The Ghosts Inside - Horror Stories 2015

October 26, 2015, Joseph Hesse, Director of Penetration Testing

By 8 p.m. the donuts from the previous day had gone stale, what was left of them anyway. There was the eerie feeling of spirits in the night mist tonight. It was late October and the chill was thick with Halloween. You could smell it in the haze. I consider myself quite tough, but when you are a ghost it’s always a little… spooky.

The guys who work at night are my gateway in. And a new guy in finance named Corey was my ticket. The phishing email came through the spam filter without any regard for defenses. It was a banking phish. Flawless in its own right. A thing of beauty. There were employees working around the clock so someone was bound to fall for it. Corey was one of them.

About an hour after he submitted his credentials he received a notice from the security team alerting everyone that it was a phishing attack and that anyone that had fallen for it should contact them immediately.

He never would.

They would get mad and possibly fire him, right? He decided he would just reset his password and no one would have to know about the indiscretion.

This time, though, the old password didn’t match. He tried again. The slight ere of panic in his eyes was intense. He was still logged into the workstation so not all hope was lost. A moment of relief. He could just email Helpdesk tell them everything that happened and everything would be fine. Outlook disconnected. He locked his computer and disappeared for a few minutes, perhaps a cigarette to take his mind off the madness filling his brain.

He returned to his desk to unlock his computer and right before he went to unlock it, he realized his mistake. He had to make the call. The ultimate ego killer. He had to tell someone what he had done. There were no two ways around it. He contemplated the options but before he could the phone rang. The caller id said Helpdesk. With the sigh of a man who has to make a testament, he picked up the phone.

“Corey this is James with Network Security. We saw some activity on your account after you submitted your information to that phishing email and I’ll say it was a little too much for the SIEM to ignore and it locked your account proactively. We are confirming the activity now. If you haven’t had lunch now would be a great time to take it.”

“Oh, Thank you I was just getting ready to call... Sure – I’ll go take lunch. I’m not in trouble am I?”

“Nope that is why we are here. And after seeing what this guy was pulling, you would be if you actually tried. Ha!” 

”Ha!” Corey nervously shuttered, “Well call my cell when you know something.”

“Will do. Thanks Corey.”   

“Thanks, James.” And Corey stood up and walked away from his computer – just like James suggested – thinking about how great James was, and how great his company was for being so active with their network security. Unfortunately, that wasn’t it at all. The truth is, “James" had been creeping around this network for weeks.

James was a ghost like me. Because James was me – a part I needed to play, the part that got me Corey’s password and bought me a little time. Corey’s access to their corporate bank accounts was the last piece of the puzzle, and I was about to walk away with their entire organization’s bankroll. I had been waiting for weeks for this opportunity, silently creeping around the network and learning. I would occasionally taunt and distract the network admins with spam and watch how they reacted. At one point I got a little hasty and they thought that they’d caught me. I’ll admit I was a little spooked. But like I said, when you are a ghost, it’s always a little … spooky.    


Learn more about Coalfire Labs:
Penetration Testing
Vulnerability Scanning & Assessments
Social Engineering
Application Security

Read our other IT Security Horror Stories:
The 100 Million Dollar Getaway
The Ghosts Inside
Breaching a bank in 20 minutes

Past Horror Stories
Truth is SCARIER than Fiction Redux
Is your Network an Unsegmented Haunted House?
Digging your own grave with Default Credentials
Slow Network, Big Phish
The Case of the Phantom Blood Red Team
A Tale of Spooky Hosted Images
Ghost in the Machine
Tale of the Fake IT Rep
Truth is Scarier Than Fiction
The Case of the Phantom Technician

Joseph Hesse

Author

Joseph Hesse — Director of Penetration Testing

Recent Posts

Post Topics

Archives