Chapter 4:// God of Mischief
From his vantage point at a coffeehouse, Brian Gragg gazed across the street at the darkened windows of a French provincial mansion. The lush River Oaks section of Houston's Inner Loop had more than a few of these aging beauties, restored and pressed into service as quaint professional buildings. They sheltered doctors' offices, architectural firms, law firms-and branch offices of East Coast stockbrokers. It was this last species of suburban tenant that attracted Gragg. They were the weakest link in a valuable chain.
One of the brokers there had installed a wireless access point in his office but failed to change the default password and SSID. Better yet, the broker couldn't be bothered to shut his machine off at night.
Gragg glanced down at his own laptop and adjusted a small Wi-Fi antenna to point more directly at the office windows. The broker's computer screen was displayed as a window on Gragg's laptop. Gragg had compromised the workstation days ago, first obtaining a network IP address from the router, and then gaining access to the broker's machine through the most basic of NetBIOS assaults. The ports on the workstation were wide open, and over the course of several evening visits to the caf, Gragg had escalated his privileges. He now owned their local network. Clearing the router's log would erase any evidence that he had been there.
But all that was child's play compared to how he would use this exploit. In the past year, Gragg had evolved beyond simple credit card scams. He no longer prowled bars passing out portable magstripe readers to waiters and busboys and paying a bounty for each credit card number. Gragg now stole identities. His buddy, Heider, had schooled him on the intricacies of spear-phishing. It opened up a whole new world.
Gragg was using the broker's workstation to conduct an e-mail campaign to the firm's clientele. He had cribbed the phony marketing blather and graphics from the brokerage's own Web site, but what the e-mail said was irrelevant. Gragg's goal was that the phish merely view the message. That was all it took.
Gragg's e-mail contained a poisoned JPEG of the brokerage logo. JPEGs were compressed image files. When the user viewed the e-mail, the operating system ran a decompression algorithm to render the graphic on-screen; it was this decompression algorithm that executed Gragg's malicious script and let him slip inside the user's system-granting him full access. There was a patch available for the decompression flaw, but older, rich folks typically had no clue about security patches.
Gragg's script also installed a keylogger, which gave him account and password information for virtually everything the user did from then on, sending it to yet another compromised workstation offshore where Gragg could pick it up at leisure.
What sort of idiot hung the keys to his business out on the street-and more than that, broadcast a declaration from his router telling the world where the keys were? These people shouldn't be left home alone, much less put in charge of people's investments.
Gragg cleaned up the router's connection log. More than likely the scam wouldn't be detected for months, and even then, the company probably wouldn't tell their clients. They'd just close the barn door long after the Trojan horses were gone.
So far, Gragg had a cache of nearly two thousand high-net-worth identities to sell on the global market, and the Brazilians and Filipinos were snapping up everything he offered.
Gragg knew he had a survival advantage in this new world. College was no longer the gateway to success. Apparently, people thought nothing of hanging their personal fortunes on technology they didn't understand. This would be their undoing.
Gragg finished his mocha latte and glanced around the coffeehouse. Teens and kids in their early twenties. They had no idea he was raking in more than their corporate executive fathers. He looked like any other punk with long sideburns, a goatee, a winter cap, and a laptop. He was the kid you didn't notice because you were sick of looking at him.
Gragg shut down his laptop and pulled a bootable flash drive from one USB port. He took a pair of needle-nose pliers and crushed the tiny drive like a walnut, tossing the pieces into a nearby trash can. The evidence was now destroyed. His laptop hard drive contained nothing but evangelical tracts. In the event of trouble, he would look like Jesus's number one fan.
Just then his cell phone played the Twilight Zone theme song. Gragg tapped the wireless headphone in his ear. "Jason. Where you at, man?"
"Corporate restaurant #121. I'm just about done. What's your ETA?"
Gragg glanced at his watch. A Tag Heuer. "About thirty minutes."
"Don't be late. Hey, I logged sixteen more open APs uptown at lunch."
"Put 'em on the map."
"Already done."
"I'm on my way. Meet me out back."
Gragg glanced around at people getting into their leased cars to drive back to bank-owned homes. They were cattle. He viewed these oblivious drones with contempt.
Gragg headed «uptown» to Houston's West Loop-a cluster of skyscrapers just west of the city center that served as a sort of second skyline for people who felt the first one was too far away. Gragg's partner, Jason Heider, worked as a bartender in a corporate chain restaurant in the Galleria-close by the indoor ice rink.
Heider was thirtyish but looked older. Back during the tech boom, he'd been some sort of vice president at a dot-com. Gragg met Heider in an IRC chat room dedicated to advanced cracking topics-authoring buffer overruns, algorithms for brute force password cracking, software vulnerability detection, that sort of thing. Heider knew what he was talking about, and before long they were dividing the work required to eavesdrop on Wi-Fi in airports and coffeehouses, stealing corporate logons where possible. They both shared a keen interest in technology and information-the tools of personal power. Heider had taught Gragg a lot in the last year. But nothing lately.
Also there was Heider's recklessness. Heider had recently lost his license from a DUI and almost sunk them both by having his laptop in the car at the time. Gragg was starting to watch him more carefully and disliked leaving him alone on a Saturday night for fear his indiscretions would get them both arrested. Fortunately, Gragg had never confided his real name to Heider.
Gragg reached the mall parking lot and circled around the bland tiers of stucco. He parked near the west entrance and waited. Heider eventually straggled out to the parking lot with a cigarette hanging out of his mouth. It was a cold autumn night, and Heider's breath smoked whether he was exhaling smoke or not. He wore a surplus M-65 jacket that had seen better days. The guy looked particularly pathetic as he trudged toward Gragg's car. Gragg thought it would be a mercy to run him down. Heider was a shadow of himself-as he often admitted. He took a last puff of his cigarette, tossed it, and got into the car.
"Hey, Chico. Where's the rave?"
Gragg gave him a once-over. "You carrying?"
"No, man. Well, just some crank."
"Jase, dump that shit out now, or you can walk the fuck home for all I care. I've got a gig tonight, and I don't need a canine unit giving the cops probable cause."
"Christ, would you relax?"
"I don't relax. I stay focused. Friends don't let friends do drugs-especially when those friends can turn state's evidence."
"All right, man. Enough. I get the fucking idea." Heider turned the dome light switch off, then opened the car door and tossed a small ziplock bag onto the asphalt.
Gragg started the car and pulled away. "Your brain is your only valuable tool, Jase. If you keep trashing it, you'll be worthless to me."