Aftermath... The Last Diary Entry of Demetri Fernandez

Aftermath The Last Diary Entry of Demetri Fernandez

It was 3 a.m. on a cold May morning. My college sweetheart and I were returning home from a college reunion when it happened . I received a phone call on my cellular phone. It was late and I don t make a habit of taking late night calls, but there was no caller ID displayed on my phone so out of curiosity I took the call. It was Charlos, an old college friend whom I had not spoken to in what must have been three years , and who hadn t been at the reunion. Charlos and I used to be the best of friends ; we grew up in the same town, went to the same schools , and (almost) dated the same woman ”which is just about when we stopped talking. As far as I was concerned , Charlos should have been the last person on the planet to call me ”ever since the Laura (or Laura19) episode, we haven t been able to look at one another, let alone speak. Laura, my now fianc e, went through months of counselling to get over the things that Charlos did to her.

Charlos had called me that night to let me know that he was back in town and that he needed help. I repeatedly inquired about what kind of trouble he was in, but he insisted he d explain everything on his arrival. Late that next evening, he was on my doorstep with just the clothes on his back ”he looked awful .

Even after everything we had been through, I had no choice but to offer him our couch ”an offer he received graciously, promising that he would pay us back for our trouble as soon as he had a chance to find a new job. Over the following week, Charlos described events that had taken place since his sudden departure from college; he sure had gotten involved with the wrong people. Charlos lived with Laura and me for almost two months, during which time, with our support, he re-enrolled in college and found himself a part-time job at a local store. Things seemed to be picking up for Charlos. I started to believe that there was hope for him yet. And then one night, he left our house on his bike for work, and that was the last time I saw him. His decomposed body was recovered three weeks later from an old creek some 15 miles down the road. This obviously came as a shock to both Laura and me Sure, Charlos had done some bad things in the past, but he didn t deserve this. Months went by and the local sheriff s office gave up on their investigation. I wanted to believe that they had investigated every lead, but to those guys he was just another stiff in the morgue.

As far as I am aware, other than the perpetrators of this awful crime, I was the last person to see Charlos alive . I m cataloguing these events in my diary so one day maybe I can find the truth. I ve included the following information to show the result of the several months of research I put into figuring out what really happened to Charlos over the three years in which he disappeared and who it was that wanted him in a body bag. He sure did go through a lot of changes since his former role as my college dorm buddy.

From the research I have done, the issues surrounding the concept of hackers for hire is a topic that has been discussed by the kinetic and electronic media for years, whether it be the ethics surrounding hiring hackers to test the client networks of large, publicly trading information security firms or the issues surrounding the illicit extreme ”handing money over to individuals to break the law for self gain, the hit men of the electronic age.

In a world where we are becoming increasingly reliant upon electronic information systems to store data such as birth records, personal correspondence, and our credit ratings ”the information the rest of the world relies upon to determine who we are ”it is inevitable that the market for individuals who are able to manipulate and harvest data belonging others would be quick to develop.

From the perspective of those who, on a daily basis, are involved in the compromise of systems belonging to large organizations for self gain or for the thrill of the hack, the act of modifying or harvesting said data (a task, which in the eyes of the great cyber-unwashed, may seem like an impossible feat) is often somewhat of a walk in the park.

Of course, not all who are capable of performing such tasks are also motivated into taking payment in return for what in most countries is now considered to be a breach of the law. The decision made in order to determine whether an individual is prepared to take money for performing an act of crime is often a function of the risk associated to the act, and the individual s preference to risk. One of the risk preferences that we can observe is the attacker s perceived consequences of detection and attribution ”in other words, how bad will things get if my attack is detected and I am found to be responsible? This, along with other risk preferences, are often neglected, or at least less weight is put on consequences of an attack, such as detection or attribution when the attacker is highly motivated to achieve an objective ”such as the acquisition of funds, or in the case of Laura19 s (my fianc e s) e-mail account, revenge .

After the Laura event, the life of Charlos seemed to drop to an all-time low. He was out of money, he was out of college, he was now out of work; Charlos was desperate. When his first job came about, it was apparent that prior to his current situation and state of mind, he would not have considered taking a dime, let alone $350 for something as trivial as cracking a password on a Microsoft word document. For a guy of his purported skill, such a task would have cost him only the processor time of his computer. At this point in the story, Charlos developed an entrepreneurial side to his personality as he gained a taste for making money out of things that prior to his debt, he may never have considered doing. The candid way in which Charlos advertised his willingness to break laws in exchange for money further indicates that he remained desperate to acquire additional finances, his priority set on acquiring said funds influencing his preferences to risks which in the past may have been unacceptable.

The response that Charlos received from SuzieQ was just what he was looking for ”a potential customer who was both naive of the hacking scene and prepared to pay a substantial sum for a task that would result in a high-value yield in the eyes of SuzieQ, but that turned out to be relatively risk-free, at least as far as Charlos could see. Although his preferences to risk clearly were affected by his need to acquire funds to pay off his debts , he remained diligent when it came to his first contacts with SuzieQ, attempting to protect his identity through contacting SuzieQ by call-box only.

At this point, Charlos was further motivated to pursue his new found carrier as a hacker for hire. His first real hack was easier than he ever imagined, paid well, and as far as he could tell, he was exposed to no real risks to complete the task in hand. This was, of course, until he came face-to-face (or more accurately, face-to-fist) with the first taste of reality of what he was doing. The chances are that prior to his career as a professional hacker, a large majority of the attacks that Charlos engaged in were against targets in other states, countries, or continents, and impacted people of whom he had no knowledge, and more the point, would never meet. His unscheduled rendezvous at the wrong end of Antonio Conzales 9mm pistol was somewhat of a wake-up call for Charlos; although on this occasion it worked out well for Charlos, it could have brought the story to an abrupt end.

In the immediate events following his capture and through negotiations with Antonio Conzales, the attack risk preferences of Charlos were turned on their head. He was now hacking to stay alive; failure may have well resulted in, as our gangster friend so aptly put it, Charlos swimming with the fishes. Before long, his priorities were focused around getting a job done (he no longer had a choice) rather than on his pre-Antonio life in which he was free to take or reject jobs as he pleased. Over the following months, Charlos grew to understand that information security was not just about ones and zeros; it is more of a people problem. He became increasingly interested and perhaps more to the point, he saw the value in the more physical aspects of his work. This was corroborated when addressing the compromise of Mayer s personal computer at the Nigerian Oil Company. Charlos assessed the asset that he was to target and the resources to which he had access, and determined that Mayer was technically proficient enough to make many of the technical resources that Charlos possessed ineffective in this circumstance. Furthermore, without additional resource, Charlos recognized that if he were to attempt his objective through technical attacks alone, due to a lack of resource the probability of success would be low and the probability of detection too high. To offset these adverse conditions, Charlos increased his initial level of access (a resource) through a physical attack against the Nigerian Oil Company, and augmented his physical attack with his pre-existing technological resources.

Several days before Charlos disappeared, he handed me an envelope, instructing me to open it only if something happened to him, but not, under any circumstances, to disclose its contents or my knowledge of its contents to anyone , not even Laura. The envelope contained the mailing address of an individual known as Knuth. Using the knowledge I attained when researching the scene in which Charlos had become involved, I attempted to search several public databases for both the address and name of this mysterious individual. Although my searches returned multiple references to a Donald E. Knuth, author of what seemed to be some kind of computer programming books, I failed to find a single reference to the address in the envelope.

To this day, I am unaware of the true identity of the mysterious figure, who I believe is somehow connected to the death of my once dear friend. I am writing this in the hope that once published, someone out there will aid my search in uncovering the individual s identity. If you do discover One moment, someone is at the door