Authors: Steve Lewis
The codebreaker felt the crack of his knuckles as he locked his fingers together and pushed his palms outwards. For the past three hours he'd cleared the clutter from his office and wiped down his desk as a way of cleansing his mind.
A pair of iMacs turbo-boosted to 3.9GHz waited to be cranked into action. A soundtrack of '70s kitsch burbled from a pair of Harman Kardons while a manila folder of newspaper clippings sat on his desk.
Trevor Harris had a plan.
He opened the folder and pulled out a glowing
Good Weekend
profile of Jack Webster, written after his Press Club address. In it, the defence chief had spoken of his admiration for General George Patton and revealed that his most prized possession was the US war hero's 1909 Patek Philippe pocket watch.
A simple search showed that the timepiece had been sold a month earlier by Heritage Auctions in New York. Another search
found the auction house's website. It was as Harris had suspected: you needed to create an account to purchase items online.
âBingo!'
Harris had prepared well. He'd loaded message-encrypting software onto Harry Dunkley's phone then asked him to contact Martin Toohey to check if the former prime minister had ever received an email from Sir Jack's private address.
Dunkley had delivered. Harris had scribbled the address across the statesmanlike full-page shot of Webster that formed the cover of the
Good Weekend
: [email protected].
He scrolled through icons on the first iMac, clicking on âJohn the Ripper Pro'. The program cracked passwords with brute force, running a super-fast exhaustive search using every combination of letters, symbols and numbers.
If Harris had to find both a username and password the search could take months. But he was confident Webster's email address would double as his username, because that's what ninety per cent of people did. That left the password. And Harris knew that humans were creatures of habit.
Before being driven from the career he loved, Harris had led an elite group at the old Defence Signals Directorate. The ultra-secret agency's primary role had been to hoover up signals intelligence across the AsiaâPacific, using satellites beamed to four highly sophisticated receiving stations: Bamaga on the tip of Cape York, Shoal Bay in the Northern Territory, Kojarena in Western Australia and the Cocos Islands.
Harris's speciality was breaking and entering: cracking into the secure communications of foreign governments and corporations
and deciphering their secrets. In this world of clandestine specialists, Harris was still considered Australia's foremost hacker and cryptologist.
As he keyed in instructions to
â
John the Ripper Pro', he was reminded of the advice he'd often given budding government hackers.
âEveryone hates having to remember multiple passwords and that laziness is our best friend,' he would tell them. âThe place to start is the target's partner's, child's or pet's name, followed by a zero or one, because most systems now demand a numerical component. If that fails, then try â and I am not kidding â 1234 or 123456 and so on, depending on the length of the password required by the site administrator.'
Then he'd add the kicker: âYou'd be shocked by the number of senior public servants who simply use “password”.'
Harris reckoned he already had the basis of Webster's password: George Patton. But the defence chief would have been repeatedly warned that he needed to reinforce its security by adding embellishments. The simplest trick was to swap a letter for a number or symbol: a â3' for âE', â@' for âa', and so on.
The analyst keyed in a series of options then set his brute force program running. He wanted the grunt of one computer devoted to that single task, so he turned to the other iMac for the hunt that would require his guile and finesse.
Again, the codebreaker had an advantage. He had repeatedly raged about the Commonwealth's lax cyber security. One of his pet hates was ICON. The Intra Government Communications Network had been set up in 1991 when the Department of
Foreign Affairs ran a cable between its old headquarters in the John Gorton Building and its new premises in York Park, in order to connect its teletype machines. From small beginnings in what now seemed an absurdly innocent age, it had grown into a network that provided âsecure communications' across four hundred buildings in the capital.
âAnd the security on it is shit,' Harris mumbled as his fingers stabbed at his keyboard.
There were more than a thousand manholes around Canberra where ICON's cables were protected only by a plastic cover secured with a padlock. Telstra maintenance crews routinely used bolt-cutters instead of keys to open them. Then they would fit a new lock to cover their laziness. Harris had pictures of sites littered with the discarded brass locks.
If the physical security was bad, the virtual security was worse. A Finance Department audit had shown that most agencies failed to encrypt the information transmitted on ICON's fibres. Even a novice hacker could break in.
Trevor Harris was no novice. Today he was going to put the cracks in the system to the test.
The Commonwealth's problem was gateways: there were corridors from one agency to the next and ICON left the front door wide open. Once inside, Harris was sure he could plot a pathway to the nation's most secure files.
He walked through the front door then set his course for the weakest link.
Harris was aware that those who design security systems often fail because they think of them as individual units rather
than one part of a larger entity, like cells in a human body. Millions of dollars were poured into forging cyber shields for sensitive sites. But putting steel-cap boots on your feet matters little if your body can be infected by a paper cut to your hand, Harris reflected.
Within minutes the Bureau of Meteorology site lay open. Valuable intellectual property that could have been sold to other nations lay within easy reach, but this was just a way station on Harris's journey.
As weather forecasts are vital in military operations, he knew there would be a pathway to the Defence complex at Russell Hill in Canberra. And the people in need of this specialised weather data? The commanding officers. Child's play, thought Harris.
He quickly found the one commander he was looking for: âWebsterJ'.
âFollow the yellow brick road.' Harris smiled as the computer next to him pinged.
The 3DR SOLO Smart Drone hovered above the oval, the high-pitched whirr of its four props barely audible.
The operative monitored its flight path through a smartphone connected to the remote console. A hundred metres into the sky, the GoPro camera add-on was transmitting crisp high-resolution images of the nearby townhouse.
The drone had cost $1800 online, but attached to its small chassis were tens of thousands of dollars in sophisticated
circuitry, developed after tens of millions had been ploughed into R&D.
It was mid-afternoon and the oval on the edge of Yarralumla Primary was near empty. A couple was wrestling with an errant pup and several schoolchildren had wandered towards the operative, fascinated. He smiled politely, then ignored them.
The target had demanded specialist skills and equipment. The brief said he was a pro, and his behaviour proved it. His online connections were scant and random. When he was on the web, he used the strongest armour. And when he went offline, he disconnected every cable.
The operative had never seen a better set of defences. But nothing was impregnable.
There was one routine. Each day the target walked to the nearby shopping centre to pick up basics: milk, bread, newspapers. The round trip took fifteen minutes. It had been more than enough time.
The front-door lock had been picked in a moment and the back-to-base security system easily disabled.
The operative had walked through the mess to the two iMacs in an office facing the street. It had taken him barely a minute to prise open the power board, set his device and close it. He'd reset the security system and left. He'd checked his watch: less than five minutes.
In that short time he'd established a link that used a covert channel of radio waves. It would be activated when the computers were turned on, irrespective of whether they were connected to the internet.
It was the US National Security Agency that had found a way to crack âair gapped' networks. Code-named
Quantum
, the technology was shared with only the most trusted of allies. Australia was one.
Now, as the afternoon sun shimmered on the nearby lake, the drone picked up a strong pulse. The target was active. The operative touched an icon on his smartphone. Five seconds later he began transmitting to base.
The routine of the day was punctured when the technician's monitor flashed amber alert. The target was online and trawling. Expertly, she linked to
Quantum
which was already pumping out bytes of data.
The target had broken into a remote system and was downloading documents at breakneck speed. She was peering over his shoulder, impressed that he'd managed to gain access through a maze of connections.
The computer spat out the entry point: ICON. It jumped to the Bureau of Meteorology then moved up the chain: Russell Defence Weather System; Defence Internal; Secure Network; Commanders.
The targeted profile flashed on her screen.
She grabbed her phone and punched a name on speed dial.
âSir, we have a serious problem.'
The iMac motors were in overdrive, and every second on the inside raised the risk of being caught. Trevor Harris moved with the calm precision of a practised criminal: quick, clean, no fingerprints.
He had stalked many dangerous prey in his career â but this one was deadly.
Once he'd reached Jack Webster's profile, cracking his security wall had been ridiculously easy. The username was public service boilerplate. Harris's second iMac had unearthed the defence chief's auction house password: G3orgeP@tton4. It had been created two months earlier, so Harris had simply changed the last digit to â6'. He was in.