CSI

Welcome: Welcome to CSI Wiki! Please create an account or log in!

Notice! Please use the Manual of Style when editing.

READ MORE

CSI
in: CSI: Cyber Episodes, CSI: Cyber Season 1 Episodes

L0m1s

Sign in to edit


L0m1s
Season 1
Number 9
Writer Brandon Guercio
Director Nathan Hope
Original Airdate April 29, 2015
Navigation
Previous Episode: Selfie 2.0
Next Episode: Click Your Poison

L0m1s is the ninth episode in Season One of CSI: Cyber.

Synopsis[]

The cyber team investigates when nine planes that departed from the same airport face a coordinate Wi-Fi attack while in flight.

Plot[]

Juice jacking - invasion of your personal device while you're simply charging your battery.

The team is in a panic, as the FAA has confirmed that the in-flight Wi-Fi has gone down on four domestic Monument Air flights. Something is blocking the service provider from restoring Wi-Fi access on the planes. Fortunately, the pilots are still able to communicate with the control towers, and there have been no reports of instrument malfunctions. The number eventually jumps to nine targeted planes, all originating from Miami International Airport. Logs show that only one phone on each plane connected to the router and caused the Wi-Fi to go down, suggesting a coordinated attack. The obvious fear is that the Wi-Fi shutdown is a precursor to hijacking.

The nine flights are grounded and the passengers in question are detained, all who seem clueless about why they’re being taken off their planes in handcuffs. Elijah and Avery head to the one plane and spot a 16 year old Willa Hart sitting in the target seat. Elijah cuffs her. She asks what she did. They take her to the concourse and her dad shows up. He asks what’s going on and says she was going to visit family in San Diego. Avery says Willa’s phone hacked the plane’s WiFi. She tells Avery that she did nothing out of the ordinary recently, as she had only been texting friends, listening to music, and playing a game. Elijah duplicates her phone, Avery mentions the names of the other passengers in question, but can clearly see that Willa has no idea who they are.

Nelson determines that one device overloaded the entire system—a denial-of-service (DNS) attack. Willa's phone prevented any other passenger's device from connecting to the Wi-Fi. Since phones aren't supposed to send that many data packets at once, a big-time hacker is responsible. Simon reported to Agent Ryan that they interrogated the other eight suspects, all of whom claimed they had no idea what was happening; Field teams confiscated their phones to duplicate them. Simon asks Avery what this is and she says the people may be connected, at that moment, chaos starts to break out in the airport terminal. Some passengers start having their credit cards declined, while others receive alerts that they made bulk purchases on questionable websites. Every passenger was on Willa's flight, and Avery realizes what's going on: they're looking at a credit card heist. Someone has stolen the passengers' information, something they would only find out once they got off the plane and connected to the Internet. Krumitz goes through the code being used to execute the heist and sees the same line of code over and over again. The signature in the code is specific to a big-time hacker who goes by the name "Lomis," and Krumitz warns that this is just the beginning.

Nelson fills Avery in on Lomis, describing him as a native of Estonia who has only surfaced twice. In all, over $400,000 has been stolen in the credit card heist and over 300 people have reported theft. Krumitz is confident that Lomis is behind the attacks, and he discovers a link between Lomis and the nine suspects. A malicious script was found buried deep in the suspects' phones; the code exploited a vulnerability in the operating system allowing Lomis to gain complete control and do whatever he wanted. While this attack doesn't seem to line up with Lomis' past M.O.'s, Krumitz warns that it's all part of a plan. Lomis starts with creating chaos and grows it into something bigger. Avery says that means all the people they thought were perps are victims; Elijah calls in FBI field teams to release those being held.

Krumitz soon realizes that how the code got onto the phones is the key. The pairing records show that each of the nine phones paired with the exact same device, all within an hour before the flights took off. This means that each phone picked up Lomis' malicious script somewhere in the terminal. The assumption is that he picked a place where he could install the script onto multiple phones at the same time, and the team narrows down the location to a charging station. Avery deduces that this was "juice jacking," where someone had their information stolen upon plugging their phone in to charge.

While trying to clear the terminal out, Avery happens upon a dead body. The victim, later identified as Rachel Carrington, worked as a credit card representative for Monument Air and was stationed near the charging kiosk. Nelson soon frantically alerts Avery and Elijah that Lomis has stepped up his game. While trying to remove the malicious script from a phone, he got locked out by ransomware that demanded a woman named Chelsea pay $250 to prevent something private from leaking. With his payday stopped, Lomis has resorted to holding the phones hostage.

Chelsea is informed that all of this happened just by charging her phone. Her concern is that the hacker has all her personal information and even knows her fiancé's name. Avery tells her that the hacker accessed everything on the phone and questions what he found that Chelsea didn't want her fiancé to see. Meanwhile, Senator Carla Finnis is also targeted and instructed to pay $250,000 to prevent private information from getting out. She tells Simon that what she has on the phone is very personal and could ruin her career, as well as hurting those she cares about.

Surveillance videos from the terminal show a woman getting sick and Rachel escorting her to the bathroom. In the short time she was gone, the juice jackers installed their black box under the charging station. The sick woman and the two juice jackers were working together, and the assumption is that the woman killed Rachel in the bathroom. While the footage is too grainy to identify the perpetrators, Avery realizes that the black box had to have passed through airport security.

Since the TSA keeps all x-ray photos for a week, the team should be able to figure out when the black box passed through. A duffel bag containing the black box is passed through the x-ray scanner and used as a reference point. The photo is compared to all the bags that passed through the security checkpoint two hours before the hackers were caught on surveillance. A match is found; amongst the bag's contents is a small green wizard's hat that's recognized as the badge for the Warlocks, a hacker collective. Two more badges are found in the bags before and after the one in the image, proving that the two juice jackers and the sick woman were all involved.

Nelson comes up with a traceable hit on the stolen credit cards. While most transactions were made at brick and mortar stores, one outlying purchase was made online. The item purchased was a $7,000 server blade, something a hacker collective is likely in need of. It appears that because his payday was stopped, Lomis has gotten a little careless. His mistake could be the FBI's gain.

The purchase is linked to an address in the Miami area. Elijah and his SWAT team storm the house and send the three occupants scrambling; one of them tries destroying their phones in a blender. All three are arrested, but Lomis is nowhere to be found, much to Krumitz's dismay. Under interrogation, the three hackers claim that Rachel's death was an accident and that they didn't alert the authorities due to the fear of what Lomis might do their online reputations. They also plead ignorance about the ransomware, saying they were only hired to install the black box, clone the credit cards, and buy the goods. Lomis was the one who bought the server blade, and he sent it to the hackers in order to set them up. In fact, Lomis never even showed up to collect his share of the money. Krumitz doesn't believe the story, but Elijah is sure that none of the hackers have ever met Lomis.

Krumitz's attempts to manufacture a break in the case are thwarted by Lomis, who overrides the data on the black box with the word "Gotcha!" repeated over and over. He's able to rebuild one of the phones that the hackers threw in the blender earlier, recovering a serial number. The number is tracked to Europe before the signal is dropped, rendering the phone untraceable. Lomis once again trolls Krumitz with his "Gotcha!" messages. With Krumitz's anger and frustration growing, Elijah advises him to take a step back and try making progress another time.

There are apparently two hours left before Lomis releases the victims' private data on the Web; however, he changes the playbook and starts releasing the information early. Senator Finnis' private information is released despite the fact that she actually paid the $250,000 ransom to keep Lomis quiet. Furthermore, Chelsea's photos are uploaded to a revenge porn site.

Krumitz alerts the team that he's actually found Lomis. He went back and analyzed the black box, determining that Lomis overwrote the data four hours before the first flights were taking off. Since he had to plug directly into the charging station to steal everyone's data, he had to have been in the airport at that time. Airport surveillance is pulled up from that timeframe, and the team is shocked to see who Lomis actually is.

Avery and Krumitz visit Willa Hart's house and place her under arrest despite pleas from her father that's she's simply a teenager earning straight-A's in school. Under interrogation, it's revealed that she used a disguise, masquerading as a 35-year-old from Eastern Europe. She was the mastermind behind the whole plan; however, despite stealing all the credit card numbers, she never met up with her accomplices to get paid, likely in order to keep her cover. Willa then decided to ransom the phones, but released the information before she could get paid; in fact, she denied payment from Senator Finnis. When asked why she decided to ruin people's lives, Willa replies that she did so because she could and because she was "bored."

Much to Krumitz's dismay, the prosecutor releases Willa from custody on the grounds that she's only 16 years old. Avery informs Krumitz that she knows he broke the law when trying to expose Lomis' real identity. He paid off the ransomed phone via a text message, bundling a Remote Access Trojan in with it. This allowed him to take control of Lomis' computer, essentially conducting a digital search without a warrant. Willa's photo was taken with her desktop camera without her knowledge, something Krumitz neglected to mention to the team.

Avery recalls something Krumitz said to Willa's father about Willa coming in first place in a chess tournament. This is something Krumitz could only know by examining the photo he had taken of her. Avery accessed Krumitz's Bureau files and found the photo. She points out that if Lomis had been a 35-year-old man, he would've walked and Krumitz would've been turned in for breaking the law. As it stands, his law-breaking will remain a secret between he and Avery. Before leaving, she asks him if his victory will taste as sweet since he didn't earn it honestly.

Cast[]

Main Cast[]

Guest Cast[]

  • Jason George as Colin Vickner
  • Colby French as Robert Hart
  • Rachael Kathryn Bell as Willa Hart
  • Kristin Carey as Senator Carla Finnis
  • Matisha Baldwin as TSA Agent
  • Sarah Butler as Chelsea
  • Richard Chiu as Juice Jacker #1
  • Dan D'Amicol as Mark
  • Cali Fredrichs as Sick Woman
  • Gabriela Fresquez as Frustrated Passenger
  • Larry Guli as Upset Man in Hawaiian Shirt
  • Jay Huguley as Gordon
  • Bevin Kaye as Rachel Carrington
  • Nicola Lambo as Woman
  • Justin Marco as Sales Clerk
  • Chris Riggi as Juice Jacker #2
  • Zoey Sidwell as Cindy
  • Glynis Liston as Passenger Service Agent
  • Margaret Newborn as Suspect Passenger
  • Ryan Babcock as TSA Bilson
  • Alysson Da Silva as Civilian
  • Sam Jones as CTOC Agent

Music[]

  • Brain Storming by Kemal Vatansever & Yigitoglu

Notes[]

  • Hayley Kiyoko (Raven) is credited but does not appear in the episode.
  • Senator Finnis' first name is listed as being Carla; however, the news article about her refers to her as "Senator Deborah Finnis."

See Also[]

CSI:Cyber Season 1
Kidnapping 2.0CMND:\CrashKiller En RouteFire CodeCrowd SourcedThe Evil TwinURL, InterruptedSelfie 2.0L0m1sClick Your PoisonGhost in the MachineBit by BitFamily Secrets


Community content is available under CC-BY-SA unless otherwise noted.
More Fandoms