Chapter 2: Megasys (Part 3)
NB: Still experimenting
“How do we find whatever it is, then?” Bob asks. That was the question, indeed. And it was one the Mikhail was initially at a loss to try and figure out. After all, the machine could be more or less anywhere. It was on the network of Megasys, but that was as far as was immediately apparent. It could be anything from Mikhail’s workstation to a server on the other side of the planet in some datacenter somewhere. It could even be somewhere not owned by Megasys itself, but rather a contracted company. For that matter, the server in question might not even be an actual physical thing! The technology to run many (smaller) servers on one piece of hardware, called virtualization, had existed in its prime for nearly twenty years - it was practically ancient. Even making the network itself virtual was not a new idea. The idea of datacenters, massive warehouses filled with the hum and heat of racks upon racks of servers, had not changed as much. Despite the prognostications of all manner of experts over the previous twenty years, the idea of hyper-convergence, where an entire enterprise’s architecture ran off of one or two physical servers, never quite came to pass. As it turned out, the additional space freed by such convergence was quickly taken over by other clients. The need for data and processing power just kept on growing as it turned out. When Mikhail considered the kinds of services that Megasys offered, it was not quite surprising - any sort of application taking full advantage of modern hardware necessarily took over as many server side resources as it could. “Well, let’s start with this IP address. I would like to give you fine folks the credit you deserve in building out your network, so let us assume the addresses are assigned in some logical manner. 10.125.153.x if we’re dealing with a small section of the network. Where might that be?” Mikhail pondered aloud. He always liked to try and train the technicians or contacts at the client he worked with when possible. After all, even though multiple national initiatives had placed a premium on the sort of education he and his coworkers needed on a daily basis, it still was not enough to keep up with the demand for cybersecurity talent. The field needed as many people as it could get, and the only way that would happen was if more and more people understood the sorts of work they did. It was a matter of urgency, too, as even critical infrastructure that had been protected for decades was starting to be exploited. America was quite literally fighting a way on home soil… and some analysts loved to make headlines by claiming that she was losing. According to the map, the 10.125.x.x network was supposed to be for the headquarters Megasys was in. There was no rhyme or reason as to why it was other than a decision made long ago, if even consciously made at all. Many places did not go to that degree of planning their addressing scheme, especially when the facility was new. All it needed was to be distinct from the existing ones. Even then, the on-paper designation of the address did not necessarily mean that a given computer was, in fact, where the map said it would be. Thanks to the ability to remote in from home on a VPN, one could never know for sure that an IP address matched a given location, even on centrally managed ones like at Megasys. It had gotten to be so controversial that Congress even had to write into the law the previous decade that such addresses alone were insufficient for burden of proof requirements under the United States Code. Mikhail turns back to his screen and switches focus to the network scan he had been running. By now, enough time had passed that he had a very high level overview of the specific machines on his floor of the headquarters building. The details would be filled in later the longer he left the script running, but at least now he could start to use the data. For sake of comparison, he runs an ipconfig /all command from another terminal window. This would add another degree of confidence to Mikhail’s assessment of where the device might be. It comes back to him: 10.125.153.67.
“Well, if my hunch is right, the machine we are looking for is here on this floor.” Bob’s eyes go wide. “You know that already?!” “I’ll do you one even better. If my hunch is right…” Mikhail types at his console and launches a script that he was particularly fond of. While he would hold back on servers where important things were being done, he had no such qualms now. Not when he was this close. “What are you…” Bob starts to ask. “Shh… If we are quiet enough and my hunch is right…” Mikhail waits with baited breath. Quietly, at the very edge of his hearing, Mikhail can hear a series of eight bit tones sounding. It might go otherwise unnoticed, but to Mikhail it was one song in particular that he loved to hear whenever he could. Without thinking much about it, he starts to sing along. It was a song that caused Bob to glare at Mikhail, for he had young children who knew the song by heart and happened to love singing it over and over until Bob happened to give in and give them whatever it was they were after in that moment. “Really, Mikhail. Really? From that movie?” “Whaaat, I like Disney musicals. Besides, this is a classic!” Bob just rolls his eyes. “Okay, focus,” Mikhail said. “It is around here somewhere. But where?” Mikhail gets up from his workstation. The sing along tune would repeat as long as he left the script running or until they found the device and disconnected it from the network, whichever came first. Following the sound, the pair quickly rule out that it is not in the control room that they had been working from. It did not seem to be anywhere else on the floor either, but still the machine kept its infernal beeping melody going faithfully, taunting the two as if to say that they were failing at their goal. By the time they had went around to every workstation on the floor, Bob was covering his ears and was thus more or less useless for the task at hand. Numerous other employees who were being unfortunately subjected to it had since given up any pretense of trying to work through it or trying to ask whoever it was to turn it off. Much to Bob’s dismay, some of the women on the floor were even singing along. To them, it was a lovely bit of laity on a Monday morning that had thus far been as obnoxious as any other. Finally, the two reach the one place left that it could possibly be coming from, unless someone had hidden a microcomputer in the elevator shaft - a tactic that Mikhail had to admit to using on more than one occasion. They step into the break room with the coffee pot, and the tune is louder than it had been before. Mikhail runs a hand over the coffee maker, convinced that it was the culprit. After what must have felt like an eternity to just about anyone else on the twentieth floor of Megasys HQ, he finds a speaker and covers it firmly with his hand. As he had expected, the sound then dies out. Mikhail pulls out the network cable on the coffee maker, and the noise stops immediately. A round of applause echoes around the floor, followed by a middle manager’s admonishment that everyone should get back to work. “Found it!” Mikhail looks at Bob, triumphantly. “The… the coffee maker?! How?!” Bob is incredulous. It was as if everything he had known as a technician had turned on its head. The headache did not help much, to be fair. “Yep, seems so. I targeted the IP address that we discovered, and this is what responded.” Mikhail says smugly. Once again, the tried and true script had succeeded where manual searching did not. “Why does that thing even have net access?!” Bob had a point. There was no reason a coffee maker should be on the net, but it certainly appeared to be. “Well, why don’t we find out?” Mikhail goes back to his desk and shortly returns carrying his laptop and a pair of cables. “Scott said I was not to connect my laptop to the network, but he didn’t happen to say anything about connecting it to the coffee pot, now did he?” Mikhail grins. Getting around rules and exploiting loopholes was an integral part of his job, and he did it well. He connects the cable to a port on the back of the coffee maker and hooks it to his laptop. Once you had physical access to a device, there was little anyone could do to stop you from getting the access you wanted. There were ways of securing a regular computer or a server, but for a device as light and single-purpose as an AutoJoe brand coffee maker? It was game over the second Mikhail found it. On connecting to it, Mikhail finds himself asked for a username and password. Another truth about devices such as this was that, almost universally, they were left with the default credentials set. No amount of legislating could fix that, even though Congress had tried valiantly. Mikhail types in ‘autojoe’ for the username and the password… and finds himself logged in. “Good Game there, AutoJoe. Good Game.” Mikhail smirks at Bob, who has by this point just given up trying to question what Mikhail was doing and instead just sat back and watched the hacker do what he would do. He had come to the conclusion that, regardless of what had been going on, and how boring his Monday was, there was a reason this consultant was here and with the access that he had. “Hmm, what have we here?” Mikhail mused, poring over a listing of files contained on the machine. He copies a compressed archive over to his laptop from the coffee maker and brings it into a virtualized environment he had made for this exact purpose. Opening the archive, Mikhail goes silent. “No… no no no no, this is not…” is all the hacker can stammer out. He leaps up, yanking his laptop off of the connection, and sprints back to his workstation. Trembling, Mikhail connects back to the primary database server and exports a sample report. Bewildered, Bob walks up just as Mikhail is comparing the data on his workstation with that on his laptop. “What’s going on, Mikhail?” he exhales. Even running from the break room had taken its toll on Bob’s stamina.
“You need to get Scott Mitchell in here along with any other executives you can round up. I found something, and it’s bad.” Mikhail says emotionless, his eyes glued to the screens in front of him. Now that there was definitive, actionable proof that something had happened at Megasys, he was in his zone. Fixing it would not be a trivial task, but nonetheless it was what he was looking for. Mikhail has his laptop compute a numeric string to represent the contents of what he had found. Had it indeed been taken out of Megasys’ internal network, this unique hash would be instrumental in finding out if it popped up anywhere else. Meanwhile, he stops the network scan that had been running all this time and starts a new one, much more intensive than before, targeted only at the coffee maker. He wanted to know what methods of accessing the device over the network were open, and he wanted to know it now. Bob, for his part, was at least earnest. He was mentally willing to run with Mikhail even if his body was screaming that it was at its limit. He heads for the elevator and mashes the up button. The executives spent their day on 25, doing whatever it was that executives did. Internally, he was already bracing himself for what was to come. At least he could pin it on that consultant that had come in, so maybe he could keep himself out of the line of anger. Minutes later, the elevator opens, revealing Bob surrounded by no less than four men in thousand dollar suits. They immediately stride over to Mikhail’s workstation, unhappy to have been called out of an early lunch. “This had better be good.” One of the men says, with an annoyed look on his face. “Mikhail is the guy we brought in based off of the alert this morning. We wanted the best, so I want to hear him out.” Scott turns to the other executives, explaining and getting them caught up with what he can. “Have you discovered something, Mikhail?” He shows the executives what he had found and compared it with what he had pulled from the server. Walking them through his methodology, Mikhail takes the assembled group step by step through what he thinks the attack might have been. “I am still looking into whether it was, in fact, taken off the network, but I have to say customer data does not tend to just end up on coffee machines.” “No, no, you did very good work Mikhail. I knew that we were getting the best we could find when I spoke with your company this morning. Keep it up. It seems we have our own work to do.” Scott gives Mikhail a pat on the shoulder before leading the other executives back to the elevator.