Invasion of Privacy: A Deep Web Thriller #1 (Deep Web Thriller Series) by Ian Sutherland
Authors: Ian Sutherland
Ads: Link
surmised.
“Well yes, I suppose. It’s typically the quietest time of the week. Everyone wants to get home for the weekend.”
MacDonald then spoke, “No, we don’t have an address with that name on the WMA email system. And my IT guy says that, as he doesn’t have it set up, it doesn’t exist and never has.”
Jenny summarised, to make sure she had it right. “So, two days prior, someone with access to WMA’s Flexbase account number booked the whole top floor on Friday from 4:00 p.m. onwards. And they gave a fake name and email address that made it look like it was someone from WMA.”
“So, what would happen if the email address used for the booking was fake?” Fiona asked Evans.
Evans said he didn’t know and relayed the question into his phone. “My assistant doesn’t know either. She’s just patching me through to IT in Head Office.” A minute later, Evans repeated the question and listened. “Apparently, we just type it into the booking system. As the domain name — you know, the bit after the ‘@’ sign in the email address — matches the customer’s, no one would have questioned it. The booking system sends out a confirmation email.” He listened some more and then relayed the next bit with a fatalistic tone. “But if the email address didn’t exist, it would bounce back to the booking system’s own email address and —”
“— no one ever looks at that,” finished Fiona for him.
Evans nodded.
MacDonald turned to Evans, indignant. “So what you’re telling me is that anyone could book a meeting room in my company’s name just by phoning in with a fake email address? Right, that’s it. I’m going through every invoice for the six months we’ve been here at Flexbase!”
“But they would have to know your Flexbase account number as well,” wheedled Evans, “and only your employees would know that.”
“ And anyone working for Flexbase, Mr Evans,” said Jenny, firmly.
* * *
Brody’s fingers were shaking over the keyboard. He wasn’t sure if it was too much caffeine or an adrenaline rush from the challenge he’d foolishly got himself caught up in. He wondered whether Doc_Doom had manipulated him into taking on the challenge against Matt_The_Hatter. He scanned back through the chat logs but there was no real evidence of that. Like any hacker — white, grey or black — Brody’s reputation online was built up over time, through publishing new exploits, sharing code, blogging, tweeting and answering questions on the forums from other hackers. Brody had spent years getting his reputation as Fingal to its current elite status. And here he was putting it all on the line in a childish race to gain root access to a website. If he failed, then word would spread rapidly across the global hacker community. That was one of the downsides of the Internet; it only took seconds for news and gossip to spread. His online reputation would be in tatters.
Brody slammed the tablet PC shut, looked up and caught Stefan’s eye. The barista came over immediately.
“Ah, Mr Brody,” said Stefan, “Let me think . . . ”
“— same again,” said Brody, in no mood to play Stefan’s guessing game.
“Oh! Okay . . . as you wish, Mr Brody.” Stefan shuffled off.
Brody wondered if he could have avoided trapping himself in the challenge. The root cause was his perfunctory approach to reviewing Crooner42’s original request for help during the Atlas Brands pentest at that morning. He should have waited until he’d returned to London, when he would have gone thorough due diligence before offering to help. He would have carried out an initial set of penetration tests before responding to make sure that he knew there were some holes he could quickly take advantage of once he was formally given the job. He would also have devoted time to checking out Crooner42’s online background more thoroughly to make sure the request for help was legitimate. After all, no one other than
“Well yes, I suppose. It’s typically the quietest time of the week. Everyone wants to get home for the weekend.”
MacDonald then spoke, “No, we don’t have an address with that name on the WMA email system. And my IT guy says that, as he doesn’t have it set up, it doesn’t exist and never has.”
Jenny summarised, to make sure she had it right. “So, two days prior, someone with access to WMA’s Flexbase account number booked the whole top floor on Friday from 4:00 p.m. onwards. And they gave a fake name and email address that made it look like it was someone from WMA.”
“So, what would happen if the email address used for the booking was fake?” Fiona asked Evans.
Evans said he didn’t know and relayed the question into his phone. “My assistant doesn’t know either. She’s just patching me through to IT in Head Office.” A minute later, Evans repeated the question and listened. “Apparently, we just type it into the booking system. As the domain name — you know, the bit after the ‘@’ sign in the email address — matches the customer’s, no one would have questioned it. The booking system sends out a confirmation email.” He listened some more and then relayed the next bit with a fatalistic tone. “But if the email address didn’t exist, it would bounce back to the booking system’s own email address and —”
“— no one ever looks at that,” finished Fiona for him.
Evans nodded.
MacDonald turned to Evans, indignant. “So what you’re telling me is that anyone could book a meeting room in my company’s name just by phoning in with a fake email address? Right, that’s it. I’m going through every invoice for the six months we’ve been here at Flexbase!”
“But they would have to know your Flexbase account number as well,” wheedled Evans, “and only your employees would know that.”
“ And anyone working for Flexbase, Mr Evans,” said Jenny, firmly.
* * *
Brody’s fingers were shaking over the keyboard. He wasn’t sure if it was too much caffeine or an adrenaline rush from the challenge he’d foolishly got himself caught up in. He wondered whether Doc_Doom had manipulated him into taking on the challenge against Matt_The_Hatter. He scanned back through the chat logs but there was no real evidence of that. Like any hacker — white, grey or black — Brody’s reputation online was built up over time, through publishing new exploits, sharing code, blogging, tweeting and answering questions on the forums from other hackers. Brody had spent years getting his reputation as Fingal to its current elite status. And here he was putting it all on the line in a childish race to gain root access to a website. If he failed, then word would spread rapidly across the global hacker community. That was one of the downsides of the Internet; it only took seconds for news and gossip to spread. His online reputation would be in tatters.
Brody slammed the tablet PC shut, looked up and caught Stefan’s eye. The barista came over immediately.
“Ah, Mr Brody,” said Stefan, “Let me think . . . ”
“— same again,” said Brody, in no mood to play Stefan’s guessing game.
“Oh! Okay . . . as you wish, Mr Brody.” Stefan shuffled off.
Brody wondered if he could have avoided trapping himself in the challenge. The root cause was his perfunctory approach to reviewing Crooner42’s original request for help during the Atlas Brands pentest at that morning. He should have waited until he’d returned to London, when he would have gone thorough due diligence before offering to help. He would have carried out an initial set of penetration tests before responding to make sure that he knew there were some holes he could quickly take advantage of once he was formally given the job. He would also have devoted time to checking out Crooner42’s online background more thoroughly to make sure the request for help was legitimate. After all, no one other than
Similar Books
