Welcome to my online cyber thriller, The Phisherman. Fyi, this chapter has the most footnotes - if you love history and/or technology, you'll have lots to check through. However, if you've just found The Phisherman, maybe learn more about the story and meet the three main characters first by clicking HERE. If you'd prefer to start at Chapter 1, click HERE. To select another chapter, click HERE.
When the slight, blond, blue-eyed lad stood awkwardly at the front door and nervously stammered, “Uh, hi, I … umm … I’m Steve … ahh … I’m here about the ad … you know … umm … the one for a housemate,” Alan was unsurprised.
Like many potential roomies Alan had interviewed over the three years since he ran away to London, Steve matched the timeless gamer nerd stereotype to a tee. He was difficult to converse with unless the topic was technology-related. Heavy metal constantly pounded through the deep bass, over-ear headphones permanently attached to his head. He spent all his free time playing online games. He’d never had a long-term relationship with anyone of any gender or sexual orientation. And every conversation involving more than one-syllable answers inevitably turned to technology.1
However, Alan was wrong about his young housemate. Although Steve didn’t leave his room for the first two days, it didn’t take Alan long to realise the new guy was unlike his previous roomies.
Sure, Steve was a hardcore gamer.
However, his greatest passion and skill set was hacking.
Alan discovered his recent arrival’s pastime while checking the WiFi’s network log2 two days after Steve moved into the smallest upstairs bedroom in Alan’s three-bedder. There were many entries from Alan’s new lodger. Most recorded Steve’s attempts to open additional ports in Alan’s router3 to give him a speed advantage over his online competitors. His attempts didn’t alarm Alan. Multiple housemates had tried the same. No one had circumvented Z’s access controls.4
And no one could.
So, Z was astonished when he discovered Steve had.
The new lad had implemented three new rules on Z’s firewall that allowed him to run specific network services Z was using to monitor his housemates’ activities.
The prat’s using the very tools I spy on my house guests with to watch me!
When Alan burst through the young man’s bedroom door to confront him about it, Steve was sitting at his computer as Korn’s ‘Coming Undone’ blasted through his headphones loudly enough for Alan to hear.
Steve swiftly minimised the active window he was using.
However, it wasn’t before Alan froze at the sight of his new housemate with a remote console5 connected to the system administrator account of Alan’s router.
Recovering from his initial shock, Alan sat on the edge of Steve’s bed and quietly asked, “How?”
It didn’t take long to determine that Steve was a highly competent hacker. Alan was amazed that he learned a few things as Steve discussed some of his online exploits.
And from there, a new era dawned in the life of Alan Xenon135 Watson – he had a digital friend in the real world.
After sharing what they knew with one another over the next few late nights and discovering they possessed different yet complementary skill sets, they thought it would be fun to work a few hacks together.
Steve’s moniker was BWS. However, Alan would not divulge the handle Z to Steve. Instead, he used a recent incarnation he had created for some darker activities: lul. And when they hacked together, they used a joint moniker: Nimrod – the legendary hunter of men.6
They started with elementary hacks for social media sites such as the global sensation MySpace, a reasonably new video-sharing site called YouTube, and an emerging online community known as FaceBook.
In those first few weeks, their favourite game was picking a list of celebrities, such as anyone in Britain’s popular top 40 – of course, neither of us listened to the pathetic artists on such a despicable list – and then the race began. Whichever hacker successfully lodged a spiteful post, comment or video using a hacked celebrity’s account was the winner.
Unsurprisingly, it was too easy to hack into the accounts of public figures who used easy-to-guess passwords. Alan could not count the egotistical musicians, vain movie stars, dumb sporting heroes, and dumber bureautwats who awoke to find random or offensive posts on their public channels and chats. In many cases, Nimrod merely scanned the information celebrities made readily available to work out the password. It was amazing how many supposedly intelligent people used the name or birthdate of someone close to them. And if the target incessantly posted about a pet, it almost guaranteed easy pickings. Just as common were basic keyboard combinations7 like password, 12345678, and qwerty.
Hacking people’s accounts was easier than poaching eggs, not that Steve or I willingly cooked in the era of cheap home-delivery pizzas.
Of course, what we were doing wasn’t hacking. It was educated guesswork. And though our joy from humiliating countless public figures was satisfying, we wanted more.
Naturally, we migrated towards loftier targets. Within three weeks, we were breaking into commercial and government websites using tools such as Hydra.8
They had performed such hacks countless times before as individuals – what changed was the scale. Working side by side inspired them. Sites they’d previously baulked at as solo hackers were attacked with gusto by the two-headed monster Nimrod. And after successfully defacing several security agency websites and leaving their Nimrod tag, they started to develop a bad-ass reputation in the recesses of the darknet as they posted shots of their hacks on anonymous message boards like 4chan.9
However, Nimrod’s most significant success occurred on the night they broke into the CIA’s network. The hack’s success was mainly because of fortunate timing. They attempted to penetrate one of the most challenging networks in the cyber universe at the exact moment in time that the Agency updated its firewall.
The fools brought the new system online before they had finished securing it. That was all we needed.10
In a flash, Z was inside and started furiously typing complex instructions into the command line console.
Both hackers watched in delight as the CIA’s user database started transferring over Nimrod’s secret digital connection. It contained the login details for every CIA account.
Sure, it would be encrypted. But I could crack it. And then, we’d have the login details for everyone with an account on the CIA’s network. How much would that be worth!
And then, it happened. Somehow, the Agency detected Nimrod’s activity.
Before Z could respond to the alert that popped up on his monitor, the console letting him hold the heart of the CIA’s network disappeared.
The Agency’s firewall closed.
Nimrod’s connection was dead.
Z took over Alan’s every thought, his hands typing commands as swiftly as his brain could think of them.
Frantically, Steve raced to his tiger box lying open on Alan’s bed and vainly tried to start another channel of attack on the Agency.
Silence reigned, other than the sound of perfectly-weighted keys being urged to find a way back inside.
However, nothing they did over the next few minutes achieved the slightest level of success.
And then, Alan saw the thing he feared.
“They’re almost onto me, Steve. They got through our first proxy11 faster than I thought. My second proxy just got pinged.”12
“Me too.”
“Crap. They’re running a port scan.13 I’m out of there.”
“Me too.”
They disconnected from the proxies that shielded their physical location before the CIA nerds could worm deeper into Nimrod’s defences.
And that was it.
“Time to head downstairs for another freshly brewed instant coffee,” Steve quipped sarcastically.
They chatted about the hack for the next hour, excited by what they’d achieved. Sadly, they had no digital trophies to prove their claim. Yet they had attained the impossible. As far as they knew, Nimrod was the first hacker to get inside the Agency.
Alan decided it was time to call it a night when the sun showed its first few rays.
“Sorry, Steve, but I’m wasted, man. Time to get some shut-eye.”
Steve merely raised his eyebrows and then his mug for another long, loud sip.
Alan disappeared that night. He’d warned Steve weeks before that it would happen one day. He always moved on.
However, that time was different. I let someone get too close.
Over the next few years, the two hackers retained their online brotherhood as Nimrod. As Nimrod, they developed a fearsome reputation in several emerging hacker groups, including a globally-renowned hacker community known as The Shadow.14
Then, in mid-2011, Nimrod became one of six founding members of a new hacking collective called SF. Those on the outside thought it was a geeky group for Sci-Fi nuts. However, the name stood for schadenfreude, a term referring to pleasure derived from someone else’s misfortune.
Within weeks, SF15 commenced their infamous ‘month of mayhem’16 as they launched hacks on high-profile targets across the globe. Fox, Sony, News International, Nintendo, and even the CIA felt their bite.
No one was beyond our reach. Or our wrath.
Yet, when SF engaged with the FBI and GCHQ not long after that, most of SF’s core was caught and imprisoned.
Alan had been shocked to see pictures of lul’s black hat brothers broadcast in the press across the globe. Most of them differed from how he’d imagined them to look.
However, when he saw the photos proving his only flesh-and-blood friend had been captured and put away for years, his shock turned to grief. For the first time that he could remember, he cried.
However, Alan’s grief didn’t take long to transform into deep, seething anger at those who’d dropped his only true friend into a dark hole where neither Alan nor Z could reach him.
After the hacks Nimrod had performed together, Alan knew that prison would be his destiny if the cybercops discovered lul’s identity.
Yet, no one came calling. Steve never disclosed anything about Alan’s physical appearance. And Alan avoided publicly using the moniker lul. The only places lul still lived were in the deepest recesses of the darknet. As far as the cybercops were concerned, the other half of Nimrod had vanished without a trace.
However, the primary reason Alan successfully avoided being trapped in the FBI’s net was because of lul’s tutoring when he was an active member of The Shadow. His tutor was the most successful and accomplished hacker lul knew. He was the one who taught lul how to evade capture in 2011. Naturally, he was the only other core member of SF to escape the FBI.
If anyone doesn’t fear the CIA, it would be the greatest, cruellest black hat in the cyber universe – the black hat I fear above all others.
Opening an encrypted chat that had been silent for years, lul sent a simple message asking for guidance from the one known as Abaddon.
The Destroyer.
Thanks for reading my online serial. I hope you enjoyed this glimpse into Alan’s past (fyi, it includes events that impact the rest of the story) enough to click the heart-shaped LIKE button below. And if you have any suggestions to help make it better or you simply want to encourage me as a storyteller, please leave a comment.Yes, I effectively repeated the earlier sentence to describe how Steve only talks about tech because that’s who Steve is & what Steve does. No matter what you’re talking about, he will always bring it back to tech. For Steve, everything begins & ends with tech. I’m sure you’ve met someone like that. And if you haven’t, be grateful.
A log records specific user & computer actions as they occur. What logs are used and what activities they capture are determined by the administrator/s of a particular device or network. For more information, see workplace surveillance [howstuffworks]
Networks use routers to move information between other networks. Most home users have a router to access the Internet (which stands for “inter-network,” i.e. it’s a network of networks). Remember, your IP address has 2 components: a host address (similar to your street number) and a network address (similar to your street name, suburb, state & country). Routers only look at the network address and move digital information stored in packets so each packet can get to its destination network. For more information, see what-is-a-router [malwarebytes]
Access controls restrict who can do what on a network, device or service (e.g. email, web browsing). For more information, see what-is-access-control [csoonline]
Remember chapter 5’s info on Remote connection describing what remote access is? A remote console is merely an application that provides a text-based window to manage a remote connection so the operator can issue text-based commands. As you can gather, operators need to be technically savvy to use such a tool.
Although I’ve changed the names, my story of Nimrod is based on two hackers who used a combined moniker as a core member of LulzSec (you’ll learn about them later). When the FBI swooped on LulzSec in 2011, one of those two hackers was caught. The other one escaped.
It’s scary how many people still use easy-to-guess passwords. If you don’t believe me, Google: common passwords in <substitute-the-year-here> e.g. common passwords in 2023
Hydra has been around for a long time, yet it’s still excellent for testing how easy it is to brute force your way (aka kick the door in) into a computer accessible over a network.
4chan hosts online chats, though there is a murky side. To know more in everyday language, check out 4chan [wikipedia] To see 4chan’s dark side, a good article from 2022 can be found at who-owns-4chan [wired]
This story is based on a supposed actual event when the CIA’s network was successfully hacked. According to legend (and an unverified screenshot), it only happened because the attack occurred as the CIA was updating a server’s Unix operating system.
For humans, a proxy is an intermediary who stands in someone else’s place to represent that person. Similarly, a proxy server stands between your device and the Internet. There are multiple reasons for using a proxy, including security (it hides your IP address) and speed (that is a bit too techy to chat about here). For more information, see what-is-a-proxy-server [avast]
Ping (supposedly standing for Packet InterNetwork Groper) is the most common tool used in computer networking - you would’ve seen it in countless films with hackers. It’s a simple yet powerful tool with a range of options (called switches) that let you find out if a particular device exists on a specific network. For a great explanation, check out using_ping [cloudns]
A port scan lets an attacker know what services (e.g. web browsing, email) their target is using. Each open port provides a means of attack as ports are like windows & doors for that device - they let traffic in and out. And just like physical windows & doors, open ports provide opportunities for hackers to get inside your device.
Many people have heard of the hacker collective Anonymous. In this story, the equivalent is The Shadow. All hacks attributed to The Shadow throughout this novel were performed in real life by members of Anonymous.
Many people have heard of the hacker collective LulzSec, renowned for the incredible hacks they achieved during their “50 days of Lulz” in 2011. In this story, the equivalent is SF /SchadenFreude. The hacks attributed to SF throughout this novel were all performed in real life by members of LulzSec. Most core members were caught in 2011 and served time in prison. For more on that story, refer to lulzsec-hacking-fbi-jail
This is based on what happened during LulzSec’s “50 days of lulz” in 2011 where they hacked multiple websites and online resources, including the FBI and CIA. For a timeline of the 50 days, refer to 50-days-of-hacks [washingtonpost]