The Night Before Christmas, Vermin Version

Twas the night before Christmas, and under the couch
The roaches did scurry; before crumbs did they crouch

They made do with the things that rolled under there
searching for food amidst the dust bunnies and dog hair

As the roaches set about eating their usual fare
They saw emerging from the chimney a sight that made reason stare!

A jolly old elf, red-clad, bearded and stout
Began to ho ho ho and toss presents about

His cheer was curtailed when he saw milk and a plate
He shook his head and said “More cookies. Just great.”

“If I ate all the cookies the good folks left out
I’d be wasting away from diabetes and gout!”

Santa could lose the milk down the sink
But what with the cookies? Well, what do you think?

He crumbled them well and he crumbled them good
And then he trod carefully on the floorboard wood

Under the crouch he shoved all the crumbs
And the thankful roaches smacked all of their gums!

Santa was pleased that he’d avoid a sugar blast
And the roaches had their Christmas feast at last!

Santa fed the roaches, and before you say “Ew!”
Remember that roaches is God’s creatures, too!

MERRY CHRISTMAS

Sources-
http://www.sideeffectsofxarelto.org/current-xarelto-lawsuits/

God and Public-Private Key Cryptography

Let me begin my essay by saying that I am a Christian, and a member of The Church of Jesus Christ of Latter-day Saints, at that. My religious views are obviously shaped by my religion, but perhaps what I have to say will be of value to other Christians and possibly even to people of other faiths. My core message is that there is a God, He does speak to us, and there are ways in which we can grow in our understanding.

God does not lay all his secrets out, for all to behold at whim and at will. But He does make available methods by which his secrets can be revealed and, more importantly, understood. These methods are available to all, but employing them requires no small amount of effort.

What I am proposing is not Gnosticism, that these secrets are necessary knowledge in order to gain a happier state after death. Rather, salvation is something that can happen independently of deeper understanding and that the deeper understanding is there for those who seek and desire it. Prefer a simpler life? Not a problem with God. But I do propose that even those who think they are living simply may, by virtue of the way in which they live, still receive revelation, understanding, and wisdom because the way in which they live allows them to decrypt messages from God.

The word “decrypt” leads me to my analogy. I hold the view that God speaks to man constantly, but that man does not always receive those messages. What is not received cannot be understood. Therefore, we must be in a state in which we are able to receive a message from God. That means, we take it in and process it, not just toss it out with the junk impressions we ignore constantly throughout the day. How do we attain such a state? It is different for each person, but generally requires a mind ready to be taught any lesson. Whatever else we do to help sensitize ourselves to promptings from the Divine – abstinence, study, repentance – can add to that preparation.

Perhaps the first few messages from God are simple ones – He is there, He loves us, He has something for us to learn that requires we be away from His presence. These can arrive to us in many ways, but when we are ready to hear these messages, we accept them and we seek verification. I believe that God can send that verification, and it is much in the same sort of way that, when we go to a secure website, we validate the certificate presented by that website. The browser receives the certificate and then checks with the certificate authority that issued it and verifies that the certificate is both valid and unexpired. Once those checks have been done, the browser shows the green lock, etc., and allows us in to the secure website. For the sake of the analogy, the cert is truly valid and the browser is not compromised and other “happy path” conditions are satisfied.

Should there be a problem with the cert, the browser displays a warning and either forbids us to go further or only allows us if we are truly determined and know where to click. So it is in our minds. We can hear messages that seem to have a divine origin, but they simply don’t ring true. There is no edification, no clarity, no resonance in them. The same can happen for actual divine messages when we are not prepared to receive them, but that has more to do with our inability to receive the full message. Without a full message, a partial certificate will fail in its validation check.

But, here, we have a message from God and it leads us to feel at peace. We see things, and they make sense. We feel as though something good is coming of this. I believe that the Holy Spirit will also provide a warm feeling, a sensation within the body that arouses it to an emotional response not unlike love. Your faith may have other words or ways to explain this, but nearly all faiths speak of enlightenments, ecstasies, and epiphanies. This is that such thing.

But this is also only the introductory message, one that can be given freely to all who are ready to receive it. What, then, of deeper understandings?

For more secure transactions, for more engaged communications, we need public-private key cryptography. In this, there is a private key that everyone, even God, has. This private key is used for our own encryption. If we say something that we want someone else to understand and perhaps no one else, we use our private key to encrypt the message.

The problem is that no one will be able to decrypt that message without our private key. This is where the public keys enter into the picture. If you give me your public key and I give you mine, we can use the other person’s public keys as we encrypt our messages in such a way that our own private keys are able to decrypt the messages we receive from the trusted person we have exchanged public keys with.

In computing, those public keys must be validated and communications have to be set up in order to have a trust established that allows the exchange of those keys. This is done with packets and such, and I will pass over the technical details. Readers are invited to read more about how public-private key encryption works, if they are curious about the matter.

In life, our exchange of public keys with God is made through covenants. A covenant is a two-way promise in which each party provides something and receives something. We enter into covenants solemnly and, in that solemn moment, God provides us with what we need to begin to understand Him. In my belief, the first covenant is baptism. In other beliefs, it may be a profession of faith or an act of worshipful devotion, but the promise to serve God is made and, in return, God promises to serve us. This is our key exchange.

At this point, we are able to not just get messages from God, but unscramble them. We are able to take what we receive and find deeper meaning in it. We are able to take the deeper meanings and derive wisdom from them. That wisdom, in turn, helps us to live lives of peace and love, even if there is pain and strife around us.

In proper cryptography, keys are renewed from time to time. So it is with God. We must be about the business of renewing our covenants if we wish to continue to receive wisdom from Him. Failing to renew our faith means the messages we do get are not able to uplift us any more because we cannot decrypt them. If we continue in not renewing our faith, we eventually no longer receive those messages as we once did and we may even think that all that communication was imaginary.

But if we do renew our faith, if we do renew our covenants with God, if we strive to keep ourselves clean, if we treat others with respect and care, if we give help to those in need of it, we renew those keys to understanding and we find treasures of yet deeper wisdom.

I would say that a similar thing happens with close friends and people that we love. Our covenants with them lead us to deeper, more meaningful bonds that can serve as an example of the relationship we should have with God. The same love that I have for my wife and the whole of my family teaches me the way in which I must also love my God, for God is love. It is through love that we prepare ourselves to receive Him and His messages and it is through love that we renew our covenants, that we might continue to receive Him and His messages.

Without love, there is no understanding. Without love, we may as well study random letters instead of scriptures. Without love, we may as well listen to static instead of a message of peace. With love, things become much more clear. Though the lives we live may be trimmed in sadness and hardship, love is able to allow us to see that mortality is only a part of our eternal existence, and that with love we are capable of so much more with that eternal existence. Love, renewed love, is the true key to understanding God. Share the keys of love with others, that they might also come to understand God.

Deep Black Purple Sabbath

I wrote this back around 1998 or 1999 on a rock discussion mailing list… found it again and decided to post it here for posterity… Obviously, some things have changed, but it was true to the spirit of the times. And I like it, so there.

******

Tony owns the name for Black Sabbath, right? Well, what would happen if he needed some cash and sold it off to the highest bidder, who then tried to put together a band made up of guys that had played with Sabbath before, even if he couldn’t get the original members.

So he can’t get any originals, but he finds Dio, Bobby Rondinelli, and Don Airey have somehow become available. Bob Daisley crops up as well. For a guitarist, he has some tough shoes to fill. It would have to be a top-notch guy (or at least someone with a reputation for being top-notch), who can play really loud… someone like… RITCHIE BLACKMORE!

YES! Ritchie Blackmore is the new guitarist for Black Sabbath. He’s got a very appropriate name for it, after all. The good news is that he’s used to being the boss of everyone else in this lineup, as they’ve all been in Rainbow with him. The new album title is, of course, “Ritchie Blackmore’s Black Sabbath Featuring the Rainbow All-Stars.” Dio quits after the release of the album and Joe Lynn Turner steps in to do vocals for the tour.

The tour set list includes:

– Death Alley Driver
– Smoke on the Water
– Mistreated
– Eyes of Fire
– Man on the Silver Mountain
– Blackmore Throws Down His Guitar and Storms Off the Stage as He Shreds His Japanese Tour Visa
– Really Awkward Silence…

Seeing as how #6 wasn’t planned, our enterprising owner of the Black Sabbath name has to get a guitarist to fill in for Blackmore. Satriani says he’d love to, but contractual arrangements prevent him from joining up. Joe Turner recommends Yngvie “Dare to Spell That First Name” Malmsteen, who steps in to critical praise, although the fans say it just isn’t the same.

Daisley and Rondinelli quit after the tour. For a bassist, Neil Murray gets recruited, who then recommends David “Duck” Doyle as a drummer. Don Airey leaves in confusion and Joe Lynn Turner decides to see if Blackmore needs a replacement singer in his new band. To make things worse, Malmsteen can’t get out of Sweden because nobody knows how to spell his name on his passport renewal form, so he’s out. Murray and Doyle hook up with Bernie Marsden and Mick Moody to cover guitar duties and approach David Coverdale about doing vocal duties. He accepts and Black Sabbath Featuring Whitesnake is born. (Geoff Nichols plays keyboards, but is not credited as a full band member.)

The tour set list includes:

– Come On
– Might Just Take Your Life
– Mistreated (including “Rock Me Babe”)
– Fool For Your Loving
– Rusty Angels
– Closer to You
– Rock’n’Roll Doctor
– Hard Road
– Space Trucking
– Encore: Take Me With You

The tour and album are moderately successful, but Coverdale leaves for a chance to work with Jimmy Page again. That doesn’t quite work out, so Jimmy Page comes to work with Black Sabbath. The band is recorded playing on a club stage in a movie, revealing some killer triple lead guitar work, but Marsden and Moody soon leave the band, citing irreconciliable musical differences. Coverdale loses interest and Murray and Doyle wander off. Page is left with the name of the band and before you can say, “deja vu,” has recruited some band mates for the upcoming tour of Denmark. The group is called “The New Black Sabbath” and includes longtime session man John Paul Jones on Bass, singer Robert Plant and Jason Bonham on Drums. They don’t have any set list, but just sorta wander around on the stage doing their own thing.

When Page discovers that Geoff Nichols is somehow still with the band (he hid in the tour baggage and played keyboards via a remote control device hidden inside his steamer trunk), he becomes disoriented and gets Puff Daddy to rearrange all the old Sabbath tunes and sell the re-arranged lyrics to Michael Jackson. Page then buys them back for half of what he sold them for and carries on with the band.

Jason Bonham, however, decides he’s had enough of this and so Robert Plant gets Phil Collins to play drums. When Plant subsequently leaves as the vocalist, Collins moves in as front man and Ian Paice from Deep Purple guests on drums. Collins and the rest of the band (except Geoff Nichols, who has taken to wearing an odd mask and hanging out in Paris sewers), decide they don’t really want to be in a band called “The New Black Sabbath Featuring Bits and Pieces of Bands That Never Were with Sabbath in the First Place”, leaving Paice in a very awkward position.

Legally required to tour under the Black Sabbath name, Paice gets the rest of Deep Purple to play in the band, and the clever lads decide to make a festival arrangement of the whole thing: Black Sabbath and Deep Purple in a co-headlining tour. The set list draws heavily from the “Born Again” album, with the bass and guitars mixed unusually low. Ian Gillan, when questioned about this, merely grins and mumbles something about “revenge” and “bass players mixing albums.” The tour is hugely successful in Europe, and plays to mid-size crowds in America. Things fall apart before the Japanese leg, though.

The breakup starts quite unexpectedly when Jon Lord decides to check why his keyboards keep making extra sounds during the concert. He nearly has a coronary when he realizes Geoff Nichols has hollowed out Lord’s Hammond Organ and has been living in it for the last 7 months, performing uncredited keyboard duties all the while. Unable to tour, Lord checks into a Florida beach for much needed rest and relaxation. When the other band members of Deep Black Purple Sabbath see Nichols’ wretched conditions, they, too, freak out and head for Daytona to join Jon Lord. Only Ian Gillan remains, being quite used to the sight of a tour-disheveled Geoff Nichols.

Still required to finish off the tour, Gillan gets former Sabbath bandmates Terry “Geezer” Butler and Bill Ward to fill in on bass and drums, respectively, and even convinces Tony Iommi to come out of semi-retirement and help finish off the tour. After the Japanese tour, Gillan leaves the band graciously, expressing a desire to join his bandmates in Daytona. Ozzy Osbourne fills in on vocals.

Before the next tour can begin, however, ownership issues raise their ugly head. Michael Jackson, it seems, still owns the performance rights to much of the Ozzy-era material and is unwilling to relinquish the rights for a resonable price. Having to tour to fulfill contractual requirements of their own, the newly re-united Black Sabbath Mark Id (Nichols is still with the band, in spite of being forced to ride on the outside of the airplane and tour bus), tour with the following set list:

– Neon Knights
– Lost Forever
– Mistreated (by now a Sabbath standard, thanks to Dio, Blackmore, and Coverdale)
– Bark at the Moon
– Waiting For Darkness
– Die Young
– Heaven and Hell
– Demon Alcohol
– Blow on the Jug (Bill Ward singing)
– Close My Eyes Forever (Ward and Ozzy duet)
– Smoke on the Water
– Encores: Flying High Again
– Crazy Train
– Dirty Women (Michael let this one go, claiming he didn’t like Technical Ecstasy all that much)

And they all live happily ever after until Ozzy decides to go solo again…

A Quick Note…

A quick note to all the Republican partisans complaining about possible voter fraud: where were you in 2000 and 2004? Chickens come home to roost in politics. Remember how the GOP leaders said that Diebold voting machines being made by a strong GOP backer wasn’t an issue? Remember how the GOP leaders said that the claims of black voters being incorrectly identified as felons was overstated? Remember when a few Florida ballot boxes turned up with plenty of Republican votes, sometimes more than were registered in the precinct? Chickens coming home to roost.

Sure, this election is on track to be pretty much handed to Clinton, maybe even in a big way – Texas might go purple, if not blue. A lot of that is Trump’s fault, plain and simple. He’s highly offensive to a majority of Americans, more so than Clinton. But if the Democrats do anything shady or even illegal to slant the results in their favor, don’t come crying to me about it. The way 2000 and 2004 played out basically condoned mild to moderate voter fraud from the top on down.

I’m an independent voter that has been hugely disappointed with both major parties since the 1990s, and it sickens me how they have allowed the political process to be increasingly criminalized and the politicians to be telemarketers selling their votes to the biggest donors. I’ll agree that Clinton’s campaign has been doing some awfully sleazy things, but to any Republican – you have met the enemy, and she is y’all.

America’s Awful Nightmare

Watching the debate last night, I was chilled when I heard Trump say that if he was president, Clinton would be in jail. Trump has set off a number of fascist alarms, and this was his newest one. But to make such threats openly and then to have them resonate with a significant population of Americans is what bothers me the most.

While I do believe that Clinton escaped prosecution because of her position and influence, as have a large number of other rich and powerful Americans, I do not believe that making naked threats about jailing political opponents is the right way of dealing with that issue. I’ve spoken out against the quiet jailing of political prisoners in the USA, but this is a new one. For a major political party’s candidate to call for the pitchforks and torches to go after his opponent is an appeal to mob rule. That is most certainly not the American way.

I don’t care how big a threat one may think Clinton is, America will survive. It always has. We made it through the constitutional end-runs of Nixon, Reagan, Bush I, Clinton I, Bush II, and Obama, we can survive a Clinton II. At least all those people gave lip service to the ideals of the Constitution. Trump does not. He makes open appeals to white supremacists and fascists and he does not apologize for them. I truly hope that he loses, but that does not solve the problem of his supporters.

There are people who support Trump precisely because of his sexism, racism, and fascism. There are people who support Trump precisely because of his strong-man views and the hope that he may very well sweep aside the constitutional framework of our government and change the USA into something more on the lines of what Mussolini wanted in Italy or Vargas in Brazil or Peron in Argentina. If Trump fades from view, these people will seek out another flashy personality with no love of any truth that stands in his path to power. They will seek out that man and put him forward, and they will recruit.

And this is what concerns me about a Clinton presidency: that it will do little to still the currents that are drawing Americans towards fascism. FDR was able to offer an alternative to extremism with his New Deal. LBJ and Reagan also offered up big ideas in big packages and gave presidential turns that appealed to a wide range of Americans. Clinton I was the last of the big-tent presidents. Starting with Bush II, we have had presidents that have ruled without reaching out to the opposition, and that is a bad precedent for a president.

The resulting legislative gridlock and rule by executive order plays into the hands of fascists. If they like an executive order, it shows to them the promise of a more powerful leader. If they do not like an executive order, they howl murderously about how they have no more rights – but they will gleefully toss all those rights aside to get someone in office that will put their opponents in their places, no matter what. A Clinton II presidency will only make the fascists look for a more presentable proponent of their ideas. What we need is another FDR, LBJ, or even a Reagan to bring all of America back together to the negotiating table. Failing to do that will only strengthen the ranks of the fascists.

Open for Business

Vernon Washington punched the call button for a fleet car. Per regulations, he set his watch for atmospheric sampling. Planes were on fire, fuel dumps had been hit, who knows what else was fouling up the air? External drives in the pockets, camera in the contact lens, radio in the earpiece, everything else was ready for gathering information.

Vernon stepped out of Terminal D and into the waiting fleet car. “Datacenter, evasive.” Debris everywhere, smoke hovering over the eastern terminals, psyops staff walking around with man-portable loudspeakers, alarms sounding, fire and emergency crews everywhere… the only thing missing from the scene were the screams of the mourners. Vernon wasn’t in that response crew, though. Those sights were for someone else’s nightmares.

The car made its way deliberately to the datacenter building. It was almost totally new, shining in its energy-efficient, up-do-date architecture. Vernon made a silent bet with himself about how many old problems were simply moved from the old DC into the new that were involved in this breach. He was pretty sure there were thousands of problems, but how many were involved in today’s disaster? Vernon counted on his fingers… five.

The car pulled up to the curb. Vernon got out and the car went to go park itself. A guy with a DFW staff badge was there to greet Vernon. “You the guy with [REDACTED]?”

Vernon tapped the badge above his left shirt pocket. “I’m a federal agent. Are you my escort?”

The guy went from cocky to sheepish in a flash. His name badge read “Edwin Lu”. He badged in and held the door for Vernon. Vernon rolled his shoulders and walked up to the reception desk. “Do you need me to sign in?”

“No, we’re just coming up to my office.”

Wrong answer, Edwin. Vernon stayed by the desk. “I wasn’t really asking. Where’s the visitor ledger?”

Edwin smirked in puzzlement as he produced a ledger. “You’re not auditing us, are you?”

“No, I’m not. But you probably should expect one very soon in light of today’s events. Security is all the rules, all the time, documenting when they’re bent or broken.”

Edwin’s expression indicated that the business culture here hadn’t been stressing security for at least some time…

As they approached Edwin’s cube, Edwin grabbed a chair out of a conference room. “This is more comfortable.” Vernon was thankful for the comfy chair, but felt a little uneasy about how the “Do not remove chairs from conference rooms” sign was ignored. Still, he only expected five problems for this breach.

“OK, Edwin, do you use a RADIUS server for authenticating your wireless devices?”

“Yes.”

“Let’s take a look at the configurations. See if there are any new entries on the MAC bypass list.”

“OK…” Edwin started up a console to look at the RADIUS server. “Uhm… how will I be able to tell if the entries are new? They’re all sorted alphabetically.”

“How about a change log?”

“Um, OK…” Edwin clicked on Tools > Security > Admin Log.

The screen filled up with times, dates, usernames, and changes. Edwin and Vernon leaned forward and squinted. As they read, another log entry popped up at the top of the screen. Vernon asked, “Do you have circular logging enabled?”

“Ah… well, I dunno.”

Vernon assumed that meant yes. “Copy all the admin log files to a backup directory. Now.”

“Well, we do backups every night at 3 AM.”

“This is different. Copy them now. As in now.” Vernon didn’t want to say NOW: it was better for the working relationship if he didn’t go all caps on the guy. “It’s for forensics.” Vernon felt better when he added the why.

“OK then, just a sec.” Edwin went to the directory on the RADIUS server where the logfiles were kept and did a CTRL+A CTRL+C move and then did a CTRL+V to copy them to his local PC. “Yeesh. This is gonna be a while.”

“True. But now we have a copy of them from this time.” Vernon looked at the three newest entries in the logfile. They were identical, each 90 seconds apart. Unable to reach device at 10.9.177.12. Most likely a switch or wireless controller that had been deactivated long, long ago and nobody bothered to tell the RADIUS server. “Edwin, any way we can filter those out?”

“Well… I only know how to find stuff in this interface, not unfind them.”

“All right then, page down. We gotta read this over until we know what we’re looking for.”

“Why not check the SOC for unauthorized access events?”

“Because I’m betting dollars to donuts this is authorized access.”

“What, one of us did it?”

“Keep it down, Edwin. I’m not accusing anyone. I have no data, for starters.”

Page down. Page down. Page down. Page down. Those 90-second intervals really pile up, don’t they?

Hang on… “OK, highlight that.” Vernon pointed at a line on the screen that had nothing to do with 10.9.177.12. Edwin clicked on it, putting a nice blue tint on the text. The text noted that WANNA.SAMUE added a few addresses to the MAC bypass list.

The voice said in Vernon’s ear, “We’re getting it just fine. Maintain distance.” Good, the camera was working.

Edwin asked, “Sam did this?”

“Who’s Sam?”

“One of the security admins. Sam Wannamaker. That’s his account.”

“OK, noted. But let’s not jump to conclusions. That’s his account, probably wasn’t him. Look at the timestamps on those events.” Those addresses were added around 6:15 AM, last Saturday. “This guy Sam, when does he usually work?”

“9 to 6, like most of us. We didn’t have any changes scheduled for Saturday.”

“Is he in today?”

“Yeah, you want him?”

“Not yet, what’s the IP of where Sam logged in from?”

Edwin scrolled to the right on the logfile display. 10.1.1.15. “That’s our jump box for DC access.”

“OK, we need to check the event log on that box for where someone logged in with Sam’s account.”

“You want to do that now?”

“Yes, now. Can you hit that box from here?”

“Sure, just a sec.” Edwin fired up an RDP session to 10.1.1.15. A little while later, he had the event viewer up and filtered for logon events. 6:15 on Saturday showed that WANNA.SAMUE logged in from 84.246.99.90.

“Hold the screen there, sir.” Vernon awaited the voice in his receiver.

“That’s the University of Zagreb Computing Center.” Thank you, voice.

Chances were, Sam wasn’t in Croatia over the weekend. And whoever was in Zagreb or connected to a device in Zagreb, that was for the people next to the voice in the earpiece to resolve. Vernon was here to document what had gone on at DFW. For that, he asked Edwin, “Do you guys remote in to this jump box normally?”

“Yeah. Makes it easy for us.”

“Do you VPN in for it?”

“Well, no, not always. Our VPN’s been really unstable for the last, like, year… and we don’t always want to have to drive in to do work.”

“So…?”

“So it’s opened up on the firewall.”

That was one. Sam’s account was two, dollars to donuts. “Let’s go see Sam. He sit near here?”

“He’s two rows over.” Edwin led the way. When they arrived, “Hey, Sam, this is…”

“Vernon Washington.” Let Edwin give the rest of the info.

“Vernon Washington, a federal agent. He’s here investigating, the, uh, thing today.”

Vernon smiled. “Hi Sam. I want to get directly to the point. Can we take a look in your email?”

Sam was too confused to be scared about that question. “Umm, OK.” Sam brought up his email client. “What do you want to look for?”

“Can you search for emails with links in them?”

“Ummmmmm… yeeaaaaaah… yeah. Here we go.” Sam typed the filter into the search box. Tons of marketing emails popped up in the results.

“We need to look at all of these, from before this last Saturday morning. Say before 7am.

“OK.” Sam’s cooperation was pretty natural, not typical for a suspect. Which made sense, since Vernon didn’t suspect Sam the man. Just Sam the account.

The procedure was straightforward: look at the link in the email. Ask Sam if he clicked on it. Hover over the link and see if it goes to where the email claimed it would go. If nothing noteworthy came up, move on to the next email. As it turned out, Sam ignored almost all of the marketing stuff. Lots of looking, lots of scrolling…

Then there was the email from Rhonda, the group coordinator. Sam had clicked on the link and the hovering mouse said it was to an IP address that was nowhere inside the company.

The voice in the earpiece said, “Nothing there now, but it was in Argentina.”

Vernon counted the third problem. No spear phishing training. Or if there had been training, Sam here was in the 1% of computer users that training had no effect on. Sam had clicked on the link, provided a credential, someone used it to try the RDP box open to the Internet, got in and set up the MAC addresses of the grenade launchers to be permitted on the wireless network… and this jump box would also be a likely point of origin for the signals sent to the passenger vans and grenade launchers alike.

Two more openings to find.

First, Vernon collected pertinent files on his external drive. As he made the copies, he asked, “Who’s in charge of the passenger vans?”

Sam and Edwin looked at each other. Sam said, “Facilities?”

That wasn’t going to get anywhere. “How about the IP range for the vans?”

Sam clicked around and brought up the IP management interface. A few more clicks and he had the answer. “10.100.100.0/24.”

Vernon asked, “How about doing an SSH to an address in that range?”

Sam tried. He got a connection refused error message.

Vernon groaned inside. “Try telnet.”

When that made a connection, Vernon asked Sam, “Do you know the username and password to use?”

“No.”

“Try admin/admin.”

Sam typed and got in. Everyone felt ashamed that it had worked, and on the insecure telnet protocol, to boot. Vernon figured whoever was able to send commands to the vans didn’t even have to try – just being in the area would allow anyone to get an unsecured copy of everything sent to the vans. Not just the default, unchanged username and password, but also the commands used to maneuver the vehicles. Pretty darn handy.

And that default credential set was problem number four. One more to go, and that would be no limitation on what devices could send commands to the vans. Obviously, that was wide open.

There wasn’t much more Vernon could do. He made some small talk with Sam and Edwin, handed out cards, asked them to contact him if they had any more informa- say, the lights were flickering.

Then they went out. The air conditioning also cut out. But the computers and monitors didn’t. Vernon made a guess that the power wasn’t cut – something else was getting messed up.

Edwin asked, “What the hell’s going on?”

Vernon made a guess. Given the state of security there, it was a pretty good guess to make. “You guys got licensed hardware?”

“Yeah.”

“Well, check your licenses. Betcha someone’s zeroed them out. You really need to change those default admin passwords.” Vernon figured he’d gather some more data while he was here. It wasn’t his first license blasting case to investigate, that was for sure…

Copypasta

The man opened his laptop and entered his password. His hard drive spun and programs flicked back on. The laptop re-established its network connection – wired only, the man didn’t trust wireless – and packets began to flow between his PC and the rest of the world. One consequence of that traffic was a notification that he had new email. The man noted that, while he had 12 new emails in his inbox, he had 2 in his “Action Items” folder.

As he was about to open the folder, he heard a crash of dishes from the kitchen. Without getting up, he demanded, “What is going on in there? Is anything broken?”

“Maddie opened the dishwasher too hard!”

“Nu-uh!”

“Uh-huh!”

The girls continued to argue as the man minimized his email and went into the kitchen. His voice was probably too stern for the occasion, but the man was under pressure. He had action items to address. “Get the dishes done, and get them done quietly. I am very busy and I don’t want any noise. Maddie, be more careful when you open the dishwasher. Laney, you are the older sister, so you should keep a better eye on Maddie and help her more.” The girls were about to cry. The man’s heart softened. “I’m sorry, I shouldn’t have yelled like that. I love you all. Let’s hug.”

And so, they hugged. Maddie, Laney, and the man resolved their issues through reassuring human contact and then went back to work. The girls on their dishes, and the man on his action items.

He first opened a text file. Then he opened the action item emails. In turn, he copied the contents of the emails and pasted them into the text file. Then he deleted the emails. Then he emptied out his deleted items folder. The man knew that this wasn’t a complete deletion of that information, since a digital ghost of it existed on his local hard drive, in addition to whatever the [REDACTED] picked up in its [REDACTED] program. And, since the emails came from Minsk, there were other agencies besides [REDACTED] that would have their copies.

But the data in motion on the Internet and the data at rest was encrypted, so the man knew that nobody would try to break into it unless it was on somebody’s radar, and that wouldn’t be until someone put the pieces together to a very difficult puzzle. After all, it wasn’t against the law to receive emails from Minsk.

That was the fun part about the United States legal system. The whole thing was built around either catching someone in the act of committing a crime, or amassing enough evidence to prove that a criminal act had been committed by a particular criminal. Just as corporations were more efficient at doing business than single proprietors or partnerships, they were also more efficient at committing crimes: no single person did anything that, of itself, was a crime. Instead, the actions of dozens of people had to be connected in order to demonstrate a pattern of behaviors that produced criminal activities. But could the law catch those people? Or did it want to keep to the easier crimes?

The man laughed to himself. Wall Street got the King’s Pass to perpetrate financial crimes on a grand scale, while those mom-and-pop operations, be they corner grocers or corner meth labs, got crushed by legal regulations and the big boys alike.

The man knew he was part of a big operation. He just didn’t know what it was. He liked doing the work. Criminal operations tended to be very libertarian and very agile. He felt empowered to make decisions, was glad his compensation was 100% salary, and had access to the best tools money could buy. The man didn’t need to submit expense reports but did so, anyway, as part of his cover story. The best part was that the cover story was no cover at all – he really [i]was[/i] an IT security consultant that worked from home.

There was the matter of who, exactly, the employer was. The man did not know and did not care. It was like the Algerian FLN. The man got messages from one source and sent his messages to another source. Given the level of obfuscation between the sources, the man felt it highly unlikely that he would meet the same fate as the FLN in Algiers after the French forces broke into the movement’s structure and methodically tracked down each cell.

Time was money. The girls had finished their post-lunch chore and were watching purple dinosaurs engaging in situational ethical discourses with red furry monsters or something like that. The man returned to his task.

The text file showed a list of IP addresses with notations beside them, a handy comma in between the addresses and the comments, in case he needed to view the information as a spreadsheet. The man just liked the text file because it loaded faster.

The information came from the boys in Minsk that scanned and probed IP address ranges. They asked no questions and desired no answers. They just ran their NMAP scans and followed up where they found interesting things, like open RDP ports or SMTP relays, both of which were of interest to the people that had employed the man to use that information.

The man was involved because some people were interested in employing someone with very good English language skills to send emails to some native English speakers. Since the man was both a native English speaker and in possession of an email client, he was a perfect fit for the job. The man also knew a thing or three about how to customize search strings and gathering intel from social media networks.

The man started to scroll through faces and resumes of men and women that worked at the two airports mentioned in the action items. Open RDP ports at DFW and LAX meant his employers would gain remote access to IT systems at those airports if they knew the accounts and passwords to use. Brute force attacks would fail, generate alerts, and generally lead to undesired consequences. The man disparaged such methods, as his were far more elegant and productive.

And that’s where the SMTP relay came into play. Thanks to small businesses constantly starting up, there was an infinitely regenerating supply of unsecured email servers that would allow anyone accessing them to impersonate anyone else with only a minimal knowledge of how to configure an email client. Yes, it could also be done from a command-line interface, but the man needed to send rich content with links and documents – it was a total pain to try and cobble those together in a command-line environment. The man hated programming and wanted to be as far from it as possible, preferring to send his carefully-worded emails from a GUI. It was simply more elegant that way.

As the girls shifted from animated philosophy to that damn game with the irritating soundtrack, the man tried to block the annoying tune from his consciousness as he looked over org charts for DFW staff assignments. The link to those PDFs had been deleted, but not before Google found it, indexed it, and indexed the document so linked, which was still open to the Internet even if the page that once linked it was now a 404 page not found…

And there she was! The man had the name he needed. He highlighted it, pressed CTRL+C, went back to the text document and –

– he saw his wife pulling into the carport. She was back from the grocery store, so the man knew he only had seconds. He clicked at the end of the text block, hit CTRL+V, then comma, and then “admin asst dfw”. CTRL+S saved the info and Windows+L locked his laptop.

The man got up to open the door for his wife, who had two handfuls of plastic bags. She said, “There’s ice cream on the back seat. And milk. Get that first.”

Once the groceries were in, the man went back to his PC while his wife put away groceries and got the girls started on sorting laundry. A password later, and he was ready to get started on his background research for his first email. Rhonda Emerson had a number of promising interests, wine tasting the most promising of them all. It was most promising because the man already had a bogus wine tasting club website set up, along with websites that dealt with beers, cigars, whiskeys, chocolates, travel, running, golf – all the vices. Funny thing was, a username and password to get into one would get into all of them, since they all had the same database driving them. The man didn’t mind. They were only there to gather usernames and passwords.

The best part was the follow-up email. That potentially gave him one of the most important pieces of information: the business email signature of his target. If the target didn’t put a sig on replies, he had another ruse to get the target to send a new email, but most people had a sig on every email.

Rhonda Emerson must have been thinking about the weekend, because that email and account info showed up awfully fast. The man copied and pasted the sig into a draft email that was going to bounce off the relay and into the inbox of one of the people that she served as an administrative assistant/coordinator to.

Hello Ryan,
Harvey Wright would like us to update his SharePoint with all the accounts we use for access to jump boxes, network gear, servers, etc. This is part of the Integrated Account Management initiative. The link to the SharePoint is here.

Kind regards,
Rhonda Emerson
IT Group Coordinator
214-555-1212

The man had composed this email in a second email client. In it, he specified the SMTP relay as his server and Rhonda’s address as the “to”. The man didn’t care about the replies. He just wanted the info to be sent to the SharePoint that was set up on a typosquatting website, and hoped that the admin would fall victim to the spear phishing.

Just to make sure, the man copied and pasted the email body to several other emails, each going to a member of the team that Rhonda supported – taking care to edit the name after “Hello”. The first one to submit the info would be the winner.

As things turned out, Samuel Wannamaker was the most prompt at supplying the information. He just posted the spreadsheet that he kept with all the system names, IP addresses, and shared accounts for getting into them. Thank you, Samuel.

The man got that info at 4:23. The wife leaned into the open doorframe and asked, “You almost done in there?”

“Just wrapping up a few things, hon.”

“You want to pick up something for supper? I’m tired.”

“Sure, what do you want?”

“Food. I don’t care. I’m going to go lay down for a while.”

“OK, I’d like to snooze a little myself before going out.”

“How about Chinese?”

“Sounds good.” The man started to drift back to work.

The wife moved into the foyer. “I’ll go ask Laney and Maddie what they want.”

As the wife asked the kids, the man already knew the answer. Chicken fried rice for Laney and beef lo mein for Maddie. He copied and pasted Samuel Wannamaker’s spreadsheet into an email from his first email client and sent it to someone who was interested in usernames and passwords for systems at DFW airport. The man didn’t know what exactly what was going to happen with that information, or the information he’d already collected for Atlanta or for the information he was about to collect for LAX. The man just planned on not flying anywhere for any reason for a few months.

The man responded to a few more emails and then watched a cat video on YouTube. Life was good, working for people that liked to collect usernames and passwords.

Interrogating Captives

It was a busy day at [REDACTED]. Any day that four major airports experienced coordinated attacks would be a busy day at [REDACTED], given how it handled [REDACTED] for the entire [REDACTED] in the US of A. Shuttle van mortar attacks at LAX, DFW, and Atlanta; taxi car bombs at Reagan International. It was going to be a busy day for many, many days at [REDACTED]…

Dinah White left the briefing room and glanced at her tablet. Cube FR-227C. She was going to work with whoever was in that cube on DFW intel. Full network packet captures, courtesy of [REDACTED].

OK, FR-227C… that was on this floor… a check of cube numbers… and they’re going that way, so the cube is on the left. She turned left and walked past five rows, then turned right and went all the way to the last cube on the right, just before the wall.

The nameplate said “Chandni Kapoor.” Cool, another woman. Dinah did not spend much time contemplating this victory for women in the IT workplace because she had a job to do. So she knocked on the metal on top of the cube wall. Chandni finished the last two words of her email, sent it, and swiveled in her chair to face Dinah.

Dinah smiled. “You ready for this?”

Chandni nodded. “There’s nobody in the cube behind you, so you can grab that chair.” Dinah grabbed said chair and moved it into Chandni’s cube. Chandni fired up her Wireshark and loaded the capture file from the DFW Airport shuttle van SSID. It was a beast-size file, six hours of capture, 137 MB of TCP, UDP, EAPOL, ICMP, and beacon frames. This was no teevee show dealing with h4xx0rz. This was reality, all 137 MB of it.

And Chandni knew how to deal with it. “How do you want to slice this up? Hour by hour?”

Dinah had another thought. “I’d like to filter on a MAC address of one of the vans, see if we can find suspicious traffic, and then see if it matches on other van MACs.”

Chandni inspected her screen. She highlighted frame number 20. No particular reason. It just looked like a good frame to start with. “Start with this one?”

“Sure.”

Chandni right-clicked the destination MAC address and selected to filter on it. “OK, let’s get lunch.” They both laughed a little. This was going to take a while. Chandni didn’t like dead air. “Who do you think did this?”

Dinah shook her head. It didn’t pay to speculate at [REDACTED]. “No idea. I like to keep my mind clear. We don’t want a preconceived notion to color our results. We deal with the evidence that’s here, not the evidence we want to be here to prove our hunch right.”

Chandni looked a little beat-down. Dinah immediately regretted coming down like a hardass. “It could have been anyone, really. You know how these vans run, so you’ll tell me who did it, when you know. I’m just here to be another pair of eyes for management.”

Chandni smirked a tiny smirk. Dinah went for a closer. “And, hey, if you really want to find something in a mess, send two women, am I right?” That got Chandni to laugh and the working relationship on better footing.

Wireshark finished its work and then Chandni went to the filter field and typed in the || to add the condition to also filter on that MAC address as a source. Wireshark thrashed accordingly. Once the filters were complete, she exported the packets – about 2% of the total capture – to a new PCAP file. She closed the original file and opened up the much more manageable 3 MB capture.

There were still over 100000 packets, but that was much more preferable than what was packed into the original capture. Chandni started paging down through the packets, focused on source and destination addresses. It wasn’t three pages before she noticed something. “It’s all coming and going from that address there.” She pointed at the address in question. “What is that, the main control station or something?”

Dinah scrolled through her briefing materials on her tablet. “What are the last four letters in that address?”

“45CB.”

Dinah found an address that ended with those letters and squinted back and forth from Chandni’s screen to her tablet to confirm that, yes, it was a wireless tower. “Go ahead and cut that from the capture. Both source and destination. See if there’s an outside source sending instructions.”

Chandni filtered and then they both went through the remaining packets, filtering further on conversations with legitimate DFW towers. They got to the last 2300 packets, and they were all to and from the tower in Terminal D, where the van’s movement had been halted by an agent with an EMP gun that had happened to be on the scene. Chandni let go of her mouse and leaned back in her chair. “All the traffic was from the towers. Nothing outside.”

Dinah didn’t like that, either. Outside source of transmissions would have made things easier. She did not relish trying to sort commands from authentication and keepalive traffic in this stream and then seeing if there was a matching pattern in the other vans’ traffic. Ugh.

“Umm… what about the grenade launchers in the vans? When did they start firing?” Chandni had a great idea.

“Load up the main capture, and let’s take a look at the moment everything started firing. Better, chop off the last 20 minutes and look there. If the things weren’t integrated in the van systems, and I’ll bet they weren’t, I’ll say you’re right in about half an hour, when we see the commands.”

Chandni never loaded a massive capture file with more enthusiasm than she did at that moment. She went to the end of the capture, scrolled up to 1200 seconds before the time of the last packet, highlighted a frame, hit SHIFT CTRL END and became crestfallen when her keyboard shortcut-fu failed to highlight the packets she wanted to export.

She left the last packet highlighted, scrolled up to the packet 1200 seconds before the last one, SHIFT-clicked and got the right packets selected. Stupid Wireshark. Deep down, she knew the program wasn’t to blame, but, like everyone in IT, felt better about things when she cursed the computer.

Dinah read off known MAC addresses of the passenger vans and Chandni filtered them out, one by one, until only a few hundred packets remained. Communications to and from the grenade launchers. Chandni exulted, “High five!”

Dinah returned the gesture, taking special care to look at Chandni’s elbow, so as to not mess up the celebrations. But, in that moment of analytical-mindedness, she had a realization. “Hang on, how did the grenade launchers get on the shuttle van SSID?”

Chandni and Dinah pored over the re-authentication traffic that happened as the weapons moved between tower coverage areas. That traffic was more fascinating to them than the commands sent over the wireless to activate them. These things were getting RADIUS-Accept packets from the wireless controller, like they were supposed to be on that network. Who set them up with that kind of access? And the command and control IP address – that was somewhere on the inside of DFW sending the commands.

Filtering on the C&C IP address, Chandni showed it was the source of all the communications, vans and weapons alike. How did that get set up?

For all the network captures at [REDACTED], Dinah figured that not one of them would answer that question or any of the others that came up after the high-five. Someone was going to have to get into DFW’s RADIUS server setup and look over its settings. Hopefully, whoever permitted the weapons on the network didn’t erase the admin logs. And then, there was the matter of the C&C server embedded in DFW’s infrastructure…

But that was for someone else to dig into. Dinah kept focus. “Get the capture of the C&C traffic off to [REDACTED] and let them see if it’s a pattern anywhere else in [REDACTED] or anywhere else we’re [REDACTED] the routers.”

“Is it usable? I mean, it’s encrypted and there’s no guarantee the guy sending it didn’t use Tor or a randomizer on the order the packets were sent. Or stuff like that.”

“Oh, it’s usable. Have you had a class in side-channel traffic analysis?”

“No.”

Dinah smiled. “You should sign up for one. Amazing stuff. Everyone at [REDACTED] should take it. Be sure to get [REDACTED] as your instructor. I had him, and he’s [REDACTED].”

Chandni, thankful for the career advice nodded and said, “[REDACTED]” And then, she emailed the C&C traffic to [REDACTED] while Dinah placed a call to the lead agent on the scene at DFW.