<WH> I was just like d-_-b

<MS> lol

<JD> how u make that inverted b?

<JD> wait.. nvm...

<PM> Hi. Please pardon my lateness, I was occupied.

<JD> heyyy

<MS> Yo

<MS> No worries

<WH> lol u were right about pm

<PM> Right about what?

<MS> I mentioned you write pretty formally online

<WH> they told me u always talk like ur at work

<PM> Well, communication is a muscle, and I take every opportunity to exercise it.

<MS> I kind of agree with that

<JD> i like the way PM talks :smile:

<JD> ...how do i use emojis in this??

<WH> ;)

<MS> You have to write it out like this >:(

<JD> ooooooh

<JD> that angry face is cute lol

<PM> Yes it is

<PM> But why are we using this platform? This seems ancient.

<MS> It kind of is. IRC is pretty old, but it's reliable. With software, old and boring is usually better

<WH> and I own this server

<PM> Ah, right. That's my next question. Who are you, exactly?

*WH is WH ;)

<MS> WH is a friend I've known for a long time, who I trust to setup a secure server

<PM> How secure? And can someone please explain what we're here to talk about?

<MS> Pretty secure. It doesn't even keep any chat logs. Once we all disconnect, if we each erase our local copies, there won't be any records

<WH> and all connections are encrypted

<PM> JD? What do you think about this?

<JD> it's ok, i think

<JD> WH really knows a lot about this stuff

<WH> dam rite I do

<WH> cyber security made me a looot of money lol

<PM> And who is "@fungor"?

<WH> my bot lol

<JD> ohoh it does tricks and stuff. like, runs little games

<JD> !help

*fungor has avialable commands:
!help - this message
!hangman - play hangman
!dungeon - enter the dungeon
!sim - launch bridge sim
!admin - server stuff

<PM> Dungeon? Bridge sim?

<MS> They're games. Bridge sim takes the people in this channel and turns us into characters controlling a ship in space

<JD> oooh that sounds cooool

<WH> its fun we should play some time

<MS> Pretty cool actually

<MS> I haven't played dungeon. What is it?

<WH> I dont really use it anymore. it's like a d&d/mud sort of thing

<PM> Okay, I get it, the bot is for games. Sorry I brought it up. Why are we here?

<JD> ok so i asked MS for help with our data thing

<PM> The missing data? So there's no solution?

<WH> oh theres a solution alright lol

<PM> Wait, how much does WH know about this? Who even is this guy??

<WH> whoooa way to assume gender...

<MS> We explained enough to get an opinion. That's why we're here

<PM> JD?

<JD> we kind of already talked about it a little..

<JD> it makes sense to me

<PM> Okay... so what's the opinion?

<WH> yall gotta do a data heist

<PM> I don't know what that means.

<JD> we need to take the data from the ministry

<PM> Take? What does "take" mean?

<JD> like.. break in and take it

<MS> The last option is to make a copy from the actual server

<PM> Isn't that what we tried already?

<JD> nono we tried getting it from the API

<PM> I thought the API was the server?

<JD> it is... wait.. isn't it?

<MS> The API is the external interface to the server. Somewhere, there's a physical computer that's actually running the code that serves the API

<JD> oh it's not a vm? like there's actually a server?

<WH> yeah there not running it off a cloud

<WH> theres good data privacy reasons to run ur own server

<WH> especaiilly if ur the government lol

<PM> Wait, let me get this straight.

<PM> You all think that the best option left is to steal medical records from the provincial government?

<WH> yuup

<JD> it sounds kinda bad when u put it that way...

<MS> I don't really think there's another option

<PM> This isn't an option... It's a crime.

<WH> ummmm technically, no

<PM> Pardon me?

<WH> yeh ur pardoned

<WH> but its not a crime

<MS> The key thing is that, actually, you guys are supposed to have access to this data

<PM> ...by using the API. Right? There was that whole nightmare approval process to even get a key for the damn thing.

<WH> naaah thats just access control

<WH> thats not actually the law

<PM> Sorry, are you a lawyer?

<WH> lol no

<PM> So what do you know about this? Why should we listen to you?

<PM> Actually, MS and JD, please explain why you're paying any attention to this? You know this is crazy, right?

<JD> i don't think it's so bad... i don't know, we're supposed to have the data, and we're actually allowed to get it in several different ways

<JD> the only real problem with this is the breaking and entering, i think...

<PM> Oh, okay, so when you said "break in and take it", you really meant "break in".

<PM> This is bananas.

<MS> Look, this is different from a data theft because, once you have the data, there's no crime to uncover. You're allowed to have it, you're supposed to have it. A criminal would be taking that data to sell it or something, or use it for blackmail or to steal identities. We're taking it to use it the way it's supposed to be used.

<MS> We're just... taking it the wrong way

<PM> Why would this involve breaking and entering, I don't understand.

<WH> theres no easy way in over the network

<WH> I already scanned the shit out of that server

<WH> but knowing the provincial government I bet their physical security is crap compared to their cyber security

<JD> do we know where the server actually is??

<WH> ;)

<MS> That's not too hard to figure out. It just takes some footwork.

<PM> Footwork?

<MS> Yeah, like, gumshoe stuff. Walking around, measuring stuff.

<PM> Measuring what?

<WH> were gonna track latency between hops on the connection to the server from different parts of the city

<WH> thatll let us map their network to torontos geography and we should be able to deduce where the server is housed

<PM> Is it possible to explain that in English?

<WH> I just did...

<MS> Think of it kind of like sonar

<MS> If we know how long a message takes to go to and from the server, depending on where we are in the city, we'll get an approximation of how far the server physically is from each location where we measure the latency

<MS> Measure from enough different places, and our guess gets more accurate. We can triangulate the building's location

<PM> Oh, okay, and then we can break in to that building.

<WH> yeh u got it

<PM> Yeah, this is insane. You've all gone insane.

<PM> What if you get caught?

<WH> lol

<JD> i don't think we'd get caught...

<JD> WH is really good at this. we were trading stories earlier

<WH> yeh were not gonna get caught

<PM> That isn't reassuring.

<WH> it should be

<WH> I dont get caught

<PM> Oh?

<WH> Ive been at this for almost a decade and Ive never used a jail pass

<PM> What's a "jail pass"?

<JD> it's like from monopoly, the get out of jail free card

<PM> I don't understand...

<MS> WH is a pentester

<WH> among other things

<PM> Like a hacker?

<MS> Yes, sort of

<WH> yea thats the rite word but ur using it wrong

<PM> How could you possibly tell that I've used it wrong?

<WH> I can tell

<MS> It's not criminal. Like, organizations hire pentesters to break into their systems and write reports, so they can improve their security protocols

<PM> What kind of organizations?

<MS> Companies

<WH> governments, ngos...

<JD> oh, wasn't there one that was a charity?

<WH> yeh. also churches

<PM> Churches need cybersecurity?

<WH> everyone needs cybersecurity

<PM> What's a jail pass?

<MS> Usually, whoever hires the pentester will write a letter they can give to security, or to the cops, if the pentester gets caught

<WH> its just a job. theres no real risk

<JD> yeah like, nobody wants to go to jail for their job

<PM> And yet... here we are...

<JD> i mean that's a good point...

<WH> nobodys going to jail

<WH> look this isnt magic. its an engineering problem

<PM> I really don't see how that could be true. How is this an engineering problem?

<WH> its social engineering

<WH> we need to break down the problem into its smallest parts

<WH> then we can do research about each part

<WH> make a plan

<WH> and a schedule

<WH> like isnt there a deadline??

<JD> yeah we have 2 weeks

<PM> It isn't enough time for the kind of thing you're talking about.

<WH> u dont know that

<WH> I say it is enough time

<MS> We... kind of already started

<PM> What does THAT mean?

<WH> I already scanned the server

<WH> we said that already

<MS> Umm

<PM> Is that all?

<MS> WH already started narrowing down the geographical search space

<PM> What?

<WH> I have these raspberrypis setup in different spots all over the city

<WH> so I just wrote a script and sent it out to them to start recording latencies

<JD> that is so fucking cool

<JD> how many do u have??

<WH> nearly 100

<JD> omg... mesh network??

<PM> Okay, when you said you started already, I assumed it meant doing something actively. You're just doing research so far?

<MS> Yeah yeah. There's a lot we can do without raising any flags as far as coming up with a plan

<WH> none of it should raise any flags lol

<MS> Right, yeah. Ideally, the plan goes off silently

<PM> Alright. Well, that's not so bad.

<JD> right? yeah yeah i think so too

<PM> What kind of a plan would it be?

<WH> ;)

<WH> !auth

<fungor> auth ok

<WH> !admin ipsallowed whitelist add (listCurrentMembers '#conspiracy')

<fungor> ok, added 2 ips to whitelist

<WH> !admin ipsallowed mode whitelist

<fungor> ok, switched ips allowed mode from blacklist to whitelist

<WH> !admin record conspiracy

<fungor> recording channel #conspiracy, !admin stop command will end recording.