Black Hat Blues (42 page)
your work” kind of person. She’d want to know everything they did in
order to smoke Isaiah out, and she’d want to see some real results. At
the same time, they needed to build up some credibility for Post Hoc,
so Paul and Chloe came up with a plan that looked like something Post
Hoc would have come up with on their own. They decided to create a
honey pot.
The honey pot was a trap meant to lure in a target and trap it. Honey
pots designed to capture hackers were usually websites that gave the
appearance of being easy to hack and which seemed to contain inter-
esting or desirable data. Hackers would break in, not realizing there
would be a host of hidden processes running that were ready to snatch
them up and hopefully catch them in the act. In their case, they set up
a Post Hoc-created website that was very much modeled after a kind of
America’s Most Wanted for the internet. The site featured descriptions
of wanted hackers and then offered bounties of tens of thousands of
dollars for information leading to their capture. Hackers could report
leads through the site anonymously and receive payment anonymously
too, just the way an outfit like BountySploit worked.
Of course the main target was Isaiah himself. Paul had debated long
and hard with Sacco about whether or not to put Isaiah’s picture up
on the site. Weirdly, it had been Sacco who wanted the pic up and Paul
who wanted to wait. Sacco felt that by putting the picture up right
away, they would indirectly be warning Isaiah just how much danger he
might be in. Paul agreed with that assessment, but was more concerned
with ways to show that the site was working at generating leads about
Isaiah over time. He wanted to save the picture for later and pass it
off as a discovery made by one of their bounty hunters, along with an
announcement that they’d paid the fictitious bounty hunter an award
for such valuable information. That was the key, of course—making
Isaiah think that the site had valuable information on him that he in
turn would try to steal back. In the end, Paul’s position carried the day
and Sacco seemed to resign himself to the plan as they’d laid it out.
The description of the wanted hacker Paul put up included no per-
sonal information about Isaiah at first. It did however detail some of
226
Geek Mafia: Black Hat Blues
the crimes he was accused of committing, including some that Paul
and the rest of the Crew were actually responsible for, like cashing the
fake checks. It also included a list of some of the networks, websites,
and bank accounts that Isaiah was believed to have compromised. They
posted links to the site in various hacker forums online and Paul and
c1sman spent some time talking it up on IRC. They got traffic almost
immediately, and a steady stream of hits showed there was real interest
within the community, but hopefully not too much outside. Paul didn’t
want a lot of tourists coming in from Digg or Slashdot just to poke
around and so they encouraged people to keep the site to just hackers.
Ostensibly this was because they didn’t want newbies muddying the
waters with false or ridiculous leads, but in fact Paul wanted to keep
the number of users low so they would have less data to hunt through
when they checked their trap for victims.
They worked mostly out of the Baltimore house, although Sacco and
Chloe had taken separate cars and gone war driving around the city
and suburbs looking for open wireless networks they could take over
for added bandwidth. They’d built a pretty complete map after a few
days, allowing c1sman to work out of a van moving from spot to spot
and piggybacking on either open or ill-protected hotspots. Although
their site was hosted through a German ISP and heavily protected, they
didn’t want anyone (especially Isaiah or Marsh) tracing traffic back to
them in Baltimore. After the third day, Paul started adding in new
information about Isaiah, simulating supposed leads that bounty hunt-
ers were turning in. The truth was, no one was actually giving them any
useful leads at all. But that was OK. All they needed to do was give the
impression that they were closing in on Isaiah. Then, hopefully, he’d get
curious enough to try and hack in and leave some trace of his activities
they could follow back to him.
C1sman put in the most hours, second only to Paul. Chloe continued
to interface via e-mail with Marsh and Clover, forwarding them prog-
ress reports that were supposed to be from the Post Hoc crew. They’d
decided not to tell her about the honey pot site directly, hoping she
wouldn’t have her security people try and hack it just to get more data
on them. There was a good chance she might find it on her own, but
no sense in stirring up problems for themselves unnecessarily. C1sman’s
main job was to pore over the traffic data for everything coming in and
out of the honey pot. He had an array of traffic analysis tools set up,
along with various scripts and cookies attached to the site that clung
on to anyone who visited it. Most hackers would be protected against
most of these bugs, but even the way they disabled them told c1sman
Rick Dakan
227
something about the skills of those visiting him. Plus, there were other,
more sophisticated pieces of malware that c1sman had created that were
much harder to detect and only a handful of those visiting the site man-
aged to remove them. The assumption was, if Isaiah was visiting the
site regularly he’d be in this final, uber-skilled set of visitors who left
practically no trace. Thus, tracking them down became priority one and
they might, just might, find some clue to Isaiah’s location.
It was on the fifth day, when Paul put up Isaiah’s picture, that things
started to fall into place. C1sman had identified some distinct patterns
in the traffic data that pointed to someone who was both interested in
what was being published on the site and who had (they suspected)
tried to hack into the site on several occasions. They had even “suc-
ceeded” once, cracking into a portion of the site full of corrupted data
meant to serve as trojan horses for the hacker who took them. Whoever
it was caught on almost immediately though, and their malware was
deactivated or destroyed before it could give them any useful informa-
tion. But it was enough to give c1sman a thread to start weaving a
pattern together from, and it eventually led them back to a physical
location.
“It’s a hacker space in New York,” c1sman said when they’d all gath-
ered in the Baltimore room once more. Sacco and Chloe looked as
exhausted as Paul felt. They’d been out driving within a hundred mile
radius buying disposable cell phones, hijacking open wi-fi spots, and
getting supplies and food for the group. Paul had busied himself with
the false posts and regular updates to the honey pot site, while Bee and
c1sman had combed through the analytics. “It’s called HackNY, and it’s
a non-profit set up by some NY hackers as a place for people to work on
projects and stuff like that. It’s all white hat stuff, a lot of fun hardware
hacking and things like that. I was there when they were setting up
right after the last HOPE. It’s pretty cool.”
“And you think Isaiah might be using it to connect to our honey
pot?” Paul asked.
“I think someone there is, yeah. Or if not, they’re using HackNY’s
big fat connection to connect to its TOR network. But yeah, they
missed one of my little bugs from the honey pot and it popped up at
HackNY twice.”
“What’s this hacker space like?” asked Chloe. “Who has access to
their network?”
“According to their website they’ve got about 70 dues paying mem-
bers—it’s $65 a month. You gotta figure at least twice that many come
through just to check it out or as friends of the members. And they have
228
Geek Mafia: Black Hat Blues
classes and demos that’re open to the public, and so anyone could be
coming through then.”
“So he could probably slip in and not arouse any attention,” said
Paul. “It makes sense. You gotta figure a hacker space’s network is super
secure, right? And we know he’s based out of New York. Isaiah could
easily be using the space to do some digging into our honey pot. Even
if we do trace it back to HackNY, that leaves us with dozens, maybe
hundreds of possible targets. It’s great camouflage.”
“C1sman, you said you’ve been there?” asked Chloe.
“Yeah, the one time when they were just setting up.”
“And they know you? The people who run it?”
“A little bit. From, you know, cons and stuff. Not well.”
“Perfect,” said Chloe. “We need you to go to NY and start hanging
out there.”
Paul saw her plan, and he liked it. All except one part.
“I don’t think I can do that,” said c1sman. Paul could see from the
way he fidgeted and looked down at his keyboard that he wasn’t happy
with the idea at all.
“Of course you can,” said Chloe. “You were great during the pitch
to Marsh’s security guy, and this is even easier. We’re only asking you
to be yourself. You go in there, start hanging out, and wait for Isaiah
or someone you can identify as one of his followers to show up. We’ll
coordinate with you from somewhere nearby and let you know when
we see someone poking around the honey pot. Then you ID the guy,
unless it is Isaiah, in which case you can ID him right away. Either way
we follow him when he leaves and track down Isaiah’s home base.”
“I don’t think I could do all that. I really don’t.”
“It’s not dangerous,” Chloe insisted. “The thing is though, you’re
the only one in our Crew he hasn’t met or even gotten a description of.
Isaiah knows the rest of us by sight and will have briefed his followers
about us in all likelihood. You’re the only one who can do this for us.
Do you see that?”
C1sman didn’t answer, just kept looking at his laptop. Paul gave Bee
an imploring look and nodded towards him. She moved up close and
put her arm around his shoulders. “Chris, honey, please. Sandee needs
this, she really does. And we’ll be right outside. You did so well before.
And this is much easier than last time.”
They all waited in silence for a long time, at least a minute, but to
Paul it seemed like ten. He was readying his own salvo of encourage-
ment when c1sman finally nodded. “Yeah, OK. I’ll give it a shot.”
Chloe
Chloe didn’t like having to go into Marsh’s den one more time,
but the woman had insisted. Their dealings over the phone had
been very professional and non-committal. Chloe as Maria would claim
to have dug up some new fact about the target—they hadn’t put the
name Isaiah out there yet—and Marsh would ask to have a hard copy
delivered by Fed Ex or private messenger. No e-mail or faxes. That
meant driving somewhere far away from their Baltimore hideout before
dropping a couple of pages into an envelope and paying twenty bucks
to overnight it an hour’s drive away. Still, that was safer than deliver-
ing it personally and then having to spend the next few hours shaking
any tails she might have put on them. But today Marsh had asked for
a face to face meeting, and that meant hiring a limo and driver again
just to keep up appearances. It also meant buying new outfits for her
and Sacco, since they didn’t want to seem like they only had one suit
apiece (which was true since the Key West house was lost). The dollars
just kept adding up. They’d come out of the con with over a million in
cash, but they’d spent over three hundred thousand since then.
It was worth it if they could get Sandee out, though, and Chloe was
going to do her best to make a play for Sandee’s release at this meet-
ing. She and Paul had come up with an excuse that seemed reason-
able enough—they would say they have information linking Sandee
to Isaiah. If Marsh got him released, they could follow Sandee back to
his friends and hopefully learn Isaiah’s location. How could they do
this? Well, Post Hoc had uncovered some secret e-mail and credit card
230
Geek Mafia: Black Hat Blues
accounts that Sandee used and would probably use again to contact
Isaiah (or at least that’s what they were going to tell Marsh). All they
needed was for Sandee to be out from under house arrest long enough to
make him disappear and then the rest of them could escape along with
him, leaving Marsh and Clover and Isaiah far, far behind them.
Chloe and Sacco had to wait in reception this time, something that
made her all the more nervous about this meeting. Was Marsh just
playing power games with them or was she really busy? Or was it both?
Or something else altogether? Chloe did her best to appear bored and
unconcerned as she paged through a copy of
National Geographic
.
Sacco played Tetris on his phone. When Larry the receptionist ushered
them into Marsh’s office twenty minutes after their appointment was
supposed to begin, Chloe was expecting apologies or excuses. Instead,