Alice pays John Doe a visit. This is the mid-season finale of The Hacker Chronicles. The Hacker Chronicles will return with all-new episodes on September 5.
Alice pays John Doe a visit.
This is the mid-season finale of The Hacker Chronicles. The Hacker Chronicles will return with all-new episodes on September 5
The Hacker Chronicles
Presented by Tenable. Learn more at Tenable.com/Alice
Vote for The Hacker Chronicles in the 2nd Annual Signal Listener's Choice Award.
---
Credits:
Starring Michael C. Hall as John Doe
And Chloe Taylor as Alice
Executive Produced by Michael C. Hall, Jerome Robert, Skyler Schmanski and Ian Faison
Directed by Rex New
Written for Audio by Rex New, Jerome Robert, & Skyler Schmanski
Story based on the Novella The Hacker Chronicles created by Jerome Robert and written by Skyler Schmanski
With
Nicole Britton as Katie
Levi Squier as Tech Support and American Tech Support
Skyler Schmanski as the host of the Tenable Research Podcast
Zoe Zuidema as the guest on the Tenable Research Podcast
Nick Fyrsting as the Cyclist
The Hacker Chronicles is produced by Caspian Studios.
Produced by Taylor Brim & Rex New.
Produced by Dane Eckerle
Supervising Creative Producer: Landon Pontius
Sound Design and Mixing by Dan Scott
Associate Producer: Mark Wolf Roberts
Dialogue Editing by Nick Canepa and Scott Goodrich
Production Support by SJ Nichols, Bradley Glanzrock, Jon Libbey
and Dani Godard.
Marketing Support from Dino Pasalic, Kyle Rusca, Dylan Langlois and Rockable
Additional Production Support provided by Echo Mountain Studios
Alice (00:02): How do you find a man who's taken every precaution to erase his digital existence? It's simple. You do a Google deep dive on his wife Lindsay. Lindsay is a public relations executive for a large firm in Copenhagen. She's also a philanthropic soul. And in the second hour of your deep dive, you discover a photo of Lindsay receiving an award eight years ago from a Danish charity and who's by her side, her loving, supportive husband, Dmitri, or as you call him John Doe. You've waited more than a year to put a face to that name. So you head to Copenhagen, you spend an entire day outside Lindsay's office building, and then you spot her. You follow her as she takes the winding metro home from work to a neighborhood called Amah, or as some Copenhagen residents call it, shit island fitting from there. You rent a van, you drive every morning to shit island, and you watch Dmitri.
(01:05): You realize he's taken a lot of precautions in his digital life, but in the real world, the world without ones and zeros not so much at home. He's comfortable. He has no security system, no cameras. Hell you can even see into his home office from the street. And you realize he feels safe here sitting in his ergonomic office chair, lording over his castle on shit island. But your biggest surprise is how little time it takes to memorize a person's routine. It's like those old Nintendo games where the guard paces the same path every 30 seconds till you put a knife to his throat. Turns out life is not all that different. And so you simply watch for four days, you sit in your and watch Dmitri has no idea. You're right outside his home, continuing to work for him. And while you do your work, you learn his routine to the minute he's home alone from eight to three, and at two 15 he goes on an afternoon run.
(02:08): It lasts 25 minutes. These 25 minutes are the window you have to execute. Step one of your plan. You'll break into Dmitri's house, get into his office, and put a device called a key logger into a U S B port on the back of his computer tower. He'll never notice it and he'll never notice it. Tracking every single keystroke he types into his computer. And he's so comfortable in his castle that he'll never ever notice you in a van right outside collecting the data you need from the key logger's, hidden wireless network, you'll run a series of scripts to isolate repeated patterns. You'll learn his usernames and passwords as long as he doesn't store them in the cloud. And then you'll begin step two of your plan. But it's step one that scares you the most because though you're confident in your plan, there's one thing you can't account for. When you snuck onto a 400 meter container vessel, an insider got you on board, his key card could get you anywhere you needed to go. But for this operation, you're on your own. You'll have to pick a lock in a busy residential neighborhood in broad daylight. If you're caught game over, forget ever reaching. Step two, you'll have much bigger problems.
(03:28): So you tell yourself one step at a time, pull this off and you'll begin to learn who Dmitri really is. You can discover why he's had you working night and day to hack the businesses of Andre Novikoff. And most importantly, you'll learn the secrets that can guarantee your freedom. Okay, wallet, phone. Where are my keys? Shoot. Hey Katie, have you seen my van keys? Mm.
Katie (04:37): Maybe they're on the keys.
Alice (04:41): Ah-huh. I get what you're trying to do, but I really gotta get to work.
Katie (04:44): Yeah, well, I'm just saying. I mean, we booked an Airbnb with a piano
Alice (04:53): I don't even know. I definitely haven't played here in Europe. Ugh. Ugh.
Katie (04:59): Well, may the deity of your choice, bless you, right?
Alice (05:06): Ugh. I think there used to be dogs in here.
Katie (05:10): Maybe you should make an offering to the deity. Let's say if you play one song on the piano, your allergies will go away.
Alice (05:21): Okay. I'm not sure that's how it works, but I'll keep that in mind. Maybe after work. Oh my god, my keys were right here in the backpack. Cool. All right, time for this pen. Test.
Katie (05:35): Every time you say that, I just keep imagining you sitting in that van testing out little pens.
Alice (05:43): Yeah, it's short for penetration test. Hmm. So essentially I'm pretending to hack our client and seeing if they're vulnerable to a real attack. Oh. So like every single thing I do is based on the principle that I'm undetected by my client. Hence the van and the keys. They won't even know I'm there, but I'll be back by four. And then we do the design museum, right? Yes.
Katie (06:08): Yes. I am so excited. They have an entire wing of chairs. It's like literally floor to ceiling chairs. My cousin Molly told me that it's life changing. She went there like two years ago, and when she got back to London, she immediately started replacing all her furniture. She said she's never felt calmer. Mm-hmm. Even the furniture in this country is designed around your wellbeing.
Alice (06:38): I wish they would vacuum it between guests.
Podcast Host (06:50): Welcome back to the Tenable Research Podcast. I'm here today with Alexa Brimm, a member of the Climate Change activist group, Noma Fayez, who took part in the recent protests that shut down the Port of Valencia. Now, Alexa, a few weeks ago, your group's website was hacked and your founder's Crypto holdings were stolen. But 48 hours ago, things changed for you when you woke up to an email from an account that authorities have confirmed is registered to the Hacking Collective Electronika. Walk us through what happened.
Podcast Guest (07:20): Yeah. Uh, Electronika sent an email threatening to release my personal information if I didn't pay them $400,000 in six hours.
Podcast Host (07:33): Six hours?
Podcast Guest (07:44): Yes. Six hours.
Podcast Host (07:46): And did you pay them?
Podcast Guest (07:47): What do you think?
Podcast Host (07:48): Right, right. Um, well anyway, uh, after you refused to pay this absurd ransom, your social security number, your bank account information, your home address, all your usernames and passwords were released. That's not exactly-
Alice (07:54): Jesus, Electronika publishing all that personal information online, just because some people protested a port for a few hours. That's disproportionate. Okay, let's pull out the binoculars and see what Dmitri's up to. Well, well, well, if it isn't the same old routine, that's how I'm gonna get you Dmitri because you're just a regular John Doe and leaving your office right on cue. Okay. Got the wireless key logger in my hand. This will track everything. John Dimitri types on his computer plugging this in to test it one last time. No surprises. And the key logger's wireless network is working. Got the lock pick. And we're good. Okay. Alice, you've watched this man for days. You haven't missed a single thing contrary to appearances. This is not a honey bot. Okay. Get through step one and then in a few days, step two. Shit. It's okay. Just do it. Just do it. All right, here we go. Okay. Deep breath. Just be present. You can do this. Ooh, hands are shaking. Okay. One step at a time.
(09:49): Okay. Time to pick a lock. Abel10, look casual. Alice, look casual. Oh, whoa. Ah, just chill out. They're not worried about you. What the–
Biker (10:09): Hey!
Alice (10:11): Ignore him. Ignore him. Hey, what do you want, dude?
Biker (10:16): Uh, I just wanted to know if you had a light?
Alice (10:17): I don't smoke. Just keep cycling.
Biker (10:22): Okay. Geez.
Alice (10:23): Focus Come on. Come on, Alice. Hurry up. No, no. Let's not turn it to the right. Okay. Yeah, that's looking. No. Oh yeah. Oh my God. Holy shit. I'm here in his house. Oh. But it's just so normal. So nice family stuff here. Some paintings, family photos. Dmitri, his wife, Lindsay, their son. Cute. Normal family here. I thought he'd be sporting bad skin in a ponytail. You really never know people do you, oh, what have we got here? A chalkboard painted on the wall with everyone's schedule for the day. Very white kitchen appliances. Ugh. It's like I'm inside an IKEA ad. Super hugger. God, how much more normal can you be and still no security systems. He's comfortable. Vulnerable. We are good. The office is just down here… And it's unlocked. Come on dude. At least try. Okay, I'm in in, John doe's office. Dmitri's office. Dmitri's office. Dmitri. He thinks he's impenetrable. So did I once Dmitri, you're still rocking a wired mouse and keyboard. Can't have any lag from a wireless connection. I feel your pain, but man, you take precautions in all the wrong places. Whoa, I didn't see this from the window. That is one hell of an old school gaming collection. You are a nerd. Dmitri. N e s og. PlayStations, I guess. Saturn. Wow. He's actually got one redeeming quality.
(12:48): Oh my god. What was that? Okay,
Tech Support (14:54): Hello.
Alice (14:55): Hey, um, listen, I've got an emergency, uh–
Tech Support (14:58): Unfortunately Abel, I won't be able to help you. I am ending my shift for today, and it looks like I forgot to log out of the software. Uh, not that my actions matter.
Alice (15:09): No, no, no. Can you stay for like five more minutes? You know, if it doesn't matter. Anyway–
Tech Support (15:14): I, I can't Abel, I have a ceramics class. I'm transferring you now.
Alice (15:24): Oh, come on…
Tech Support 2 (15:30):
Alice (15:36): Hi. Uh, yeah, famous. I don't know.
Tech Support 2 (15:39): Yeah, the one who got Frank to go on vacation. You got him out from behind his computer for a few days. I mean, even though it didn't really work. I mean, if you thought he was a Debbie Downer before…
Alice (15:51): Wait, I'm, I'm confused. Do you guys work in an office together?
Tech Support 2 (15:55): Yeah. Rooney, he's just a few cubicles down. We don't actually live too far from each other either. Yeah, I see him in town all the time and he's, he's always just by himself. He, his deal is, you know, he is just so you know, like, you know, I tell you what, I wish we could get electronic to hack Frank's mainframe and search some happiness malware. I know.
Alice (16:16): Um, yeah, to be honest, um—
Tech Support 2 (16:19): Random thought. Do you think Frank's that close to anyone? Does he like, have any friends? How is he anyone's emergency contact?
Alice (16:28): Hey, listen, I—
Tech Support 2 (16:30): No, no. Hold on. Let me pick your brain about something. You know, his birthday's coming up and we do this thing in the office where we do a random gift exchange for people's birthdays. And you know, this month I drew Frank.
Alice (16:43): Yeah, listen, I have a real emergency here. I really don't have time to gossip about Frank.
Tech Support 2 (16:48): Is it a real emergency or are you just trying to get me to stop talking because, uh, you know, we, we both got emergencies.
Alice (16:56): Okay. Um, tell you what, I'll help you pick out a present for Frank if you help me. Plus this is your job…
Tech Support 2 (17:04): You got yourself a deal.
Alice (17:06): Okay, let me explain here. Um, I'm doing a pen test for a client. It has two steps. Both are in-person penetration. I've already broken into their physical perimeter and put a hardware key logger on my target's desktop computer. That was step one. And now I'm receiving all the data I need wirelessly, usernames, passwords, et cetera.
Tech Support 2 (17:24): Well, you're talking to the right guy because boy do I love a good old hybrid pen test. You know, our clients are doing less and less of them. It's so old school, man. I am pumped right now. Uh, sorry. Sorry. You're onto step two. Uh, break it down for me.
Alice (17:39): Okay. So I wanna get into his master server and dump his data.
Tech Support 2 (17:43): Got it. And do you have the server's address and his passwords?
Alice (17:47): Yes. I've isolated all his credentials from the key logger's feed, but I still can't connect his server systematically rejects my connection temps and returns a not white listed error, which leads me to assume that the server only accepts incoming connections from a predetermined list of ipss. And of course, the IP of my V P N is not on this white list.
Tech Support 2 (18:07): I'm gonna stop you right there. Another question you're about to ask me, Abel, and I am gonna answer it for you. There's no other way to access that server, but to add your IP to that white list.
Alice (18:20): Okay. How, how?
Tech Support 2 (18:22): Well, it's easier than you think actually, but you are gonna have to go back there in person. You know, you've already done that once. So, hey, easy peasy. Once you're there, you log onto his computer and install our malware kit. And after that, the job's done. You get out, you go home, relax, access his computer, ah, see what's on his, uh, games folder. And uh, you know, you wait until drum roll please, until he logs onto his master server, which brings you to step three. Once he does that, there'll be an established connection between his server and everything that's on his local desktop machine, including your malware. You'll have to be quick though, 'cause your window of opportunity will close as soon as your target shuts down. Is the computer connected to a server? Seriously, though, no worries. Yeah. You'll leverage your malware's access to the server to modify the white list. That's a sample. Just send a few command lines to the server to browse its file system and identify the white list config file. It's gonna be easy to find. There's absolutely no reason to hide something like that. And, uh, once you found it at your VPN's IP to the white list, and because your malware has all the privileges of your target's home desktop, that shouldn't be an issue. Like I said, easy peasy.
Alice (19:42): Okay, but you don't think he'll notice there's another IP address on the white list?
Tech Support 2 (19:47): Uh, we're we're talking about the digital equivalent of spring cleaning. Even if he does check at some point, it's probably not gonna be any time, soon. Enough time for you to get in and out and erase all steps of yourself. Any more questions?
Alice (20:04): No. Uh, I think I got it.
Tech Support 2 (20:06): So, uh, let's do my thing now. So Frank can't think of what to get him. I keep thinking I should buy him sunscreen, but that seems kind of mean.
Alice (20:15): Oh yeah. Not, not cool. He's a really nice guy.
Tech Support 2 (20:18): Exactly. He's awesome. I I just wanna do something nice for him, right,
Alice (20:26): So, okay. You said you two live near each other, right?
Tech Support 2 (20:30): Yeah. Same neighborhood. Yeah. I I I see him out sometimes alone. Yeah. I, I'm really struggling with this. I mean, I mean, the guy doesn't think anything's real, and that really limits you when you're shopping.
Alice (20:46): That is tough.
Tech Support 2 (20:47): Exactly. He, he thinks we're all NPCs and I'm just giving him currency in this game. We call life
Alice (20:54):
Tech Support 2 (20:56): Uh, I have to, you know, it's, it's a work thing. It's on our Google calendar.
Alice (21:01): No, that's not what I mean. You said it yourself. Make him your emergency contact. Frank's mine. You two live near each other. We both know he's super reliable.
Tech Support 2 (21:14): What if he says no?
Alice (21:15): No, no one ever says no because making someone your emergency contact isn't a real thing. It's not like people actually use him, but when someone asks you to be their emergency contact, it means they trust you. Like with big things.
Tech Support 2 (21:32): You nailed it.
Alice (21:35):
Tech Support 2 (21:38): Oh, ah, crap. Um, I got another call. Abel, duty calls. Good luck getting into that server. Now that you need it. Peace out. Ableton.
Alice (21:46): Peace out. That next day, I broke into Dmitri's house again. I added my v p n to his white list. And well, you heard what Frank's coworker told me to do, and it was just as easy as he said it would be. Now it was time to learn everything about the man who'd been blackmailing me for the last year of my life. Maybe shit island wasn't so bad after all.
Credits (22:27): Thank you for listening to the Hacker Chronicles. The Hacker Chronicles will return with all new episodes on September 5th. Make sure you're subscribed so you don't miss a single episode. The Hacker Chronicles, presented by Tenable. Learn more at tenable.com/alice. Starring Michael C. Hall as John Doe and Chloe Taylor as Alice Executive produced by Michael C. Hall, Jerome, Robert Skylar, shaky and Ian Faison, directed by Rex New, written for audio by Rex New Jerome, Robert and Skylar Semanski. Story based on the novella, the Hacker Chronicles, created by Jerome Robert and written by Skylar Shaky with Nicole Britton as Katie Levi Squire is tech support and American tech support. Skylar Semanski is the host of the Tenable Research podcast, Zoe Zema as the guest of the Tenable Research Podcast, Nick Fiercer as the cyclist. The Hacker Chronicles is produced by Caspian Studios, produced by Taylor Brimm. And Rex New, produced by Dan Ackerley. Supervising creative producer is Land Pontius Sound Design and mixing is by Dan Scott. The Associate producer is Mark Wolf Roberts dialogue, editing by Nick Cana and Scott Goodrich. Production support by SJ Nichols, Bradley Glands Rock, John Libby and Danny Goddard. Marketing support from Dino Paoli, Kyle Ruka, Dylan l. And Rockville. Additional production support provided by Echo Mountain Studios. Learn more at tenable.com/alice.