Singpolyma

Archive for October, 2011

Archive for October, 2011

Dystoparx — Part 14

Posted on

Jack is still at the datacentre. He’s just brought all the machines running mailservers back up. The attackers kept trying at the other machines in the meantime, but it doesn’t seem like the attack was refocused. Maybe it’s largely automated?

No attacks on the— oh. The systems are starting to get attacked again, one by one. Annoying. His phone vibrates. It’s an email from his boss. Wants to know why there are still issues. Jack replies with a summary of what’s going on. Only a few of the machines he checked during the “security window” were compromised. He patched those and everything should be safe now. At this point the odds of the attackers compromising more is slim. If they were going to get in they’d have done so already. Either they’re just hoping someone on one of the boxes will majorly goof up, or else…

Or else the attack is a distraction. What else in the datacentre could they be after? Well, they’ve shown an attraction to communications services, mostly email. What can you do with a compromised mailserver?

You can send mail as the people whose accounts are on that server. No, that’s useless. Anyone can send email as anyone else quite easily, no need to hack a datacentre. What else?

You can read people’s email. Of course! Where else would it be really easy to read people’s email? The routers! The routers for the datacentre handle every single piece of data passing to any server, so reading emails from there would be easy.

Jack starts scanning the routers for unusual behaviour. While his scan is running, his phone rings. Who would be calling— oh, maybe it’s her? He is hopeful, but a quick glance at his display shows that it is not her. It’s her best friend.

“Hello?” Jack doesn’t know why she’s calling, but he hopes it is on her behalf.

“Ok,” she says, “it has now reached that point. You two have to talk.”

“I tried to call her last night,” Jack defends a little.

“Right. I know. I mean, like, not like that. Talk talk.”

Oh. “I don’t think she wants to see me.”

“See, that’s your problem. You’re dense. Of course she wants to see you.”

“What? But she specifically said—”

“Stop! Stop listening to what she says and start listening to what she needs!”

Jack has heard this kind of rhetoric before. It doesn’t make a lot of sense. Why should he interpret her when it’s much easier for her to just… oh. Because that’s part of the problem. She doesn’t always know what she needs. Just like he doesn’t know just quite why he wants her so badly.

“Has she said she wants to talk to me?”

“Sure, or, sort of. After last night, she knows she wants to fix this.”

“Tell me what to do.”

“Oh no. My meddling part is over. Your turn.”

With that, she hangs up.

His eyes turn to his laptop. Scan still running. Half of the routers have been checked and seem normal. He opens up a chat with Nicnus and Acklas.

09:30 <jjdavis> I called her last night. Her friend called me back this morning.

09:35 <acklas> So, she’s still not speaking to you? Or did you talk to her last night?

09:36 <jjdavis> nono, talked to voicemail. Sounded like a moron. friend thinks I need to meet with her

09:36 <acklas> Looks like nicnus is still asleep. lucky jerk

09:37 <acklas> With the friend? No, with your ex. To get her back.

09:37 <jjdavis> Yes.

09:40 <acklas> How?

09:40 <jjdavis> I don’t know.

The scan is done and Jack is going over the results. There. A single router claims to have been upgraded more recently than all the rest.

On investigation it turns out that someone, probably one of the ops, forgot to upgrade this specific router last time upgrades were done. He’ll have to track down whoever was in charge of that and scold them. The attackers have replaced the software on the router with some that functions normally, but also sends them a copy of everything that comes through.

“Gotcha.”

09:45 <jjdavis> Those shifty crackers were hiding a successful router exploit behind the noise of their constant attempts to get in everywhere else.

09:45 <acklas> That’s actually sort of smart.

09:45 <nicnus> acklas: yes, I am a lucky jerk 🙂

09:45 <nicnus> jjdavis: have enough to trace them with?

09:45 <nicnus> jjdavis: That sounds good for you. I would just show up wherever she’s staying.

09:47 <jjdavis> nicnus: I think so. I’ running some trace stuff now an d also posting their monitoring code some places. Others may also be compromised.

09:47 <jjdavis> nicnus: I could do that. She’s just over at her place, I’m pretty sure. I don’t think she’d slam the door in my face.

09:50 <acklas> jjdavis: her place? I thought you two shared an apartment?

09:51 <nicnus> jjdavis: Good idea. And yeah, that should work.

09:52 <jjdavis> acklas: no, we’ve never lived together. I work from home, and she’s over a lot. Some of her stuff used to be at my place.

09:55 <acklas> Interesting

10:00 <jjdavis> Uh, guys… this trace does not look good…

Acklas spins in his chair. He’s been at work for almost an hour and hasn’t really done anything yet. He’s not currently assigned to a project. The last team he was on has completed their project and dispersed. He’s not even sure who he’s reporting to just now, since his old team is no longer together.

09:55 <acklas> Interesting

He looks up from the chat to see a new email in his work inbox. The email is not from anyone he knows, but claims to be VP of something. The message has very few details. Setting up a meeting about… something. A new project? Probably.

Woah! This meeting is in five minutes! Why is he just getting this now? He grumbles something under his breath and walks off to find the room.

He eventually finds the meeting. It’s in a part of the building he hasn’t been to before. How big is this place? What time is it? He’s 3 minutes late. Ah, well, he’ll just slip in the back and see what’s up.

Acklas enters the room and it becomes immediately apparent that there will be no slipping in. The room has just two business people and his old manager, and they appear to be waiting for him.

“Nice of you to join us.” One of the suits smiles.

Acklas just nods, “Yeah, well, someone only decided to email me about this about ten minutes ago.”

The suits seem to be ignoring him now. One is looking through some papers.

Finally, “Sit down.”

Oh, right. Sitting. He sits. His old manager isn’t looking at him. Not in an evasive kind of way. More like a distracted kind of way. Acklas thinks about making conversation, but these meetings have a way of running themselves eventually. He doesn’t have anything better to be doing.

The suit with the papers looks up, “We’ve had a new contract come in to the company. Records indicate that you are currently unassigned, yes?”

This isn’t strictly true. He is assigned to the whole company right now, which means he could be called upon by any team to help out with small tasks or hunt down bugs. Really, though, “Yes.”

The suit smiles, “Good.” A pause, “The project involves some fairly sensitive government work. We can’t reveal the exact nature of this work to you, but you will be given adequate information to complete the project.”

“And who will I be working with?”

“This will be your manager,” the suit indicates his old manager.

“And?”

“And what? We’re assigning you, under him, to this project.”

“What, by myself?”

“Why? Do you require a team to operate?”

Acklas thinks about this. He certainly could work by himself. “No.”

“Good. The product ships in two weeks. We will, of course, be expecting regular status updates.” The man folds his papers into a binder.

Acklas is a bit confused now. “Two weeks? I don’t even know what it is yet.”

The other suit is smiling now, “Nor will you ever. The specification for what you are to build will be emailed to you. We will ship it in two weeks.”

This is not a completely new experience for Acklas. He’s been put on ridiculous deadlines before. Sometimes they meet them, sometimes they don’t, sometimes they just write terrible code so that they can come close. Just as he is considering this, though, the weight of dislike for his job comes crashing in. They figure him for a pushover! He’ll just take what they say and go do it. Not anymore. He’s had it with this. “Excuse me?”

The suits appeared ready to leave. Finally one asks, “Was there something unclear?”

Acklas stands up. “No, nothing unclear. Just let me get this straight. You need me for this new project. In fact, you seem to have no other resources to allocate to the project. You need it done very soon. Probably more soon than it can be done, but I can’t estimate that because you won’t tell me what it is. You waste my time by leaving me hanging and then setting up a meeting when all you had to do was have the spec in my inbox this morning. You want me to spend even more of my time updating you on the status of a project that needs to be done almost before I could make much of a status update anyway. And you expect that I’ll just do this? That I won’t have a problem with it? That it will get done and function properly?”

His old manager blinks at him. “Where is this coming from? I thought you liked it here.”

That’s the last straw. Acklas isn’t shouting yet, but he’s getting there. “Like it here! How could you think I like it here? Every feedback period I write about how much things could be improved. About how developers are being wasted and projects mishandled!”

His manager seems shocked, “But… you get paid so much!”

This is going nowhere. Why does he put up with this?

“I hope you can find someone else to do your project.”

He walks out.

Our protagonist is doing his best to keep Jack calm. Acklas seems to be gone. Probably got called to a meeting.

10:15 <nicnus> Just set up a fake datastream to send them. You said you can block their attacks now with something you found in their malware code?

10:17 <jjdavis> yesyes, but that’s not going to help me long-term! That solves the datacentre security issue, but I’ve already posted this malware online! I’ve documented the attack!

10:18 <nicnus> Well. Maybe it’s not the US government. Maybe it’s just someone using them to mask his trail.

10:20 <jjdavis> Sure. Yes. That doesn’t help me. If the government finds out I found a security hole in their stuff, they’ll come after me just as hard as if it’s something they did on purpose that I’m stopping.

Our protagonist is a bit worried now. Jack has a point. Governments in general have a history of arresting good guys for reporting bugs.

10:22 <nicnus> Maybe you should come back.

10:23 <jjdavis> I can’t. I’m just about to get things back together down here.

10:23 <nicnus> What, with your girlfriend? THIS IS YOUR LIFE WE’RE TALKING ABOUT.

10:25 <jjdavis> Well… maybe it’ll be ok. I have exit plans, still. Just in case.

Nicnus is shaking his head. Jack’s going to stay. For a girl.