Cyberstrike by James Barrington (best memoirs of all time TXT) 📕
Read free book «Cyberstrike by James Barrington (best memoirs of all time TXT) 📕» - read online or download for free at americanlibrarybooks.com
- Author: James Barrington
Read book online «Cyberstrike by James Barrington (best memoirs of all time TXT) 📕». Author - James Barrington
‘Don’t call me that.’
‘Sorry,’ Morgan said with blatant insincerity.
Then he sat quietly and waited. Silence can be quite intimidating, as he remembered one of his SAS instructors telling him. The corporal had been talking about interrogation – or rather how to resist interrogation and avoid telling whoever was questioning you anything that he wanted to know – but he guessed the same tactic would work in this kind of situation. Human beings are social animals, and social animals communicate. Silence – the absence of communication – can be difficult to cope with, and some people feel compelled to fill it. He guessed that Nigel Foster might be one of that type.
After a minute or so he took out his mobile phone, placed it flat on the desk in front of him, opened up the Kindle ebook reader and picked up where he’d left off reading the previous evening, making quite sure that the other man could see what he was doing.
He’d only read a couple of pages before Foster, clearly recognising that he’d been out-manoeuvred and essentially backed into a corner, broke the silence.
‘Oh, very well. What do you want to know?’
Morgan switched off his phone and put it away before he replied.
‘Thank you,’ he said. ‘You had a security breach. My organisation has a brief from the British government to monitor events of that type so I need to know three things. First, how it happened. Second, what damage was done in terms of data loss or anything else. And third, what you’ve done about it.’
‘Don’t tell me your lot investigate every single hacking event,’ Foster said, a distinct sneer in his voice. ‘You’d need a massive staff and it would be a full-time job.’
‘I didn’t say we did that,’ Morgan responded quietly. ‘But we do investigate attacks on mission-critical organisations, which obviously includes banks and financial institutions of all sorts, government websites and the utility companies, because a major hack of any of those could cause catastrophic damage to what’s left of Britain’s economy after the Covid-19 shutdown, and could also cause loss of life in certain circumstances. And that’s why I’m here. So what happened?’
‘We weren’t hacked. That’s the first thing,’ Foster said, starting to open up. ‘We could see the attack developing as they looked for vulnerabilities in the systems. They ran Firewalk to check for open ports in the firewall but didn’t find any, then used a mixed selection of hacking tools like Metasploit and Sn1per to look for weaknesses and finally ran John and Cain to try to break a password. We backtracked the origin of the attack through a whole chain of proxy servers. It supposedly started in Vietnam, but we’re fairly sure it actually began in America. I can supply you with the audit trail if you want it.’
Foster looked at Morgan, apparently checking that he understood the shorthand.
‘Pretty much standard,’ Morgan said, nodding. ‘I would like to see any data you obtained, so I’ll give you my email address. But I gather they didn’t get anywhere?’
‘Nope. Not with the system we’ve got here. I presume you don’t want to know how we’ve configured the firewall or the security monitoring and analysis software we use? Stuff like that?’
‘No. I’m sure you know what you’re doing or you wouldn’t be in the job. I’m only interested in what happened and the results. But I do have a question. You watched the attack take place. It doesn’t sound to me like it was part of an APT but more like a brute-force attack. Was that your impression as well?’
An APT is an advanced persistent threat, one of the most dangerous types of hack because it’s a group effort and it’s patient, organised, complex and intelligent, and usually directed at major corporations to steal data or trade secrets. It’s particularly favoured by Chinese government-directed teams of hackers trying to steal technology from the West. Planning and execution can take months as the website is studied and probed for weaknesses – a phase known as ‘target development’ – before attempts are made to breach it, often using apparently legitimate emails or social media link requests sent to employees.
These typically contain a malware attachment that will provide an access channel once activated, and it only takes one employee to click on the embedded link for the damage to be done. Some APTs have only been detected months after the initial intrusion when huge amounts of sensitive data are picked up leaving the system. By which time, of course, it’s much too late to stop it. Completely cleaning a system after an APT can be difficult. Months after one American company had cleared its network, a printer was found to still be sending messages to a server located in China.
Foster shook his head firmly.
‘This wasn’t an APT,’ he replied. ‘This was the barbarians banging on the gates of Rome. It was crude, basic and short-lived. I think it was just an opportunist attack. These hackers were just seeing if they could force their way inside the system.’
‘Okay. Then you detected a user acting suspiciously. Do you think that intrusion was orchestrated by the same group that tried the brute-force attack?’
‘Good question. Possibly, maybe probably. I wondered if the unsuccessful attack was a kind of diversionary tactic to make us concentrate on them
Comments (0)