The Adventures of Captain X-Ploit:
Matlock rocks my socks off.
– Part 5 of the epic chronicle –
Captain X-Ploit vs. The Bills

A bank is a place that will lend you money if you can prove that you don’t need it. ~ Bob Hope


Since this Captain X-Ploit episode is a continuation of the original saga, and since it’s been a really, really long time since the good Captain has deigned to make an appearance, the following are links to the original episodes so we can all get caught up with the story thus far.

David went back to his home. It was a rather pleasant house in a nice neighborhood. Its generic white walls gave no indication that an evil genius might live inside. That was exactly how David liked it and exactly why he had bought it.

As he parked his new prize in the garage he could hear the excited clicking of Nicky’s nails on the tile as she doubtlessly was rushing to see why the garage door was opening. As he walked in he knelt down to pet her affectionately and passed her an oatmeal raisin bagel.

She barked appreciatively and then began to wolf it down. “Oh Nicky, you’re the best roommate a guy could ask for.” That thought gave him pause for a moment. “Roommate,” he re-uttered the word. Perhaps that is the key for today’s adventure he thought. Leaving Nicky to enjoy her bagel, he hastily ran upstairs to hop online and do some research while enjoying his bagel and coffee.

After about ten minutes of useful research and about three hours of watching internet videos, he picked up his phone and called the bank.

“Hello, you’ve reached ‘Stage Coach Banking’, my name is Jenny. How can I help you today?”

“Hello Jenny, My name is David Nicholas Stone and I regret to inform you that I will not be paying my mortgage payment this month.”

“Hmmm… It says here that you have never made a payment and I need to send the police to evict you.”

“Ah, yes, I figured as much. But see, the problem is that I have suffered a bout of extreme aging and I am now over the age of 65 and therefore am exempt from eviction.”

“Oh, goodness! Are you OK, sir?”

Quite. In fact, the senior discounts are very handy and I find myself truly enjoying Matlock for the first time in well… ever I guess.”

“That’s a relief! But you do realize we will require at least a doctor’s note confirming your age, Mr. Stone”

David smiled and joyfully rolled his chair over to the file cabinet next to his desk and fingered through it until his hands landed on the file he was looking for. It was labeled “Nicky’s vet records.” He pulled out the latest checkup. Among the general stats at the top was written “age: 13” and “age in dog years: 65”.

“I have the file here from my medical care provider clearly stating that by a unit of measure I am to be considered 65 years of age.”

“Excellent. If you will just scan and email that file to us we will be forced to leave you be until you die.” Jenny said cheerfully.

“Sure thing. Oh, one last detail. Under age it says “13” that is in reference to the age of my new hip, not my actual age. My actual age is labeled “dog years” but in fact that is a typo, they meant to put “God years,” as in how long it has been since God created my magnificent body.”

“I will make a note of that right here, Mr. Stone, and we will be sure to consider that when viewing your file. Is there anything else you need help with today, sir?” Jenny asked politely.

“No, I believe I have been served quite well, Jenny. Thank you.” He said.

“Well, would like to take a brief survey to rate my…” Click.

“Nice girl,” David thought to himself as he hung up the phone and scanned in Nicky’s vet document. “Well, that takes care of the mortgage, now I just have to deal with electricity, gas, and credit cards.”

David couldn’t help but feel pleased with himself after this solution. The only thing he liked more than a well implemented exploit was one that tied up a loose end for the foreseeable future. He figured he deserved a break to blow the heads off of some zombies before returning to the tiring yet fulfilling task of escaping work.

As he watched the zombie heads bouncing off his HD monitor in time to the resonating sloppy thuds emitting from his surround sound system he couldn’t help but feel depressed that he hadn’t yet cracked the ultimate shell; His ultimate prize and undying desire. This was of course to game the system so completely and so perfectly that he could have his lifelong goal of unlimited money. Until that day he felt like a rank amateur playing at his profession of slacker.

This nagging feeling had plagued him since childhood. His parents had always been on the overbearing side and watched his every move. While the normal kids experimented with drugs, alcohol and sex, he was left to only watch. Stuck between their rock hard force in his life during the times of their explicit presence and their unshakable expectations when there weren’t by his side.

His youth was one filled with angst and rebellion building in an un-manifestable form. It began when he was fourteen; the world opened to him as he realized a non-physical but equally caustic way to vent his adolescent aggression. A way that was invisible to his ever present parents. It was the life of exploits. He could practice this form of rebellion anywhere at any time without accomplices and without raising a single flag to his parents.

And so, with no conscious knowledge or understanding deeper than raw, raging adolescent emotion piloting his brilliant mind toward anarchistic oblivion, the greatest hacking mind was born into the world. The idea that what he was doing was hacking had never crossed his mind. For hacking, you see, isn’t anything more than a label affixed to a mindset. It wouldn’t be until later that the world would forcibly open David’s eyes to the cause he was part of.

It was this evolution of mentality that brought David to this exact tipping point that would thrust him over the edge into a world of politics and aliens. But I am getting ahead of myself. Back to the precipice, back to the original unending quest for the perfect exploit; the exploit that to David consciously meant unlimited money and power, but subconsciously meant so much more.  It meant the quenching of an unquenchable thirst; the scratching of an invisible ever-present itch; the completion of his greatest work of art.

I mention all of this not to ruin the readers surprise, but in hopes of whetting their appetite. This exact day was the day David succeeded in breaking the system so completely that his dream was realized.

So once again David uses his awesome Social Engineering skills, mixed with fraudulent information hacked into the bank records (recall that Nicky the dog’s “legal” name is David Nicholas Stone) to avoid his mortgage payment. This exploit is particularly interesting in that it’s a variation of identity theft where rather than stealing someone’s identity you give your identity to someone who doesn’t know or doesn’t care – like Nicky, David’s canine roommate – such that they are responsible for your debts. Now, granted this exploit only works this well in Trustonia, but I suspect there are variations that work quite nicely here in reality. To the extent that we live in reality.

The last part is an interesting discourse on the hacker mindset from the thinly veiled pen (er… keyboard) of the creator of Captain X-ploit. Certainly something to think about while you are planning your next exploit (er… adventure).

Whatever Happened to Security For All?

Where have all your good words gone?
Where have all your stories gone?
From Where Have All Your Good Words Gone by Laura Gibson

Long, long ago, way back in December of 2011 the latest blog entry appeared in Security For All. What become of the author and his intrepid sidekicks Dr. Security and Captain X-Ploit has been the stuff of no small amount of speculation among the Information Security literati. Actually to my knowledge there has been no speculation at all. Small or otherwise. But I digress.

By way of excuses let me say that a whole bunch of stuff has happened since that last post around Christmas time. Primarily, in January I started  a new position as Software Architect for Trustwave. I could let you guess at my employer like I did back when I first started blogging while working at StillSecure, but anyone can look it up on LinkedIn so the thrill is gone. Also let me point out that Trustwave and Spiderlabs are quite well known in the blogosphere having several excellent corporate blogs. This is not one of them. Whatever I say here is strictly me and they have nothing to with it. Much less approve or disapprove. In any case I’ve been drinking from the firehose since January without much opportunity to do much of anything else.  Thus the reason for the 3 month hiatus of Security For All.

But I’m back. And so is the good Captain. So stay tuned.