Hacking the Naked Princess
by Andy Kaiser
Chapter 0x07
"So what do you want, anyway?" Lynx pushed away from the table and shoved a headset in his ear.
I liked the straightforward question. It meant I could give equally straightforward responses. If everyone in the world was like this, conversations would actually be worth the effort.
"I'm an Information Technology Private Investigator."
"Wow. I have no idea what that is."
"I get that a lot. I'm investigating a problem. There's a file in the hacker community, a secret archive. It's called the 'Dante collection.' It's connected to the AnonIT hacking competition."
While I talked, he'd been fiddling with his headset and poking at his cell phone. He stopped, and looked at me with narrowed eyes.
"It's not really 'hacker' these days," he said. "A hacker is a person interested in how things work, someone who loves taking things apart. I mean, if you're talking about script-kiddies or crackers, even social engineers -"
"Semantics aside, I need to find more about this Dante collection. I need help from people who have it, or know people who have it. It's important - it's about a missing person."
He considered, then nodded to himself. He pointed with his cell phone.
"Let's talk outside."
We weren't far from my office. Close enough that I'd walked. Not that I wanted exercise or anything. More like the walk would do my car good. The heap of rusted alloy was already on life support, and every use pushed it closer to its automotive flatline.
I wasn't a big outdoors guy. I appreciated it when I was forced to, like when the power was out, or when there was a gas leak. I stared around as we walked, waiting for Lynx to speak. I took in Nature's special effects: nice frame rate and resolution. The moon hung low and pale, like a gigantic low-watt LED bulb. The wind forced me to shiver and dig my chin a little deeper into my coat collar.
Lynx was again poking at his cell phone. I saw he was playing a port of Nethack. I gave him a look of polite expectation. He caught my eyebrow-initiated cue.
"I don't want anyone else to hear. What we're talking about isn't exactly legal."
He kept his voice low. I couldn't tell if he was being secretive, or if he really was one of those naturally shy people. His next sentence cleared up any confusion.
"I tried the AnonIT competition. Failed it hard. But I know one of the winners, Minotaur. He showed me the Dante Collection."
Just what I needed. If this kid had access to someone with the Dante Collection, I could figure out how it related to P@nic, the missing hacker, and maybe learn where she'd gone, why she was missing. Then her infatuated friend Oober would be happy because his love interest would be returned. I'd be happy, because I'd have brought a very unique girl back into the hacking community. Maybe I could even figure out a way to get paid.
So far, I was lucky - this was a pretty straightforward case. No surprises. Just the way I like it.
Lynx's thumb paused over his cell phone screen, and his eyes unfocused. He leaned closer to me. He didn't make eye contact. His cheeks burned an embarrassed red.
"Hey. Just so we get this out of the way now... In the Dante Collection..."
He took a shaky breath before continuing. The kid had tears in his eyes.
"I've seen the naked princess."
Chapter 0x08
A lot of my success isn't about knowing anything (though it makes things easier). It's not about having the right tool for the job (though I never go anywhere without my Leatherman multitool).
Success comes from the right reaction to a given situation.
I've seen the naked princess, Lynx had said. I had no clue what that meant, so I used my standard exception handler.
I nodded knowingly.
"Yeah," I said. "The naked princess. Keep talking."
Lynx looked at me like I was crazy.
"If you knew anything about it, you wouldn't say that."
"Why?"
Now his look turned suspicious. He moved a step away from me.
"You better tell me why you want to know."
Generally I don't give out the names of my clients. Not if I can help it. On the other hand, since I was the only Information Technology Private Investigator I was aware of, I got to make the rules, like the just-now-created Rule Seventeen: An ITPI is allowed to share data in order to progress on a case.
"I'm working for Oober. He brought me in because another hacker is missing. P@nic dropped completely off the grid."
Lynx blinked a couple times, then nodded to himself. He slipped his cell phone into his pocket and gave me his full attention.
"I don't know Oober. Never talked with P@nic, but I heard about him. The guy's a wizard. I'll tell you what I know."
Lynx's mental firewall had changed from no entry to all ports open. Just the mention of P@nic's name was enough to get him comfortable, though he didn't know P@nic well enough to know she was a girl.
"I bailed out early on the competition," Lynx said. "It was way over my head. Later, I tried to contact the winners, to see what they did. Chixor Zed wasn't real friendly. But Minotaur was pretty cool, and showed me what he did to break into the target. None of the others would talk."
His mention of Chixor Zed and Minotaur confirmed my theory about the list Oober had given me. The names listed under the "dante connection" header were a list of winners, or other competitors.
"How did he win?"
I'd said the words casually, though the question was anything but. This was one of the reasons I'd started my own ITPI practice, why I didn't have a job that paid better and had benefits beyond the strange smell in my office. I was interested in how things worked, what made things succeed and fail, and being an ITPI was a great way to experience this. While I needed to periodically afford dinner and rent, I needed more in life: The best reward for solving a case was the opportunity to solve another.
Here, I had the chance to learn about elite-level hacking, and what it took to be in that select group. Here I had an express elevator to the top mental floor.
"It was a nasty one," Lynx said. "You know anything about this year's AnonIT?"
"I know that the goal of the competition was to get the Dante Collection."
"Right. The Dante Collection is a file archive. The archive was located on a secured, limited-access, fully-protected storage array of a multinational corporation."
Then he said the company name. You and I and several billion earthlings would certainly recognize the name and logo.
My mouth dropped open slightly.
"Yeah, I know," Lynx said. "Getting in wasn't easy. And since it was -" he spoke the company name again, preceded by a culturally-overused but appropriate expletive, "- they know security, obviously, so anyone trying to hack them better be elite, or they'd get Mitnicked awful fast."
"What was the hack?"
"He installed a covert WAP in the lobby of the building where one cluster of the hosting servers was located. He used that to remotely access the wired network. Then he installed keyloggers on a few PCs and damaged a few things to get admins to sign on and fix what he did. He used those logged admin credentials to break through an internal DMZ to get to the target storage array. Then he just FTP'd the Dante Collection to his own server."
"Nice kung-fu."
Lynx stood a little straighter. "Minotaur got in with a mixture of physical access, social engineering, and hacking. This was way beyond kung-fu. This was MMA."
Hearing stories of massive hacks was either fascinating or a disappointment. Sometimes I was let down, like when you guessed a magician's trick in the middle of a performance. But this hack was definitely in the first camp. It required guts, confidence, planning, luck, and a very solid skillset.
"He told me that from surveillance to traveling onsite to monitoring and hacking, the whole process took about a month."
"Seriously?" I was even more impressed. "That's really fast."
"Minotaur is really sick."
"So, he got the Dante Collection," I said, trying to parse the logistics. "But how did the AnonIT judges know he really did what he said he did?"
"They have a mole inside the company. They knew something more about the collection, about what files the Dante archive contained. There was one file unique to the collection. One file, that, if you owned it, it meant you had access to the Dante collection archive. That file is a picture. Once you see it, you know why it's kept so secure."
"This picture is the 'naked princess?'"
He swallowed and nodded.
"It's... probably the freakiest thing I've ever seen. I wish I'd never even looked."
"What is it? Porn? Violence? Republican talking points?"
"I don't even want to think about it." My attempt at defusing the tension had failed. His eyes were haunted. He actually looked ill. I figured I had only seconds before he'd either refuse to talk, or he'd vomit. Either action would end the conversation in a way I'd not prefer.
"Come on, one picture can't be that bad," I said. "You can tell me. I've been dealing with nasty, ugly stuff for years. You ever had to work on Windows machines with pre-loaded OEM software?"
His eyes snapped back to mine. He almost snarled.
"You have no idea how horrible the picture is. Someone did some really bad stuff, and then decided to brag about it. Whoever did it - whoever took that picture - should be shot. I'm serious. They should be shot and killed."
He turned and walked away. He spoke his last words over his shoulder.
"If you ever get the chance to see the 'naked princess' ... Just don't. Don't look at it, because you'll regret it the rest of your life."
Chapter 0x09
Back in my office, I checked out the AnonIT results: P@nic had won the competition, too. Her name wasn't on Oober's list, but she was listed by the AnonIT channel's IRC bot. She was also the most recent winner - hers was the most recent hack attempt claimed and confirmed by the AnonIT judges. She probably hadn't included her name on Oober's list because, well, she'd written it herself.
That gave me the total list of winners: patient zero, agent_from_harm, dragon_bawls, minotaur, and chixor zed. I added p@nic to the list.
I had a feeling that the people representing the names on this list were very dangerous.
Luckily for me, I might have an in with Minotaur. Lynx had told me how he'd made contact, and I'd do the same.
Time to introduce myself.
After a brief IRC chat, I'd scheduled a meeting with a guy who knew an LP who knew a bot who knew a compromised LAMP server who knew Minotaur. Later that hour we made the connection:
Minotaur: who's knocking? name/id Me: Dev Manny. ITPI. Friendly human. Minotaur: means zero. tell me yr innermost thoughts Me: The AnonIT competition. I have questions. Minotaur: <sigh> ah more adoring fans. ok switch to webcam. vid /voice Me: Sure. Protocol? Security? Minotaur: doesn't matter don't care good luck I'm behind 7 proxiesI lit up my webcam, and saw Minotaur.
A man sat on a couch, and that was a polite way of putting it.
If my office was homely, this guy's room was royalty-inbreeding-for-generations-mutated.
My first sight was that of trash. Boxes and food wrappers, bags and hardware. It almost looked as if the man never moved from his well-indented position on the stained middle cushion, and just dropped around him whatever he'd been recently eating and using.
Multitudes of shelves crowded the space and held piles of equipment, all using a Dr. Seuss-inspired stacking scheme. I saw old computers and their guts of circuit boards, memory sticks, and interface cards. Piles of books showed a spectrum of titles ranging from database architectural design to Amiga assembly programming. The walls were a study in New Age artwork, all with weird phrases that could be either motivational or pornographic. One poster behind the man was a tilted-perspective shot of a grimacing outdoorsy guy riding a jet-powered kayak up a waterfall. The caption read, 'Too real to feel the shocker'.
Minotaur was way older than most hackers, probably in his early 70s. The remainder of his thin white hair had retreated to the back of his head in a final sad stand against male pattern baldness. He wore an old camouflage jacket that failed to hide its many stains. It was unzipped, and partially covered a dark shirt draped over a skeleton-thin body. His lower half wore thin, faded jeans that had been through a few thousand washings. His feet were bare, and their, (deep tan matched that of his face and hands.
"That's better," the guy said as we studied each other. His voice was raspy, like he had to strain to push words from his throat. He had a trace of a Slavic accent, maybe Polish. "I've had a lot of wonderings and verbal permutations lately. Call me old-school, but video chat rocks. I want to see who I talk to. Get to know souls, not scripts."
Out of curiosity, I traced his connection. I assumed he'd already done the same to me.
His signal originated out of Chicago, USA. If his proxy comment was true, my trace meant nothing in terms of tracking him down. Given the generous helping of liver spots peeking through his heavy tan, Chicago was not his home turf.
Other indicators of his approximate global position were the thick curtains behind his couch. They were closed, but their edges glowed bright from outside sunlight. Wherever Minotaur was, at my time of night he had the luxury of midday sun and tropical weather.
"Dev Manny, Information Technology Private Investigator," he said. "We've never communed before."
"Never too late to start. I'm checking out what's happened to -"
"I know your intent. You are working to unravel the minds of the Fates and the AnonIT competition. You've fooled yourself into thinking my thoughts can raise yours to a new level, where you will light a candle in darkness and chase out a dragon."
This called for a shift in mental gears. I doubted I could respond with a similar insane-poet's response, so I tried the direct approach.
"Tell me why you entered the AnonIT competition."
Psychiatrist mode should give me information, and time to plan an appropriate follow-up.
"Because I knew I could win."
He looked at me carefully, suspicious now. So much for buying some time.
"You knew of me," he said. "You talked to entropy, and the chaos coalesced into this conversation. You really didn't expect that?"
I didn't answer because I didn't understand the question. I reassessed my position.
I wasn't sure if he was even picking up who I was or what I represented. I'd need a good justification to poke my electronic nose so far into his business. I shuffled through plausible reasons for contacting him, semi-truthful ploys that might get me information I wanted.
"I will open my mind to you. I will tell you what I know," he said.
This would be a pleasant surprise if it didn't make me immediately suspicious.
"That's very nice of you. My job doesn't usually come with free information."
He leaned towards his camera. I got a dermatologist-level view of his sun-damaged, sagging wrinkles. He looked disappointed, like there was an obvious, deep, metaphysical point I'd missed.
"Information wants to be free. This is the point of contests like AnonIT. That's my intent. I unearth information that's hidden by others."
"What information?"
"Doesn't matter. Actual bytes are meaningless. Trapped data needs to be freed. Otherwise, we craft political shackles, life stagnates, civilization grows cold. Freedom, change, and progress are the natural states of things."
I'd heard this argument before, and my natural skepticism rolled its eyes.
"If all information is free," I said, "Wouldn't that, you know, destroy society? Empty bank accounts? Unlock every piece of private property? No home would be safe. Every car would be stolen. Nation-controlled bioweapons and nukes would be free to anyone with the ability to make them. You want complete informational freedom, but you hide behind your seven proxies. It seems like the price of exposing all information... is anarchy."
He grinned at me, a smile containing dark, receding gums and mostly original teeth.
"I'm also a realist. Let's just say I don't support any major political party."
Cute. I'd never before met a militant hippie altruistic anarchist hacker.
"So, what happens now?" I said. "You scratch my back, then empty my Bitcoin wallet?"
"Nah," he waved me away. "You and I, we are solid. I have no desire to destroy society or people. I focus all of my mana on the one thing I do really, really well. Like -"
"Like... Freeing information from the confines of those who would keep it locked away from the natural order."
Saying that sentence exercised brain muscles I rarely used. I didn't know how this guy did it.
"Yeah," his smile was beatific. "You understand."
"Thanks. And I'll take whatever you're willing to tell me."
He did. It was a little more ethereal and symbolic than I needed, but he told me about the hack, and what he did to break in. He told me about the Dante Collection.
First was the name itself.
The "Dante collection" was an informal name, but was derived from the server names where the file collection was stored. Named after the "nine circles of Hell" as written by the 14th century author Dante Alighieri, the network had systems called GREED, GLUTTONY, FRAUD, ANGER, and LUST. With one possible exception, this server farm didn't sound very fun.
Minotaur described the Dante collection as mostly financial reports, credit reports, accounting and payroll databases, customer billing data, and all the usual stuff that any sensible company needs to keep hidden.
The collection was physically located inside of a demilitarized zone designed to provide an extra layer of security for whatever needed protecting. Entrance into the DMZ was via three-factor authentication, with an environment that booted a custom, limited-access virtual machine that was built on-demand and destroyed after each use. The Dante collection was very, very secure.
Minotaur got in, however. Few people would understand the incredible effort he'd gone through to get his result. As Lynx had implied, this ran the spectrum from physical trespass to social engineering to straight up black-hat hacking.
It made we wonder about P@nic. She was good, certainly. But was she this good? She was only fifteen. Did she really have the ability, money, time, and freedom necessary to hack like this? I didn't know. I'd have to ask her.
So I'd better find her.
"Hackers today," Minotaur was saying, "are mostly tourists clustered around a few truly talented beings. The tourists have no vision, no end game, no goal beyond that of exploration. Sometimes that's wonderful, but not with AnonIT. Get far enough, and no mistakes are allowed. Any permutation outside of winning will put you in the same place as the information you're trying to free: You'll be locked up. Every step must be a recursive gameboard eval to find the best of all possible actions. I told P@nic this, too."
Theory was fascinating, but not what I wanted to discuss at the moment. Particularly after he mentioned P@nic.
"Just watch out, okay?" I said. "With your mantra of 'information wants to be free,' you could still hurt people, or have people come after you."
"I observe, then think, then act. I am very careful. I don't need laws to mandate my actions. Not if I'm moral. Unlike the rest of this broken world, I am aware of my impact. I'm responsible."
"That's a fancy way of saying, 'I know what I'm doing.' Famous last words."
"My results speak louder than this conversation."
"How did you help P@nic?"
He shrugged. "I gave him knowledge, enlightened him with technique and method."
As with Lynx, Minotaur had no clue that P@nic was a girl.
"Information wants to be free," I said. "Did you give P@nic the Dante Collection?"
He chuckled. "I tried, but he refused. He wanted to earn it!"
"P@nic completed the AnonIT challenge, and has the Dante Collection. Or had it."
Minotaur's head tilted slowly to the side.
"Good. I'm happy to have edified. But what do you mean, he 'had' it?"
"You didn't run a video chat with P@nic, did you?"
He grinned. "No. He insisted on text. It misses the human element, but is efficient in the right hands."
"P@nic is a fifteen-year-old-girl. Now she's disappeared."
His grin dropped, along with his saintly bravado.
"A girl... She's just a child? I didn't know she was so young. We only chatted. I can send you all the logs."
"Thanks. I'm working for someone who'd like to find her."
"Who?" He leaned forward again, an almost crazed look of interest on his face. "Tell me. Now."
"I'm not like you," I said, realizing that even with his assurances, I didn't trust him as much as Lynx. "Sometimes, it's safer to keep things hidden. Like the name of my client. I can't break that -"
He lunged towards the camera and the video image seizured.
"Tell me!"
The shout overloaded his webcam's cheap microphone, and his voice came sheathed in static, complementing his twisted face.
"We'll agree to disagree," I said. "But I'll contact you when this is over. After I've figured out what happened to P@nic. Call it my thanks to you for getting me this far."
He sat back and looked thoughtful. The emotion purged so quickly, I didn't know if he'd really meant the anger, or if it was just a cheap attempt at intimidation.
"You can't imagine what you're getting involved with," he said.
"All part of the fun," I said. "For example, I know about the 'naked princess.'"
His skin paled under his tan, making him look suddenly frail and sickly.
"You've seen the naked princess?"
"No. But I've heard about it."
"Then you know nothing. Keep it that way."
"Come on," I smiled. "What about information wanting to be free? Can't you-"
"Shut up and listen." His voice was lower, his Slavic accent stronger. "Some things should not be known. By anyone. Some actions should never be taken. This is one of those things. If you hear anything from anyone about the naked princess, get away. Immediately."
"What about P@nic?" I said. "She has the Dante Collection. She might've seen the picture."
He sat back, his posture more relaxed, but his eyes were still intense.
"I didn't say anything about it to her. It lives in the collection, but it's only a few megs tarballed among terabytes. But whether or not she's seen it, if she's got the Dante Collection, she's got the naked princess. I'm telling you, drop her. You don't want to get involved."
"I know what I'm doing. Some of your own philosophy applies to me: I'm aware of my actions. I'm responsible."
He looked at me with scorn and pity.
"You are wrong, kid. Way wrong."