The Hackers Chronicles

The Hacker Chronicles: The Electronic Hitman

Written by Phil DuMas on Thursday, 12 September 2013. Posted in The Hackers Chronicles

I am a hitman. Not the kind of hitman the movies have made so popular that men in their late 30’s wearing Ray Donovan lookalike jackets and shirts claim to be to impress girls, but an electronic hitman. I started by stealing credit card numbers, social security numbers, medical history and bank PIN numbers. Then I saw a story about a legal case in California where a city worker was being charged with surfing pornography up to 8 hours a day and was claiming that a rival that worked in IT had hacked his computer and put all that porn on it and he NEVER went to those web sites about people dressing up like animals and simulating sexual acts. Oddly enough, his defense worked and it got me thinking. Why not actually do what he “claimed” happened to him but take it a step further and totally infiltrate the victim’s life? Surely there was a market out there for that kind of information and control over a person’s life? Turns out I was right, but first I needed to “practice” on a target to find out just how far I could take this.

The Hackers Chronicles: Stage Fright

Written by Phil DuMas on Thursday, 15 August 2013. Posted in The Hackers Chronicles

It is 2:54 on a sunny Fall afternoon in Greenwich Village. In six minutes I will either be a very wealthy man or in a hell of a lot of trouble and on the run. This all started a month ago today when the love of my life Chris dragged me to my fourth Broadway show in as many weeks.

Man is it Quiet in Here

Written by Phil DuMas on Monday, 05 August 2013. Posted in The Hackers Chronicles

Man is it quiet in here. No whirring of fans, blinking lights or muted hum of hard drives being accessed; just the slightly oily smell of the air handlers and barely audible sound of air moving through the vents in the floor. This is a well-designed server room not unlike many server rooms I have been in. But this one is quiet and that is never good. Every server, firewall, workstation, wireless access point, switch, router and laptop are turned off and sitting mute waiting for me to resurrect them. Even the cell phones are sitting in a non-descript cardboard box with their batteries removed. This is not a Saturday or Sunday. This is a Tuesday afternoon in a financial services office of 92 employees that has been hacked. I am told by their CFO that it is costing them $12,000 per hour that they cannot access their files or receive email from clients or conduct business. I think to myself “it is a little more than that with the cost of my team to be here and clean up this mess” but I just nod. Past experience has shown that it is not good to prod a wounded CFO with a dollar bill. As I stand there soaking up the silence I get a silent nod from my Senior Security Engineer that we are ready to power up the first server. Our equipment is in place and we will be able to capture and analyze every bit that comes and goes to the server to determine if this server was the point of infection. We mount our drives, make duplicates of all the drives in the server for forensic analysis, mount the tools for the server for a virus scan and away we go…

A Life in the Day

Written by Phil DuMas on Tuesday, 16 July 2013. Posted in The Hackers Chronicles

It’s time to go to work. 10:13 a.m. on a Tuesday is as good as any I guess. I personally prefer to work during the day unlike my peers who like to ply their trade in the dark of night. Maybe it has to do with their mindset or the knowledge that what we do is supposed to be wrong and it affects how/when they work. Not me. I have no preconceived notions about what I do. I do it for the money. I throw my laptop into the car and head for a neighboring township full of juicy targets. You see, I am a hacker with a specialty just like any other professional.

I prey on doctors, lawyers, and accountants. I break into their networks, encrypt their data and hold them for ransom. I chose these targets for two reasons. One, I know their insurance will pay for it and two most don’t want the negative publicity nor the attention of certain government entities and would rather just pay to make their problem go away. The other thing I like about them is they are conveniently clustered together around hospitals and banks. The doctors’ offices are especially tasty morsels because you can go sit in the waiting room of one for two hours and scope things out and no one seems to notice. Even if they do you just say “I am waiting for my mother” and they go away.

Now for the real reason you are reading this; the “how do I do it” part. Remember that specialty I mentioned above? Well, mine is wireless. Specifically, I can breach almost any wireless network manufactured today. I drive through the business communities I want to victimize with a program running that gathers the names, locations and levels of security of all the wireless access points in the vicinity. I look over the list the program generates, choose the sites that have either no encryption or weak encryption and then I go to work. I have programs that can crack a WEP secured network inside of 3 minutes, 10 on a bad day. WPA networks are a little harder to crack and WPA type 2 is the hardest, but by no means impossible.