

|  | "The Jahorina papers" is a story about human trafic,violated rights and abuse of power. | 
| Part I: The conspiracy Chapter 1. The intruder ********************************* It was late. The building seemed deserted and most of the windows were dark. The huge parking besides the 8 stores high roomy structure was almost empty. Only a few white UN vans and a few hired civilian cars formed the few black spots on the huge space. However, appearances may be deceiving. It was already 1100 PM, but three people were still busy in their offices. Their presence was not unusual, but that night, being there at the same time was pure coincidence and destiny would change their life. Nedim Mominovic sat in front of a flat flickering screen, studying the scrolling messages. He was testing the firewall functionality. He was the only technician already employed by Doom and being an engineer he had designed the Police Mission Planning Team’s computer network. They had both deployed the temporarily Head quarter’s network. The Planning Team was composed of approximately 50 people, working each on a workstation connected to one of the two servers, installed in their common office. The chief deployed also a workstation at home, directly linked to the HQ. Since they didn't have time to test its functionality yet, they had planned to do it on that particularly night. Their schedule also included testing of some administrator tools they wanted to employ later on and the actual task was an important part of the design process. The computer network would in the next future be deployed all over Bosnia territory, containing about 400 remote workstations. Patrick Doom knew that British Officials cared a lot about security issues concerning data access and transfer and he wanted to be prepared for any eventuality. He had already informed his engineer that access to the file servers should be limited to a minimum, until the commanding level would have accepted his proposal of security rules he wanted to be deployed. The problem was that all those bureaucrats didn't know anything about securing computer networks and the price you have to pay for it, according the chosen protection level. Everybody wanted to have access to Internet, which asked considerably security measures. On the other hand, the available budget was insufficient. Nevertheless Doom had to find a way to guarantee a stable and well protected system. He cared about the commanders policy! He would later deploy eight local engineers who would have all full access to the system! The EU leaders prefer local engineers, not for their skills but because they are less expensive than internationals. This policy is undoubtedly in contradiction with their own security rules! Doom knew that he had to live with it but he established a link to the network via his home computer. He wanted complete control of the system, so he could trace possible intruders. He also deployed a small local network in his apartment for testing purposes and analysis. Nedim was originally a Linux technician and that's why Doom selected him for the job. He knew that Linux system administrators were skilled computer freaks with a thoroughly knowledge of the system. Nedim knew about his bosses concern. He had designed the temporarily network with personal computers he had borrowed from the UN Information Technology Cell but which couldn't provide the indispensable hardware firewall nor the router. On the other hand the UN administration allowed the planning team to become client of its network. Doom refused and let Nedim build the firewall and router using personal computers running under Linux operating software. Nedim finished testing, and created his chiefs profile entering all needed information in the servers database to give him remote access control by using a secure VNP connection (see: virtual private networking technology). This technology is using a simple Internet connection as the physical link between the remote computer and the HQ server, creating a virtual tunnel between both connected computers assuring a highly safe and encrypted link. Nedim had also a separate computer containing Intrusion Detection System tools, also known as "sniffer", connected to the network with which he could collect all incoming and outgoing data packages. He checked from time to time the input stream until he saw that his chief had entered the system. Doom had now access to all the hard disks, he could test the whole Local area network and he had full control of the server if he liked. Nedim started the IP-address scanner and entered a range consisting of the IP Start address and the end address of the LAN in order to find out who's actually physically connected. Computers are connected to a network via network cards, cables and switches. They use a communication language called TCP/IP (Transport Control Protocol/Internet Protocol). This software layer does not only allow computers with different operating systems or processors in dialogue with each other, but also permits interconnecting different networks. But this universal protocol has a flaw and doesn't offer any physical security! Today, millions of computers are connected to local networks or Internet while most users ignore that they may be easily identified. Besides a unique physical address (MAC address), every working network card has also its proper assigned Internet Protocol address. This IP may be static (set up on the PC) or dynamically assigned by a DHCP server. This IP identity is composed of 4 numbers separated by a dot and each value can be in the range of 1 to 255, according to the network class. Anyway this address will always be inserted in the data packages leaving the network card interface (NCI). It works like a phone number. You have a phone number and you can easily find out who's the owner. Same with the IP address. All data sent through a network is cut in small peaces called packages, like a puzzle. Each package obtains identification information like sender IP, the routing information and the destination ID. That package will now travel from one router to another, until it reaches its destination network card where it will be saved and reassembled to the original data after all packages are received. Nedim knew that most EUPM managers thought that only the Internet access was the source of security leaks. They ignored that in most cases the real danger comes from inside the organisation! It's a fact that most hackers are working on local networks, collecting information about their chiefs or other celebrities, studying their behaviour on the local net or on Internet. Much hacker got sudden salary increase for what he discovered. Nedim was an administrator and he had fully access to all network features. He used the scanner as a test tool, to check connections. The scanner being a useful administrator tool is also an essential hacker tool! The checked addresses were scrolling down on his screen and after a few seconds, he found out that only 1 persons was busy on the network. The list started with 192.168.1.1 until 192.168.1.255, but only one address was marked in green. It seemed to be the Deputy Head of Mission. Nedim hesitated a while and didn't know what to do. He then repeated the scan session but the result didn't change. Alarmed,he picked up his GSM, pushed some numbers. "Patrick? It's Nedim here. There's a problem. I'm checking my administrator tools and during a scan, I have found out that the Deputy Head of Mission is working." "You're sure? Probably one of his colleagues may be using his workstation. nothing to worry about" "It isn't his workstation. It's the Laptop." Patrick Doom understood immediately. This could be a real problem because the Deputy Head of Mission couldn't be the user! He had left the building in the morning for a duty trip to Belgium. Who was using that Laptop? It was a security Laptop and only the owner should manipulate it because it was equipped with special confidential features, used to encrypt data before sending it to Brussels headquarters. The French deputy could have given the access codes to a colleague and he probably did, despite the fact that this was forbidden and a serious violation of the EU security rules.But that behaviour happened all the time. However Patrick Doom doubted that a delegate would ignore that connecting that particularly Laptop on any network was prohibited! There was only one conclusion left: someone took that Laptop without permission of the owner! He had to find out the intruders identity and why he was using the network. He also knew that he had to be extremely carefully and discrete. "Can you see what he's doing?" He asked. "Wait…" Nedim started another tool and checked the logbook of the proxy server (*). "He's sending e-mails. I'll check the destination IP address, wait…". Nedim followed the fast written lines on the screen report, noted an IP address and started another WHOIS utility in order to find out the domain corresponding to the found address. "He's using a Yahoo email address." He explained. "It means we can trace that address, but anyway the result will be worthless. Nedim, can you go to the seventh floor, walk through the corridor and try to find out if there's someone in the deputy's office. But take care and do not enter. If you're spotted say that you're looking after me." "OK. A pity we didn't install remote administration control on that Laptop…" Nedim replied. They didn't do it because it was a station considered "Confidential", the reason why it should never be connected to ANY network. "I'm leaving my office now. I'll call you back" Nedim closed all open applications on the different servers and left his office, locking the door. He could take the elevator but he preferred the stairs. He wore sport shoes with soft soles, allowing moving noiseless. He had just three floors to go, but arriving on the fifth, he heard how a door got closed on the seventh. Footsteps moved towards the elevator. Nedim took three steps at once trying to reach the seventh floor before the unknown person could disappear in the elevators cage. He didn't make any noise. He heard a buzzing. The lift was coming up. He reached the sixth floor, trying to muffle his breathing. He continued taking three stairs and took carefully the last bent, carefully moving up the few stairs left leading to the floor. He stopped when his head reached the floor level and he heard the lift arriving. The electrical gong announced that the doors would be opened. Nedim looked between the iron banisters and could just in time catch a glimpse of a short stocky man disappearing in the cage. It was enough to recognise him but he couldn't believe it. However that had to be the man he's looking after. The elevator went down again. Nedim took the last stairs and looked around. He was standing in the staircase hall of the seventh floor, the centre room and starting point of three corridors forming a Y. He decided to check the corridor as fast as possible. He entered the middle passage, the only one belonging to the planning team and ran silently from door to door, checking the small window above every office entrance. Nowhere he could detect any light betraying a late worker. He stopped in front of the deputy's office. There's no noise and he tried the doorknob, but the door was locked. He went back to the staircase hall and called the lift which came immediately. He went to the 4th floor, back to his office and started a scanner session, checking if there were any users connected. None. So the man he had viewed was the intruder. He took his GSM and called his chief. "Yes, it's me" Doom was waiting and eager to know what his engineer had found out. "Do you know who the intruder was?" he asked. "Yes, I do, but you'll not believe it…" "Tell me…" And Nedim told him. |