Walk Through Guide for Kusto Detective Agency 2022, Case #5 Solution
Do you feel like Sherlock Holmes? Because it’s time to connect the dots! 📍
The fifth case riddle is:
The key takeaways from the riddle:
- There are 4 gang members planning a big heist
- We are given only with the metadata of chat activities
- We can hack by IP with
https://sneakinto.z13.web.core.windows.net/<ip>
⚠SPOILER ALERT — THE SOLUTION DESCRIBED BELOW⚠
We can infer:
- Gang members would like to minimize their digital footprint, so probably would not log to other channels
- Gang members would have dedicated time to communicate, for syncs
So let’s delve into the data, by leveraging the | take 10, to see some rows.
The ChatLogs table has; Timestamp, Messge.
The metadata messages are of different activities:
- A user logs in: user ID, IP address
- A user joins channel: user ID, channel ID
- A user sends a message: Sender User ID, Receiver User ID.
- A user leavs channel: user ID, channel ID
- A user logs out: user ID
So let’s find channels that users joined only them, and not other channels:
We shall leverage the parse-where operator to filter only the relevant messages where a user joins a channel, then group by a user and filter those channels that are unique for that user:
15,829 channels! that’s too much!
Let’s see which of these channels have a sync joining hour:
We shall leverage the parse-where operator to filter only the relevant messages where a user joins a channel, then find the hourofday of joining and group by channel to see where all users joined at the same time:
These are just 6 channels! close, but not enough…
It’s time to leverage we know that there are 4 gang members:
We found a suspicious channel cf053de3c7b!
Let’s see who are the users and their IP addresses:
It’s time to use the hack tool and sneak into their machines!
Linked to Project Natick:
Microsoft’s Innovative Project Natick is a research project that seeks to understand the benefits and difficulties in deploying subsea data centers worldwide. This research project was created to determine the reliability of underwater data centers powered by offshore renewable energy.
We see a funny lecture that suggests on taking over some data-center:
Also, given with handy utils:
And with a PDF about the project with one picture marked:
And lastly, we see a message of Project X:
So let’s follow the instructions:
- The marked picture of project X date taken is :
Date1=2022–07–09
2. The nonsense event can be extracted from the utility and the key from case #4, and the strange PS message at the end of the riddle:
Searching Bing on: uncomfortable elephant escapes circus breaks everything Toulouse illustrated yields with:
With the following description:
An uncomfortable elephant: the pachyderm escapes from a circus menagerie breaks everything in the cafe of Pre-Catelan in Toulouse. Engraving by Meaulle and Meyer in the last cover of the PETIT JOURNAL supplement illustrated n 51 of November 14, 1891. Miscellaneous made with animals
So the year YYYY=1891.
We can now calculate the date of the heist: Date1 + ((YYYY % 1000) * 1d)
We are only left to discover the place of the heist of the data center 🗺
So let’s use the useful utility https://tool.geoimgr.com/ to extract the location from the pictures:
So the heist is planned to be on 2022–12–17 at 58.9688665166667,-3.38010413333333! 🥷
Enjoyed this article? Feel free to long-press the 👏 button below 😀
Click for Previous Case Solution ⬅
