Stepping Way over the Line

Previous page
Table of content
Next page

A couple of days after the network was finally in place, Saul was ready to go back to the area around the hospital. He needed to get some usernames and passwords from personnel at the hospital so he could access the patient database. In fact, he still wasn t even sure where the patient information was being held.

This was the part he had been waiting for. Knuth had given him complete freedom to hack directly into the hospital s network and change a patient record. This was going to be the fun part of the job. Pulling on a shirt and pants, Saul started getting ready to leave the house. It was going to be a boring day in the plaza .

Saul packed some food and a couple cans of soda into his backpack along with his laptop. He bent down, lifted the top mattress of his bed, and took some money from the envelope. Having money was a great feeling and he may want to eat in a caf while he was hanging out in the plaza. Grabbing the backpack , Saul walked out the front door and headed down the street.

The plaza was still relatively empty this early in the morning, so Saul sought out a nice shady spot to take up residence for the day. There was a large tree near the fountain that would provide cover for him while he hung out. Picking a spot under the tree, he unpacked his laptop and his school books.

Saul cursed as he sat down in the still damp grass. The morning sun had not reached the point of evaporating the dew under the tree yet. But he made himself as comfortable as possible and plugged in the wireless card. He knew he may need to sit here for the entire day in order to get the information he needed.

The laptop booted up into Linux and Saul logged in as the root user . The laptop was still configured to attach to the hospital s network so when he pushed in the wireless card, the laptop beeped twice and got an address from the local DHCP server. He was online.

Saul preferred to use Ethereal as his sniffer software under Linux. It was easy to use and the results could be stored and manipulated. Watching network traffic when no one was aware made him feel powerful. All those people at the hospital had no clue that their information was flying over the heads of thousands of people everyday. How easy it really was to get into the network. He brought up the application and started the long process of collecting usernames and passwords. Hopefully, one of the usernames and passwords he got today would help him log in to the patient database.

He pulled out one of his programming books and a notepad. Pretending to do school work was the best way he could think of to not look overly suspicious hanging out under the tree. Lots of people hung out here to get fresh air under the clear blue skies. The real reason for having the notepad out was to log usernames, passwords, and IP addresses that popped up on the wireless network.

The problem with sniffing on a wireless network is that you see only traffic being transmitted across the access points. Any wired connections just won t show up. Saul spent the first half of the day logging information but was able to log in only to the database at the front desk for admissions and patient tracking. About lunch time, he decided it was time to eat so he pulled a sandwich out of his bag. It s going to be a long day, again, he thought to himself. He was beginning to think this might take more than one day. Don t any of the doctors or nurses use the wireless network?!?

It was getting hot outside the hospital and Saul was sweating, even in the shade of the tree. More and more people had descended upon the hospital as the day lingered on. Medical personnel from the hospital were moving and out of the hospital, some of them eating lunch on the edge of the fountain and others checking e-mail. But still there were no account names that gave any clue to the patient database.

Saul sighed to himself and adjusted the way he was sitting. Just then, Saul overheard a conversation between two apparent doctors sitting nearby. Maybe there was hope after all.

Hey Jorge, what are you doing after lunch? asked one of the doctors.

I ve got a routine appendectomy. I forget what time it starts though, was the reply. Why do you ask?

I ve got an abnormal x-ray that I wanted to get your opinion on. It won t take long, if you have a few minutes, the doctor responded.

Alright, let me check my schedule.

Right before Saul s eyes, the packets showing the doctor s login showed up on the screen. The doctor directly logged into one of the IP addresses that Saul had identified as a potential patient database. He was ecstatic. He finally had the information he needed. Saul breathed a sigh of relief.

But he could not leave until he had tested the information he had for himself. Saul was using a FreeTDS-based PERL script to connect to the database. It was rudimentary and didn t provide a constant connection, but it would have to work. Microsoft refused to release a Linux client to access their SQL Server database, so there were very few options. Besides, he didn t need constant access to the database, just long enough for a few transactions.

Logging into the database using the doctor s credentials, Saul performed a basic query to search for the name Matthew Ryan. Only one hit came back for the name Matthew Ryan. The name Matthew wasn t exactly a popular name in South Africa and Saul had assumed it would be fairly easy to bring up.

Looking around nervously, Saul decided to try and change the record. He felt silly being so paranoid when he had obvious authorization to be doing what he was about to do. There was no one watching him. Saul reminded himself of the $5,000 he was going to get in a few days once this had been done.

April 15th was still two more days away. He had plenty of time. But Saul knew that he was here now and logged in to the patient database. Now is the time. Make the damn change, he told himself angrily. This is totally legit. You have been asked to do this by the owner of the hospital.

With that in mind, Saul made the query that would change the listed blood type from Type B positive to Type A. He wasn t a doctor but he knew that these two blood types were completely incompatible. I suppose that was the point that Knuth wanted to make to his security team, Saul thought to himself.

The record had been changed and Saul needed to verify it one last time. Running the original query again from his PERL script, he got the record back for Matthew Ryan. The blood type had indeed been changed and Saul s work here was done. He packed up all of his books and gear and headed back home to notify Knuth.

The e-mail that Saul sent to Knuth that evening was simple. 

 Knuth, It's done. Thank you for he opportunity. I hope to work with you in the future. Saul


Previous page
Table of content
Next page
Stealing the Network. How to Own a Continent
Stealing the Network. How to Own a Continent
ISBN: 1931836051
EAN: N/A
Year: 2004
Pages: 105
BUY ON AMAZON
Adobe After Effects 7.0 Studio Techniques
A Practitioners Guide to Software Test Design
MySQL Clustering
101 Microsoft Visual Basic .NET Applications
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy