Turlach Flanagan looked old beyond his 50-something years, with a lined face and deep bags under his eyes.  He had long grey hair that hadn’t been washed in a long time, secured into a ponytail with a rubber band.  He wore sandals, dirty blue jeans and a tattered, unbuttoned, faded flannel shirt.  As always, he wanted one more whiskey before going home.  Just one more to help blot out the continuing pain from the loss of his family all those years ago.  During those days he was a handsome young volunteer soldier in the I.R.A. fighting for Irish freedom.  But while other soldiers fought with guns, he fought with his brain.

In those days, the British occupiers believed they had a sophisticated command and control system for their soldiers who didn’t go home after the Good Friday Agreements.  And maybe the system was sophisticated, but they occupied an old building and used a primitive wireless router to connect their workstations and laptops to their so-called “secure” network.

They never figured out that the wireless signal leaked out of that headquarters location and into a pub across the street.  As far as any Brits knew, that bookish young man sitting in front of a laptop in the pub across the street from their headquarters building was working on a college project.

Turlach was working on a project, alright.  He was going to school to learn what the Brits were up to.  It was trivial to crack the wifi password and just slightly more challenging to find the IP Address of a tempting SQL database server in that building and crack it.  Idiots!  They were so cocky they left the default admin password on their server.  From there, it was so simple:

SELECT name, database_id, create_date FROM sys.databases ;

to find all the databases in their system.  And then for each name:

USE {name}
 FROM sys.Tables

to find all the tables in each database.  And after a few hours of hacking and a few beers, Turlach Flanagan knew as much about the remaining British occupation forces in Belfast as the British themselves knew.

That knowledge made him a marked man – and that’s what killed his family.  After gathering all that information, he met with his associates and told them what he learned.  Later that night he woke up next to his wife with a hail of bullets ripping through the walls.  As he rolled off the bed, a bullet struck his wife and another struck his toddler daughter sleeping in a crib in the same room.  Both died instantly and the murderers melted away into the night.  There were investigations and funerals and expressions of sorrow.  But nobody found the killers and life eventually resumed.

Except life never really resumed for Turlach. Living in a land where the Catholics hate the Protestants and the Protestants hate the Catholics and everyone hates the British was bad enough.  But his participation in the troubles after the Troubles was unbearable.

And the only thing that made the pain stop, at least for a little while, was whiskey.  Lots of it.  That had been his life for the past dozen or so years.  And that was why he was closing down this pub yet again, but as usual, only after one more whiskey.

Everyone has to earn a living.  No welfare for the devastated.  So, when the Russian contacted him later, Turlach was receptive.

That first offer was simple – $100 US for each valid username and password he could provide from a list of Caribbean gambling web sites.  He knew the Russian wanted to steal credit cards.  But so what?  The Russian paid well and Turlach needed whiskey so he took the job.  And the next from somebody else.  And the next.  And the next after that.  No more ideology.   The war in Northern Ireland that never really ended was somebody else’s problem now.

And before long, Turlach Flanagan, AKA Livefree, was known as the best in the shady business of cracking web databases using a form of attack called SQL injection.  The attack is simple.  In a field of a web form, say, a field asking for a password, don’t try to guess the password.  This only works in Hollywood movies.  Instead put in a SQL programming statement instructing the database to display all usernames and passwords.   Poorly written programs behind those web forms interpret that SQL code as a programming instruction – not as a password attempt – and execute it as if were part of the program.  Over the years, SQL injection has been one of the most common forms of attacks against websites.

Turlach slowly made his way home from the pub, breathing the fresh night air as usual but hoping to keep enough alcohol in his system to sleep and forget the pain for a few hours.   His cell phone buzzed.  It was an email from the Russian.

From: ivar2395@mail.ru
Sent: Wednesday, March 06, 2013 9:08 AM
To: turl7683@gmail.com
Subject: Will need your assistance with upcoming project

Turlach, my good friend, I have upcoming project that, if successful, could benefit us both and which will require your unique talents. For now, I bought vintage Russian vodka bottle from Belfast store near you for you to please send me websites for any and all significant US based retailer stores.  Let us meet over video in, say, 2 days’ time?


This was unusual.  It must be big.  Irish whiskey would be better but vodka would do.  Why did the Russian want websites of retail stores?  Sleep first.  Whatever it was, it could wait.  The video meeting was two days away.

Two days later, at promptly 8 AM GMT, Turlach’s computer soft phone rang.  And rang.  And rang some more.  The call dropped, then it rang again a few minutes later.

Turlach finally stirred from his deep sleep, even more hung over than usual after polishing off a bottle of Russian vodka the night before.  Hearing the computer soft phone chime, he stumbled through his flat, rubbing his eyes and cursing whoever it was calling at this ungodly hour of whatever time of day or night it was.  He cleared a pile of papers from the chair in front of his computer desk, rubbed his eyes again and clicked the mouse button to answer the call.  The caller was requesting to share video.  Charming, thought Turlach, as he used his fingers to straighten his hair as much as possible while using his computer mouse to accept the incoming video sharing request.

And there on the screen, was a balding man whose lips were moving but with no sound.  The background was a plain blue wall. No decorations, no windows, nothing to identify where the caller was from, other than a sending IP Address.

Why were his lips moving but no sound?  Ah – Turlach held up one finger to his webcam as if to signal to pause.  He fumbled for his computer mouse and un-muted the sound.  He plugged in a microphone into a USB slot and waited for the drivers to load.

And now a voice with a thick Russian accent boomed over the computer speakers.  “Can you hear me now, my friend?”

“Aye.  What day is this?  Ivan, is that you?  And why are you calling at this hour?”

Ivan’s face filled the screen as he peered into his webcam.  “Turlach my friend, you look as if you had too much Russian vodka last night.”

“Aye.  And if ya don’t mind, I think I’ll turn down the volume on these speakers a wee bit.  Next time, Ivan, let’s stick to good old-fashioned Irish whiskey.  I’ll send you a link to an online store.  Once you try it, you’ll never go back to that Russian rot-gut.”

Ivan Tarski gave a hearty laugh, then said, “Turlach, we have much to discuss.  And much money to make.”

“I’m all for that.  Why in God’s name do you want websites of retailers?”

“Some things are best not known, my friend.  For now, I need those websites.  But this is not why I am calling.”

Turlach blinked a few times, tried to focus.  “Okay.“

“Turlach, my friend, I also need lists of users and passwords on all of those websites.  And I need lists of servers for which I can gain full access.”

“Good God man, are you daft?  That’s a huge project!  It will take months to do all this!”

“Yes, my friend, it will.  And I am prepared to pay.  Handsomely.”

“You have my attention.”

“For each retail store in the list you provide, I will pay in US dollars ten.  For every working username and password, I will pay in US dollars one hundred, as always.  And for every server for which I can gain full access, I will pay in US dollars one thousand.”

Stunned, Turlach needed a few seconds to react.  But even with his mind still fogged with last night’s alcohol – and only Irish whiskey from now on, no more Russian rot-gut – he managed to negotiate.  “Umm, Ivan, this is no ordinary job.  I’ll need to buy some hardware and I need some software automation tools to do all this.   This carries plenty of up-front costs.”

“Turlach, my friend, you and I both know this is a very generous offer.  I came to you because you are best.  But you are no longer alone.  Others are learning your secrets.”

“You’re right about that – I am the best.  And I need 20,000 US dollars immediately to buy the equipment I need to make this work.  You get me $20,000 and I will get you that list of websites within a week.  And you can keep your 10 dollars per web site.  For the SQL hacking you want – for the usernames and passwords and other probing, I think I can do one retailer per week.  Maybe more for smaller ones, the bigger ones may take more than a week.    But I need $20,000 right now to know you’re serious.”

“My friend, you ask for a steep price.  But I understand your need for, how do you say, seed money?  I will pay $10,000 and I will hold you to your timetable.   I will wire the money to your usual bank account by noon today your time.    Do we have agreement?”

Turlach stared into the webcam, trying to look serious.  Inside, he was jumping.  He already had the necessary equipment and everything else he needed.  Finally, after a few seconds, his eyes softened.   “Ivan, you son of a bitch, you drive a hard bargain.  But I’ll accept it.”  He spat on his right hand and reached towards his computer monitor to shake Ivan’s hand – and then realized it was only a video image of Ivan in the monitor.  Quickly recovering, he said, “Spit on your hand and put it up in front of your webcam, you son of a bitch.  And I’ll buy you that first pint of Irish whiskey.  I want to hear how well you like it!”

“Very well.  We will stay in touch.”

And with that, the Russian’s image dissolved as Ivan terminated the call.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.