I write blogs; to be precise technical blogs related to hacking. One day I received an email saying “Hey Mr. I need your help. It’s very urgent, CCD @ 7:30 pm.” And a little note at the end “I’ll be there in blue, come in black; I know you will”.
As discussed earlier she was there in blue. I called her and asked her to turn around and told her that I am not in black, I am in brown. What she replied was not only unexpected but very much surprising “Actually, you need to turn around Mr hacker! I am not in your front in blue I am at your back in black.”
And there she was dressed in sleek black jeans paired with a cute top, minimal makeup giving her a natural look. Her jet black hair was cascading down her shoulders giving her a cute look with positive energy radiating off her smile. I’ve to agree that I was a bit impressed with this beauty with brains.
We moved to one of the vacant tables in the corner.
‘So, how can I help you?’ I asked her.
‘I want you to hack a bank.’ she said.
‘If you are done with your jokes can we switch to the main point?’
‘Actually! This is the main point.’ she said.
‘If this is the case, I guess we are done, it was nice meeting you.’
‘So, you can’t?’
‘It’s not about what I can or what I can’t.’
‘It is actually about what I will and what I won’t.’
After saying this, without giving a second thought, I turned towards the exit.
The moment I turned, she held my hand. I turned back with something in my eyes which she couldn’t handle, she left my hand saying ‘Please listen to me once, it will be your call to help me out or not’ she said.
With a “NO!!” I started my journey towards the exit once again.
‘Please, you are my last hope. I have a reason’
‘Okay, but not here.’ with this, I agreed to listen to her.
‘Follow me’ I said and went out of the restaurant.
So, finally, we were at the beach.
When I was pretty sure that no one can hear us I asked her to start.
‘From the very beginning, always the best place to start.’
‘Okay, I met him in the second year of our graduation. Rahul was pursuing engineering in computer science branch, and I was doing the same in electronics branch. He was very brilliant, I must say. We were good friends and sooner than later we walked out as a couple from the college after completing our graduation. We both got jobs. I got placed in a software development company. And he got a job as a server administrator in a well-reputed company which mainly provided support to US-based BANKs, their servers were maintained and monitored by his company. ‘
‘We were in a live-in relationship. Please don’t get me wrong. He belonged to an upper-caste family and I belong to a lower caste. Our families were not ready for the marriage. We were figuring out a way to convince our parents.’
‘If we ignore the marriage thing, everything else was going good.’
‘Okay cool! but, why do you want me to hack the bank?’ I asked her.
‘As I told you his company was taking care of the bank’s server. ‘
‘That means the heart of the bank was with this company, what’s next? Come to the main point’ I interrupted her again.
‘Company terminated him for trying to transfer money from the bank to some other account.’
‘So, what’s wrong in it? He was doing a wrong thing, to be precise a “cybercrime” it was.’
‘Where is he now? In jail?’
‘Rahul is no more.’
She started crying. I guess I was a bit rude to her.
‘Yes, you heard it right. He is no more. He committed suicide before police could take him to jail with a note that he has not done anything. My Rahul was a very honest person. I can believe anything, but I just can’t believe that he could have done something like this.’
‘I am sorry.’
‘But, why do you want to hack the bank?’
‘I want the bank as well as the company to publicly apologize to Rahul on every social media platform. I do not want him to be remembered as a criminal.’
‘Why don’t you ask cyber police to look into the matter?’
‘You mean those assholes, they are good for nothing! Tell me if you can help me out.’
‘And why do you think that I will help you out?’
‘You too hate the bank? Don’t you? I saw your blog against the bank.’
‘So, Mr. Hacker we are on the same ship. Shall we sail together?’
‘Give me a few days, I will let you know if we can sail together.’
Being hacker I can’t trust anything and everything, I need to double-check everyone.
After going through whatever she said and investigating the complete scenario in detail, I found it real. Harsh was an honest man.
And I hated the bank too; for some reasons. So, I called her and said that we can sail together.
What needed next was to discuss the plan of action. We planned to meet again.
No color code this time.
I asked her to tell me what exactly she wanted me to do.
‘We will do what harsh was blamed for.’ She said.
‘But that is not right!’ I interrupted her.
‘Wait!! let me complete. We will return the money once they apologize.’
‘Hacking a bank is not a child game.’ I sighed. ‘It’s not a cakewalk, not sure if we will get success.’
‘So how will we proceed?’ She asked.
First of all, I need all public information about the company as well as the bank. I need to know how they work, what type of people work there, their schedules; in-short from ant to an elephant, I need to know all of it.
I along with her researched everything about the bank and the company to a depth that I can tell you the watchman of this company is suffering from piles and the CEO is gay.
‘The company is using a WiFi along with wire-based internet, that too configured with high-security protocol; can’t say it is impossible to crack the password, but yes! next to impossible.’ I stated as a matter of fact.
‘So, how will you do it?’ She asked me a bit curious now.
‘Not every time we play with codes and computers to hack,’ I smirked.
‘Do you remember the company’s receptionist?’ I asked her.
‘That ugly bitch with a handsome boyfriend who is cheating on her? But how is she relevant to our current discussion?’ She said creasing her eyebrows.
‘Give me some time I will explain to you.’
We discovered this truth while digging information on the employees and even managed to gather some proof against him.
I opened one of my facebook fake account and messaged that receptionist:
Me: Hey beautiful!! your boyfriend is cheating on you.
She: Who the fuck are you and how you dare call my boyfriend a cheater??
Me: Here is the proof. I know you will say that she is his best friend blah blah blah. But baby, I have a video of them that you won’t like to watch.
I send her a picture of her boyfriend with another girl in his arms.
She: Send me the video.
Me: But I need something.
She: What do you want? How much money do you need? And who are you?
Me: Not everyone wants money sweetheart. I’m your well-wisher. I am near your office and just want the wifi’s password, the video is quite big.
She : ***************
I asked Akshita to try connecting with the password given by her and guess what, we are in. I sent her the video which I found from her boyfriend’s google drive.
‘That was so easy!! Isn’t it?’ She said.
For a second I thought to myself “everything seems easy when it is done.” All I could say was ‘Yes, it was.’
So the fact of the matter now is that I am inside their network.
I was just browsing through their system and could see that everything was password protected and needed employee login credentials to move further, I tried everything to bypass the login, but no luck.
Akshita was suggesting me some ways too. She looked more impatient than me.
But after investing a complete day we were still stuck on the very initial login page.
“I have a way but I am not sure whether it will be helpful or not ”
“I have a diary of Harsh where he used to note down important codes and passwords, not sure if it has what you require, but still, you can have a look.”
She handed over the diary to me. Without wasting any more time I started.
Lucky enough, I got Harsh’s login ID and password from his diary. I rushed towards my laptop but unfortunately, it didn’t work.
“All you need is an employee login ID password. Right? Leave it to me. I will get you an ID-Password combination by tomorrow.” She said it with confidence.
” But how will you get it? It’s not a joke.”
“There are a few things which only girls can do Mr. Hacker. See you tomorrow with the password.”
“And as you said ‘Not every time we play with codes and computers to hack’.”
It was decided that we’ll meet the next day.
She came back the next day and handed over the ID password of an employee who drinks too much.
The case was very clear. I was staring at her.
“Hey you, don’t think as I slept with that asshole or something, I just asked him to write his ID password when he was drunk.”
Meanwhile when she was explaining what all happened I checked the password and unfortunately, it was not working.
“I guess your beauty added something more to the wine that he wrote the wrong password,” I said it sarcastically.
“Wait!! what? Is it not working? What will we do now?”
Before I could say anything she continued “Why don’t you go to the CEO he is gay and you are hot, he will like you and will give you everything you want.”
Though I wanted to slap her. But she looked so cute when she was saying all this.
“I will find out away. See you tomorrow” We left for the day after saying so.
That day I worked all night and was successful in hacking CEO’s email and luckily it was the same email-password combination that he was using in the office.
I met her the next morning and I told her that I got the login ID and password of the CEO.
“You went to that gay” She started laughing like a small girl with a smile that anyone will fall for her.
Breaking her laughter. I explained to her what all I did.
“So what are we waiting for? lets hit the bank.”
There is one problem, we still need OTP to proceed password.
And that appears on CEO’s phone whenever he logins.
“I am trying to bypass it but not sure how much time it will take.”
After a few hours of struggle, she suddenly popped up like a WhatsApp message with an idea.
“As per our research that CEO goes for a morning walk every day. I can try to ask his cell phone to make a call and in the meanwhile will share the OTP with you by a hidden mic.” I do not know if we were going to be successful or not but one thing I knew for sure that I was falling for her with the beauty as well as her intelligence.
Next morning everything was set to hit the target, she was loaded with the micro camera on her shirt button which was indeed connected to her mobile to capture the code from CEO’s phone’s display and also with a micro Bluetooth headset.
She was there in the park. I was at our self-made lab near the company, where we get the company’s wifi signal in good strength ready with the login page.
“Can you please go near that brown bench to your left,” I asked her.
She moved there and asked me “Why did you ask me to come here?”
“Look at your front and tell me what can you see?”
“A girl in the blue top.”
“Isn’t she pretty? I should start the morning walk soon. I thought only old people go to morning walk” She moved to a different direction after that. Not sure it was her jealousy or attentiveness towards the work. I was enjoying either case.
Unfortunately, after waiting for a couple of hours we got to know that the CEO is not well and he won’t be showing up to the office as well as the park. Indeed disappointing!
We waited for him for a few more days but he didn’t come. ‘What’s the use of being a hacker if I am not able to bypass an OTP check?’ This thought was continuously hitting me up. And finally, my mind said, ‘it’s the time for the action’.
“I have an idea.” Akshita was again back with her unending ideas.
“Why don’t you try all the possible numbers?.”
“Great idea girl,” I said it with sarcasm dripping off each word.
“So, basically, a one-time password (OTP) is a password that is valid for only one login session or transaction, on a computer system or other digital device. It could be any number of digits. It is 10 digits in this case.” I was explaining to her.
“So what’s the problem? Try all of them.” I was like ‘Oh really’.
“And how many OTPs are possible in this case?” I asked her.
After 5 minutes and after playing with a pen, paper and lastly with the calculator, in a very low tone taking her eyes away from me, she said “ten with nine zeroes”.
“Which means it could be any number of 00000000001 to 10000000000. Right?”
“Yes, right!! ”
“So, do you want to guess the OTP?” I asked her.
“Okay cool, I know I acted a bit dumb but I am not.” She replied. And her cuteness was killing me again.
Getting back to the work because 10000000000 were possible combinations and being a human I can’t try all of them and it might result in me being blocked after a few wrong attempts.
“Time to let in the brute-force attack”
“What is that?” She asked.
I didn’t realize, I was a bit louder when I said it.
“A brute-force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. And the target is hit by all the possible combinations.”
“Sounds great. Then what are we waiting for? Lets hit our target.”
“But, most probably they must be using measures to defend against brute force attacks.”
Limiting the number of times a user can unsuccessfully attempt to log in.
Temporarily locking out users who exceed the specified maximum number of failed login attempts.
Or blocking the IPs. ”
“These are possibilities, right? We are not sure. So let us try” Akshita seemed restless
I launched the brute-force attack on the login panel, and I was not surprised when my IP was blocked for exceeding the number of times a user can unsuccessfully attempt to log in.
You can’t go back when you have invested so much of time and skills on something without completing it. But the question was “how?”
Finally, after investing hours I found out away. So, IP was getting locked after every 3 wrong attempts. What if I change the IP after every three attempts. So this was the plan which needed to be implemented. With few scripts and after performing some tweaks in the brute-force tool. I got my Lion ready to hunt.
As always she was ready to hit the bank.
For me, she became the perfect example of love over money. She was doing it for the love of her life who is not even alive.
Finally, I launched the brute-force attack. Within seconds I successfully logged in.
There were so many servers and many other things which needed a detailed investigation in-depth and which was going to be time taking. I asked her to go and have some rest. She left and with a cup of coffee, I started breaking the layer of security one by one. Finally after having 15 cups of coffee and performing 12 hours of hacking I was able to transfer all the money to a foreign bank account.
I called her and she was in the lab after a few minutes. She was on cloud9 when she came to know that mission is successful. So as planned we called the bank CEO’s and asked him to apologize Harsh on every social media platform. At first, he dropped the call but within seconds he called back and said he is ready to apologize whomever we want and pleaded us to return the money.
Within a couple of minutes, we saw an apology post on every social media platform.
“So, its time to return the money, do you want to keep 5-10 % of the money?” I asked Akshita jokingly.
“I want all of them” She started laughing too.
“So here we go…” I was about to hit the transfer button then suddenly I felt something over my head. I turned back and saw someone pointing the gun at me.
“I said I want all of them, Mr. Hacker.” It was Akshita with the gun.
You impressed me, Mr. Hacker. I wish I could leave you alive.
“Don’t worry I won’t kill you so fast I would let you see how I will transfer all the money from this temporary account to my account. Give me the login Id and password.”
“Be fast Mr.hacker!! I don’t like lazy peoples”
Though I wanted to kill her right there, I was helpless.
“ID is Hack009”
“Tell me the password.”
“I said tell me the password or I will shoot you right here”
“You can never hack a hacker” I replied.
“I asked you for the password not for shitty quotes and for your kind information you are hacked, Mr. Hacker.”
“‘You can never hack a hacker’ this is the password”. I replied to her.
She started laughing when she heard it.
After typing the password when she pressed enter. There was something written in a very small font. She zoomed on the page and she started reading it.
” Harsh is not dead. Turn back, sweetheart.”
“The moment she turned back she saw Harsh standing just behind her with a gun pointed at her.”
“You are not dead my love. I love you so much” Akshita was trying to convince him.
“Stay away bitch or I won’t mind shooting you right here, you valued money more than love”
“Game is over Mrs. Hacker police will be here in no time to arrest you.”
“But how will you prove it, Mr. Hacker, that it was me behind everything.”
“Well Akshita, I know you tried your best to hack the bank using Harsh’s logins. But you missed the last step of hacking you didn’t erase the logs. Which I encountered during my detailed investigation of the server. And at that time only I informed the bank and made one dummy bank login page. To be precise I never hacked the bank. And along with that, If you can look up and see the camera which has recorded everything you did and said.”
“I know you will be having so many queries. I will let you know everything before they come and arrest you. Harsh came to me when he received that notice from the company. He told me everything. I asked him to go underground and that suicide and all was a piece of fake news. Before I could investigate further. You appeared. Harsh was very happy when he saw you fighting for him against the bank. But in the end, we found you valued money more than love.”
“Who are you?” Akshita asked me.
“I am one of the assholes who you think are good for nothing.”
“Yes, Cyber Crime Investigation Lead.”