Sophomoric, even infantile. But RegSec was a Fortune 500 company and Anonymous had done it again. And the fact that the company was so universally unpopular meant the hackers could expect sympathy for, what was at heart, a criminal act.
Jeff checked several of his favorite tech sites and found stories already posted on the defacement. He went to the bathroom and showered, gingerly feeling the side of his head again. It was tender but nothing that troubled him. His vision was clear. After brushing his teeth he took two more pain pills, then ordered a light breakfast with a large pot of coffee.
Who had attacked him in the alley? he wondered. He found it very hard to believe that a loose cyber community like Anonymous had agents on the ground willing to attack and to threaten someone like himself. Yet it seemed that was what had happened.
There was a CyberCon presentation he wanted to see that morning but the RegSec attack took precedence. For the next several hours Jeff conducted a forensic examination of the penetration. He couldn’t confirm it based on the evidence, but suspected that Anonymous had compromised the site with an SQL server injection vulnerability he had warned the IT staff about. He wouldn’t be surprised if somehow in the flurry of activity these last few days the ball had been dropped and it hadn’t been fixed. He reviewed the software configuration running on the server at the time of the compromise and confirmed his suspicion.
He called his contact at RegSec and told him what he’d learned. Work on the replacement server was nearly finished. “We’ll be back up in an hour,” he said.
Jeff decided to eat lunch in his room, then join the conference at the start of the afternoon events. This would allow him to analyze the network logs to see where the attack had originated. To do this he employed the very statistical analysis that had been the focus of his presentation the previous day. He’d primed his tool with data from the last week of RegSec’s Web logs and directed it to examine the morning’s traffic, looking for Web requests of unusual size, atypical send and receive patterns, and data that looked different from those typically transmitted to and from the site. He culled the list of potential IP addresses down to a handful and because the traffic logs were decrypted, he could see the SQL, or Structured Query Language, injection and its originating IP address.
An SQL injection was a common technique for attacking a Web site. It inputted SQL statements in a Web form to prompt a poorly designed Web site to perform operations on the database other than those intended by the designer. Often the goal was to dump the database into the hands of the attacker. It didn’t look like Anonymous had done that, but they’d managed to get their code inserted onto the server using the hole. By the time Jeff finished lunch, he’d located the hacktivist’s IP address from the noise of RegSec Web site traffic around the time it was hacked. Then he checked the address.
The Anonymous defacement had originated at the hotel where CyberCon was being held.
Global Computer News Service
The Anonymous Cyber-attack on RegSec
By Cheryl White-Brighton
NEW YORK, New York—Early today the Internet hacker group known as Anonymous defaced the Web site of controversial company RegSec. This followed a brief interruption in the company’s Internet presence earlier when it briefly succumbed to a Distributed Denial of Service attack. This defacement is the latest successful penetration of a major corporate Web site by Anonymous. “We will address whatever issues required and be up and running within hours,” RegSec said in a statement.
Just then Jeff’s cell phone rang. Daryl. It was good to hear her voice. After pleasantries, she asked what he was doing about the defacement and he told her what he’d just uncovered. Wow, from the hotel where CyberCon is taking place? It must be an attendee.”
“I agree; otherwise it’s too much of a coincidence.” Jeff considered, then immediately dismissed any thought of telling her about the personal attack on him. There was nothing she could do about it and it would just cause needless worry. “Where are you?” he asked.
“At the airport. I’ll be home later today, but probably not for long.” She told him about a request from one of their regular clients. “It’s a rush—again. I’m going to try and do it from home.”
She’ll be gone, Jeff thought with a sinking heart. There was just so much you could accomplish remotely and that was usually only after the heavy lifting on-site had already been done.
“If there was some way to get a name or some other identifiable data from behind that IP address that would tell us who did it,” Jeff thought aloud. “I was thinking of sniffing the Wi-Fi network but doubt that will show anything since any personally identifiable information, like e-mail, is going to be encrypted.”
“I’ve got an idea you might want to try,” Daryl said brightly.
“Tell me,” he said, and proceeded to listen to what she had to say.
After the call ended Jeff glanced at his watch, satisfying himself that there was enough time for the plan. He dressed, then returned to the convention center. Though it was daylight, he avoided the broad alley where he’d been attacked and instead took the longer route around the busy street corner. To his right he spotted the shipyard cranes and the more distant Imperial Beach, where he’d once spent a pleasant Sunday afternoon with his grandparents.
Daryl’s plan, he’d decided, just might do the trick since the hacker’s IP originated at the hotel. There were problems with it, however, and he’d need cooperation to pull it off. The energy level at CyberCon had leaped and the place was abuzz over the RegSec defacement. Some of the younger, grungy attendees wore bright, shiny faces and spoke with animation. Others appeared bemused by the turn of events while the traditionally attired looked sober. He approached Clive, who was sitting in the room talking with someone.
Jeff pulled him away from his conversation with an apology.
“Did you see what Anonymous did to RegSec?” Clive asked. He looked upset.
“I did. I need to speak in private with you. How well do you know the FBI agent?”
“Norm? Very well, I’d say. I’m surprised you’ve not run across him before. He’s one of the good guys.”
“Invite him to join us. And keep this quiet. It’s important.”
Ten minutes later, the trio was seated in Clive’s suite on the third floor. Clive passed out bottles of water from the minibar as Jeff began. “I was contacted by RegSec just after the DDoS attack on their Web site. They hired me to upgrade their security as they were receiving constant cyber-attacks from Anonymous. That’s what I’ve been working on and why I’ve been so absent.”
Norm nodded politely as he listened intently. It was as if he could sense that something important was about to take place. His right hand was raised to his cheek and he moved the fingers through the short hair of his beard.
“I was able to do some patching on their operating system,” Jeff continued, “and encrypted the company’s customer online account passwords database. I then set it up so I could trace any future hacking attack. Unfortunately, the company’s IT people failed to move fast enough on issues I called to their attention and the site was defaced, as you know.”
“I’m constantly amazed,” Clive said, “at how many high-profile companies fail to adequately secure their Web site and information. This is especially surprising since the CEO was so aggressive in his public statements, all but daring Anonymous to go after RegSec.”
“I agree. I’m shocked almost every day at what I learn and that’s not the half of it,” Norm said. “You should see the security shortcomings in many of the government and vendor computers.” He looked at Jeff. “Were you able to trace the IP?”
“I was, and that’s why I’ve asked to see you two.” He paused then said, “The hack originated from this hotel.” Clive and Norm both straightened in their seats. “Given that CyberCon is meeting here, I think a logical conclusion is that an attendee has done it.”
“This is bad,” Clive said. “Very bad.” If—or rather, when—word o
f this leaked, it would very likely negatively affect him and his company, as it would CTI.
Jeff now told them about the assault on him the previous night. Clive looked at him with concern. “Have you seen a doctor?”
“It’s not necessary. I was just stunned.”
“You know,” Norm said, “it may be that the same person who hacked the RegSec site also attacked you.”
Jeff nodded in agreement. “I think that’s likely. But what’s important now is what we do. I’ve asked to talk to you because I have a plan. If it succeeds, and I think we have a good chance of that, we can turn this into a positive.”
“You mean, catch the Anonymous hacker?” Norm said.
Jeff smiled. “That’s exactly what I mean. Catch him red-handed.” His attacker had been a man so if the hacker was the same person, then they were searching for a “he” not a “she,” unless there was an accomplice.
Jeff watched as a slow smile spread across the agent’s face. “I think I’m going to enjoy learning exactly how you intend to do that.”
By the time Jeff had finished explaining what he wanted, Norm was beaming.
A few minutes later the men went back downstairs to CyberCon, with Jeff retiring to the prep room. The hotel network CyberCon used employed Dynamic Host Configuration Protocol, or DHCP, in its computers. When attendees connected to the network they received IP addresses. That was key to what Daryl had suggested. Next, he just needed to acquire an open source trivia game Web site plug-in.
The plan was simple. Clive would offer the trivia game to attendees. Daryl thought, and Jeff agreed, that almost everyone would participate, especially as Clive was going to give prizes. Next, Jeff wrote a tool that monitored game log-ins and produced their IP addresses on the hotel Web server. If the Anonymous hacker participated in the game, the same IP address would appear and Jeff would have him.
There were some potential problems, though. For one, the hacker might not take part. Jeff thought that unlikely but he had to acknowledge it as a possibility. He would also be out of luck if the hacker had left the hotel after executing the attack and then returned since he would have a different IP. Still, he’d reasoned most attendees were staying at the conference hotel and it was unlikely many had left the premises and then come back. He’d explained the downside to Clive and Norm but in their opinion the plan had a good shot at success. In anticipation of that, Norm had called the local FBI office and summoned assistance.
Jeff called Clive and told him he was ready for him. A few minutes later the man entered the prep room and sat with him. For the next twenty minutes, he and Jeff brainstormed a number of trivia questions such as “What was the first PC virus named?” Answer: “Brain.” The process took less than half an hour.
The conference was scheduled to conclude with a keynote speech. This year the speaker was the head of security for the National Security Agency, or NSA, America’s omnibus information protection and communications intercept agency. The theme of his presentation was that cyber-security was the new theater of war and where the first, even final, shots would very likely be fired. It was a theme everyone in attendance was interested in and it would be well if not universally attended.
When the meeting room was nearly full, but a few minutes before the speaker was to begin, Jeff sat in an outside aisle seat in the middle of the room. Clive took to the public address system, and once he had the attendees’ attention he spoke. “This year,” he said, “as an added event we’re asking you all to take part in a cyber-security game of trivia before the keynote presentation. I think you’ll find it very interesting.” A few minutes earlier Jeff had uploaded the game to the conference Web site. Now Clive gave the Web address. Attendees were to log in as usual to access the game. “The user who submits the most correct answers first,” Clive added, “wins five hundred dollars and a special printed award certificate.” There were smiles all around. “Second- and third-place winners will also receive award certificates. So let’s get playing. We’ll announce the winners after the speech.”
Jeff watched the players frantically log in using their laptops, tablets, and smartphones. As they began playing he felt a thrill. In his work, he protected companies from cyber-attacks, from those whose faces he never saw. Or he cleaned up after such attacks, fixing the digital mess they’d left behind. It was rare he actually faced the hacker, saw the criminal face-to-face.
The events the year before, when he and Daryl had dampened an Al Qaeda cyber-attack on the Internet in the West, had brought him in personal contact with those who’d launched the assault. He’d nearly been killed as a result and those men died. He didn’t expect this to have the same extreme outcome, fortunately.
The game was proving to be popular, as he’d expected. From where he sat, Jeff accessed the hotel Wi-Fi to sniff about and to see if he could identify the culprit. He monitored the network, searching for traffic using the attacker’s IP address. Most of the traffic he saw was, as expected, encrypted and so did not reveal any personal information about any of the users.
He concentrated on the mail server accesses and spotted attendees from cnn.com, techmeme.com, and any number of smaller, less well-known companies. Then he saw Combined Technologies International. Sixteen of their attendees there were playing the game, no, twenty-four,…no, thirty-seven,…now more than forty.
Jeff watched all log-ins closely. Then there it was: the same IP address logging into the CTI e-mail server. The hacker wasn’t staying in another hotel and he’d not left this one. Jeff straightened and drew a deep breath as he experienced a wave of elation. Then for a fleeting moment, he wondered if it could be Dillon Ritter. The very thought struck him as impossible. There was no stronger opponent of hacktivism in the industry.
Then he thought of Chuck Chacko. He was doing contract work for CTI. Could it be possible?
No, Jeff told himself. It was surely another CTI employee, who had an ax to grind. He didn’t know all who were here but realized with a sinking heart he’d very likely know, and probably like, the Anonymous hacker. He’d have to wait to see what the Web site log file said.
Jeff looked about and realized the room was buzzing as the attendees submitted their answers and jovially taunted each other. The speech was about to begin and the room grew silent. A few moments later Clive introduced the keynote speaker to a round of applause. The NSA officer took the podium and walked the attendees through a well-crafted PowerPoint presentation. His point was simple enough: the world was at war and almost no one knew it. That had to change.
None of this was news to Jeff, and he suspected it wasn’t to nearly all of those here. It always seemed to be upper management or senior government officials who didn’t get it. They hid in the forest of the numbers, betting they’d never be targeted or that there was no reason to counterattack.
Hiding from reality had been the case with Reginald Hinton, CEO of RegSec. For all his posturing and bravado he’d run a company with no better than average security. During his forensic investigation Jeff had found all the usual failings—unpatched vulnerabilities, antivirus software not updated, firewalls turned off.
And RegSec held the most private and sensitive information a customer could give. Its Web site bragged that it employed the most sophisticated digital protections in existence. The company asked the public for its trust and Hinton had betrayed them. Anonymous had not looted any accounts—so far that had not been its style—but in such a ragtag group it was inevitable. And to Jeff’s knowledge no private records had been stolen, but Anonymous had done that in the past.
However, Anonymous wasn’t finished yet, Jeff reminded himself. It was important he catch the hacker now.
As the speaker continued, Jeff correlated the username to the attacker’s IP address. The man had simply been unable to resist. With a sinking heart Jeff made the match. He had it. He closed his laptop and looked to his right where Norm was sitting quietly, scanning the audience, glancing at Jeff every minute or two. Jeff texted him the nam
e and watched. After a moment the agent looked at his cell phone, lifted his head, and their eyes met. He’s here in this room, Norm mouthed. I know him.
As he watched the agent exit the room, pressing his phone to his ear, no doubt moving agents outside to cover the exits, Jeff wondered how something like this could have happened. Everyone employed by CTI knew of the terrible consequences of hacker attacks. They’d been on the forefront in providing defenses against the relentless cyber-assaults they all knew originated in China against DOD contractors. They’d written and sold software expressly designed to thwart financial phishing attacks, primarily by former Eastern Bloc organized-crime syndicates. Now one of them had betrayed the very cause that employed them.
Jeff rose and walked quietly to the back of the room. He slowly scanned the audience until he’d spotted the hacker. He wondered what the man was thinking as he listened. Certainly he felt smug about what he’d done, superior to everyone else. But why the attack on Jeff personally? How much anger must the hacker feel to do that? What animus must he have for Jeff?
Jeff struggled to recall an event, something he’d done or said to create or to feed such hatred, and could come up with nothing. It was perplexing.
The speaker finally finished to a round of strong applause. His message was appreciated by the vast majority of those present. Clive took his place at the lectern. After thanking the speaker, then everyone for attending, he said, “Let me call Jeff Aiken up here to join me. He provided us with the trivia game you’ve all been playing and seem to have enjoyed so much. Come on up, Jeff!”
There was a scattering of applause as an embarrassed Jeff walked up the side of the room to join Clive on stage. “Jeff’s been watching the game for us. So…who are the winners?”
“We had six people with perfect scores, so the winners are the three who answered the fastest. Let me call them all up, then I’ll tell you who came in first,” Jeff said. “Sort of like the Miss America pageant.” To the great surprise of the gathering he announced Agnes Capps and asked her to come on stage. She wore a smug expression as she made her way to the front. With a confident bounce she moved like a younger woman than she was.
Operation Desolation Page 3