Well, there was nothing to do about it now. He set out across the street then ducked into the alley shortcut. As he entered, he realized it was a bit dark and hesitated. But it was a wide, short distance, with splashes of dim light, so he pressed on, his mind turning to the conversations of the evening.
He agreed with some of what Chuck argued, particularly in regard to hacktivists taking a moral stand. But Ritter had a point: hacktivism was illegal and immoral in its own right and those involved should be apprehended and prosecuted. Anonymous was comprised of criminals no matter how seemingly legitimate their complaints.
But in Jeff’s own experience, the real threat to companies came from another source altogether. They simply took cyber-security too lightly, despite their exposure to near-constant onslaughts. Jeff was convinced that some form of cyber-attack that brought a major company — a high-profile name like RegSec — to ruin was what it would take to awaken them. The situation was similar to that of the nation before 9/11. A very public disaster was what it was going to take to open eyes.
The way it was now, companies played the odds, gambling that they wouldn’t be attacked, odds that were no longer reliable. The director of the FBI had put it best when he’d said in his RSA speech, “There are two types of companies: those that have been hacked and those that will be hacked. All will be hacked multiple times.” In Jeff’s opinion, the hacks were becoming increasingly dire.
As he neared the end of the alleyway, he noticed in his peripheral vision a dark figure stepping from the shadows into the dim light next to him, wearing a long coat and a Guy Fawkes grinning mask. Jeff started to react, but the man swung an object like a bat and struck him with a glancing blow to the side of his head, knocking him to his knees. The mocking face leaned down close and whispered into his ear. “Stay away from Anonymous. Forget about RegSec. It’s evil and will be destroyed. If you help their evil, you deserve what we do to you.” The figure straightened, then struck Jeff again, this time kicking him in the stomach, knocking him to the ground.
A minute later — perhaps ten minutes later, Jeff couldn’t be certain — he pushed himself to his feet. His head was throbbing. Gingerly, he felt the side of his head and found nothing wet so he knew he’d not been cut. He brushed off his clothes, then cautiously exited the alley and entered his hotel. At the desk he reported the mugging and asked for the police. The clerks were distressed and solicitous, insisting he take a seat while one brought him a cold towel. They offered to call a doctor but Jeff declined.
A few minutes later two uniformed officers arrived. The pair took his report, asking the expected questions. One was a woman. “A Guy Fawkes mask, you say? You mean with a grinning face?”
“That’s right.”
“Does that mean anything to you?” Jeff told her about CyberCon, the panel discussion, and the RegSec project he was working on. “You think some hacker did this?” she asked incredulously.
“I’m just telling you what happened.”
They completed their report, then the other officer handed him a card with their contact information and police report number. “If you learn anything more give us a call. We’ve not heard of similar assaults in this area. I’d stay out of that alley if I were you.”
After they left, Jeff let himself into his room, feeling wobbly and weak. From his kit he took three pain pills and swallowed them. He leaned close to the mirror and parted his hair to examine the injury more closely. Still no blood but the knots were large and a nasty red.
He closed his eyes but experienced no swimming sensation, no nausea. In the end he decided he didn’t have a concussion and would simply get a good night’s sleep rather than go to the ER.
Still, he had work to do. He confirmed that his log file system was in place and his data mining tool was ready to process whatever it saw. With that assurance he crawled between the sheets and was immediately asleep.
Five hours later he was awakened by his ringing cell phone. “Look at our Web site,” the RegSec IT director said unpleasantly. “I can’t believe it. We’ll be taking it offline in a few minutes. This is a disaster, one we hired you to prevent.” He paused for effect, then said, “We’re already working on a replacement server. I’d like you to spend your time now determining how they got in. Finding that will be greatly appreciated though a bit late.”
With a sinking heart and single-minded determination to figure out how the attack had been carried out and who was behind it, Jeff hung up, then signed in and brought up the corporate Web site. What he saw was nearly as painful as the throb in his head. The site had been defaced.
Staring back at him was a large circle of olive branches backed by an image of the globe with a face on it. The face was familiar: a Guy Fawkes mask. Below was a message.
This domain has been seized by Anonymous under section #14 of the Internet.
Greetings Reginald Hinton.
Your recent attempts at using Anonymous as a means to garner press attention for yourself amuse us. How’s this for attention?
You brought this upon yourself. You’ve tried to bite at the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face. Now you’ve received the full fury of Anonymous. We award you no points.
Sophomoric, even infantile. But RegSec was a Fortune 500 company and Anonymous had done it again. And the fact that the company was so universally unpopular meant the hackers could expect sympathy for, what was at heart, a criminal act.
Jeff checked several of his favorite tech sites and found stories already posted on the defacement. He went to the bathroom and showered, gingerly feeling the side of his head again. It was tender but nothing that troubled him. His vision was clear. After brushing his teeth he took two more pain pills, then ordered a light breakfast with a large pot of coffee.
Who had attacked him in the alley? he wondered. He found it very hard to believe that a loose cyber community like Anonymous had agents on the ground willing to attack and to threaten someone like himself. Yet it seemed that was what had happened.
There was a CyberCon presentation he wanted to see that morning but the RegSec attack took precedence. For the next several hours Jeff conducted a forensic examination of the penetration. He couldn’t confirm it based on the evidence, but suspected that Anonymous had compromised the site with an SQL server injection vulnerability he had warned the IT staff about. He wouldn’t be surprised if somehow in the flurry of activity these last few days the ball had been dropped and it hadn’t been fixed. He reviewed the software configuration running on the server at the time of the compromise and confirmed his suspicion.
He called his contact at RegSec and told him what he’d learned. Work on the replacement server was nearly finished. “We’ll be back up in an hour,” he said.
Jeff decided to eat lunch in his room, then join the conference at the start of the afternoon events. This would allow him to analyze the network logs to see where the attack had originated. To do this he employed the very statistical analysis that had been the focus of his presentation the previous day. He’d primed his tool with data from the last week of RegSec’s Web logs and directed it to examine the morning’s traffic, looking for Web requests of unusual size, atypical send and receive patterns, and data that looked different from those typically transmitted to and from the site. He culled the list of potential IP addresses down to a handful and because the traffic logs were decrypted, he could see the SQL, or Structured Query Language, injection and its originating IP address.