As a formality, you try all the most common passwords. But even the single most common—123456—is only used by .2% of people. The real question is what would be the most likely password.
12:30 p.m.
We completely cleaned out Georgia’s room last night, packed the clothes in boxes marked “Goodwill” and “Second Hand Hooker Supply” and piled them in the corner. We flipped the mattress over on Georgia’s bed and put clean linens on it. All the sex toys, ropes, cuffs, gags, whips, plugs, and other accoutrements went into a box that we decided was destined for a dump. I put all the jewelry in a shoebox (there were plenty of them in the closet) and decided I’d go through it more carefully later. We flipped a coin for bedrooms and I won, so I get to stay in the little single room and Cinnamon gets the stage.
This morning I settled down to open Georgia’s computers. All the hard drives are backed up now and I feel pretty confident that I can work on a computer without destroying any evidence. I’ve examined the box in the office off the kitchen and it seems to be most likely to be command central. Just to be sure I didn’t corrupt anything on the network, I disconnected the box from the router. Then I ran the list of 250 most likely passwords through the device.
One of the things Dag impressed upon me was to use a biometric scanner when possible, and when not, use a random generator of 12 characters to create the password. He said if my mind wasn’t sharp enough to memorize a new 12-character password at least once every 90 days, then I probably wasn’t sharp enough to do this work. But given the choice, most users will choose a simplistic, six characters or less password. Almost 60 percent of users choose passwords from a very limited set of alpha-numeric characters. Half of users will use names, slang words, regular words you’d find in a dictionary, or consecutive digits or adjacent keyboard keys like 123456. Oh yes, that is the most popular password on the Internet.
For years a popular Internet site allowed the word “password” as a password to almost any account. The first ones you try are things like 123456, password, qwerty, abc123, and so on. But the trick to breaking a password on a device is a little different. Ordinarily, I’d just reboot the machine from an external disk and plunder whatever was on the disk that I wanted since I’ve got access to the machine. But I want to know what applications have been running on the thing. I’m figuring that at least the webcam software is running, but what I want to know is if she was connected to any websites, what her email looks like, and where her bank information is hidden. If she had any of those programs running, I’ll be able to get into anything on any of her computers that I want to.
So what did Georgia think was an easy and probably clever password that she could remember? When I brought the computer screen awake, there was the familiar password screen. Georgia, followed by a box that asked for the password. I had a lot of information about Georgia. Social Security Number, no good. Address, no good. Name, middle name, last name, father’s name, no. Phone number, no. I clicked on the password hint and got “Future paradise.” Hmmm. Georgia was looking forward to the future as paradise or in paradise? What would future paradise be?
I absently typed in 431Duffy. Nothing. 431DuffyLn. I was in.
As I suspected, she had a messaging system, email, a chat room, her video software, an adult Internet site, a music player, and a Web phone service open. Now I’m going to find out all about Georgia’s life and loves.
The first thing I did was go into the admin or account screen of every running application and change the password to “State04.” Nope, that’s not a particularly secure password; it’s one that I can use and get out of fast if I need to and all these services and applications would have the same password. Georgia was the fourth state to join the union. I had to connect the computer to the ISP in order to make the changes, but I plugged directly from the computer to the modem instead of connecting the router with all the other devices. I wanted my own secure network before I start exposing any of the other devices to the outside world (if I did at all). This seemed to be Georgia Central, so I was counting on getting what I needed from this computer.
10:00 p.m.
We locked up the house and left at about 6:00. Cinnamon volunteered to stay and guard things, but there is no way I’m leaving her there. The place is spooky with both of us and dangerous for either of us. But I did leave a few surprises around the house.
I rebooted all the computers. Now that I’ve got the password (same one for every computer, of course) I didn’t need to have them all running. They were all running their webcam software, though, of course, they were all dark since I unplugged the software. But with a little bit of tinkering, I was able to get all cameras to run off Georgia 1 except the laptop in the kitchen. That I packed and took with me and moved one of the bedroom cameras to the kitchen. Now I’ve got security cameras throughout the house and both Cinnamon and I can monitor them remotely on our laptops. I’m guessing we’ll get a visitor, and if we do, I’m simply going to call the police on him. No reason to be there for a confrontation.
Cinnamon dropped me off and I checked into the W this time and ordered a room service dinner. I ate while I changed out of my makeup and old lady gear and switched back to being Deb Riley. Oh what a relief! I put the used dinner tray outside the door, hung the do not disturb sign on the door and left the hotel. I walked down to the waterfront and went to my office. I left a key and the hotel room number in an envelope in Cinnamon’s desk. She’ll be by later this evening and will go stay at the hotel so that if there are any calls or oddities, there is someone there. The bed will have been slept in and the room will get made up like normal tomorrow. That will also keep my stuff safe.
Then I picked up my car in the lot where Cinnamon left it and drove home to my puppy!
Maizie was happy to see me, though she seems to think I’m an invited guest in her house. I can see we will need to have a talk when this assignment is over. After about half an hour sitting in her chair ignoring me, though, she finally hopped up in my lap on the sofa where I’m trying to finish preparing for my thesis defense tomorrow.
So, what did we find out today?
Well, here’s a review of Miss Peaches on MILFcam:
<blockquote>“It is hard to believe this beautiful, incredibly sexy and shapely woman is 51-years-old. But that she is, and in this viewers opinion she represents everything a true MILF should: A true lady, experienced in life and making love, erotic, passionate, charming and witty. This Southern Belle will turn you on with her sexy drawl as much as her body.
Even better, she has a fully stocked wardrobe of outfits, from lacy lingerie to full-body fishnet to stockings and pantyhose in every imaginable color. Oh, and if that's not enough, she's got big natural boobs too! </blockquote>
Yes, Miss Peaches—the state tree of Georgia—was a performance artist who got great reviews. Apparently, you could watch anything in her kitchen or office all day and all night, but you had to be a subscriber to see her living room and dining room, and a premium subscriber to see in the bedroom or the cell. Friends, I’ve been sleeping in the cell. The stark austerity of this room wasn’t because it was an unused guest room. It was a theatrical setting for her prison scenes or something. Her whole house is so creepy!
She’s a MILF—Mommy I Want to F***—even though she’s always been single and as far as anyone knows has no children. Ooo. Wouldn’t that suck. Remind me to check the basement when I go back.
Hmmm… Is there a basement?
So, the actual site lists her feed as terminated, even though the profile is still there. Even though the cameras were running, it appears that all we have on the hard disks are archives of “performances” and not of everything that went on in the house. My next move is to find out what is stored on the site. I haven’t been through every disk yet. I’ve got about a terabyte of data to sift through and I really don’t think it’s going to be all that pleasant.
I received paperwork from the estate lawyer this afternoon and it looks like I should have all that I need to go into the bank tomorrow and get all her financial records. I’ll do that if I have any energy left after I defend my thesis. Lars must have put me on this case just to distract me. Cinnamon finished typing the damned thing last week and sent it out to the review committee. Now we’ll see if they concur that file encryption is a normal part of privacy and security or if they go with the Minnesota ruling that the presence of encryption software is evidence of wrong-doing. They will agree. Lars, Jordan, Professor Martin, and Oren Rawlings of Microsoft will listen to the defense. Dag’s chair will be empty. But if it weren’t for Dag, I’d never have finished it at all.
What then?
I’ll go try to break passwords and encryption to find out who tied the rope around Georgia’s neck.
No comments:
Post a Comment