For three years, guests at the "Aurora Grand" had accepted this as normal. "It's just the backup WiFi," the front desk would say. "If the main fiber goes down, connect to BK-5G and log in here."
He didn’t change the IP immediately. Instead, he set up a honeypot. He copied the old blue-and-white portal perfectly, but added one line of JavaScript. It wasn't malicious yet—it was a logger . Every time someone in the world accidentally typed http://bkwifi.net (perhaps misremembering a hotel’s private address), Cipher saw their IP, their browser, their OS. http- bkwifi.net
She connected. The blue-and-white page appeared: http://bkwifi.net/guest . She typed her room number and last name. For three years, guests at the "Aurora Grand"
But the real prize was the Aurora Grand. Their internal network was still configured to phone home to http://bkwifi.net for a "heartbeat check" every 90 seconds. When Cipher pointed his public server to a new IP, the hotel’s backup router—a dusty Cisco 4321—obediently reached out to the real internet for bkwifi.net . Instead, he set up a honeypot
She SSH’d into the Pi. Its local log showed a single line repeated every 90 seconds: