Data security is kind of a big deal.
No, scrap that. No ‘kind of’ about it. Data security is really big fucking deal.
Trust me. Not only do I whittle away the best hours of the best days of the best years of my life as a data analyst within a state government department but I am also officially trained as a federal government counter intelligence officer.
I may not be deployed to any far-off exotic countries run by ruthless dictators where I make pretend as an ambassador to cover for stealing secret documents but I do have all the necessary training. And I think that slaving away within the grey corridors of
hell the department is way more dangerous for my sanity.
All that aside, when I say data security is a big deal you’d better believe it.
In a bomb-proof safe at a backup house, rented by an offshore shell company registered by a domestic trust company created by my federal employer, is a whole swathe of technology and tools to help me bypass most common cyber security measures in order to obtain private data illegally.
Your computer has a password? That’s cute. I have a USB drive I can insert that injects code into the kernel running the operating system and can bypass the authentication screen within minutes.
Your USB drives are disabled? I have a man-in-the-middle device that can listen to your bluetooth connection and hijack your keyboard and mouse traffic, effectively giving me full access to your credentials.
Your don’t use bluetooth? Well kudos to you for being one of the security extremists. But I have a question for you: do you use the internet?
Because I have dozens of methods for delivering malware to you and your computer without you even realising it. The malware is always the last resort as it normally leaves a trail and, from a government hacker’s perspective, the best data breach is the one that no-one knows exists.
This is the thought process running through my head as I wipe the thick layer of dust off my safe and use my finger print to unlock it. For over three years now this safe has been undisturbed. The contents left neglected and unused. Until now.
Yesterday I received an encrypted message from my formal employer with a new mission. My first such message in as long as I can remember. I had been starting to wonder if this spy-game bullshit was all in my head and I was just a poor soul with multiple personality disorder.
The mission was simple: I was to gain access to the computer of one of the senior executives within the Queensland Department for Resources and Finance. I was given no specifics on what to look for, or even what the target was suspected of. Just a simple instruction to gain access and install a remote ‘back door’ for the analysts in HQ to be able to access later at their whims=.
I was excited.
My first real mission. My first foray into spycraft. My first adrenalin-pumping attempt at subtly and subterfuge.
I packed my backpack with various tools in preparation for the incursion to the senior executive suite: building ID card spoofer, remote camera and alerting mechanism, backup clothing option (truckers cap and a plain polo shirt matching the cleaner’s uniform), and six different devices designed to bypass the most common computer security measures.
The next day I called my direct manager and created a cover story. I told her I had to go to the doctor in the morning and wouldn’t get in the office until lunch time but promised that I would work back later to make up the time. Knowing how quickly gossip circulated the office, this story would allow me the freedom to stay back late without the odd raised eyebrows from the more traditional government workers who believed that everyone should do the absolute bare minimum to get paid.
My manager was quite the stickler for ‘living the public service values’ and unapproved overtime was definitely not on that list. She suggested I use my flex time instead and, thinking quickly, I told her I was planning on using that for a special trip on my birthday. She relented but stressed I must be out by 6:30pm otherwise it would flagged as overtime and the proverbial shit would hit the fan in the next management meeting.
That is how I ended up alone in the empty office that night. I logged off from my computer at 6:28pm, changed shirt, donned a truckers cap, and was standing in the elevator lobby waiting to go up, not down, to the Executive Suite on level 18.
Knowing my personal swipe card was not cleared for after-hours access I rifled through my bag of gadget goodies to retrieve my proximity spoofer. A simple device that can mimic the authorisation request sent by a security swipe card reader, catch any RFID signal responses, and store these for later use.
Earlier in the day, a quick walk around the office had found an unattended identification card lying on the desk of one of our gloriously inept managers. A quick scan with my spoofer and now I could fool any building sensor in to thinking I was cleared for Executive Access 1b.
Level 18 was were the senior executives of the department resided. The top of the building with only partially obscured views of the brown river. This was where the elite public servants aspired to be.
Stalking past the empty desks I noticed that, despite their higher pay packages and higher office standing, their office layout was the same cheap quality and shoddy workmanship as everywhere else.
The one difference up here was the plants. Not just that they had more plants than us down in the lower levels but they were also real plants. Down in the trenches we were not classy enough to warrant actual real living and growing plants. We had those tacky plastic variety that were several shades of green past normal, just enough to let you know they weren’t real, but not enough to stop the office weirdos from trying to water them.
Up here their plants were real. Real plants, in real soil, in real pots. Luxury.
I creep up to the bank of indoor ferns perched on top of filing cabinets outside the row of executive offices on the eastern side of the building. My target’s office was second from the end but the privacy screen created by the plants would be a useful cover.
On my first step in to the hallway in front of the offices I nearly freeze. There is someone in the first office!
Luckily my training instinct kicked in and I felt my body move automatically, almost as if under guidance from outside my own brain. I turned my back to the occupied office and began examining the plants. Lift a leaf here, poke in to a pot there. All make believe actions I hoped were relevant for my disguise.
As I edged along the row of plants keeping up my façade I heard the softness of footsteps on carpet from the lone executive’s office. I strategically angled my body to bring the office in to my field of vision and also prime me for a quick escape if she recognised me.
“Hello?” Her voice – I think her name is Karen – assaults my ears and my heartrate nearly doubles. I lift my head up to reply and…
She closes the door.
Striding back to her desk, phone pressed to her ear, I hear only a muffled sound of her conversation. She is facing the window, gesturing with her other hand, and oblivious to me.
I stride purposefully past the rest of the offices – all empty, thankfully – eager to get the job done. I feel the surge of adrenaline pumping through my body. This is exhilarating.
I pull out a duster – another prop – and approach the target’s computer. This is my moment. My first real-life field operation. My first opportunity to prove myself and hopefully take the next step toward redployment to somewhere, anywhere, better than this hellhole backwater government department.
Unzipping my backpack I unroll my trusty tools, all neatly packaged in easy-to-access pouches within a single locked compartment.
I notice the soft hum of the computer whirring, still running, on the desk. I nudge the spacebar on the keyboard to wake it and the black computer monitor jumps to life, powering up.
My heart falls.
It is unlocked.
No fingerprint or face recognition. Not even password protected.
Just open, unlocked, and unsecure.
I sigh and hold back a curse. All of my diligent planning, secrets, lies, and props are for nothing. Anyone could have waltzed in here at any time and gained access. A fifteen year old script-kiddy with more more dark web access than sense would be able to do what I’m about to do.
I grab the USB key and insert it. A window pops up on the screen at the same time as authentication message pops in to my phone. I cross-enter the approval codes and the on-screen display changes. It briefly shows a progress bar which makes the dash from 0 to 100 within seconds, flashes a confirmation screen, and then disappears.
I remove the USB, roll up my wasted preparation, and stuff them in the bag alongside my dying career aspirations.
I realise I am doomed to work here forever.