Chapter 3: Damage Control (Part 2)
And Now For Something Completely Different
Chapter 3: Damage Control (Part 1)
NB: Think I’ll keep the format like this. Probably easiest and cleanest.
“Good afternoon everybody, this is Evan Hastings with the Weekly Webwar Wrap! Unfortunately, before we launch into the latest behind the scenes chatter and strategies of the game you love, we have an important announcement to make. Megasys as you all know is the company that makes this game we all love. Unfortunately, last night some systems belonging to Megasys were hacked. We have to tell you this in accordance with the Consumer Data Protection Act of 2024, but we can say that there is no reason for alarm. This issue was simply an internal one and we have brought in outside consultants to get to the bottom of it. Around midnight last night someone gained unauthorized access to one of our databases. No payment or personally identifying information was released, and we are confident that our remaining systems were unaffected. We are sending password reset emails to each individual believed to have been affected. If we find further information, we will of course update everyone via this channel and official Megasys and Webwar social media and email. We appreciate your understanding in this; it is more annoying to us than the impact will affect you, and the sooner we are back to normal the better for all of us involved. Again, this is just a required notification under the Consumer Data Protection Act of 2024. We expect the impact to be minimal and those affected will be contacted or have already been contacted as we speak. The company has contracted with Coyote Security of Houston. Texas to resolve this incident and recommend improvements to any areas in which we fall short.
Chapter 2: Megasys (Part 3)
NB: Still experimenting
“How do we find whatever it is, then?” Bob asks. That was the question, indeed. And it was one the Mikhail was initially at a loss to try and figure out. After all, the machine could be more or less anywhere. It was on the network of Megasys, but that was as far as was immediately apparent. It could be anything from Mikhail’s workstation to a server on the other side of the planet in some datacenter somewhere. It could even be somewhere not owned by Megasys itself, but rather a contracted company. For that matter, the server in question might not even be an actual physical thing! The technology to run many (smaller) servers on one piece of hardware, called virtualization, had existed in its prime for nearly twenty years - it was practically ancient. Even making the network itself virtual was not a new idea. The idea of datacenters, massive warehouses filled with the hum and heat of racks upon racks of servers, had not changed as much. Despite the prognostications of all manner of experts over the previous twenty years, the idea of hyper-convergence, where an entire enterprise’s architecture ran off of one or two physical servers, never quite came to pass. As it turned out, the additional space freed by such convergence was quickly taken over by other clients. The need for data and processing power just kept on growing as it turned out. When Mikhail considered the kinds of services that Megasys offered, it was not quite surprising - any sort of application taking full advantage of modern hardware necessarily took over as many server side resources as it could. “Well, let’s start with this IP address. I would like to give you fine folks the credit you deserve in building out your network, so let us assume the addresses are assigned in some logical manner. 10.125.153.x if we’re dealing with a small section of the network. Where might that be?” Mikhail pondered aloud. He always liked to try and train the technicians or contacts at the client he worked with when possible. After all, even though multiple national initiatives had placed a premium on the sort of education he and his coworkers needed on a daily basis, it still was not enough to keep up with the demand for cybersecurity talent. The field needed as many people as it could get, and the only way that would happen was if more and more people understood the sorts of work they did. It was a matter of urgency, too, as even critical infrastructure that had been protected for decades was starting to be exploited. America was quite literally fighting a way on home soil… and some analysts loved to make headlines by claiming that she was losing. According to the map, the 10.125.x.x network was supposed to be for the headquarters Megasys was in. There was no rhyme or reason as to why it was other than a decision made long ago, if even consciously made at all. Many places did not go to that degree of planning their addressing scheme, especially when the facility was new. All it needed was to be distinct from the existing ones. Even then, the on-paper designation of the address did not necessarily mean that a given computer was, in fact, where the map said it would be. Thanks to the ability to remote in from home on a VPN, one could never know for sure that an IP address matched a given location, even on centrally managed ones like at Megasys. It had gotten to be so controversial that Congress even had to write into the law the previous decade that such addresses alone were insufficient for burden of proof requirements under the United States Code. Mikhail turns back to his screen and switches focus to the network scan he had been running. By now, enough time had passed that he had a very high level overview of the specific machines on his floor of the headquarters building. The details would be filled in later the longer he left the script running, but at least now he could start to use the data. For sake of comparison, he runs an ipconfig /all command from another terminal window. This would add another degree of confidence to Mikhail’s assessment of where the device might be. It comes back to him: 10.125.153.67.
A Game Called Murder - Chapter 2: Megasys (Part 2)
NB: Experimenting with different ways of structuring the titles for these
“Nothing here… what do you mean there’s nothing here?” Bob replied, striding toward Mikhail’s workstation. “Just what it sounds like. I opened the logfile from midnight last night and… nothing! Not even your typical network chatter.” “Let me see.” A worried look crosses Bob’s face as he almost jogs over to the computer. “Huh… you’re right. Not even ARP queries on the capture log. As far as I now there wasn’t any downtime last night until Scott called in. This is… not good.” Mikhail closes the file, taking a few screenshots of it just in case. He then opens the next entry in the folder. Again, nothing. Surprise turns to concern on his face, the unasked question hanging in the air between the two. Leaning in, Bob stops Mikhail from opening the next one in the series. “Hey, Mikhail. See anything with those last modified times?” Mikhail follows the technician’s finger. It seemed to be from a few minutes before. More interestingly, the time given was not uniform between the files. Someone or something had started modifying the entries in sequence, much the way that Mikhail would have looked at them. He scribbles a note on his pad of paper, documenting what he was seeing before his eyes. On a hunch he decides to reload the directory he was browsing and open several other Explorer windows, enabling him to look at each set of the log files from the affected time directly and simultaneously. Sure enough, as he had suspected the files’ last modified times were updating before his eyes except for one far down the listing - it still showed a time that matched when it was supposed to have been written. His hand trembling on the mouse, Mikhail double clicks on the file. ‘File is currently being edited by user Megasys\Scott.Mitchell. Would you like to open it in Read-Only mode?’ Mikhail and Bob share a look. “There has to be some explanation, right?” Bob asks after a few moments of silence. “Yep. There are a few different ways this could happen. Could be someone has stolen his password and we have an insider threat. Could be an account set up by our hacker made to look like Scott’s. Or…” Mikhail’s voice trails off, letting the third possibility go unsaid. “How can we tell?” “From here, we can’t. Need to be the domain admin or have the password to find out if that’s actually his. Alternatively, we could go ask Scott himself, right now.”
[A Game Called Murder] Chapter 2: Megasys (Part 1)
Maybe it was his jaded mentality at having been thrust onto yet another business trip. Maybe it was his anticipation and excitement for his ultimate destination and the company he was to be assisting. Maybe, instead, it was the fact that Mikhail was operating on six hours of sleep if he was being generous with himself - and three of them were on that cramped old plane. Whatever it was, Mikhail knew that he had arrived at his destination not by the passage of time or the sights and skyline of Seattle whipping past his window as the Tesla roared up the 405 to the Bellevue headquarters of Megasys, but by the fact that his cup of coffee was running dangerously low. Getting another one would be a priority when he arrived.
Almost as if on cue, Mikhail feels the Tesla glide to a halt outside a security gate. After a moment’s pause, the light turns green and allows his car entry. Taking up an area of several city blocks, there was no way that he could appreciate all the sights; nor could he tell what took place in any of them. All Mikhail knew was that he was here! He was absolutely brimming with excitement and had to take a moment to compose himself before he made some sort of less than professional first impression. The car glides to a stop in front of an immaculately polished set of glass window panes that towered over everything surrounding him; the lobby beyond, he had to guess, was a three story courtyard, allowing all who entered to feel small when compared to the great heights that Megasys was reaching. One of the smaller panes slides open for Mikhail and he steps in. The lobby is surprisingly barren, with its most notable features being the coffeeshop along one side and the security desk that stood between him and the bank of elevators. A tall and fit man with brown hair steps out from beyond the security checkpoint and strides quickly toward Mikhail.
“Hello, would you happen to be the consultant we are expecting from Houston?” He says with a smile and an outstretched hand. Mikhail gives it a shake as he responds. “From Coyote Security? I’m Mikhail O’Neil, pleasure to meet you.” The man recoils slightly when he hears the name of Mikhail’s firm escape his lips. He leans in. “I would appreciate it if we kept your company’s name quiet. Please.” He adds hastily, whispering. “I am Scott Mitchell, Chief Information Security Officer and, as of this morning apparently, interim Chief Technology Officer, of Megasys. Please come with me.”
A Game Called Murder Chapter 1: The Call
Incoming call from Matt Jones
The phone’s shrill ring on my end table jolts me awake. My eyelids creak open. “I should not have stayed up last night watching the Webwar North American Championships, but it was only the biggest event of the summer so far! Come on, even though I’m twenty-seven this year, I can still enjoy things, right? Besides, T-TE was incredible in the quarters, had to see how they would stack up against the Best of the Northwest!” he mutters to nobody in particular.