While thinking about what to test my new piece of software on I change into a pair of shorts and a t-shirt, put on a pair of trainers and head out to complete my first System issued mission. While making my way downstairs I think about all of the major tech companies and industries that I could exploit by going through their systems with SoftMiner and negotiating with them to get the solutions to all of their cybersecurity holes.
I open my phone and quickly find a Wikipedia page that easily lists all of the major technology companies by revenue and I find my targets.
Starting off with Apple, Alphabet, Microsoft, Meta and Dell would give me a great start. The five companies having an annual revenue of over 1 trillion US dollars should be able to spare a few million to get their entire systems to a near impenetrable state. Given that these five companies are all based in the US would give an advantage for any negotiations.
Jogging around the neighbourhood to get my 5km run completed I make my plan for the next couple of months. First, I’ll run SoftMiner on the five biggest companies in the US. I will then find a reliable lawyer to help with negotiations with the companies and get payment from them for the solutions that SoftMiner will easily provide.
With this money, I’ll start a company that sells a modified version of SoftMiner globally for any company to use on their own systems, gaining both money and KP from the users. From there, I can look at redeeming more useful technologies to help me move up from there, starting a major corporation that will supply the world with tech to bring our species out of the planet and into the wider galaxy.
Little did I know at that time, simply releasing an era defining piece of software like SoftMiner would give me problems beyond my wildest dreams, but that’s a problem for the future.
Moving on, I finally get home after an hour of struggling to keep a stable pace, wheezing and dehydrated at the ground level of my apartment complex. After I recover I head upstairs and finish off the final tasks.
Daily mission completed – Get Healthy 1000 KP awarded. Current balance: 11,000 KP
With how difficult it is to gain KP I decide to save them for the future, focusing on carrying out my initial plan. I sit down at the creaking dining room table and start with my first target, Apple. After running the program for the first time I’m given a series of instructions asking for the IP address or domain name of the company to be tested, and the format of the results. I put in apple.com and click ‘PDF’ in the drop down menu and click “Start”.
My laptop immediately whirs to life and the CPU usage is pegged at 100% while my internet connection is completely saturated. The software shows a massive log with all forms of exploits being displayed from simple SQL injection all the way to packet manipulation and byte level alterations of web packets. The software quickly finds all of the related servers even through the various firewalls set up and rapidly spreads its roots through the entirety of Apple’s systems.
Switching to my phone to search for a lawyer’s firm specialised in technology a moderately sized outfit called Samson & Co Legal shows up in the search listings. From their website I can see they have worked with tech companies in the past and have a decent understanding of the industries layout and how things work.
Making a mental note of the firm I scroll through social media for a while, and five days later my laptop makes a noise which I recognise as an indication that SoftMiner had completed it’s task.
Sitting down to review the results, I find two PDF files on my desktop named, “Apple.com Vulnerability Report” and “Apple.com Vulnerability Repair Report”.
Utilising the information gathered I quickly find the email of the lead of their cybersecurity department and send them a quick email.
In an office somewhere in Cupertino, California an early 30’s man sits at his desk reviewing the latest reports from his department, relatively happy about the current state of his company’s security measures.
While reading through the reports he hears a new email notification noise from his computer. Turning to his computer he finds an email from an external email.
“That’s odd, I didn’t think anyone outside of Apple could send an email to this address. Something is wrong” he says as he opens up the email.
[From: Amari Khan]
[To: David MacGintyre]
[Subject: Apple Vulnerabilities & Solutions]
[Attachments: Apple.com Vulnerability Report (Trimmed).pdf]
[Dear David,
I would like to inform you that I have found a staggering amount of vulnerabilities in your systems throughout Apple owned servers, websites, and products. I would like to reassure you at this time that I have no intention of exploiting any of these vulnerabilities and simply wish to inform you of them at this time.
Love this story? Find the genuine version on the author's preferred platform and support their work!
Attached is a preview of the level of information available after further discussion. I have only included 10 exploits and their solutions at this time, however I have found over 800 vulnerabilities in your systems as well as the solutions for each. Of these, around 50 are critical level, around 100 high level, around 150 medium level and the rest being low level.
Please let me know when you have set up a time to meet and discuss this further. I look forward to your response.
Kind regards,
Amari Khan]
“Who does this guy think he is?” says David as he starts reading through the PDF marked as Safe by his built-in antivirus. Opening the file he finds an example of each level of vulnerability as well as the method to fix them. Realising the gravity of the situation a meeting is immediately called with the high level members of the team.
In a conference room, a large table is surrounded by nearly three dozen high level managers and consultants hired by Apple for their cybersecurity division.
“Alright team, I got an email on my internal only email address from an external. This is already a problem showing we have issues in our system, however that’s not even the start of it.” David starts.
“Attached to that email was a PDF which showed multiple vulnerabilities in our systems along with solutions for each.”
“If they’ve supplied the solutions why call a meeting?” asked one of the managers.
“Because they have found over 800 more including 50 critical level and 100 high level vulnerabilities as well as their solutions.” Replied David in a grave voice.
Discussions immediately broke out around the conference table with most panicking wondering how such major problems existed when they self-test nearly every day.
“Quiet!” yells out David. “We need solutions, not panic here.”
“We need to immediately call for a meeting with this person and obtain what information they have, no matter the cost.” says James, one of the managers in charge of front-end operation security.
“Agreed.” David continues, “I called everyone here today to discuss strategy for dealing with this person. As they have given us all of this information, they have an almost inhuman level of skill in the cybersecurity space, or they have an extremely highly skilled team behind them. I doubt this information was given without cause, and I doubt this is simply to get money from us.”
“We need to notify Legal as soon as possible and figure out our steps from here” says James.
“Good point James, you can take charge of this aspect while I go back to them and organise a time and place for a meeting. While we have a bounty system in place this goes far beyond anything else we have ever encountered. I’ll let everyone know in the group chat how it goes.”
The team continued discussing for hours, theorising all sorts of motives for this information to be presented without realising the first option they dismissed was the actual reason Amari sent the email in the first place.
While sitting at the dining table eating some cheap Chinese takeout I got a response from Apple asking for a time and place for a meeting. After going back and forth for around 15 minutes a meeting location is decided to be at the Hilton Hotel only a few kilometres away from my apartment a few days later.
Realising it was finally kicking off; I left my apartment after loading the reports onto a USB drive and made my way to the lawyer’s office. Walking into the bland office I walk up to reception.
“Hi there, I was wondering if I could meet with one of your lawyers about a major proposal that I need assistance with?”
“Certainly Sir, it appears one of our head lawyers at the firm has had a cancellation earlier today and is available in an hour. Can you please give me your details so we can get started?” replied the receptionist, a blond woman in her early 20’s dressed in a short sleeve white top and black skirt.
After giving my details and waiting around in the lobby for around an hour, a woman in a full suit walks out from the offices and asks, “So, you’re the one with the big business, let’s hear it”.
“Hi, I’m Amari Khan, and I need help negotiating with every major tech company in the country regarding cybersecurity vulnerabilities I have found in their systems.”
“Don’t most of those companies have bug bounty systems you can go through? Why do you need a lawyer for this. Don’t waste my time.” Coldly replies the lawyer with a scornful look on her face while walking away.
“I have identified over 50 critical level and 100 high level vulnerabilities in Apple’s systems and products alone, along with the solutions. Overall, I have 800 vulnerabilities to report.” I shout.
The lawyer quicky turns around and I can almost see the dollar signs in her eyes as she introduces herself.
“I’m Catherine Samson, a pleasure to meet you Amari. Let’s talk business.” She says while approaching me.
After shaking her hand and moving to her office I present the USB drive containing the information from SoftMiner.
“Well well well” she says. “Looks like Apple has a big payment due. I’d be more than happy to represent you in negotiations with Apple with this information. Now, surely you didn’t come here with a single company in mind. With the skills and tools you likely have at your disposal you’d be approaching more companies than just this.”
“Certainly,” I reply, “I am currently in progress with reviewing the systems of Microsoft, Alphabet, Meta, and Dell and results are expected to be out soon.”
“Have you organised a meeting with them or do you need us to?”
“A meeting has already been organised with their head of cybersecurity, David MacGintyre, a couple days from now at the Hilton.”
“Excellent, I’ll get my team to draft a contract for the sale of this information. Let’s discuss further” she says.
An hour later I walk out of the office completely drained by the enthusiasm Catherine poured at me throughout the discussions.
“It was a pleasure to meet you Amari, and I hope we can work together in the future.” She says while handing me a business card. “This is my direct number and email if you have any questions, I’ll see you on Thursday at the Hilton.”
“Thanks Catherine for your assistance, I’ll be in touch” I reply while walking out of the office.
While walking home I am still baffled at the numbers mentioned by Catherine in the meeting, recalling what was discussed an hour ago.
“With this information and the solutions as well, we can ask for no less than 100 million from Apple. Based on their bug hunting program and the outline provided on the first few pages of your report, this would be their standard payout. Let’s aim for a higher number, how does 200 million sound to start?”
Shaking my head at the possibility of being a multimillionare within two weeks of being expelled from university I make my way home while whistling a cheerful tune.