Welcome to my online cyber thriller, The Phisherman. To learn more about the story and meet the three main characters, click HERE. If you'd prefer to start at Chapter 1, click HERE. To select another chapter, click HERE.
As the first rays of sunlight burst over the horizon to penetrate the murky darkness of another night, the phisherman wearily climbed into his king-size bed in a vain attempt to sleep.
That only lasted an hour as he constantly tossed and turned. There was no point trying any further. His mind was too focused on his immediate problem.
Over the last day, Alan had read many Project 831 documents. And each time, his heart grew heavier. The CIA’s cyberweapon was a secret they would not want to get out. It was an instrument of death and destruction like nothing before it. If someone used it against you, your computer became the weapon. Merely sitting in front of an Internet-connected device could be fatal.
Alan started his favourite playlist from Starset, but even that failed to calm his thoughts. On the contrary, his desperation grew with every passing hour. He had hardly slept whilst nervously awaiting Abaddon’s response.
Even the life-size Chewbacca model arriving the day before had no significant impact other than a ten-minute distraction while his housemates helped place the hairy beast downstairs near the front door.
Alan knew it was best to leave everyone else out of it. His cyber lads would only want to know about the weapon. When push came to shove, it would be each man for himself, and Alan would be the last man standing in the line of fire. The only one he could potentially trust was Abaddon, primarily because of their shady past.
Yet, no matter how often Z checked their private chat, there was no reply.
He considered tracking down D3vast@t10N, his original black hat mentor. They’d first chatted while Alan wasted too many years at the prestigious University of Birmingham. Like all the tech heads in his class, Alan was disappointed by how little he formally learned in his technology class.
The professors were so focused on students appreciating old tech, they missed the revolution taking place under their noses.
Thankfully, the biggest tech-savant in class invited Alan to join a new online group.
In the group chat, Alan kept a low profile. It was evident that several highly skilled hackers were in the group. He wanted to learn everything he could.
At the same time, I didn’t want them to discover how ignorant I was.
Things got interesting when the group’s focus shifted from the “how” of hacking to “why.” W@tt0 - the pathetic moniker I used back then - was overwhelmed as members told story after story of how they deliberately hacked people who had hurt them.
For many, technology had become a means of balancing the books and righting injustices they’d endured in the physical world. And the more tech encroached into everyday life, the more it became possible for anyone to feel their wrath. With the rate at which the world was embracing technology, no one would be beyond their reach soon.
The case that grabbed W@tt0’s attention was when D3vast@t10N told the group how he destroyed his father’s plumbing business. He never revealed why. He merely communicated the steps he took and how the hack set him up financially to become a professional black hat. When he’d finished with the plumber, D3vast@t10N’s old man was broke. And broken.
Freed from his father’s tyranny and armed with his money, D3vast@t10N could spend the rest of his life doing whatever he wanted. He’d never need to work for “the man” again.
D3vast@t10N’s revenge and how it made him rich inspired Alan to learn everything he could about technology. He determined never to be in anyone’s power again. Whoever tried to hurt him would experience the same as D3vast@t10N’s father. No one would torment Alan or Z1 a second time.
And best of all, I’ll get extremely wealthy along the way.
However, when SF got busted in 2011 and black hats were imprisoned worldwide, D3vast@t10N vanished after telling the underground group to keep their heads down. Z had not heard from him since.
Abaddon was his only hope.
Unfortunately, things had deteriorated while Z awaited his old mentor’s response. He’d tried accessing Davies’ VM countless times with no success. The hacked VM had disappeared.
Z suspected someone had discovered his activity, though he couldn’t comprehend how.
Sure, the CIA is not the usual cyber-chump. However, the Agency isn’t as all-knowing as the general public fear.
Alan refused to let his emotions and thoughts get carried away by the FUD2 the Agency willingly allowed the entertainment industry to propagate.
Z reflected on the process he implemented when he hacked Davies’ computer.
I used a zero-day exploit3 and wiped the log entries showing my activities, so the Agency can’t have detected it. And I haven’t disclosed the exploit to anyone – I alone know of its existence.
Still, there was no avoiding the fact that the VM was no longer operational.
Z knew from the logs that Davies used it multiple times every day. The CIA agent was a gambling addict. In Alan’s mind, the VM’s disappearance confirmed something was wrong.
The apparent problem was that he didn’t know what was happening without his hidden connection to Davies’ computer. He couldn’t even trace its location.
Z berated himself for not setting up a secondary remote connection to the hacked computer.
It’s standard procedure – find a way in, then create a fallback, so you can break back in if the first hack is patched or detected.
However, it was too late for that. Z had mistakenly assumed he could go back and do it later. Time had proved that to be a severe error of judgement.
Then, after a few too many smokes rolled with a green leaf that promised magic, he had an epiphany. One of his cyber lads had mentioned an exploit he’d discovered in the mobile phone network. It was hush-hush. The hack’s owner claimed he could track a cell phone user’s location, listen in to calls, intercept and edit SMS messages, and cut off the hacked user’s phone service.4
Z knew Davies’ Agency-issued phone number. One of the personnel files in the Project 761 folder listed it. If Z could convince his cyber brother to let him test the exploit on Davies’ phone, it could provide him with a valuable connection back into the CIA agent’s world.
At the least, I’ll know where the dangerous prat is.
It took him an hour to get a response from one of his oldest contacts – Warrior666, aka Wix – on a personal, encrypted chat.
can i test your new exploit on 1d10t
wots in it 4 me
i hav a buyer with $$$ wants privat sale if works as u say
wot do u want
10%
y shuld i giv u anything. my exploit my $
my buyer my reputation n i will test Wix was aware of Z’s stellar reputation in kit sales. And that had been significantly enhanced with the last auction. Wix would assume Z was being straight up.
He’ll never expect Z to risk his name.
kOnce the code arrived from Wix, Alan spent the next few hours scouring it, learning how it worked and its outcome. He also wanted to see if he could customise it.
Despite his fatigue and his mind not functioning with its usual sharpness, Alan was delighted to find a couple of simple modifications he could make to send it directly to Davies’ mobile.
As soon as the prat’s phone connects with the nearest cell tower, shazam – exploit delivered.
Z hastily compiled his personalised exploit and released it into the wild.
He merely needed to wait for Davies’ phone to automatically download it, apply it, and then talk back to his command-and-control app.
Alan knew he should sleep. He was exhausted.
Yet, his brain was in active mode now he had resumed a level of control.
If Davies has his mobile phone switched on, it will only be a few moments before I knew where my enemy is hiding within a few hundred metres of the nearest cell tower.
The phisherman would not sleep until he knew the answer to that critical question.
Thanks for reading my online serial. I hope you enjoyed this chapter enough to click the heart-shaped LIKE button below. And if you have any suggestions to help make it better or you simply want to encourage me as a storyteller (either would be appreciated), please leave a comment.By now, you’ve hopefully realised that Alan sees himself as a different person to Z or lul or any other digital identity he creates. Alan always refers to Alan Watson in flesh & blood - he is never Alan online.
Just in case you forgot, FUD is an acronym for Fear, Uncertainty and Doubt. Creating a sense of FUD in the target drives most forms of social engineering, the key to most successful phishing attacks. To learn more, see what-is-social-engineering [kaspersky]
Remember, a Zero Day Exploit (ZDE) is an exploit no one else supposedly knows about, so no one can prevent a hacker from using it. No anti-virus or anti-spyware software can prevent it. No updates can stop it. So next time a bureautwat goes off on a video about busting someone’s chops for yet another supposedly preventable hack, realise that virtually no one can stop a ZDE, hence it’s name. Sure, there are techy things IT peeps can do to make it harder. However, it’s very difficult to stop patient, determined hackers who know what they’re doing if you’re in their sights.
This is based on a genuine hack, though it only worked up to the G3 network. If you don’t believe me, check out ss7-hack-explained [theguardian]. And while you’re at it, see what recent links you find when you google “mobile network vulnerabilities.”