available for the decompression flaw, but older, rich folks typically had no clue about security patches.
Gragg’s script also installed a keylogger, which gave him account and password information for virtually everything the user did from then on, sending it to yet another compromised workstation offshore where Gragg could pick it up
Weitere Kostenlose Bücher