00:00The
00:02Dead
00:02Dead
00:03Dead
00:04Dead
00:05Dead
00:06Dead
00:07Dead
00:08Dead
00:09Dead
00:09Dead
00:10Dead
00:11Dead
00:12Dead
00:13Dead
00:14Dead
00:15Dead
00:16Put it here until your dad comes.
00:18Why don't we just put the whole lot in the trunk?
00:21The keys are with your dad.
00:22It's here.
00:23Oh, right.
00:25Where's your dad?
00:27I think Sohail is holding him up right now.
00:30I couldn't find my ball, Mommy.
00:32It doesn't matter, honey.
00:33Play with this ball for today, and I'll find it for you later, okay?
00:36I don't want that one. I want my own ball.
00:38Sohaila, here, please give these to your brother to put in the trunk.
00:42Go on.
00:49Give it.
00:52Watch these until I come back, yeah?
01:00Watch out.
01:01I'm gonna make one mighty barbecue.
01:03Got the charcoal and skewers?
01:05Oh, not the charcoal.
01:06Oh, come on. Hurry up, sweetheart.
01:08Okay, okay.
01:08What kind of a picnic is this?
01:10What's up, dear?
01:11It's late. It's already 11.
01:13So what? It's not like we've got a meeting.
01:15We're just going out to have lunch.
01:16It's always noon by the time we get moving.
01:20Sohaila.
01:20Sohaila, dear.
01:22Here, sweetie.
01:23Here's your ball.
01:23Yay, there's my ball.
01:25Thanks for getting it, Daddy.
01:27Bring these with you, okay?
01:28Right.
01:33Hello?
01:35Hi, Atai.
01:36What's up?
01:39No, I'm about to go out for a picnic with my family.
01:44What?
01:47Repeat that, please.
01:53Are you sure?
01:55All right.
02:02All right, I'm coming.
02:08Let me out.
02:25Yes.
02:42The letter was made quite professional.
02:45How can it be fake, Tony?
02:46The guys in IT saw it before I did it, and they printed it for me.
02:51It's exactly like the letters we always get from officials, and there's no trace of a mistake.
02:55I can tell from this access point.
02:57You've got a wireless network here, right?
03:00Yeah, we spent lots of money to ensure its security.
03:06Where exactly are the devices?
03:09The telecom center.
03:11There's a few in admin, and the rest are connected by the cables.
03:15The network's security is high.
03:16Yes, and so I doubt it happened through any of the computers inside this prison.
03:21That's what I keep telling you, Major.
03:23It's impossible.
03:24We have to check everything first, all right?
03:27The recent activities here.
03:29That's what I'm doing.
03:30We controlled the activities Kazemi could do on the computer.
03:33We've even got video recordings of him, too.
03:36Letting Kazemi access a computer was a mistake.
03:39A big mistake.
03:41A few days back, some IPs connected to the server at 1143.
03:46They have all the same Ethernet ports.
03:48IPs? And how many?
03:50Four, sir.
03:53Just one recorded activity.
03:56See what system it was.
03:59It's MAC address. Activity log.
04:02I'm on it.
04:04How many of your people are connected to the prison's wireless network?
04:08I think around 22 or 23.
04:10What kind of information do you usually share on the network?
04:13There are a couple of folders that we have where we put our files in.
04:18For things like printing.
04:19And some admin work, too.
04:22It's Windows XP.
04:24We can also see the computer's MAC address, but it's weird.
04:28He didn't do anything special.
04:30Looked in a few folders, took some files, and put one in.
04:33As I said, this was carried out from outside here.
04:37We don't even have Windows XP.
04:38It's either Vista or 7.
04:43How did he do it?
04:48What's the MAC address of the device that's connected to those computers?
04:52Hurry up.
04:55The first three are F866F2.
04:58Belongs to devices of Cisco.
04:59Check where the exact location of the device is.
05:04There are exactly 7.
05:06And one MAC address has been repeated.
05:10Where exactly in admin is the access point of the Wi-Fi located?
05:14On my desk.
05:15By the screen.
05:16There?
05:17Yeah.
05:17Yes, dear.
05:18Check the log files of the access point.
05:21Yes, sir.
05:24Remember a few days ago the Wi-Fi wasn't working in the prison?
05:28And then the guys over in IT fixed it.
05:30That's pretty strange.
05:51This access point was physically reset at exactly 11.32 a.m.
05:59As soon as it got a connection, it went into factory default DHCP mode.
06:04Then four other operating systems gained access to it.
06:07It looks like the suspected MAC address in its operating system was a part of this.
06:11The access point came out of repeater mode and then through this device here.
06:15It was connected to the prison's cable network.
06:17So he had access to the share folders, and that's how he placed a fake letter into one of these computers.
06:22And then when the prison employees checked their folders in the morning, they got a printout and handed it to you.
06:28Just like that.
06:29Exactly.
06:30This MAC address was connected to the prison's network just once for approximately 28 minutes.
06:35But Comron works a lot faster than 28 minutes, you guys.
06:40Where was Kazemi during this time frame?
06:43In the storeroom.
06:44The storeroom?
06:45Who's in charge of the key?
06:48The service manager is in charge of it.
06:50He hands it to the officer on duty at the start of a shift.
06:54And I've got a copy.
06:55Atai.
06:57Go have a talk with the services manager.
06:59And the officer who took Kamran out of prison.
07:01See what you can get out of the two of them.
07:03Sure, go.
07:04I'll show you the way.
07:05I need to talk to Shahab Hashemi.
07:09Unfortunately, he isn't in prison right now.
07:12No.
07:13Why not?
07:14Well, that day when you came here to talk to Shahab Hashemi.
07:17Yes.
07:17He suffered a head injury during a fight, which none of us knew about.
07:22He's in the hospital at the moment, and he's still recovering from it.
07:25He's back in prison.
10:09Yes, sir.
10:11Come here.
10:14Oh, wow.
10:15This is where he set it up.
10:17Hurry.
10:19Take a look at this.
10:20He hit Shahab with this.
10:37I'm sure that that's Shahab's blood.
10:48What's new?
10:49Well, nothing much more than what we already know.
10:51I thought so.
10:52I thought so.
10:53All right.
10:54Come take this for blood sampling.
10:57Come here.
11:00Find anything?
11:03This is the computer with XP on it.
11:05The log files show us that he connected to the access point.
11:08Where's the network card?
11:11This it?
11:12Yes, sir.
11:14All right.
11:14We have to take this with us.
11:15Okay.
11:20The file.
11:21Let's not waste any more time.
11:29Let's not waste any more time.
11:30Well, we didn't find anything, Major.
11:57Who's the owner?
12:01Engineer Amir Saidi.
12:02He bought the place six months ago so that he could build on it.
12:06Talk to him.
12:07And arrest anyone that was in contact with him or that came here.
12:10Sure.
12:11All of them?
12:11Sure.
12:12Hey, wait.
12:13Is there a chimney?
12:14Chimney?
12:15No.
12:16Check the power housing.
12:17This is warm.
12:18All right.
12:18Find anything?
12:29A lot of fingerprints.
12:31These guys have found 38 sets of fingerprints so far.
12:34Even if there are a thousand, we need them all, right?
12:36Yes, sir.
12:37Let's go.
13:07Give me some forceps.
13:15Let's go.
13:16Let's go.
13:16Let's go.
13:24Let's go.
13:26Let's go.
13:58Hey, Abbasi, you find anything?
14:13No, sir. Haven't found anything.
14:15I found something.
14:20Is it paper?
14:22Yes, with some fabric.
14:25Laboratory, then.
14:27Okay.
14:27An oscillator with a simple flash memory card.
14:30They've used the chipset to go around the plug-and-play drives.
14:34Changing computer drives and Mac addresses isn't easy.
14:37It can only be done by a top-notch programmer.
14:39Because flash memories don't usually do this kind of thing.
14:42So do you think that he could have done all that by himself?
14:44I think a team of five people did this.
14:46A programmer, a hardware provider, a tools provider, a telecommunications engineer,
14:53and a fifth person who knew the exact location of the main access point and had access to it.
14:59Now, if he had done it by himself, then...
15:02Sorry, let me explain something.
15:04Major, I did some research.
15:06The prison has fiber optic cables.
15:08It's straightforward up until here.
15:10But then there's the administration department, which is different.
15:13They installed a powerful Linksys router point for Wi-Fi communications.
15:17This was around about three years ago now, I guess.
15:19So you'd expect the workers there to use the most up-to-date form of communication through wireless technology.
15:24Now, wouldn't that make sense?
15:25Exactly.
15:27Most of the devices in that prison work via Wi-Fi technology.
15:31Despite the presence of a cable network that exists throughout the building.
15:35And that's the reason why they decided to expand the network.
15:38They used seven access points on a high-frequency antenna that can repeat the central router,
15:43so all the users can access the Wi-Fi without any trouble.
15:46Accessing the portals isn't that easy, you know.
15:49Because passwords and firewalls provide the network with security.
15:52As always, there must be a human involved.
15:55Or in this case, several.
15:57That's what I found in my research.
15:59Quite a few people, Major.
16:01And the portal in the prison still has quite a lot of bugs.
16:04Because they still haven't paid the remainder of what they owe to the programming team.
16:08So they haven't been updated yet.
16:11Up until this moment, we still haven't got a proper definition of the network.
16:16So anyone can access their sharing network and place files in it.
16:20And remove any files they want.
16:22When an error goes unnoticed, it turns into a dilemma, which in turn becomes a new rule.
16:29Now, another important point I'd like you to consider is that the letters are in PDF format.
16:35PDF files are made through print.
16:38And during this process, an IP and a port address get placed at the bottom of them.
16:43This IP and port address belong to the portal in prison.
16:48This is a big problem, and the prisoner exploited it in the best way possible.
16:52That's right.
16:53I checked the prison's electronic archives, and it's just as our friend here mentioned.
16:57What you see up there on the screen is the court's last letter to the prisoner.
17:02When it got printed through the portal, its IP showed up at the bottom.
17:05Exactly.
17:06Jamsin Kazemi used these mistakes to his advantage, you see?
17:10He then hacked into the prison's network, took one of the intelligence ministries' files,
17:14changed it, and then placed it into the warden's folder.
17:17What else have you got?
17:18Well, we were able to recover all the information.
17:21The prison's security system had installed a software called micro-recorder on all the systems there.
17:26We can view the steps the prisoner had taken, as you can see.
17:30He edited the ministry's letter with his name, and photo on it.
17:37What I'd like to know is why he didn't physically destroy the hard drive when he could have.
17:42There's probably a reason.
17:44He's got a reason for everything.
17:47Then maybe he wanted to leave us a cryptic message or something.
17:50Exactly right.
17:52While I was checking the information during this moment, I came across this.
17:57There's an address and a port here.
17:58And now, under Jamsin Kazemi's letter,
18:02there are some characters which are all pretty logical.
18:06Except for the few ones.
18:07Cloner.
18:08That's the name of a famous virus.
18:11Yes.
18:12One of the most destructive computer viruses.
18:15It behaves like a smart virus.
18:20Cloner, huh?
18:21Yes.
18:22You know.
18:23You know.
18:24You know.
18:24That's right.
18:25Yes.
18:25You know.
18:26It's like a man.
18:33You know.
18:34How do you know that ?
18:36You know.
18:38You know.
18:39You know.
18:41You know.
18:42Go.
Comments