Cars were sliding around now on the slippery streets, even more horns
were honking. I kept thinking,
Any minute she’ll notice the horns and start
asking questions
. But if she heard any of it, she must have thought it was
just traffic sounds outside my office window; she didn’t say a word about it.
At the end of the lesson, we had a three-megabyte file that contained not
only the latest source code but also a copy of the server’s “/etc” directory,
which included, among other things, a copy of the password file with every
user’s password hash. I asked Alisa if she knew how to use “FTP.”
“File transfer program? Sure,” she answered.
She already understood that FTP would allow her to transfer files among
computer systems.
At this point I was kicking myself in the
butt for not being better
prepared. I had never expected to get this far in such a short time. Now that
Alisa had found the latest release of the source code and compressed it into
a single file, I needed to walk her through the steps required to send me the
file. But I couldn’t give her one of the hostnames I was using, and
obviously I didn’t have a hostname that ended in Motorola’s “
mot.com
.” I
thought of a work-around: thanks to my knack for remembering numbers, I
knew the IP address of one of Colorado Supernet’s servers, named “teal.”
(Each reachable computer and device on a TCP/IP network has its own
distinctive address, such as “128.138.213.21.”)
I asked her to type in “FTP,” followed by the IP address. That should
have established a connection to Colorado Supernet, but it kept timing out
on each attempt.
She said, “I think this is a security issue. Let me check with my security
manager about what you’re asking me to do.”
“No, wait, wait, wait,” I said, more than a little desperate. Too late: I
was on hold.
After
a few minutes, I started feeling pretty nervous. What if they
hooked up a tape recorder and began recording me? By the time Alisa came
back on the line some minutes later, my arm was getting sore from holding
the cell phone.
“Rick, I just spoke to my security manager. The IP address you gave me
is outside of Motorola’s campus,” she said.
I didn’t want to say any more than was absolutely necessary, just in case.
“Uh-huh,” I answered.
“Instead my security manager told me I
have to use a special proxy
server to send you the file, for security reasons.”
I started to feel a great sense of disappointment, thinking,
That’s the end
of
this
little hack
.
But she was going on: “The good news is, he gave me his username and
password for the proxy server so I can send you the file.” Incredible! I
couldn’t believe it. I thanked her very much and said I might call back if I
needed further help.
By the time I reached my apartment,
the complete source code for
Motorola’s hottest new product was waiting for me. In the time it had taken
me to walk home through the snow, I had talked Alisa into giving me one of
her employer’s most closely guarded trade secrets.
I called her back a number of times over the next few days to get
different versions of the MicroTAC Ultra Lite source code. It was like the
CIA having a mole in the Iranian embassy who didn’t even realize he was
passing on information to an enemy of the state.
If getting the source code for one cell phone had been that easy, I started
thinking, maybe I could somehow get into Motorola’s development servers
so I could copy all the source code I wanted without needing help from
Alisa or any other cooperative employee.
Alisa had mentioned the
hostname of the file server where all the source code was stored: “lc16.”
On a long shot, I checked the current weather in Schaumburg, Illinois,
where Motorola’s Cellular Subscriber Group was located. And there it was:
“The snowstorm that began yesterday will last through tonight and into
tomorrow, winds gusting to thirty miles per hour.”
Perfect.
I got the phone number for their Network Operations Center (NOC).
From my research, I knew that Motorola’s security
policy for employees
dialing in from a remote location required more than just a username and
password.
They required two-form-factor authentication—in this case, that
included using the SecurID described earlier,
a product from a company
called Security Dynamics. Every employee who needs to connect remotely
is issued a secret PIN and is given a device the size of a credit card to carry
with him or her that displays a six-digit passcode in its display window.