Breaking and Entering Read online

Page 18


  If I’m here, I’m going to play, Alien decided. And if I play, I want to win.

  She started typing on her own laptop.

  Alien recognized right away that computers with the printer and domain servers were both UNIX systems. From her experience at Mayflower Hospital, she knew their vulnerabilities intimately. One after another, Alien grabbed their flags.

  Bruce used his laptop to emit a gong noise, announcing an hour had passed: one p.m. On the screen at the front of the room, he projected a running tally:

  Alpha Force—1

  Hack Attack—0

  Road Warriors—0

  Pissed Officers—2

  Ziggy Stardust—2

  Five minutes later, Ziggy Stardust pulled ahead, as Alien showed Stubble and Clean Shaven how to make the mail server cough up a list of usernames they could then feed through a free “password cracker” program that quickly tested thousands of common combinations per target until it hit the mark.

  At this point, Soul Patch closed his phone, lining up with the other guys like bobsled team runners to look over Alien’s shoulder as she steered.

  The next steps were a lot trickier. The applications and database servers were both Windows systems, which Alien had barely touched, so she and her teammates focused on the file server. A port scan revealed that it had a Web interface that allowed users to upload and download data with a simple browser. This Web app was supposed to let you see only your own files, but Alien discovered that she could roam freely if she opened and altered the code for the underlying Web page buttons. This eventually gave Ziggy Stardust their fourth flag.

  The gong sounded again: two p.m. Alien looked up. Bruce had projected a fresh scorecard:

  Alpha Force—2

  Hack Attack—1

  Road Warriors—2

  Pissed Officers—3

  Ziggy Stardust—4

  Her teammates cheered. They were leading. Just two flags to go.

  Then Soul Patch moaned.

  “Shit,” Stubble said.

  “Tied,” reported Clean Shaven.

  Alien checked Bruce’s updated screen. The Pissed Officers had just grabbed a fourth flag too.

  Alien looked behind her, to see the Officers high-five one another. They looked smug and confident, certain of victory.

  I don’t think so.

  Alien pivoted to the database server. Bruce had spent half the morning on Thursday leading them through a technique called “SQL injection,” a venerable database-specific attack. SQL (pronounced sequel) stood for Structured Query Language—the language used in database lookups. A SQL “injection” worked by weaving a hacker’s own commands into normal queries. Consulting her notes and the coursepack, Alien tried this approach now.

  “admin,” she typed in the field for username in the database login screen.

  “Stardust' or 'x'='x,” she entered in the field for password.

  The database checked for users with that name and password. “Admin” would be the root account, she strongly suspected, and the “Stardust” part of the password suggestion was just a whimsical placeholder, inserted because something had to be there. But the single quotes and the equation that followed the “or” statement were crucial. Exploiting how the system processed instructions internally, Alien was telling the database, “Let me in if your administrator has the password ‘Stardust’—or if x equals x.” Even if the first part, about the password, was almost certainly incorrect, the second part, containing the equation, was a true statement. So she got in. It was like a test where you could get every question right by adding the same special code word at the end of your answer.

  “You did it!” said Soul Patch, amazed, as the system returned the flag itself as output.

  “Shh,” Alien told him, not wanting the other teams to guess their strategy.

  And she already had a trick in mind that she thought might gain them the final flag.

  The only sound in the room now was frantic typing and the low hum of the projector fan. On her laptop, Alien activated a backgrounded window for command line instructions.

  “tcpdump -i eth0 -s 0 -w telsniff.log,” she entered.

  “tcpdump: listening,” the system returned.

  TCPdump was an all-purpose traffic sniffer. The classroom network had been set up to stop snooping, but Alien had overcome its safeguards near the beginning of the game, when Stubble tried to lead direct attacks. Now she could get complete records of all information sent back and forth by every team. Given that most of her classmates here were far more experienced with Windows machines than she was, it was almost certain one of them would use his knowledge to pwn the application server before she could.

  The only question was whether anyone smart enough to grab the flag would be careless enough not to encrypt it in the transfer back to his own computer.

  A few minutes passed. Alien typed Control-C to end the listening process. Then she opened the log file she had created in a new program, Wireshark. The screen filled with a long list of captured Internet traffic, broken down by time, source, destination, protocol, length, and content.

  “Whoa,” she heard one of the guys behind her say.

  Alien typed rapidly, telling Wireshark to filter out everything but traffic to and from the application server’s address.

  “Come to Mama,” she whispered expectantly.

  Aha. An electric thrill ran through Alien. At least one team—Pissed Officers—had gotten the flag, she saw.

  The guys behind her held their breath. Slowly and methodically, Alien carved out the file in question from the mass of raw data, combining it with the other flags to show all six flags together. “Get it?” she asked her teammates.

  The flags formed a time-based cipher, using the hours of the day, 1 to 24, to represent the letters A through X. Rather than risk another team’s interception this late in the process, Alien translated the message by hand with pen and a piece of paper torn from the coursepack: “W-E-L,” it began.

  When she finished writing, Alien stood, clutching the ragged edges of the paper with trembling fingers. The other teams were all still working, but she sensed their eyes on her back as Bruce waved her forward.

  Alien leaned close, her chin brushing the scratchy outskirts of his beard as her lips reached his left ear.

  “Welcome to the virtual world,” she whispered.

  Bruce paused, regarding her solemnly without responding. Then he smiled, raised the signed book from the table beside him, and presented it to her with a flourish.

  “Congratulations,” Bruce said, shaking her hand.

  Stubble, Clean Shaven, and Soul Patch applauded. The Pissed Officers slumped in disbelief.

  At five o’clock, all the other SCAN students, now confirmed Bruce groupies, lined up to thank him, trade business cards, and inquire excitedly about bringing Elite Defense to their workplace. Alien just watched, proudly clutching her signed copy of Security by Ferris. She didn’t want the chance to hire Bruce or Jules. She wanted to be Bruce or Jules.

  Now that the capture-the-flag contest was over, all she wanted was to play again—except now for keeps, and as a member of Elite Defense.

  It seemed as if her wish would come true immediately. As he said good-bye, Bruce gave Alien his personal email address and phone number. “You should work for us,” he said.

  Alien wrote the next day, and again two weeks after that, thanking Bruce both times for the book and telling him she was interested in discussing a job with Elite. He wrote back both times, amiably, yet with maddening vagueness.

  In August, Alien got a voice mail from Bruce. “Hey,” he said breezily. “Looks like Jules Ferris and I are coming to Boston next month. We should meet up.”

  Three more weeks passed without another word. Then, checking her email late Friday night, Alien found a message from Bruce saying he and Jules would be in town tomorrow to meet a client. Could she recommend someplace for dinner?

  “Dalí,” Alien wrote back immediately, nami
ng a lively Spanish restaurant and tapas bar by the Cambridge-Somerville border, just minutes from her own place.

  “Very cool. Thanks!” Bruce replied thirty seconds later. “Join us?”

  It was a perfect warm, clear Saturday night in mid-September. Alien pulled up to the restaurant on Pepper, dressed in one of her black leather motorcycle jackets, a black miniskirt, and high black zip-up boots. Bruce and Jules were waiting outside with the client, who was wearing a suit. When they first beheld her, they did a double take in unison.

  “Good evening, gentlemen,” Alien said, hugging Bruce and shaking hands with Jules and the client. The three of them seemed to vie to open the door for her until Bruce and Jules let the client enjoy the privilege.

  His name was Spencer. He entered after her, already loosening his tie. Bruce followed, nodding his wild beard approvingly at the restaurant’s long front bar, stamped copper ceiling, and textured gold-painted accent wall. Last was Jules—clean-cut and cue-ball bald, with frameless rectangular glasses and a semi-permanent impish grin—mouthing his name to the hostess. They passed a table of giddy diners, one of whom blushed as several waiters and waitresses with tambourines and maracas sang “Happy Birthday.” The hostess led them past beaded dividers to a dimly lit and less clamorous back room decorated with copper pots and framed photos of flamenco dancers.

  “Where did you find this place?” Spencer asked, excited enough to order a pitcher of sangria, a bottle of red wine, and dirty martinis all around.

  “Bruce asked Elizabeth,” Jules answered.

  Alien shrugged modestly. The truth was, she had long heard of Dalí, but had never actually been inside before.

  “Good wine, good atmosphere—I’m happy,” she said.

  Drained glasses and empty plates, bowls, and ramekins covered the table two hours later. Spencer checked his watch—ten p.m.—and sighed.

  “Excuse me,” he said, standing tipsily, the breast pocket of his suit stained with olive oil. “Thank you for dinner,” he told Bruce and Jules. “And thank you,”—he bowed to Alien—“for your charming company.”

  She smiled. After he had left, she turned to the Elite Defense guys. “Let’s go get a drink. The night is young. The world is our oyster,” she said.

  They walked next door, to the Kirkland Tap and Trotter, and took seats at the bar.

  “So what brought you to Cambridge?” Jules asked Alien.

  “Originally?” she said. “I went to MIT.”

  “Really?” He looked surprised. “And what did you major in?”

  “Electrical engineering and computer science.”

  Jules looked even more incredulous. It was as if the possibility she could code had never occurred to him. Alien was able to see from his expression that he was recalibrating his presumptions. But simply stating her major wasn’t enough. Whereas technical guys assumed another man they met knew what he was talking about until he made an obvious mistake, the reverse was true of a woman. Alien still had to prove she was legit.

  She took Jules’s hesitation as a chance to seize the moment. “You must get a lot of résumés at Elite Defense. How do you pick who to hire?” Alien asked.

  Bruce and Jules spoke reverently about “the Elite culture” and then launched into specific hacking stories. Alien added her own, which surprised them further. As the conversation continued, she made subtle technical references, citing specific Linux varieties and version numbers to further impress on them her experience. The three of them weren’t quite comrades in arms, but Alien had made clear her abilities.

  If they had a job opening, they would hire her. She was sure of it.

  Shortly after midnight, Alien waved good-bye and rode off, and Bruce and Jules waved back as they slid into their taxi.

  Mid-October, four weeks after the Dalí dinner, Alien checked email late at night at the desk in her bedroom. Her new boyfriend, Tanner, lay in her bed, reading.

  Alien was ecstatic. “Bruce wrote!” she said excitedly to Tanner. “He wants to know what salary I want!”

  Tanner grinned. Tall and angular, with spiked flame-red hair that accentuated his resemblance to David Bowie (another reason for her Ziggy Stardust shout-out at SCAN), the former Senior House resident made his living as an electrical engineer but spent equal time working as a painter, sculptor, and performance artist. “What are you going to say?” he asked.

  “These guys are the best in the business,” Alien said. Stay cool, she figured. Start with a nice round number.

  “$100K,” Alien wrote.

  Alien woke alone early Sunday afternoon. On her desk was a note from Tanner: “At the studio. Love you.” Smiling, Alien flicked on a yellow lava lamp, but natural light from the skylights washed out its spectral glow. She checked email again.

  A new message. From Bruce. Five words: “Sorry, that’s outside our budget.”

  No.

  What went wrong? Alien asked herself, reading and rereading the one-line email.

  She fell onto her bed crying. Bruce’s rejection was unambiguous, Alien thought—and it left no room for negotiation.

  That’s it, she told herself. It’s over.

  After three months of waiting to get through the door with Elite Defense, the door had been slammed in her face. And she had been the one to shut it.

  The tears flowed for ten more minutes. Then, when she could breathe regularly again, Alien picked up her cell phone. Whose counsel could she trust in a situation like this one?

  She called.

  “Uh-huh, uh-huh . . . ,” he said, as she explained what had happened. “Oh, Elizabeth. I’m sorry. . . . No—listen: here’s the lesson. In any negotiation, you always make them throw out a number first.”

  “I know that now,” Alien said. She was near tears again. “But what should I do?”

  “Relax.” The voice on the other end of the line was steady, cheery, and sympathetic. “Just call him.”

  “Can I?” said Alien.

  “Why not? He can say no again. Or he can offer you peanuts. But you’ve got nothing to lose.”

  Alien wiped her cheeks dry. “Okay . . . ,” she said shakily. He’s right, she thought. “I’ll try it.”

  “Now you’re talking,” the voice said. “Go get ’em.”

  Alien smiled, as calm and confident as she was going to be.

  “Thanks, Dad,” she said.

  It was one p.m. on the East Coast but ten a.m. on the West Coast—and Bruce lived just outside San Luis Obispo, very close to where he’d grown up.

  He answered on the second ring: “Hello?”

  “Hey, I got your email,” Alien said confidently. “I know you wanted to make it happen, and I do, too. Why don’t you just tell me your best offer, and I’ll make it work.”

  Bruce said nothing. Alien counted five long seconds of silence, then ten, and then fifteen.

  Shoot, she thought, wincing. He’d have to reject her outright, though, she decided. She wasn’t giving up.

  Finally, Bruce spoke. “Eighty thousand,” he said.

  What? Alien’s heart surged. She struggled to hold the phone steady. She was going to work for Elite Defense. And they were paying her eighty thousand dollars a year for the pleasure.

  “Great,” she offered back in the coolest, most casual voice she could muster. Alien fist-pumped. “Sign me up.”

  10 / /

  Check, Please

  Elite Defense was owned by five partners. Three, including Bruce and Jules, were computer security experts, one was a former Silicon Valley executive, and the fifth was ex-military, a retired air force commander superb at physical surveillance and with an encyclopedic knowledge of technical gear. Thanks to their prior work experience and such current activities as teaching at SCAN, all were good at bringing in business. “If we come in to give you a test, you will have been tested,” they promised Fortune 500 companies and government agencies and contractors. “We will pwn you if you can be pwned—and we haven’t had a client yet who couldn’t be.”


  Elite itself was a small and loosely organized company. There were only nine people: the five co-founders, two veteran associates, an office manager, and now Alien. The office manager was the only other woman, and no two Elite staffers lived in the same city. They communicated with one another either by cell phone or through a private email and chat system. Since there was no apparent hierarchy among the five partners and they didn’t seem to gather regularly as a group, even online, who was in charge of what seemed determined by chance or the whim of the moment. It was a miracle that she’d been hired at all, Alien realized now.

  The Elite Defense co-founders called themselves Jedis. Mixing metaphors—or, rather, the Stars Wars and Matrix movies—they called Alien and the two other associates Agents. Three months after signing on, however, Alien had yet to perform any technical work. Instead, she spent late fall and early winter editing other people’s project reports. When she was finally given her first assignment, it didn’t require any of her coding and command line skills at all. She didn’t know if this was because she was female, or just new, or for some other reason.

  The assignment was breaking into a bank.

  It was a clear, cold January Monday in Wilmington, Delaware. Alien pressed her hands to the passenger-side heating vents of a gray Ford Taurus—chosen because it was the most boring rental Hertz had on the lot with a closed, lockable trunk. Her outfit was also purposefully nondescript: two-inch black leather heels, a long dark brown skirt, a prim white blouse “borrowed” a few years earlier from her mother, and a long tan trench coat in remarkably good condition considering that Piñon had bought it for her at the Santa Fe Goodwill. Beside Alien, behind the wheel, sat the former commander, a scowling, heavy-jowled man of fifty named Richard. Across the street was the twenty-story glass-clad regional headquarters of one of the country’s biggest banks, with over one thousand branches nationwide and $100 billion in assets.