Pure Blind: Arrival

From: Avio Yaken
Sent: 2020.07.13 22:43
To: Suha Raibuya,

========================================

SOE Station1735×969 249 KB

I’ve arrived in Pure Blind and I’m settling in. I’m crashing at a port operated by the Sisters of EVE, I haven’t made special contact with anyone here and just trying to pose as any other Capsuleers loitering around the region looking for sites to plunder. Though I’m almost certain that the Sisters keep a close eye on every Capsuleer that is in their turf, regardless of why they’re out here.

Don’t got many options, Majority of the region is Capsuleer country and the only other organization with open ports is Mordu’s Legion. Now the Legion gots beef with the Guristas, so I’m gonna try and keep my distance from them. Sisters on the other hand are pretty consistently neutral enough that I should be comfy as long as I don’t take their generosity for granted.

Now on with the mission, here’s how it’s gonna work. I approached that Vherokior hacker I told you about - name’s Komi Valentine, she helped explain what we’re dealing with here and how to make some progress. She advised hunting down copies of the worms so that they can be analyzed to develop a solution and figure out what flaws in the system it’s exploiting.

A thought did occur to me however.

Suha, I don’t think we can bring any of this data into Venal. This worm is self replicating and spreading in the region’s Network continuously, as if it’s trying to reach a target. I do not feel comfortable bringing anything i find out here into Venal and risk compromising the networks out there. I know this is gonna make my job harder, but we should be careful with what we’re dealing with to avoid further embarrassments.

I have with me in station a Kestrel I got off the markets, I’ve gutted it of any useful spaceflight capabilities and will use it’s computer systems as storage to contain and quarantine any kind of data I can recover from the Guristas routers in region. so far I’ve managed to track down one data center in the same system as my base port and scrap all the data I could out of the mainframes and comms towers within. Data cores, decryptors and some contaminated files.

We’re gonna need more data, and I’ll have that for you next time I report in. I’ll also be seeing if I can figure out what kind of damage this Network worm has caused for this region. Right now I’m just checking in with you as promised and letting you know I’m on site and getting to work.

• Avio

Pure Blind: Hollow Nodes

From: Avio Yaken
Sent: 2020.07.15 16:56
To: Suha Raibuya,

========================================

Suha

Made some progress on the worm situation. Nothing ground-breaking, but I’m putting in the leg-work to get some more data to work with and potentially even slow down the cyberattack, I’ll explain.

Firstly, not finding many Guristas fluid routers out here, most have been picked cleaned by other Capsuleers or are just running on low-energy so that they don’t give off a cosmic signature FOR Capsuleers to scan down and pick clean.

1866×999 283 KB

Though I did find two clusters of mainframes and data banks in the system of S-MDYI, a lucky find after hours of looking around the region. One of the clusters was a part of another Data survey site like I found in J-CIJV, but the other happened to be a Central Data Mining node for the Guristas.

With the exception of tripping the failsafe of one of the node’s databases and setting it ablaze, I managed to clear out the Data Mining Center and the Survey site with relative ease and I got a decent stack of data cores as a result to examine and analyze. All of this has been safely contained in that Kestrel I told you about, we’ll refer to it as the “WormBox” from this point forward for simplicity.

741×647 96.3 KB

I’m gonna need some experts to look at this data and tell me what I’m looking at, but I’ll handle it.

Also, the current tally

5x Guristas Comm Towers
7x Guristas Databanks
6x Guristas Mainframe.

Aside from Data sites, I’ve found many many many derelict spacecrafts in the region. I know, it’s sorta unrelated to hunting down this worm - But you did tell me to report on things even if they were mundane, so I’m I closing this - I’ve been clearing out the wrecks in region as a side hustle while on the hunt for routers and I gotta say if this search bares no fruit, at least we’ll have some more kredits to play around with after I find buyer for all the salvage.

744×651 112 KB

Now I have one last thing to report on, thinking outside the box a little on this one. That Vherokiorian Komi Valentine I told you about gave me some advice, and amongst it was the idea to set up some market modes of my own for the virus to infect. A sound idea, just didn’t know how to do that at first until I remembered mobile depots were a thing. I bought a stack of the structures, stripped them of their original functionality and stuffed it with additional computer systems. Then, I use the same code, files, algorithm as the Guristas’s financial network uses (Had to ‘borrow’ this while digging through their routers) to build a “Hollow” node that resemble any other financial node apart of a scrip Network, just without any way to store, move or receive any actual financial data.

I have one depot per constellation in Pure Blind, totalling in thirteen nodes. All of them I have latched onto the wider Gurista network for the worm to detect and hopefully try to spread into. I’ll be checking up on these nodes to see if they caught anything or if a Capsuleer tried removing them. Gonna be a pain in the ass, but I like the idea of having locations to set my destination to and patrol the route there for any data routers to plunder.

1919×1011 327 KB

1917×1013 362 KB

1916×1009 275 KB

1918×1015 329 KB

1918×1008 290 KB

1912×1008 428 KB

1919×1010 292 KB

1919×1015 240 KB

1920×1000 223 KB

1911×994 244 KB

1919×1012 217 KB

1912×995 283 KB

I hope to have something more substantial for you soon.

• Avio

Pure Blind: Fine now?

From: Avio Yaken
Sent: 2020.07.17 01:45
To: Suha Raibuya,

========================================
Suha

1182×152 48.9 KB

Well, I honestly don’t know what to tell you, it’s quite embarrassing If I’m being honest. Miraculously the networks out here in Pure Blind have made a complete recovery overnight. Everything is working again, as if the attack never happened.

I don’t know what this means for the worm, it’s unclear whether the operators of the network managed to already discover a counter for the worm or merely managed to uncripple the systems and the worm is still actively swimming in the network’s data.

I’m admittedly uncertain on how to proceed. Either I stat in Pure Blind and try to see if the worm still has a presence out here, or pack it up and head home.

I don’t have much data to show for it, in fact it’s the same amount as the last update. These sites aren’t too common to find I’m afraid, so I don’t think I have a satisfying amount of recovered data to work with.

I’m gonna contact Valentine again, see if I can get her to take a look at what scraps I have on hand. Maybe she can do something with it. If the owners did managed to find a counter this quickly then i don’t doubt the Guristas themselves will figure it out much faster than we can.

Don’t be too hard on yourself, I share your frustration on these turns of events. However you should be proud of yourself, you took charge and acted on what could have posed a serious threat to the Venal Networks. And with what compromised data I did recover, maybe we can work on a counter to reinforce the Prosperity Network from an attack like this.

And look, I’m not trying to dance around the idea… I know you still wanna weaponize this Worm and somehow turn it against the State or Intara directly, I get that. I don’t know if we got enough samples to work with, but maybe we can look into it for the sake of having a deterrent on hand. We shouldn’t be carelessly unleashing cyberattacks in the State that could cripple their scrip networks, as that could interfere with any Guristas operations and be an annoyance to them.

I’ll contact Komi and stay out here for awhile longer, just to see what’s going on.

• Avio

Pure Blind: Worm Traces

From: Avio Yaken
Sent: 2020.07.22 00:08
To: Suha Raibuya,

========================================
Suha

Touched base with Komi, most of the recovered data she says is more or less useless. However, she did have some interest in a high-tech data chip that I pulled from one of the nodes in Pure Blind.

I ferried it off to Empire space for her so she can get to cracking on examining it. This was a day or two ago, today she wrote back.

We might’ve lucked out, she says she believes the chip has traces of the worm, but there’s a ton of useless bulk data on it that she needs to shift though first.

She tells me she’s got a lot of tests to run, but informs me that she’s finding some interesting stuff about it on the surface level, she’s holding off on the details for a report she’s gonna be sending my way.

She mentioned Intara, tells me that she can’t find anything linking it directly to them that makes them out to be the worm’s creators. As far as she can tell, there’s no way this attack could’ve even have happened without insider information on the region’s scrip networks.

However, she has an idea on how it works in the first place and an idea on how to try and reproduce it. Though stated that without having the actual hardware that made the thing, might be easier said than done. I’ll talk to Utatis once Komi gives me her report, maybe we can track down whatever equipment was used and borrow it.

By the way, when I say borrow - i really mean steal - But hey, maybe I really can just get away with asking the owners… We’ll see.

• Avio

Pure Blind: Worm Report

From: Avio Yaken
Sent: YC122.07.30 13:30
To: Suha Raibuya,

Suha

Komi got back to me with her report on the worm. It’s… Complicated to say the least. Admittedly taking me a few reads to fully understand it, but even then I feel a little in over my head at the depth of these Scrip networks.

No wonder we hire experts for this… Anyway, I’m gonna supply her report in full so you get the context and try to break it down as best as i can.

Technical Analysis of Pure Blind Scrip Network Worm (PB9318041.84b)
#sample 1 = High-Tech Data Chip

#sample 1:

While analyzing the Data provided by #sample 1, I’ve found some the fragments of an interesting program, that seems to have the signature of the worm we will call PB9318041.84b

How does the Scrip Network work?

To see how the worm could cause this much damage, first we need to understand how the Scrip-Network works. If you are not familiar with it, let me explain: It uses a decentralised structure of network arrays we will call “Node”.

Each Node has it’s own security certificate and a state of the art firewall for safety measures. In order to perform a transaction, not only one Node has to sign it, but the whole network has to verify it. Meaning in case one Node get’s corrupted and Scrip that are not backed up are transferred, the error will be corrected within the system.

The Scrip Network uses the most advanced security and quantum entangled encryption methods. It is nearly impossible to hack, even for me.
Which makes the worm very interesting from my perspective.

Basically I think she’s saying that every “node” in this scrip network acts as it’s own checkpoint for any data flowing through it. Every step of the way of a transaction being verified and asked to show it’s papers before passing through to the next stepping stone of it’s journey.

Alarming thing is that these Networks all have high-end security measures, and why wouldn’t they? You never wanna be screwing around recklessly with someone else’s money…

How could the worm manage the impossible?

While analyzing #sample 1 I found signatures of a program that I considered to be very unusual software. Clearly some kind of mutating code that is often used with harmful software to prevent signature detection.

Trust me, it took really long to analyze this probably AI generated mess of a code. But it turned out to be what I expected.

I found some promising functions that I renamed after studying the functionality:

#func erase_carrier()
#func encrypt_sig(hash,sig)
#func createtransfer(v,source,addr)
#func OnRecvTrigger(hash)
#func delete

This led me to the conclusion that this is probably the worm you are looking for.

Worm mechanics.

Once PB9318041.84b occupies a System, the following will happen in sequence or parallel:

1. The carrier worm will create a mutated version of the actual program and save it in the core system.
2. A number of ISK-Transfers will be placed
3. The worm will go to sleep and wait for something I could not identify, because the sample was incomplete at this point. Probably some dependency I don’t know.

So we did luck out and get a hold of an actual worm sample based off these lines of codes she uncovered while examining the chip. What i believe she’s saying here is that once the worm is in the system, it’ll start rooting itself into the node and prepare itself for the next step, and this is where it gets interesting…

But how could the worm circumvent the security?

Well, I wanted to check if I can get any information about the transactions the worm does and they were not what I expected them to be. I expected to see a large amount of Scrip being transferred but instead I found this:

Transaction No: value, ,source , receiver,
#1 1,01 Sc #H9Q589JAlJ465FF1MMYYX11CI #HFM484DF2V48W954SIV34
#2 0,009194028111322 Sc #H922KLL03919OAA11NNKAH11 #HFMA99112ANAU136KALAA
#3 0,001489449712326 Sc #H781QQL0004004003HSWQQQ #77SV16C13QC1Q11BBBBY3
#4 0,009994512000400 Sc #Z86DPOL416SC132YXX12V81L #75AV123VW943A21V98V3V
#5 0,000047169669120 Sc #GWE56484SFJJJ2481AWQR1C #SFVB1321VAQQQ31BBBNZZ

[…]

The amount’s are very unusual. Normally a transaction would be expected to be at least 0,01 Scrip. It’s similar to the ISK-network where the minimum transaction is 0,01 ISK

This was very suspicious so I decided to dig deeper.

Conclusion:

1. The Attack on the Guristas Facility happened to infect the first Scrip-Node. They probably needed control of the hardware to first initialise the worm.

2. The worm sent those impossible transactions to connected Nodes. This transactions were verified. The neighboring Nodes would receive those impossible transactions (since they were verified by a valid certificate) and would use the garbage collection to discard them. And here the interesting thing happens.
   If there was for example an exploid in the garbarge collection or the chipset itself, the data won’t be lost but assembled in Memory. This way it might have been possible to inject the trigger program into the core memory without any security measurements preventing it, since it was a verified transaction of 0,00 Sc (rounded).
   Of course it didn’t took the network security team that operates the nodes long to figure out something bad happened after seeing multiple of those 0,00 Sc transactions in their logs.

3. Once the carrier program is completely loaded into memory, it will extract the mutated worm and write it into the system. Now The worm takes over and will create more of those transactions with the Nodes certificate until all Nodes are infected.

4. Once a critical amount of Nodes is infected, the worm has control over the whole network. Probably this is the point where the REAL Scrip transfers happened.

I think what she’s implying with her bullet points is that the raid on the Guristas facility by Intara was a literal brute force attempt to get the worm into the system by first getting ahold of some center that had admin rights to freely place whatever data they would want in a node and letting it spread from there.

How the Worm would get past the security of other nodes however is by sending out transactions that are impossible to follow through with…Like 0 Scrip, you can’t really transfer anything now can you? As a result, the nodes that receive this order will discard the data on it’s hardrive’s recycling bin - At that point however the worm has made it inside, the data was sent by a trusted source (It’s fellow node) and thus the receiving node’s security measures wern’t triggered and thought little of the strange data it was getting.

IT’s rinse and repeat at that point, the Worm will extract itself and get to work doing what it did in it’s origin node.

She also provided a small little example of the process.

Thoughts:
I’m not 100% sure if this is the way it really happened, but it’s my best guess from the limited data I could analyze.
Insider information about the chipset is crucial. Without it, there is no way to perform this highlevel attack. I think it took a team of specialists months to create this interesting piece of software.

If you want to protect your systems, contact the manufacturer of the chipset or look for a firmware update. The Scrip network was designed to be impossible to hack, the hardware it was running on sadly not.

Hope this helps you

o/ Komi

The Guristas might have a mole, Komi insisted once again that someone on the inside must have had prior knowledge of how these scrip networks are set up, what their security is like and how their files are structured. This worm is something truly sophisticated and wasn’t made by any lone hacker that you see in holo-reels. Who exactly made it is still uncertain, Komi gives me the impression that Intara were just the muscle on this attack and that the actual brains behind the worm are still in the shadows here.

I’m gonna ask Komi about coming up with some kind of “Cure” for the Worm, I believe I was told in passing that a cure would be designing our own Worm to go in and eat the first one. Frankly all this stuff is still a mystery to me so I’m just going with whatever the expert is telling me.

Designing one to counter this one won’t be easy, certainly not cheap - But if something like this hits the Venal networks? Could be catastrophic for the region’s economy and hurt the Guristas in a way not yet seen. I’ll pass this info to Mumo, maybe she can keep an eye out on our networks for anything like this in the meantime. I’ll pay our friend here a retainer and see if she can help develop a counter to this before it bites us all in the ass

• Avio

Pure Blind: Lai Dai

From: Avio Yaken
Sent: YC122.08.05 16:46
To: Suha Raibuya,

Suha

News dropped, Lai Dai is gloating about the raids on the scrip networks in Pure Blind, I think the masterminds behind the attack has finally showed their faces and aren’t hiding behind their mercenary muscle anymore.

It appears Intara really were just the brawn on that attack, Lai Dai seem to be the creators of the worm and handed out the orders to carry out the attack. It lines up too, Intara is already involved with Lai Dai and the Khanids around time of their involvement with Intaki Prime

And this is where the whole conspiracy starts getting really interesting. Remember that Subcranial Nanocontroller shipment the Guristas made off with? I’m too believe that tech was made with some of the tech Lai Dai stole from the Intaki people.

Things are starting to line up… Giving me some ideas. Suha, we’re gonna need to get some more people involved with this op, and I know exactly the people i need to contact. Around the time of Lai Dai’s fuckery in the Intaki system, a collective of Intaki Capsuleers formed a “Diaspora” to counter their efforts.

These people got a bone to pick with Lai Dai and by extension their pet mercenaries. And while Guristas are in the crosshairs this time, I’m sure I can see about getting them involved for the sake of just screwing over these Caldari bastards.

Also, given that Lai Dai are showing their hand, they might be the ones with the equipment that made the worm. So I’ll start digging into that and seeing if i can acquire it for Komi so she can come up with a counter.

And if Lai Dai really aren’t the culprits? Who cares, right? Screw them over anyway.

As always’ I’ll be in touch.

• Avio

Meanwhile, financial market watchers in Syndicate are all of a flutter this afternoon as someone appears to have bought up the majority of Intaki Bank’s reserves of bearer depository account charges for Lai Dai scrip below a certain price point.

Screen Shot 2020-08-07 at 15.44.59841×117 70.4 KB

Speculation about the intended purpose of such a large and scrip-specific trade is rife!

Pure-Blind: Delays

From: Avio Yaken
Sent: YC 122.08.22 16:34
To: Suha Raibuya,

Suha

Been a little late on writing up updates. I apologize for that, but the truth is that progress is at a standstill. Why? That hacker? Komo Valentine? Apparently she’s laid out right now after her ship got blown up fighting against Triglavians. She’s been unresponsive so I’m to believe the injuries are serious.

Nothing to do but wait on that issue.

I talked with one of the Intaki Diaspora affiliates, names Auriga Menkalinan. Syndicate-man, very entrenched into the economy of the Intaki Syndicate and dabbles a fair bit in the scrip exchange out there. This worm can pose a threat to the Syndicate as well if the owners ever decide to take a shot at them, so I informed him and I got them man involved, just nothing long term, even he still gots ties with the Caldari.

He’s agreed to supply Komi - our out of commission hacker - with some financial exchange data, and that’s a broad term I’m using to skip over a bunch of jargon. He’s also apparently playing his own scrip games with the Lai Dai Corporation, but this seems to be his own initiative rather than something we asked of him.

Auriga also pointed out to me a particular sell order coming out of the System of Tamo. the same system the Guristas recently raided for the second time. First for that shipment of Subcranial Nanocontrollers, and now for some unidentified purpose. This sell order is for a wealth of Data Sheets out of a Lai Dai station, a Caldari Capsuleer was selling them at a undercut price, these data sheets are useful, as each of these can be taken to a State bank and can get us access to some accounts with a set amount of scrip in them. The sheets act as a ‘Bearer instrument’, they’re associated with a bank account with a set amount of scrip in them. We take them to a bank, we can collect on what’s deposited.

This gives us the advantage of having some clean money on the inside, money that’s neatly placed within an official State bank for us. This would make it easier to plant some agents in Tamo or elsewhere in the State, but they’ll be operating under a budget.

In other news… State is facing some ball breaking unrest at the face of defeat after defeat against the Triglavians. Old news at this point, I already know how on the ball about what’s going on with the State and you’re already working on ways to seize the moment to wake people up to the vision of the State they were sold on.

But, there is this concern of a shadow war brewing between the Megas… PKN Interstellar comes to mind as this solidified power bloc in the State, they got the support and backing of a lot of different investors so I think whatever ■■■■■■■■ is about to break out between the State megas is gonna be heavily influenced by PKN interests.

Im gonna start bringing people in on this mystery, select few Capsuleers that I think will be on the level and be interested in keeping contact. Could use more brain and brawn if we’re gonna dig any deeper into this PKN Interstellar investigation, make sure we have the eyes of more people opened before we strike. I’m gonna need some more time on that to contact them all and give them the layout of what’s going on.

I’ll be in touch

• Avio

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.