Interception

Mission Update: 14 August 2014
Communication sent to players leads to http://baalbeck.co.za being used for data transfer.

They were then informed that Forensics has supplied an extraction tool to access the information.

The tool, called Xtracto, was uploaded to the following directory :

http://baalbeck.co.za/xtracto/

The login username: ghost & password: masterkey were provided in this communication.

After running the Xtracto tool players were provided with a link:

http://www.operationhammertime.co.za/xtracto_v1-3/import-522342

This lead them to download a file 11923-229.zip, upon extraction players were provided with the image below

Mission Update: 15 August 2014
Players were told to ignore the data retrieved & that the origin of the traffic has been traced to South Africa. The location was pinpointed to an Internet Cafe in Long Street, Cape Town.

Footage was retrieved and provided as <<<<  Download File 387621  >>>>>

This identifies the suspect as a caucasian female in her early thirties wearing sunglasses & a hat. The forensics team started working on data retrieval on the computer used in the internet cafe.

Mission Update: 17 August 2014
Information recovered from the computer proved to be limited. Players were asked to assist in data retrieval and provided with a zip file to download. <<<<  Download File 387621  >>>>>

Players were to see if they could make anything from it and report back with their findings.

Once extracted there were 2 files which appeared to be txt files. Renaming the larger of the 2 to .mp3 and playing it revealed a song "Never gonna give you up". Renaming the other in the same way played what sounded like gunfire. This gunfire was actually morse code which after translation lead to panchovilla.co.za

Mission Update: 19 August 2014
The url http://panchovilla.co.za/ was implicated, therefore an updated version of Xtracto (1.4) was installed on

http://panchovilla.co.za/xtracto/

Logging in with the username ghost and password master key took players to another terminal.

The launch command executed the script to hack in & extract the required data, the final step was to disable FTP capabilities.

The extracted file was automatically uploaded to:

http://www.operationhammertime.co.za/xtracto_v1-4/import-522365

After extraction player found 2 files, an image and an archive.

The image appeared to be half of what appears to be a blueprint: The second file was an archive requiring a password for extraction.

Mission Update: 09 September 2014
One of the squad members contacts Task Force to ask for assistance with the password protected archive.

An email is sent asking players to upload the file for the team to look at it, upload url provided was

http://www.operationhammertime.co.za/secure/

On first attempt the upload fails, trying the upload again directs players to http://www.ufosightings.co.za/viva/hahahahahaha.html