Null_Pointer Chapter 3

This is the serialization of my first mystery novel, Null_Pointer.  It will be released on this blog every work day until it is complete.  You may purchase the novel at Amazon, Kindle Store, Barnes and Noble, Smashwords or order it from any brick and mortar bookstore near you.  Thank you for reading it and I hope you enjoy this free look at the book.

You can find all the chapters of this book by searching for the Null_Pointer Novel tag.

Chapter 3

It was a little before noon on Sunday when Joshua finally found Psycho on IRC. Tripp had gotten bored and went home muttering something about going to the movies with one of his film friends. Joshua hadn’t told him about the connection between Glenn and Zemo. He knew that Tripp would insist on telling the police and Joshua was not ready to go there yet.
Joshua was on his computer searching message boards for information on Zemo. The blogosphere was running out of ideas about who killed the German teenager. The consensus seemed to be that it was someone in the community but nobody could agree on who it might be. Joshua was beginning to realize that he might be in a unique position to find out who killed Zemo and Glenn. The Boise Police were unaware of the damning message he found in Glenn’s code and thus probably were none the wiser for it. If he could just get into Glenn’s system and look around, who knew where that might lead him. Back in the chat room, Joshua began typing to his friend. He didn’t normally use an alias while on IRC unless he wanted anonymity.
<jjones> Psycho, where are you?
<psycho> City of Trees, my friend. I just got in from Tokyo yesterday.
<jjones> Can I buy you lunch? I want to pick your
brain.
<psycho> Sure man. Bar Gernika?
<jjones> I’ll pick you up in few.
<psycho> Just come on in, door’s unlocked.
Joshua smiled to himself; only Psycho would leave his doors unlocked in the real world and live inside Fort Knox in the cyber world.
Sikes lived in an older East Side subdivision situated just under Boise’s Bench and protected by the sun for much of the year. Large shade trees and expensive, older homes where close-knit neighborhoods kept each other in line with restrictive covenants, dominated the area. It was some of the prettiest tree lined real estate in Boise. Many of the housing developments surrounding the city were either carved out of the desert or paved over farmland. Next to the trendy North End, it was one of the nicest communities to live in.
Joshua pulled over and parked his silver Porsche in front of the house. At least his car looked like it belonged there. As he walked across the yard to the front door, he noticed the front windows were all cracked open. It was a pleasant forty-eight degrees and the snow was already melting from the previous day’s storm. Joshua tried the door and it was indeed unlocked, in fact it was cracked open just like the windows.
Once inside, he stepped gingerly over a meshwork of LAN cables and power cords leading to the living room. Every spare inch of floor space was covered with various computer cases and odd printers. There was no place to sit and barely enough room to walk around them. The house was humming with the fan noise and it was noticeably warmer inside than outside. Must be nice to be able to afford such gratuitous power consumption.
“Sikes?”
“Back here man!” Sikes hollered from deep inside the house.
Joshua walked back toward the bedrooms past the living area and the kitchen. Every room was crammed with humming PCs, including a few on the kitchen counters. He found Sikes in the spare bedroom hunched over an open PC case in the process of swapping out a power supply. He was dressed in a pair of old army fatigues with side pockets and wore a faded red T-shirt with black kanji script on it and no shoes. His red hair was tucked under a pirate bandanna and ran down below his shoulders. He wore a long goatee that naturally curled upward making him look like a tall Munchkin from the Wizard of Oz.
“Just firing up the matrix here, be done in a few.”
The “matrix” was what he called his network of computers running every flavor of operating system under the sun, including a Sun Solaris Sparc station. He used them to practice breaking into networks composed of every kind of computer imaginable. Some of them were identical units with nothing more than a different version of an operating system on them so he could replicate un-patched and patched systems. Others were just oddball configurations that he had ran across and replicated just for the experience.
Security gurus tend to become very intimate with the operating systems they specialized in. They can describe the inner workings of the hardware and how the software makes calls to the hardware. Only those who actually design operating systems know more about low-level operations.
“This old Windows 98 box blew a drive while I was gone. She gave up the ghost and nearly caught fire,” Sikes said, as he replaced the cover to the CPU case and stood up. He offered a quick hand shake to Joshua.
“Good to see you again, what’s on your mind?”
“Murder.”
Sikes lifted his left eyebrow in a perfect imitation of Spock from TV’s Star Trek.
Joshua waited for him to slip on his hiking boots before they left. In the Porsche on the way downtown, he outlined what he knew about Glenn and Zemo’s deaths. Sikes listened intently and stared off into traffic to ponder the ramifications.
“Wasn’t Zemo one of Captain America’s villains?” asked Sikes.
“I didn’t read comics.”
Sikes looked at Joshua like he was crazy, then he shook his head and mumbled.
“He was a German scientist and founder of the Masters of Evil. Dude, Zemo invented the Death Ray or,” Sikes put up finger quotes, “Laser Beam”, imitating Doctor Evil from Austin Powers, “years before anyone else had them.”
Joshua nodded politely thinking his friend must not be all there. He wondered if comic book geeks actually believed the story lines or if they were just so into the imaginary universes that it only seemed like they did to outsiders. He supposed it was not too different from Tripp and his friends quoting movie lines and talking about movie characters like they were real people.
“Well, this Zemo was a damn good coder and his death is a loss for this world.”
Sikes nodded in agreement.
“I didn’t know the kid, but I like his sense of style in picking such a cool and well thoughtout alias. Most people just use the names of fictional characters that everyone is familiar with.”
Joshua agreed with his friend, Zemo was definitely an original.
/*————————————————–*/
Bar Gernika was a hole in the wall joint just off Capital Boulevard in down town Boise. One of the most popular Basque restaurants in town, the impossibly small establishment was nearly dead on this clear November day. Joshua parked in the Bank of America parking lot next door and they walked around the corner to the entrance of the bar.
Joshua set his laptop on the table away from where they would be served. A tall, thin man dressed in a black punk rock T-shirt and black jeans appeared. Joshua ordered a lamb grinder with pepper jack cheese and a beer. Sikes ordered the same thing minus the pepper jack.
“Tell me how a Windows system could be compromised?”
Sikes laughed.
“Let me count the ways.”
“Okay, how about one inside a corporate firewall?”
“Tougher, but not impossible. You would want to look for some way through the firewall, be it a server port or an FTP port, IRC, that kind of thing. Once you can get to the target PC, its fair game. Most big business computers are kept up to date on patches, but Microsoft only publishes fixes for about half the exploits found in the wild. If you had knowledge of any one of those exploits, you’re in like Flynn.”
Joshua nodded.
“So the bad guy would have to know about Windows exploits in order to get in?”
“Not necessarily, he could just be using a program designed by a more experienced programmer. You know, like script kiddies. Kids who don’t have a clue how it was written use most of the malicious software out there. Some clever coder figures out a way to get into a system and then writes a brilliant program that makes it easy for other, less knowledgeable people to use and abuse. That’s how Denial of Service programs thrive.”
Joshua stared with a furrowed brow at an old rusted farm implement on the wall collecting his thoughts. “So I guess I need to know how you could take remote control of a PC and not be noticed by a user.”
“Ah, what you would use for that is…” Sikes lowered his voice as if he didn’t want anyone within earshot to hear him. He leaned forward and then looked around the nearly deserted bar. There were two older women at a table about ten feet away absorbed in idle conversation about their gardens. He motioned for Joshua to lean forward and then whispered.
“…a root kit.”
“What?” Joshua said.
Sikes started laughing out loud as if he just told the best joke ever. Joshua smiled to cover his confusion there was nothing secret about root kits. Psycho was just nutty.
“Seriously, dude. Lighten up. This is how I make a living.”
“Sorry man I’m just trying to find out who killed some people I know. I feel like I owe it to them.”
Sikes sat back and wiped the smile off of his reddish face. The waiter returned with their drinks and sandwiches. They both dug in and the table fell silent for a few minutes as they enjoyed their meal. Sikes ate fast as if he were not used to letting nourishment get in his way of working. He finished his beer and his sandwich and then toyed with his fries.
“Most Black Hatters use a kernel level root kit. Although there are plenty of people using application and library level kits, they tend to be much easier to detect. Believe it or not, it’s not very common to find root kits on Windows boxes, especially the kernel level ones. If that’s what you have, it’s usually the mark of a serious bad boy.”
Joshua finished chewing and swallowed. “I don’t really know what’s on Glenn’s box. Is there any way to detect a root kit?”
Sikes slouched back in his chair, shoved a fry into his mouth and chewed slowly.
“His PC is inside the RegTech firewall and it probably has a virus scanner on it that is kept up-to-date by the site IT. Higher-level root kits are out of the question. He has to have a kernel level job, a program that runs in the actual operating system. In that case the best way to check for it is to boot his machine into safe mode and then check it for unusual processes. You might get lucky.
“You see, what makes a root kit so hard to detect is that it’s loaded into the kernel as a device driver and once it’s in there it can act as a interceptor for all incoming calls to the kernel and redirect scans to discover it. Virus protection software companies hate them.”
Joshua finished his sandwich and pushed the basket aside. He took out his laptop and opened it up. There was a wireless hot spot nearby. He opened a terminal and securely connected to Glenn’s computer at RegTech under his own user name. Then he slid the laptop across to Sikes.
“Can you find anything just by poking around?”
Sikes sat up and pulled the silver MacBook Pro closer to him. He cracked his slender fingers and then started typing like a master pianist. Joshua moved his chair around beside Sikes so he could see what he was doing. The waiter came by again and cleared their baskets. He asked them if they wanted more beers and Joshua motioned for two more. The guy nodded, indifferent to their interest in the laptop and nearly indifferent to them.
“He’s got an open port using SSH. It looks like it goes to a directory on another computer. Your boy was probably streaming MP3’s from his home.”
“I think he mentioned that he had set up something like that. He was boasting about subverting the site IT because they couldn’t see what he was streaming through Secure Shell. They don’t allow streaming media at RegTech.”
Sikes nodded, his fingers had moved on to other directories. “Mmmm, this is interesting. He was using mIRC a popular Windows IRC client. You should snag his logs, might help you find his killer.”
“I was going to get those if I could log in as him or get admin rights to his box.”
“Looks like all the common ports are blocked as per corporate IT procedures. He was running Internet Information Services, but only as localhost.”
“We’re a web team; we all run that to test our development code.” Sikes made a gag face, and Joshua shrugged. Microsoft’s web server was not well liked by security professionals. It was a constant source of security break-ins.
“It’s not possible to really know if this box is owned unless you have physical access, but just from what I’ve seen, I’d say it was a kernel level hack. Which means your killer knew what he was doing. If that’s the case, he still has access to this box and he’s still in control of it.”
Sikes logged out of the SSH terminal and sat back again in thought. Joshua moved the laptop back to his side of the table and closed it down.
“I’d be amazed if he left the mIRC client logs in place. This guy has full control of this box. He could wipe all evidence away and nobody would be the wiser.”
“Maybe he thought IT would just reformat the hard drive and everything would be taken care of for him?”
Sikes shook his head. “These Cracker types are just like thieves. They are paranoid beyond belief. They have to be. If they leave anything at all behind, guys like me can catch them. That’s why the best ones are never found, until they slip up.”
“What do you think I should do with his box then?”
“Boot it into safe mode, start checking for processes that you can’t identify or that should not be there. There’s a page on my web site that lists all the processes running on a stock Windows XP Pro install. You can use that as a baseline to start from. Of course your IT will have anti-virus stuff on there and maybe some programs to push patches and stuff. Then you have to do an inventory of what crazy stuff he installed like shareware apps and open source programs. It could take you a while.”
Joshua grinned sheepishly.
“What else would I be doing on a Saturday night?”

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks
  • Google Buzz
  • Identi.ca
  • RSS
  • Technorati

Related Posts

No Comments

Leave a Reply

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: