The message Thad got was essentially an offer of more active involvement and some measure of support if he could help Peter get in touch with someone in the military who handled Tor servers. It was common knowledge the US Navy had been involved, and still operated several Tor nodes.
While Thad enjoyed the humor, the standard bundled user guides for Bread were too dry and complicated for the average user. He had been outlining a set of tutorials in his own style, which had proven quite popular in the past on similar projects. So when Peter Jimmerson made his offer, Thad jumped on it with both feet. Not only did he put them in touch with each other, but promised to play go-between for the convenience of both parties, because he could make his own schedule, when neither of the others could.
After reviewing Peter’s log excerpts, Mantis turned to his ranking NCO. Having served in the enlisted ranks himself, Mantis knew the best equipped sergeant was not so much a matter of what he know, but whom. Mantis had sent this man to all the schools he could arrange for that very reason. His back channel access to the technicians handling the Tor servers for the Navy didn’t work miracles, but they did agree to let the sergeant “find” some information which would allow him to test some ideas.
Between him and Mantis, they established a pattern of activity which would constitute an identifying signature of the cracker in question. Then they began testing this signature against traffic coming out of the Tor entrance and exit nodes to see if anything interesting would come up.
Meanwhile, Peter added an extra networking interface to each of his machines. The Toast computers became log servers, silently pulling out an active copy of everything. Then he set up some parsing scripts, and an alarm to notify him when the cracker hit either of his bait boxes. He didn’t have long to wait. Using the secondary networking connection, he managed to capture the entire episode, including the commands which edited the logs.
Not only was he able to identify the flaws which allowed the cracker to gain root access on both bait servers, he had a copy of the code the cracker had been building on both machines. They were essentially the same commands, but with slight variations for the difference in architecture. It quite some time to parse the code because it seemed intentionally obfuscated, and Peter was simply not the best at working with assembler. It was what they had in common which shocked Peter the most.
When he realized the purpose, he sat frozen for a long time. It slowly dawned in his mind this had never been about him at all. This was a highly efficient worm, being built in at least to attack these two operating systems. Each one made reference to what Pete felt sure was military jargon, especially the term “SIPRNet” and similar acronyms.
-
Contact me:
-
ehurst@radixfidem.blog
Categories