Read Operation Desolation Online
Authors: Mark Russinovich
Chuck took it personally. “I wasn't laid off or let go or whatever you want to call it,” he said. “I'd had enough, you know? Tell him, Jeff. You know what the Company was like then, what it's
still
like. The bureaucracy is stifling, there's no appreciation of innovation, an utter lack of foresight, and getting ahead in your career is the number one concern the moment you reach management. I knew 9/11 was coming, so did Jeff, so did a lot of us, but no one listened. Absolutely no one!”
“Sorry if I touched a nerve,” Ritter said, holding up a defensive hand.
“I won't pretend they weren't happy to see me out the door, you know? But every day I'm out of it, I'm grateful. I haven't attended a meeting since then. I don't have bosses. Sure, being on my own has been tough, I'll admit. I think I've been blackballed from my contacts. But there's plenty of work out there if you want it. What I want, what I really want, is to see some justice at the CIA. Heads should have rolled over their incompetence. Instead, the good guys were shown the door, or went of their own accord when they saw the writing on the wall, you know?”
Ritter's drink arrived. Both Jeff and Chuck shook off another. Ritter turned to Jeff. “How about you? Going to tell us how you saved the world?” That last part came out sounding a bit aggressive and jealous, Jeff thought.
“Nothing like that. Listen, Dillon, I'm hungry and need to get going. I've got work to do yet tonight so let's have dinner here. Care to join us, Chuck?”
Chuck shook his head as he slid out of the booth and straightened up. “No. I'll see you tomorrow, Jeff,” he said pointedly, and stomped off.
Ritter stared after him with a smirk. “Something I said?”
Dinner was typical hotel fare. As they ate, Ritter said, “I was surprised to hear just how bitter and disillusioned Chuck has become. He didn't used to be that way.”
“He got a raw deal,” Jeff said. “He was one of the Company's shining stars and his boss was jealous, did everything he could to push him down, shove him out the door. And he is right: no one listened when he tried to warn them about 9/11.”
Jeff changed the subject and asked more about Ritter, who said he was working on counter measures for a U.S. military project. It was winding down, however, and he wasn't certain what he'd be doing in a few months. He made light of it though. “They'll find something for me, they always do.” He sighed, then looked at Jeff pointedly. “Not that I wouldn't be interested in something else if it was offered.”
Jeff didn't take the bait. Neither he nor Daryl was looking to hire anyone and if they were, Ritter didn't have the skill set their work required. He turned to his meal without comment.
A minute later Ritter's cell phone rang. He looked at the screen and excused himself to take the call. He returned a moment later. “I'm really sorry, but something's come up and I've got to run. This should cover my half,” he said as he dropped a couple of twenty-dollar bills on the table.
“Okay, no problem,” Jeff said. Ritter hurried out. When Jeff finished he paid the check and though he wanted to leave right away, he was pulled into a gathering of young Turks in the industry. They wanted to discuss his talk in more detail and it was half an hour before he could politely extricate himself. It was nearly ten o'clock when he finally stepped outside. He wanted to spend an hour on the RegSec project before going to bed, to double-check and see if he subconsciously hadn't come up with something else he needed to address.
Outside, away from the background buzz of the convention, Jeff breathed in the cold, damp sea air that was drifting in from off the Pacific. He reminded himself to be certain he spent a few hours at Mission Beach before leaving, though he'd prefer to have done that with Daryl. It didn't seem they spent that much time together even though they were technically living and working out of the same Georgetown house. One or both of them was nearly always out of town.
Well, there was nothing to do about it now. He set out across the street then ducked into the alley shortcut. As he entered, he realized it was a bit dark and hesitated. But it was a wide, short distance, with splashes of dim light, so he pressed on, his mind turning to the conversations of the evening.
He agreed with some of what Chuck argued, particularly in regard to hacktivists taking a moral stand. But Ritter had a point: hacktivism was illegal and immoral in its own right and those involved should be apprehended and prosecuted. Anonymous was comprised of criminals no matter how seemingly legitimate their complaints.
But in Jeff's own experience, the real threat to companies came from another source altogether. They simply took cyber-security too lightly, despite their exposure to near-constant onslaughts. Jeff was convinced that some form of cyber-attack that brought a major companyâa high-profile name like RegSecâto ruin was what it would take to awaken them. The situation was similar to that of the nation before 9/11. A very public disaster was what it was going to take to open eyes.
The way it was now, companies played the odds, gambling that they wouldn't be attacked, odds that were no longer reliable. The director of the FBI had put it best when he'd said in his RSA speech, “There are two types of companies: those that have been hacked and those that will be hacked. All will be hacked multiple times.” In Jeff's opinion, the hacks were becoming increasingly dire.
As he neared the end of the alleyway, he noticed in his peripheral vision a dark figure stepping from the shadows into the dim light next to him, wearing a long coat and a Guy Fawkes grinning mask. Jeff started to react, but the man swung an object like a bat and struck him with a glancing blow to the side of his head, knocking him to his knees. The mocking face leaned down close and whispered into his ear. “Stay away from Anonymous. Forget about RegSec. It's evil and will be destroyed. If you help their evil, you deserve what we do to you.” The figure straightened, then struck Jeff again, this time kicking him in the stomach, knocking him to the ground.
A minute laterâperhaps ten minutes later, Jeff couldn't be certainâhe pushed himself to his feet. His head was throbbing. Gingerly, he felt the side of his head and found nothing wet so he knew he'd not been cut. He brushed off his clothes, then cautiously exited the alley and entered his hotel. At the desk he reported the mugging and asked for the police. The clerks were distressed and solicitous, insisting he take a seat while one brought him a cold towel. They offered to call a doctor but Jeff declined.
A few minutes later two uniformed officers arrived. The pair took his report, asking the expected questions. One was a woman. “A Guy Fawkes mask, you say? You mean with a grinning face?”
“That's right.”
“Does that mean anything to you?” Jeff told her about CyberCon, the panel discussion, and the RegSec project he was working on. “You think some hacker did this?” she asked incredulously.
“I'm just telling you what happened.”
They completed their report, then the other officer handed him a card with their contact information and police report number. “If you learn anything more give us a call. We've not heard of similar assaults in this area. I'd stay out of that alley if I were you.”
After they left, Jeff let himself into his room, feeling wobbly and weak. From his kit he took three pain pills and swallowed them. He leaned close to the mirror and parted his hair to examine the injury more closely. Still no blood but the knots were large and a nasty red.
He closed his eyes but experienced no swimming sensation, no nausea. In the end he decided he didn't have a concussion and would simply get a good night's sleep rather than go to the ER.
Still, he had work to do. He confirmed that his log file system was in place and his data mining tool was ready to process whatever it saw. With that assurance he crawled between the sheets and was immediately asleep.
Five hours later he was awakened by his ringing cell phone. “Look at our Web site,” the RegSec IT director said unpleasantly. “I can't believe it. We'll be taking it offline in a few minutes. This is a disaster, one we hired you to prevent.” He paused for effect, then said, “We're already working on a replacement server. I'd like you to spend your time now determining how they got in. Finding that will be greatly appreciated though a bit late.”
With a sinking heart and single-minded determination to figure out how the attack had been carried out and who was behind it, Jeff hung up, then signed in and brought up the corporate Web site. What he saw was nearly as painful as the throb in his head. The site had been defaced.
Staring back at him was a large circle of olive branches backed by an image of the globe with a face on it. The face was familiar: a Guy Fawkes mask. Below was a message.
This domain has been seized by Anonymous under section #14 of the Internet.
Greetings Reginald Hinton.
Your recent attempts at using Anonymous as a means to garner press attention for yourself amuse us. How's this for attention?
You brought this upon yourself. You've tried to bite at the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face. Now you've received the full fury of Anonymous. We award you no points.
Sophomoric, even infantile. But RegSec was a Fortune 500 company and Anonymous had done it again. And the fact that the company was so universally unpopular meant the hackers could expect sympathy for, what was at heart, a criminal act.
Jeff checked several of his favorite tech sites and found stories already posted on the defacement. He went to the bathroom and showered, gingerly feeling the side of his head again. It was tender but nothing that troubled him. His vision was clear. After brushing his teeth he took two more pain pills, then ordered a light breakfast with a large pot of coffee.
Who had attacked him in the alley? he wondered. He found it very hard to believe that a loose cyber community like Anonymous had agents on the ground willing to attack and to threaten someone like himself. Yet it seemed that was what had happened.
There was a CyberCon presentation he wanted to see that morning but the RegSec attack took precedence. For the next several hours Jeff conducted a forensic examination of the penetration. He couldn't confirm it based on the evidence, but suspected that Anonymous had compromised the site with an SQL server injection vulnerability he had warned the IT staff about. He wouldn't be surprised if somehow in the flurry of activity these last few days the ball had been dropped and it hadn't been fixed. He reviewed the software configuration running on the server at the time of the compromise and confirmed his suspicion.
He called his contact at RegSec and told him what he'd learned. Work on the replacement server was nearly finished. “We'll be back up in an hour,” he said.
Jeff decided to eat lunch in his room, then join the conference at the start of the afternoon events. This would allow him to analyze the network logs to see where the attack had originated. To do this he employed the very statistical analysis that had been the focus of his presentation the previous day. He'd primed his tool with data from the last week of RegSec's Web logs and directed it to examine the morning's traffic, looking for Web requests of unusual size, atypical send and receive patterns, and data that looked different from those typically transmitted to and from the site. He culled the list of potential IP addresses down to a handful and because the traffic logs were decrypted, he could see the SQL, or Structured Query Language, injection and its originating IP address.
An SQL injection was a common technique for attacking a Web site. It inputted SQL statements in a Web form to prompt a poorly designed Web site to perform operations on the database other than those intended by the designer. Often the goal was to dump the database into the hands of the attacker. It didn't look like Anonymous had done that, but they'd managed to get their code inserted onto the server using the hole. By the time Jeff finished lunch, he'd located the hacktivist's IP address from the noise of RegSec Web site traffic around the time it was hacked. Then he checked the address.
The Anonymous defacement had originated at the hotel where CyberCon was being held.
Global Computer News Service
The Anonymous Cyber-attack on RegSec
By Cheryl White-Brighton
NEW YORK, New YorkâEarly today the Internet hacker group known as Anonymous defaced the Web site of controversial company RegSec. This followed a brief interruption in the company's Internet presence earlier when it briefly succumbed to a Distributed Denial of Service attack. This defacement is the latest successful penetration of a major corporate Web site by Anonymous. “We will address whatever issues required and be up and running within hours,” RegSec said in a statement.
Â
Just then Jeff's cell phone rang. Daryl. It was good to hear her voice. After pleasantries, she asked what he was doing about the defacement and he told her what he'd just uncovered. Wow, from the hotel where CyberCon is taking place? It must be an attendee.”
“I agree; otherwise it's too much of a coincidence.” Jeff considered, then immediately dismissed any thought of telling her about the personal attack on him. There was nothing she could do about it and it would just cause needless worry. “Where are you?” he asked.
“At the airport. I'll be home later today, but probably not for long.” She told him about a request from one of their regular clients. “It's a rushâagain. I'm going to try and do it from home.”
She'll be gone, Jeff thought with a sinking heart. There was just so much you could accomplish remotely and that was usually only after the heavy lifting on-site had already been done.
“If there was some way to get a name or some other identifiable data from behind that IP address that would tell us who did it,” Jeff thought aloud. “I was thinking of sniffing the Wi-Fi network but doubt that will show anything since any personally identifiable information, like e-mail, is going to be encrypted.”