All the virtual bum’s pockets (VBP) come equipped with an
audit scope. The scope is a web page that came as standard equipment in the
software development kit. The designers created the scope originally for
bankers only to examine the internal activity of a potential or operational
partner, but its early implementation had a buggy verification mechanism, and
since the scope only displays aggregate data and no instructions could flow
down from the port, most VBP operators turned off the “validation required”
setting (acting against the advice of Treasury security people).
I pointed my browser to the audit scope page and received
the first page of the site that contained all the information I needed for a
successful attack. Diagram 23 depicts the landing page of a standard virtual
bum’s pocket audit scope.
It was the perfect size. The Galactic Bank like other
astronomical financial institutions seldom validated a deposit in the form of a
VBP currency in real time because of the drag on throughput. If they actually attempted
to validate the currency and had a delayed response of over a few hundred milliseconds,
validation just did not happen. At least
I was counting on lax security, especially since I was going to make the
deposit at rush hour.
I spent the next few days recording purchases at the bars,
restaurants, and grocery stores around town and copied the certificate and
inferred the serial numbers for the entire circulation. Once again, these yahoos
ignored the warnings of security experts and issued all their currency with
sequential security numbers. It felt like taking candy from a baby.
I bought the tool to manufacture a unit of currency and
created one in the mid range of the serial numbers. I made it for a few pythons
less than the entire circulation amount so it would not attract undue
attention. I took the coin to a close (about 50 light years) Galactic branch,
beamed it to the change machine, and I now am writing this blog in a Styngyn
jail cell. The yahoos did follow one procedure, they pinged their currency
every 2 seconds, found my coin (required to respond when pinged) and revoked
all their certificates through a dedicated link for the banking network.
No comments:
Post a Comment