NOC NOC, Who s There?


The contract arrived from Antonio through the usual channels ”a long-legged blonde with a tattoo of a spider on her hip. The job was a big one, and required traveling to Nigeria. The target was Paul Meyer, security officer for the NOC (Nigerian Oil Company), the largest exporter of crude oil in Nigeria. The assignment called for Charlos to obtain Meyer s credentials and a reliable channel to the NOC internal network. As a secondary objective, any information found on Meyer s hard drive was considered a bonus, which meant a bonus for Charlos. In other projects Charlos usually found out half-way through why the target was of importance: a political figure, the CFO of a company, a military leader, and so on. This one was straightforward; whoever employed him wanted unlimited access to NOC s network. Their motive for having access to NOC s network, however, was still a mystery.

As usual, Charlos started his project by Googling for Paul Meyer. Meyer appeared to be a South African contractor working in Nigeria for NOC. He was part of SALUG, the South African Linux user group . He made several posts about kernel modifications and firewall rule base management. From his posts Charlos figured that Meyer was no dummy , and more important, security aware. Meyer also made some posts from his NOC e-mail address. These were more subdued; he clearly didn t want to give away too much about the infrastructure or technologies of NOC. Meyer appeared to be an online-type person, like most good security officers; he frequently made posts, was quoted on chat rooms, and even had his own homepage. This was all good news for Charlos ”the more he could learn from his target, the better.

Owning Meyer online clearly would not work. From his posts Charlos could deduce that the man probably could not be conned into running a Trojan, had his personal machine neatly firewalled, and took care to install the most recent service packs . He also figured that Meyer s PC was running a particular flavor of UNIX. Charlos wondered if his employers went down the same route, that NOC itself was a heavily fortified network and that they couldn t get to Meyer in the usual ways. Perhaps they hit a brick wall trying to get into NOC from the Internet, then targeted Meyer only to find out that he couldn t be taken. Which would explain why he was contacted ”to go do the meat thing in Nigeria. Though Antonio usually provided interesting work it seldom required an elegant hack.

A big break for Charlos was finding out that Paul Meyer used MSN, probably to communicate with his friends and family back in South Africa. MSN s search function had proved to be a good source of intelligence before. If he could convince Meyer to add him as a contact he could possibly find a pattern in his online behavior, maybe even social engineer some details of the NOC network. Charlos started looking for people that Meyer spoke to in his online capacity. Jacob Verhoef was one of these people. Meyer frequently responded to Verhoef s posts, and some additional Googling proved that these two studied together. He created the e-mail address with as much detail as possible, to convince Meyer it belonged to his friend Jacob, hoping that Meyer automatically would assume it was the real Verhoef. What were the chances that Meyer and Verhoef have been talking online already? It was a chance he had to take. Charlos registered a hotmail account: jacob.verhoef1 @hotmail.com. He filled in all the registration forms as accurately as possible.

It worked ”Meyer allowed him to be added as a contact and Jacob Verhoef had some interesting chats with him. Whenever Meyer starting referring to their varsity days, Verhoef became vague and switched his status to offline, blaming South African Telkom for their poor service when he went back online. A bigger challenge (that Charlos never thought about) was the language; it turned out that both Meyer and Verhoef spoke Afrikaans. When Meyer typed in Afrikaans, Charlos would always respond in English, and soon Meyer would follow suit. They didn t speak too much; whenever Charlos steered the conversation to the NOC s network, Meyer just sidestepped it. But this was enough for Charlos ”he could monitor exactly when Meyer was at work and at home. His target followed a strict routine ”his status changed from Away to Online from about 7h00 in the morning, there was a break from about 7h50 to 8h30 (while he was traveling to work, which, thanks to traffic in Lagos was typically a long commute), he stayed online most of the day until exactly 17h00, and then would head back home, being online from 20h00 to around midnight. Weekends were different, with no apparent pattern.

And so he found himself at passport control at Lagos International Airport. He was there as a computer forensic expert working on a case for the First Standard National Bank of Nigeria (SNBN) ”though SNBN did not really exist. Having traded some personal details of wealthy business men in Lisbon (which was bonus material from another project) with a group of 419 scammers he now had all the right papers. Charlos knew that sticking close to the story was essential. If they opened his notebook bag and found his equipment it would be difficult to explain; that is, unless he was a computer forensic expert on a job for SNBN.

He took a taxi to Hotel Le Meridian. Everything in Lagos was dirty and broken. Even with its four stars and a price tag of $300 per night, the hotel s water had the same color as Dr. Pepper. You couldn t even brush your teeth in this water let alone drink it. He went down to the bar area, and had a Star Beer and chili chicken pizza. It was not long before the prostitutes hanging around made their way to him. He was blunt but polite with them ”he was in no mood for a dose of exotic STDs, and besides, he had work to do the next morning.

Lagos is rotten with wireless communication systems ”satellite, WiFi, microwave ”you name it. Since the decay of public services, the only way to communicate fairly reliably with the outside was via wireless systems. Charlos decided to take a cab to the NOC s compound ”every taxi driver knows the exact location of these compounds. The compounds are the retreats for foreign nationals working in Lagos ”the only way that a company can get contractors to work for them is to place them securely in a compound. There they have access to running water, Internet connectivity, personal drivers, and internal canteens. It s a bit like an internal network, Charlos thought. Once inside the gates of the compound you are trusted, especially if you are white and have a foreign accent .

Once inside the taxi he booted his notebook and started NetStumbler. Along the way to the compound Charlos stumbled across many networks, most of them without any type of encryption. He asked the driver how far away they were from the NOC compound. When they were about ten minutes from the compound, Charlos told the driver to stop. He was DHCP-ed into the internal network of a bank, with unhindered access to the Internet. He logged into MSN as Jacob Verhoef. Meyer was logged in. It was 10 a.m. ”chances were good that he was at work. He told the driver to continue.




Stealing the Network. How to Own a Continent
Stealing the Network. How to Own a Continent
ISBN: 1931836051
EAN: N/A
Year: 2004
Pages: 105

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net