1. BayView

    BayView Huh. Interesting. Contributor

    Joined:
    Sep 6, 2014
    Messages:
    10,462
    Likes Received:
    11,689

    Hacking Question...

    Discussion in 'Research' started by BayView, Jul 2, 2017.

    I want a villain to hack into a company's computer system (a mid-sized video game company, so tech-savvy but not CIA-level security) and think he's stealing the files for their newest game. I want an insider at the video game company to be helping him, and she'd have access to just about any files necessary, so he's not so much "hacking" as just "logging on as her and downloading/e-mailing/whatevering the files to his own company".

    But what I really want is for for the good company to let him to steal fake files and also take some sort of Trojan Horse or other computer-ese thing that would give the good company access to the bad company's computers in the future. So the villain would be getting nothing of any worth, but would be compromising his own company's security.

    So - assuming the initial access by bad guy is easy, how would he best send the information to his own system? A direct internet connection of some sort? What would that be called? Or would he be more likely to go old-school and use an external hard drive or a high-capacity zip drive (do they come big enough to hold all the files that would be associated not only with playing a game but also with the development of that game?)? How would this be done?

    And, what would be the term for whatever it is the good guys plant in the files? Is Trojan Horse the right term (it certainly fits logically, looking at the mythology and the way I want this to be used...)? Or something else?

    Anyone computer-y able to help me out?
     
  2. newjerseyrunner

    newjerseyrunner Contributor Contributor Contest Winner 2022

    Joined:
    Apr 20, 2016
    Messages:
    1,462
    Likes Received:
    1,432
    You're in luck, I'd be the person you'd have to get the keys from. There are two of us in my company (besides the CEO himself) who have that kind of access to that.

    We're not a video game company, but where an online multimedia company so about the tech-savy level you are looking for.

    The people who would have access to that kind of information would be the senior programmer and the IT department. The email server falls under IT. There would be multiple steps required to get the info, but none of it would need s flash drive air anything like that.

    First, you'd need the login and password info for the VPN that the server will be hidden behind. This would be done via a VPN client that you'd download from the net (or already have if on a work computer.)

    Next you'd open a command line tool and tunnel into the server with a program called ssh. Then you'd need the IP address of the email server and it's "root" login. Root is a special user who has complete access to the server. From there emails would either stored on the file system, which would could simply navigate at this point, or they'd be in a MySQL database.

    Depending on the type of database, you'd probably have to log into that too and get the info you want, this is yet another login.

    The malicious file would be in the database of on the file system (probably in a path like /mnt/storage/...)

    Once you have the info in a file, you would use a program called scp to do the transfer, this is also a conmandline utility.

    To sum up the requirements:
    VPN host, user, password
    Server ip, user, password
    (Maybe) MySQL user, password, (maybe host)
     
    BayView likes this.
  3. Shadowfax

    Shadowfax Contributor Contributor

    Joined:
    Aug 27, 2014
    Messages:
    3,420
    Likes Received:
    1,991
    So you're essentially having the target company aware of the impending hack, squirrelling the good stuff away somewhere safe and leaving in the folder
    H:\Product Development\Work-in-Progress\2017\LETHAL_EVIL something that looks like a new game, along with something innocent-looking that's really a virus?

    My problem with this is how did the target company learn of the impending hack? How did they squirrel the good stuff away without telling all the program developers - one of whom is a blabbermouth - where they can find their files when they start work again tomorrow? In particular, how did they ensure that they didn't leave something juicy somewhere on the about-to-be-hacked part of the system, even if only in Joe's local drive 'cos he was planning to come in early tomorrow, before the system was live...
     
  4. BayView

    BayView Huh. Interesting. Contributor

    Joined:
    Sep 6, 2014
    Messages:
    10,462
    Likes Received:
    11,689
    I can have the company insider more-or-less guide the hacker to the appropriate files. The hacker isn't really a hacker, he's just the smooth talker who thinks he's tricked the company insider into helping him.
     
  5. Shadowfax

    Shadowfax Contributor Contributor

    Joined:
    Aug 27, 2014
    Messages:
    3,420
    Likes Received:
    1,991
    So either the insider is in fact a double-agent who's in with the target company's aims of dumping a virus on the hacker? Or, the company still has to hide the good stuff away from their own insider's knowledge.

    ETA: Why does the hacker have to do anything at all?

    Why can't the insider just download it all onto a separate hard drive and walk out of the building?

    ETA2: Which implies the insider is in on this scam by the "target" company - maybe making the hacker "work" for it adds to the insider's plausibility?
     
  6. BayView

    BayView Huh. Interesting. Contributor

    Joined:
    Sep 6, 2014
    Messages:
    10,462
    Likes Received:
    11,689
    Yeah, the insider is in on it. The insider is a good guy, trying to help her company. She's played down her technical ability so the wanna-be-hacker will have to come into the building and do the work himself (and be captured by the security cameras she's told him she turned off, even though she didn't).
     
  7. Mumble Bee

    Mumble Bee Keep writing. Contributor

    Joined:
    May 18, 2015
    Messages:
    1,256
    Likes Received:
    2,111
    What you're writing about is called a Honeypot.

    Not to be 'that guy' that just posts links to Wikipedia, but here I go, being that guy.
    https://en.wikipedia.org/wiki/Honeypot_(computing)
     
    BayView likes this.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice