But yeah, I'm really interested but soon becoming possibly overextended. What would the pacing be/ how often would I be expected to post? Would it be more of a daily, around every other day, or weekly thing?
Hey! Sorry for the late response; I wasn't monitoring this thread. We're definitely still open and you're more than welcome to join (and I'd be more than glad to discuss the IRL security field if you're interested. The pacing is about 1/week, but there are ARG-style puzzles in the Discord groups in between posts to drive the story. Hope to see you there!
T.R.Y.H.A.R.D.E.R. This password Freischutz had entered into the chat window after solving the final puzzle, sending the server's helpbot, The Oracle ReplAI, into a frenzy.
PASSWORD ACCEPTED. FORWARDING DATA TO THE ELDER. PLEASE STAND BY; YOU WILL BE ALERTED AUTOMATICALLY.
Moments later, The Oracle said something new, but the tone seemed strange. Almost... human.
Hello children.
This seemed to be The Elder, creator of Th3_Storm, present in real time. Sure, it was a bit fun to solve his puzzles, but was there really any more to it? And still then, how did he get the personal information of each of the five invitees?
All of you have the ability to target particular aspects of various flawed industries. I believe we can reach an agreement to take advantage of each one of those skills.
Naturally, the unlikely group inquired regarding payment.
Of course. I can provide something even more valuable to you than money. How does a collection of undiscovered 0-days sound to you? Thousands upon thousands of vulnerable systems in the palms of your hands. As a gesture of goodwill, I will provide 0-days. You prove that you can properly handle them and I will supply more.
This had finally started to get interesting. The right 0-days could be worth millions of dollars, or even better, millions of lives. There was an element of power to hacking, of course, one that allowed each attacker to salivate for a moment too long over the enter key, tempted, just hoping that an unforeseen force would push them over the line, a darkness where they could watch the world burn in peace like a fire on a snowy Christmas day. But the only question remaining was why this Elder character would be willing to entrust that kind of power into the hands of those who he did not know, those who may help or harm the world, or even each other.
I am going to die soon. I could simply mark the world myself, but I would rather it fall into the hands of those who can continue to manipulate it like clay.
ATTACK #1: Biotronik Pacemakers: All versions Vulnerable to RCE upon compromise of management systems Management interface exposed through web portal on port 33892 All vulnerable to SQLi through the use of the following query Admin' OR TRUE; DROP TABLE auth00334; -- Refresh the portal and the following credentials will provide access: Admin:Default00334 ATTACK #2 Insulet Insulin Pumps Vulnerable to DoS-bricks device When exposed to 13.56 MHz waves with the following encoded payload, the device will automatically short due to a hardware malfunction (Data represented in bytecode, little endian): FE01225DC47A9901010000000000000000 ATTACK #3 Medistore Medical Record Storage: Versions 0.1-9.9, except for 8.22 Vulnerable to File System Compromise and Data Exfiltration All medical records can be leaked at will from this ubiquitously implemented software. On port 21, a developer backdoor was left with RW credentials to the records database, left unencrypted. Credentials are daniel:BrokenRecordsAreAsIrritatingAsLongPasswords ATTACK #4 CareWatch Devices All CareWatch devices are vulnerable to wireless port knocking. Probe ports 111, 777, 665, 1922, and 65535 in that order and a shell will open on port 1.
Well, this is an interesting turn of events. After trolling around on the new Discord group, OffByNone had successfully taken advantage of one of the exploits that The Elder released to the group and wrote a script that would automatically infect hospital networks through the Biotronik Pacemaker interface and add them to OBN's personal botnet. Of course, they deserved it. Any organization playing with peoples' lives had no right to take their security lightly, and OBN intended to prove that fact to them. Hovering over Enter, OBN hesitated. Of course, every test had succeeded. Every connection was still established. But what if? OBN fished a stray hair from their keyboard to delay the decision further. Something always goes wrong. What if they find out? But in the midst of the usual self-doubt, OBN's eyes drifted toward the shimmering glow of the pulsating RGB keys. It was now or never. [Enter]
bash: ./reportFsailAll: No such file or directory
A typo. Of course. Always something something Murphy's Law.
[None@lolstationC2 ~]$ ./reportFailAll Generating Payloads. [▮▮▮▮▮▮▮▮▮▮▮▮▮▮▮▮] Payloads complete Transmitting. . . . . . . . Success ERROR: Could not establish a secure connection to [3/988] hosts Retrying.... Success Changing Settings...
Exploit Complete. [None@lolstationC2 ~]$
OffByNone laughed, fueled by the adrenaline. It would only be hours before news stations across the planet started broadcasting this little endeavor. Nothing lethal, of course, just a fun prank. Not that the hospitals would see it that way; in fact, they might even start panicking when their pacemakers started falsely reporting that every patient's heart had stopped. OffByNone smiled in anticipation of the mayhem that would ensue.
Pakistani VPN. Authorities have traced potentially correlated traffic to Israel, but no concrete details have been confirmed.
Organizations
Dragon's Scythe (Ad Hoc). The organization is responsible for releasing secret government documents exposing corruption and generating significant public unrest in over 30 countries across the globe. Chile has offered a $150,000 bounty for information related to Dragon's Scythe and President Trump has described the organization as "a major threat to cyber for the U.S., maybe even the world." While not a consistent member, OffByNone has proven him/herself regularly valuable.
Known Details
OffByNone is rarely active on Saturday afternoons and has an interest in all things scientific and technological. Attempts to pin down precise working hours have failed, but OffByNone willingly reveals trivial personal hobbies such as shows he/she is following, recent memes, and qualms with societal structure and customs. Authorities have built a comprehensive personality profile of OffByNone.
The RP has officially started! The opening might be a little different than most RPs on this site, but there's reasoning behind it, and I expect it to balance out more as it goes on. Since we're just dealing with underground acts, you don't have to have an InfoSec agent yet. Feel free to open yours up however you'd like; just know that every hacker participating received a similar email from The_Elder with the same link to Th3_Calm. I'm really excited for what's in store and I think you all are going to like it.
Some hacking background if you're interested: OffByNone broke into a server located at service.taiwan.gov.tw and downloaded the entire archive folder onto their device, presumably obtaining government secrets. They then executed rm -rf /, which is another way of saying "Delete literally every file that exists on this computer." #DragonScythe1339 is an IRC channel, which (if you're not familiar) is kind of like Discord but much older and less sophisticated. The secure stream implied that The Elder was watching OffByNone through a camera somewhere in their house and had it automatically transcribed. I know I used "they" a lot, which is typically poor writing practice, but I don't want to give up secret info that early, haha.
OffByNone slid back in their leather swivel chair and wiped a bead of sweat off their face. Ugh, that was painful. But let's see who has you in their back pocket, Taiwan... As soon as the cursor hovered over the newly created blackmail folder, an email notification popped up under the mouse, redirecting OffByNone to Outlook. Nonono— agh! What is this??
OffByNone looked at the email in confusion. Not only had this sender known about Dragon Scythe's campaign against the Taiwanese government, but this "Elder" had somehow managed to get a hold of their personal email as well. And there was a Discord link as well. discord.gg/R7aQXMt ...Discord? Well, OffByNone had a Discord, but had never seen anyone use it for any kind of underground operation. A prank? But still, how would "Elder" know about the mission? Redux pulling a prank? But Redux didn't have access to this email address. The VPN was active, so what harm could it really do? The next moment, the left button on the mouse depressed and data began to travel throughout the ever-expansive labyrinth of networking equipment, streaming into the cramped and stuffy bedroom. OffByNone had entered Th3_Calm.
Pakistani VPN. Authorities have traced potentially correlated traffic to Israel, but no concrete details have been confirmed.
Organizations
Dragon's Scythe (Ad Hoc). The organization is responsible for releasing secret government documents exposing corruption and generating significant public unrest in over 30 countries across the globe. Chile has offered a $150,000 bounty for information related to Dragon's Scythe and President Trump has described the organization as "a major threat to cyber for the U.S., maybe even the world." While not a consistent member, OffByNone has proven him/herself regularly valuable.
Known Details
OffByNone is rarely active on Saturday afternoons and has an interest in all things scientific and technological. Attempts to pin down precise working hours have failed, but OffByNone willingly reveals trivial personal hobbies such as shows he/she is following, recent memes, and qualms with societal structure and customs. Authorities have built a comprehensive personality profile of OffByNone.
Avatar
Obviously approved =). IC post should be up soon, and I think you all will really like what you'll find.
LegendBegins is a Moderator. They assist users and keep the forum running smoothly. They have power across all forums.
Sp00ki
Shadow Daedalus
Mairon
Yankee
Half Pint
Storytime Fairy
Carlyle
tired
Sky Blue
