Armchair Safari (A Cybercrime Technothriller)
Page 29
“I served from ’01 to ‘04.”
Agent LaRue smiled. “I got out in ’05. See any action?”
“Fallujah. When we took the city.”
LaRue’s lips tightened. “I’ve heard some of the stories. That was a tough slog.”
Derek picked up the picture frame. It had a dark wood border with the Marine Corps emblem laser-etched into the corner. Derek and a handful of other Marines were posing for the photographer in their combat gear, flashing rifles and hand signals while daring anyone to challenge them.
“Yeah. A couple of the people in this picture aren’t with us anymore.”
Agent LaRue gave Derek a respectful nod. “It’s never easy to say goodbye, is it?”
“No.”
LaRue turned and left. Lucy was standing by the door and staring curiously at Derek. Their eyes met momentarily before she abruptly followed LaRue out.
Now only Roger remained, and he shut the door quietly behind Lucy.
It was like all the oxygen in the room had left. Derek slumped back into his chair.
“You okay?” asked Roger.
“No.”
“You can be mad at me now, if you need to. It’s ok. Bringing in the Feds without speaking with you first. Lay into me if you want.”
Derek pursed his lips. “Wouldn’t really change much, would it?”
“No, I suppose not.”
“I have to say, Roger, I’m surprised. I always thought you and Jim were leery of contact with the authorities—you know, fear around any sort of inspection that might consider Netertainment to be a gambling outfit. Now you’ve invited them to poke around all they want. All before an IPO.”
Roger shrugged. “Maybe things happen for a reason. Or, maybe we shouldn’t hide behind our fears when more important things are at stake. Like threats made against friends. You have to do what you have to do.”
Maybe, thought Derek. You have to do what you have to do.
He glanced at his Marine Corps picture frame again. Sadly, that was familiar territory.
“Thanks Roger.”
“Yeah... no problem. I’m going to go catch up with Lucy and our boys. I’ll make sure you know what’s going on. Do you want me to let Jim know?”
“No. I’ll do it. He seems to expect bad news from me these days.”
“Okay. See you, then.” Roger left the office.
Derek looked over at his computer screen. The screen saver was on. He couldn’t even remember what he had been working on now.
30
Lucy’s smartphone chimed on the nightstand next to her bed. Usually such a small noise wouldn’t even make her roll over. But with all of the activity around Derek’s email, there was so much on Lucy’s mind that she was having trouble sleeping.
The alarm clock said 4:56 a.m. Ungodly early.
She didn’t need this. Lucy had marched Special Agent LaRue and Special Agent Jiminez all around the office to interview her staff, helping them gather information on how her network was set up right down to pulling the server logs to look for suspicious activity. Then there were the conference calls with SecureNet. Netertainment’s security partner constantly monitored their environment for signs of malware or intrusion, but interacting with them still took work—it was never so easy as calling them up and saying, “Hey, take care of this for me, will you?” Add in trying to find some code bug and the cup was beyond overflowing. Lucy kicked herself for not having a dedicated security specialist on staff. Until now, with her own background, she had been quite comfortable handling security herself as the CIO. She certainly had the skills. What she realized now was she didn’t have the time.
The phone chimed again and her arm reached over like a robot to pull it out of its charger. The smartphone manufacturers had transformed the world’s population into Pavlovian dogs, conditioned to twitch at the promise of a text message.
The small touchscreen read: Atlasapp capacity at 30%.
That was odd, Lucy thought through the fog of exhaustion. Atlasapp was the core engine used by Armchair Safari to route player data. It could handle over a million players at peak loads in anticipation of the growth trajectory of the company. But they didn’t have a million players—not yet, anyway. Why was there an alert? Was there some kind of guild war going on?
Lucy sat bolt upright in bed.
It was the day after the deadline in Derek’s email.
Something was very, very wrong.
Lucy jumped out of bed and snatched the phone in both hands. Her fingers were trembling as she scrolled through her contacts. Where was that phone number? She couldn’t maneuver the touchscreen and cursed as she fumbled. It seemed like forever before she finally found what she was looking for and pressed Dial.
Ring, ring.
“Come on, pick up,” Lucy grumbled.
“H-hello?” said a groggy voice.
“Walter, this is Lucy. I’m getting alerts from Atlas. We might have a problem.”
“Oh? What sort of problem?” Walter was her Director of Infrastructure and responsible for maintaining all the servers, storage, and networking for Netertainment.
“Capacity alerts. I think we might be under attack.”
“Attack?” There was a moment’s pause. “You think a Denial of Service?”
“Maybe. The alert I got said 30% capacity and it’s five in the morning.”
“Okay,” said Walter, sounding more awake now. “Let me get to the office. Are you going in?”
“I am. I’m going to call some folks along the way. Hurry, okay?”
“You got it, boss.”
Lucy hung up and got dressed as fast as she could. She was pulling her hair back into a ponytail when her phone buzzed again. She picked it up and saw another alert.
Atlasapp capacity at 40%.
Son of a bitch, it’s only been ten minutes, Lucy thought. She really had to hurry.
A Denial of Service attack, or DoS, aimed to cripple a network’s ability to respond by filling all the available bandwidth with junk requests. When two computers needed to communicate—such as an Armchair Safari player’s desktop with Netertainment’s servers—there were a series of data handshakes that helped establish a session between the two entities so that the correct user data could be passed back and forth. But there were a finite number of handshakes that a network’s bandwidth could handle. If that bandwidth were flooded with bogus requests, it would preclude legitimate users from being able to connect and play.
Racketeer was the cloud hosting company that Netertainment used to run Safari. They had lots of bandwidth—thousands of servers and big, fat switches and firewalls to act as the virtual data center for hundreds of companies. It would be impossible for a lone computer to attack an enterprise-class infrastructure and consume all of that networking capability. So what an attacker often did instead was launch a Distributed DoS by using multiple computers working together. By recruiting a botnet, a large number of computers previously infected with a malware program, a hacker could take control of significant computing power and use them all as slaves in a DoS attack. Usually the owner of an infected computer had no idea that their machine was compromised. All those times when Windows seemed like it was running slowly, or a web page was taking a long time to load, could really have been when the PC was acting as part of a botnet army.
Lucy had once taken a brand new, unprotected laptop and connected it directly to the Internet to see what would happen. It became infected in less than five minutes.
Netertainment did have defenses. Racketeer had purpose-built appliances to scrub incoming traffic and discard the IP addresses from known bots, among other things. However, if the internet connection was completely flooded, there was no way those appliances could get to all of the requests coming in, let alone inspect each one. That really needed to be done further upstream by their Internet Service Provider. So far, Lucy had left two voicemails at their ISP but had been unable to connect with anyone live to ask for their help.
All this went throug
h Lucy’s mind as she raced down the highway to the office. The crisis plan her team had developed was about to be put to the test. They had practiced it before—maybe not as much as they should have, but still, they had rehearsed it. It was another thing to be doing it for real and to see the things that did not develop according to plan, like an inability to reach the ISP’s on-call engineer.
Lucy pulled into the garage and left her car parked diagonally across two handicap spaces. Walter’s Honda was parked nearby. She rushed through Netertainment’s lobby and down to the basement where she found Walter at his desk, staring into numerous monitoring programs and talking to another person on his speakerphone.
“Talk to me, Walter.”
“Shit, Lucy, we’re in trouble.” Walter was in his early forties and had curly gray hair, a closely-trimmed beard, and glasses. He looked like he should be teaching a college class somewhere. “We’re getting overwhelmed with connection requests.”
“Who’s on the phone?”
“That’s Scott from Racketeer.”
“Scott—why aren’t your security appliances keeping this out?” Lucy demanded.
“Hi Lucy. They are—sort of,” Scott replied. The senior engineer assigned to their account sounded frustrated. “We’re getting hit with a ton of encrypted SYN requests and they’re chunking through everything that gets to them.”
“Can’t you block the IP addresses that are sending the requests?”
“We’re trying, Lucy, but... there’s a lot of requests. A lot. We’re getting totally overloaded.”
Lucy understood. A SYN flood was a simple, brute-force attack to overwhelm a network’s availability. Normally for two computers to talk, one device sent a synchronize request, or SYN, to a server which then responded with a synchronize acknowledgment, or SYN-ACK. Then the first machine would complete the three-way handshake with an ACK acknowledgment and established the session. In a SYN flood, the requesting computer never sent the SYN-ACK and basically left the server hanging, tying up the port. Encrypting the requests just ate up that much more compute power.
“You guys have preemptive filtering, don’t you? Can’t you just drop anything coming in from a known bot?”
“Already looked at what we have on record, Lucy. There’s some major IP spoofing going on here. Whatever botnet is being used on this one—and it’s a big one, let me tell you—every connection is being masked to look like it came from something other than the bot. Too many lies to filter through.”
“Shit.”
“Who did you guys piss off to get attacked like this?” Scott asked.
“Scott... it doesn’t matter. We need this attack to stop.”
“Are they extorting you? Why don’t you just pay them off? What’s a few grand to make them go away when it’s going to cost you a lot more in downtime to fight back?”
“Scott... again, that’s not an option.”
“Okay, just offering suggestions. But there’s not much more I can do, I’m afraid.”
“All right, guys. Help me get in touch with Aspen ISP. I’ve tried the on-call number three times now and haven’t gotten a live body yet.”
“No one answered the on-call number?” Scott said, surprised.
“No.”
Walter whipped out his smartphone and started swiping through a bunch of screens. “I know some guys over there. Let me find someone.”
Lucy checked her own phone for the latest on Atlasapp. The usage level was going down now—which actually wasn’t good. The DoS had now overwhelmed the network and players weren’t even getting to the servers. Soon they’d be booted off.
“I got it.” Walter was holding his phone up to his ear, waiting. “Tim? This is Walter over at Netertainment. “I need your help in a bad way, right freakin’ now.”
When the Netertainment staff started arriving for work, Lucy knew that Customer Care was quickly going to be on the front lines of it all. The typical calls of forgotten passwords and procedural questions would be replaced with frustrated players unable to connect. Roger arrived at the office and the first thing he did after talking to Lucy was to pull the Care team aside.
“Listen,” he told them in a hastily assembled huddle. “The most important thing you can do when you get an angry caller on the line is to acknowledge that there is a connectivity problem and to reassure them we are aggressively working to address it. Don’t get pulled into details—don’t conjecture about system issues, or hackers, or whatever. Don’t do anything other than we’re aware there is an issue and that it’s being worked.”
“Are we being hacked?” asked one of the Care representatives, a heavyset woman with brown hair and glasses. “I already have people calling me that are asking me that, point blank.”
Roger didn’t take the bait. “We are experiencing issues that are keeping players from logging in, Jenny, and we’re working to address them. We’ll know more about how to get everyone back online as we get through the forensics. That’s all I want any of you to worry about saying. Okay?”
Numerous heads nodded and the operators went back to their cubicles. The phone queue had already stacked up another wave of upset users.
“Thanks for handling that,” Lucy said as they took the stairwell back downstairs.
Roger nodded. “You got it. I hope they stick to the script. The last thing we need is our folks feeding some kind of frenzy.”
When Walter saw them he frantically waved them over to his desk. “Scott and I tracked down the VP of Operations at Aspen. Let me get a three-way con call going here.”
Soon they were on the phone with Joe Gerald, one of Aspen’s senior executives. Aspen provided the local leg to connect to the Internet backbone run by the big telecommunications carriers like Sprint and AT&T. They were known for top-notch support. Lucy was about to see what that really meant.
When they started reviewing the situation report, it didn’t look good.
“This is a massive attack,” Joe explained. “We’re experiencing slowdowns across multiple customers because of the SYN flood.”
Lucy wrung her hands in exasperation. “How can you possibly be impacted? You’re the ISP. You have more bandwidth than you know what to do with, and you can’t handle a DDoS?”
“Lucy, I understand you’re frustrated. It’s not—”
“I’m beyond frustrated. This is impacting my customers.”
“I understand,” Joe continued after a short pause. His voice was very even. “Yes, we do have a lot of bandwidth. This attack is eating up a lot of it. We’re measuring sustained traffic over 170 Gbps, which is... well, it’s the biggest attack I’ve seen, ever. You have to understand, Lucy, this isn’t just a bandwidth issue. We have routers and mitigation equipment that have to process every packet that goes through the system. There are only so many onramps for the highway, and ours are getting overwhelmed with a packet-per-second rate well over 100 Mpps. That’s extremely high and, frankly, it’s impacting our ability to service all of our customers.”
Lucy didn’t know what to say. All of the precautions they had taken to keep their environment secure, all the work to partner with a top-notch service provider? It was being crushed by a massive, blunt-force instrument.
“So what do we do?” asked Roger. The lack of profanity was unnerving.
“We have some Counter Threat resources we’re working to pull in on your behalf,” Joe said through the speakerphone, crackling. Lucy realized he was probably in a car somewhere, driving in and out of cell coverage. “Until we get a plan together for Netertainment, though, we need to take steps to protect our other customers. The attack on you is taking everyone down.”
“What does that mean?” said Lucy.
“We need to null-route your traffic until we can get these other resources engaged.”
“You are not going to null-route my business, Joe!” Lucy shouted.
She couldn’t believe what she was hearing. Aspen was saying they were preemptively going to drop all traffic pointed at
Netertainment. It was the equivalent of disconnecting them from the Internet.
“There isn’t any other choice, guys,” Joe said. “Nothing is getting through to your servers anyway. This is the only way to protect our other customers while we help you put together a plan.”
Lucy started to yell again but couldn’t get the words out. Everything was falling apart in front of her. Only the sting of tears spurred her to turn and walk away.
As she stormed to the stairwell, Lucy heard Roger make the call behind her. “Do what you need to do, Joe. Take us down.”
By noon, Netertainment had been down almost three hours. Derek called Jim and was doing everything he could to keep the wrath at bay. Roger continued to handle damage control with Customer Care and Marketing. When they met about whether or not to inform their players of what was happening, Roger forced Lucy to take a Xanax. She would have preferred cyanide.
Lucy sat in her office with the lights turned off, staring at the wall. This was an unmitigated disaster. She could feel the revenue and their reputation evaporating by the minute as Armchair Safari sat idle, a vast, empty game world full of dormant inhabitants. She was a stupid fool. Here she was, so proud of what they had created, only to forget that a chain was only as strong as its weakest link. She had fought the wrong battle. The easiest way to extort money wasn’t to break in and get access. It was to deny access to everyone else.
Then at 12:30 p.m. came a glimmer of hope.
Lucy and Roger happened to be downstairs with Walter when his desk phone rang. Walter practically knocked the picture of his kids onto the floor trying to punch the answer button.
“This is Walter.”
“Hi Walter—Joe Gerald again, with Aspen. I’d like to conference in someone on the other line to talk about your Denial of Service attack. Is that okay?”
“Well, it’s not like we’re real busy right now,” Walter said dryly.
“I always need to ask.”
“Who is it you want us to talk to?”
“It’s a company called Pro-Tem. They specialize in restoring service under these sorts of conditions.”