The Weakest Link
In. They uploaded their work history, their current positions, job descriptions, everything that a hacker could ask for was freely available.
Jack clicked on the search bar and typed in Tesla. A few options popped up, the first one being exactly what he was looking for, People Who Work at Tesla Motors. Thanks, Linked In. Jack smiled to himself. The search result returned over a thousand employees. Looks like it’s going to be a long night. Jack eased back in his chair and started to scan the profiles, looking at each person’s title and then at their profile picture.
After many hours searching, he still hadn’t found exactly what he was looking for. He wanted somebody that worked in the software division, preferably on the autopilot program. He found lots of Project Managers but they could be working on any project. He wanted somebody that he knew would have access to the autopilot program.
Jack had to come up with another plan. He went back to the beginning and started searching again, this time pausing on one profile. Her name was Jenny Williams, HR Assistant. Jack sat back on his chair and rubbed his chin, a small grin on his face. This was his ticket in. He opened her profile and read her job description. He stood up when he saw what he was looking for, part of her responsibilities included organograms. She would have a list of all the staff who worked for Tesla, grouped by their departments.
Based on her job profile, she probably wouldn’t have a Notebook so that ruled theft out of the equation. Jack opened Facebook in a new browser session and typed in her name. The search results came back with fifteen Jenny Williams, but only one in Palo Alto. He clicked on her profile and started to scan all her posts, looking for little bits of information that could help him. He noticed there were lots of photos of her with a Golden Labrador. She must be a dog lover.
Jack smiled to himself; his plan was coming together. He searched the internet for Labradors, looking for anything that seemed popular. He came across an article: How to stop your Labrador from digging holes. He went back to her Facebook pictures and saw what he was looking for - a recent photo of her dog, tongue hanging out, standing next to hole in the garden looking chuffed with himself.
He copied the article to his desktop. Checking his watch, he noticed it was six on the morning; he had gone through the whole night. I’ll quickly set up the site and then I can get some sleep. Jack logged onto his special server that was hosted in the Bahamas. He created a webpage that looked just the one he got the article from, embedding a special program into the webpage that would execute on the user’s computer when they opened it.
This program would enable Jack to access the user’s computer remotely. He would be able to get all the information stored on their computer from the comfort of his apartment. Now that he had the fake website up and running, he just had to send Jenny an email and hope she clicked on the link. Jack logged into an email server he had hacked years ago, and still had access to. He used this email server to send these types of emails from. He would change the sender’s name on the email to look as if it came from the website he had copied the article from. He put the title of the article in the subject line and then, in the body of the email, he typed a short message with a link to his fake website.
Jack double checked there were no spelling mistakes, a common error made by hackers and often picked up by their victims. When he was satisfied, he sent the email. It was now a waiting game. Dark circles were starting to form under Jack’s eyes. He stretched out his hands, his mouth wide open and let out a loud yawn. It was time to hit the sack. He flopped onto his bed, kicked off his shoes and closed his eyes, drifting off into a deep sleep.
Jenny arrived at work a little earlier than usual. Her boss was coming back from vacation and she wanted to make sure everything was ready for her. While her boss had been away, she had been tasked with updating all the organograms and contact details of all employees. Jenny had burnt the midnight oil for the last few nights, putting all the organograms together. She had restructured all her folders so she could find the information easily.
She sat down in her chair and switched her computer on. She always switched her computer off when she left for the day. She had heard stories of people logging into computers when you weren’t there and the last thing she wanted was to be fired for being careless. She logged into her computer and opened her email. A good time to fetch some coffee, she thought as her emails began downloading.
If there was one thing worth staying at Tesla for, it was the coffee. The machines were imported from Italy and the coffee beans were freshly ground, filling the air with the finest of aromas. Jenny sat down and started going through her emails. She saw one that interested her, How to stop your Labrador from digging holes. Almost from the first day she had adopted Maximus from the local pound, he had dug holes in her garden. She opened the email and saw it had a link to a website. She looked at the email again, it looked legitimate, it was from LabradorLovers.com. She clicked on the link and opened the webpage.
Her computer froze. There was nothing she could do to get it going again. She tried shaking the mouse and hammering the keyboard, but nothing helped. She waited a few seconds and picked up the phone. She dialled the IT Help Desk and as the phone was answered her mouse sprang to life.
“How can we help?” A voice sounded through the handset.
“Oh, I’m sorry, false alarm.” Replied Jenny and she put the phone down.
She moved the mouse around, opened a few programs and checked that everything was working. Must have been a glitch, she thought to herself, everything seems fine now.
Scuzzy was bored. He had been sleeping next to Jack the whole morning. It was time to play. He noticed a large object sticking out of a sock at the bottom of the bed. He crept closer, steadying himself before he pounced. His claws sank into the flesh of Jack’s big toe, waking him instantly.
“Scuzzy!” Jack screamed out in pain.
This was Scuzzy’s way of waking Jack and it never failed. Jack stood up and walked to the bathroom, looking at himself in the mirror as he splashed some cold water over his face. He shook his head and towelled himself dry, giving Scuzzy a dirty look as he walked to his computer. Let’s see if the fish has taken the bait. He thought to himself, smiling at his own little joke as the hack he had just done was known as a phishing attack.
Jack logged onto his server and opened his console. There, on the left, he saw the that a new computer had been registered. It looks like her Labrador is digging holes in the garden. Jack clicked on the computer and it opened a list of directories. Jack looked at the naming convention; HR people were normally well organised. There was a master folder called Tesla that Jack opened. Inside were numerous sub-folders. Jack looked for anything that contained auto-pilot, and there it was, a folder called Autopilot Software. Jack opened the folder. Inside was a list of files which he scanned through before opening the one called APOrganogram. It was a complete list of all employees that worked on the Autopilot Software at Tesla.
Jackpot! Jack thought to himself. He copied the file to his computer and started going through the list. The titles were all similar; lots of software engineers, some managers and then the one he was after, R&D. Research and Development were always easy targets and often had full access to the programme. Getting to the production system would be impossible, but development versions were always forgotten about and usually left lying around somewhere, waiting to be stolen.
Five people were listed in the Research and Development department. Jack went through their names, searching for an opportunity. He came across one name that he paused on, Morgan Chen. Looks like he is of Chinese descent. Jack thought to himself. Jack had studied lots of different cultures and the general characteristic traits of each culture. This normally determined the approach he used when trying to get information from them.
Jack had to get access to Morgan’s computer. There was a good chance that the software could be on there. If not, however, it would at least give him a clue as to where the software was located. Jack’s
mind was racing as he began formulating his plan. He looked again at the organogram, noting who Morgan’s boss was and who headed up the software development division. Knowing the names of the top dogs always came in handy, especially if things weren’t going as planned.
Scuzzy was getting hungry again and started circling Jack’s hand as he was moving the mouse around.
“Not now Scuzzy, I’m working.”
Jack knew it was pointless trying to argue with a cat so he got up, opened a new can of tuna and filled the cat’s bowl. He received a loud Purr in appreciation and a rub with Scuzzy’s head. Jack didn’t go directly back to computer but walked around his lounge, hands on his head. His mind was deep in thought, plotting his next move.
I’m going to have to get my hands dirty, he thought to himself. Using the same phishing trick he had used on Jenny probably wouldn’t work on Morgan. One of the pieces of advice he always gave up and coming hackers was to never use the same hack twice on the same job. IT people were usually a bit more clued up than normal office workers. He thought about other ways of getting his special software on to Morgan’s computer but in the end, there was only one option, he had to physically access the