A Game Called Murder
Chapter 5: Jill (Part 2)
Chapter 5: Jill (Part 1)
Chapter 4: Liaison (Part 3)
Chapter 4: Liaison (Part 2)
Chapter 4: Liaison (Part 1)
Chapter 3: Damage Control (Part 3)
Chapter 3: Damage Control (Part 2)
Chapter 3: Damage Control (Part 1)
NB: Think I’ll keep the format like this. Probably easiest and cleanest.
“Good afternoon everybody, this is Evan Hastings with the Weekly Webwar Wrap! Unfortunately, before we launch into the latest behind the scenes chatter and strategies of the game you love, we have an important announcement to make. Megasys as you all know is the company that makes this game we all love. Unfortunately, last night some systems belonging to Megasys were hacked. We have to tell you this in accordance with the Consumer Data Protection Act of 2024, but we can say that there is no reason for alarm. This issue was simply an internal one and we have brought in outside consultants to get to the bottom of it. Around midnight last night someone gained unauthorized access to one of our databases. No payment or personally identifying information was released, and we are confident that our remaining systems were unaffected. We are sending password reset emails to each individual believed to have been affected. If we find further information, we will of course update everyone via this channel and official Megasys and Webwar social media and email. We appreciate your understanding in this; it is more annoying to us than the impact will affect you, and the sooner we are back to normal the better for all of us involved. Again, this is just a required notification under the Consumer Data Protection Act of 2024. We expect the impact to be minimal and those affected will be contacted or have already been contacted as we speak. The company has contracted with Coyote Security of Houston. Texas to resolve this incident and recommend improvements to any areas in which we fall short.
Chapter 2: Megasys (Part 3)
NB: Still experimenting
“How do we find whatever it is, then?” Bob asks. That was the question, indeed. And it was one the Mikhail was initially at a loss to try and figure out. After all, the machine could be more or less anywhere. It was on the network of Megasys, but that was as far as was immediately apparent. It could be anything from Mikhail’s workstation to a server on the other side of the planet in some datacenter somewhere. It could even be somewhere not owned by Megasys itself, but rather a contracted company. For that matter, the server in question might not even be an actual physical thing! The technology to run many (smaller) servers on one piece of hardware, called virtualization, had existed in its prime for nearly twenty years - it was practically ancient. Even making the network itself virtual was not a new idea. The idea of datacenters, massive warehouses filled with the hum and heat of racks upon racks of servers, had not changed as much. Despite the prognostications of all manner of experts over the previous twenty years, the idea of hyper-convergence, where an entire enterprise’s architecture ran off of one or two physical servers, never quite came to pass. As it turned out, the additional space freed by such convergence was quickly taken over by other clients. The need for data and processing power just kept on growing as it turned out. When Mikhail considered the kinds of services that Megasys offered, it was not quite surprising - any sort of application taking full advantage of modern hardware necessarily took over as many server side resources as it could. “Well, let’s start with this IP address. I would like to give you fine folks the credit you deserve in building out your network, so let us assume the addresses are assigned in some logical manner. 10.125.153.x if we’re dealing with a small section of the network. Where might that be?” Mikhail pondered aloud. He always liked to try and train the technicians or contacts at the client he worked with when possible. After all, even though multiple national initiatives had placed a premium on the sort of education he and his coworkers needed on a daily basis, it still was not enough to keep up with the demand for cybersecurity talent. The field needed as many people as it could get, and the only way that would happen was if more and more people understood the sorts of work they did. It was a matter of urgency, too, as even critical infrastructure that had been protected for decades was starting to be exploited. America was quite literally fighting a way on home soil… and some analysts loved to make headlines by claiming that she was losing. According to the map, the 10.125.x.x network was supposed to be for the headquarters Megasys was in. There was no rhyme or reason as to why it was other than a decision made long ago, if even consciously made at all. Many places did not go to that degree of planning their addressing scheme, especially when the facility was new. All it needed was to be distinct from the existing ones. Even then, the on-paper designation of the address did not necessarily mean that a given computer was, in fact, where the map said it would be. Thanks to the ability to remote in from home on a VPN, one could never know for sure that an IP address matched a given location, even on centrally managed ones like at Megasys. It had gotten to be so controversial that Congress even had to write into the law the previous decade that such addresses alone were insufficient for burden of proof requirements under the United States Code. Mikhail turns back to his screen and switches focus to the network scan he had been running. By now, enough time had passed that he had a very high level overview of the specific machines on his floor of the headquarters building. The details would be filled in later the longer he left the script running, but at least now he could start to use the data. For sake of comparison, he runs an ipconfig /all command from another terminal window. This would add another degree of confidence to Mikhail’s assessment of where the device might be. It comes back to him: 10.125.153.67.