An SQL injection was a common technique for attacking a Web site. It inputted SQL statements in a Web form to prompt a poorly designed Web site to perform operations on the database other than those intended by the designer. Often the goal was to dump the database into the hands of the attacker. It didn’t look like Anonymous had done that, but they’d managed to get their code inserted onto the server using the hole. By the time Jeff finished lunch, he’d located the hacktivist’s IP address from the noise of RegSec Web site traffic around the time it was hacked. Then he checked the address.
The Anonymous defacement had originated at the hotel where CyberCon was being held.
Global Computer News Service
The Anonymous Cyber-attack on RegSec
By Cheryl White-Brighton
NEW YORK, New York — Early today the Internet hacker group known as Anonymous defaced the Web site of controversial company RegSec. This followed a brief interruption in the company’s Internet presence earlier when it briefly succumbed to a Distributed Denial of Service attack. This defacement is the latest successful penetration of a major corporate Web site by Anonymous. “We will address whatever issues required and be up and running within hours,” RegSec said in a statement.
Just then Jeff’s cell phone rang. Daryl. It was good to hear her voice. After pleasantries, she asked what he was doing about the defacement and he told her what he’d just uncovered. Wow, from the hotel where CyberCon is taking place? It must be an attendee.”
“I agree; otherwise it’s too much of a coincidence.” Jeff considered, then immediately dismissed any thought of telling her about the personal attack on him. There was nothing she could do about it and it would just cause needless worry. “Where are you?” he asked.
“At the airport. I’ll be home later today, but probably not for long.” She told him about a request from one of their regular clients. “It’s a rush — again. I’m going to try and do it from home.”
She’ll be gone, Jeff thought with a sinking heart. There was just so much you could accomplish remotely and that was usually only after the heavy lifting on-site had already been done.
“If there was some way to get a name or some other identifiable data from behind that IP address that would tell us who did it,” Jeff thought aloud. “I was thinking of sniffing the Wi-Fi network but doubt that will show anything since any personally identifiable information, like e-mail, is going to be encrypted.”
“I’ve got an idea you might want to try,” Daryl said brightly.
“Tell me,” he said, and proceeded to listen to what she had to say.
After the call ended Jeff glanced at his watch, satisfying himself that there was enough time for the plan. He dressed, then returned to the convention center. Though it was daylight, he avoided the broad alley where he’d been attacked and instead took the longer route around the busy street corner. To his right he spotted the shipyard cranes and the more distant Imperial Beach, where he’d once spent a pleasant Sunday afternoon with his grandparents.
Daryl’s plan, he’d decided, just might do the trick since the hacker’s IP originated at the hotel. There were problems with it, however, and he’d need cooperation to pull it off. The energy level at CyberCon had leaped and the place was abuzz over the RegSec defacement. Some of the younger, grungy attendees wore bright, shiny faces and spoke with animation. Others appeared bemused by the turn of events while the traditionally attired looked sober. He approached Clive, who was sitting in the room talking with someone.
Jeff pulled him away from his conversation with an apology.
“Did you see what Anonymous did to RegSec?” Clive asked. He looked upset.
“I did. I need to speak in private with you. How well do you know the FBI agent?”
“Norm? Very well, I’d say. I’m surprised you’ve not run across him before. He’s one of the good guys.”
“Invite him to join us. And keep this quiet. It’s important.”
Ten minutes later, the trio was seated in Clive’s suite on the third floor. Clive passed out bottles of water from the minibar as Jeff began. “I was contacted by RegSec just after the DDoS attack on their Web site. They hired me to upgrade their security as they were receiving constant cyber-attacks from Anonymous. That’s what I’ve been working on and why I’ve been so absent.”
Norm nodded politely as he listened intently. It was as if he could sense that something important was about to take place. His right hand was raised to his cheek and he moved the fingers through the short hair of his beard.
“I was able to do some patching on their operating system,” Jeff continued, “and encrypted the company’s customer online account passwords database. I then set it up so I could trace any future hacking attack. Unfortunately, the company’s IT people failed to move fast enough on issues I called to their attention and the site was defaced, as you know.”
“I’m constantly amazed,” Clive said, “at how many high-profile companies fail to adequately secure their Web site and information. This is especially surprising since the CEO was so aggressive in his public statements, all but daring Anonymous to go after RegSec.”
“I agree. I’m shocked almost every day at what I learn and that’s not the half of it,” Norm said. “You should see the security shortcomings in many of the government and vendor computers.” He looked at Jeff. “Were you able to trace the IP?”
“I was, and that’s why I’ve asked to see you two.” He paused then said, “The hack originated from this hotel.” Clive and Norm both straightened in their seats. “Given that CyberCon is meeting here, I think a logical conclusion is that an attendee has done it.”
“This is bad,” Clive said. “Very bad.” If — or rather, when — word of this leaked, it would very likely negatively affect him and his company, as it would CTI.
Jeff now told them about the assault on him the previous night. Clive looked at him with concern. “Have you seen a doctor?”
“It’s not necessary. I was just stunned.”
“You know,” Norm said, “it may be that the same person who hacked the RegSec site also attacked you.”
Jeff nodded in agreement. “I think that’s likely. But what’s important now is what we do. I’ve asked to talk to you because I have a plan. If it succeeds, and I think we have a good chance of that, we can turn this into a positive.”
“You mean, catch the Anonymous hacker?” Norm said.
Jeff smiled. “That’s exactly what I mean. Catch him red-handed.” His attacker had been a man so if the hacker was the same person, then they were searching for a “he” not a “she,” unless there was an accomplice.
Jeff watched as a slow smile spread across the agent’s face. “I think I’m going to enjoy learning exactly how you intend to do that.”
By the time Jeff had finished explaining what he wanted, Norm was beaming.
A few minutes later the men went back downstairs to CyberCon, with Jeff retiring to the prep room. The hotel network CyberCon used employed Dynamic Host Configuration Protocol, or DHCP, in its computers. When attendees connected to the network they received IP addresses. That was key to what Daryl had suggested. Next, he just needed to acquire an open source trivia game Web site plug-in.
The plan was simple. Clive would offer the trivia game to attendees. Daryl thought, and Jeff agreed, that almost everyone would participate, especially as Clive was going to give prizes. Next, Jeff wrote a tool that monitored game log-ins and produced their IP addresses on the hotel Web server. If the Anonymous hacker participated in the game, the same IP address would appear and Jeff would have him.