, ,

Tyler planned to spend the day in bed – Jane’s bed – playing her video games.  And he began the day like that but as his attention drifted to Jane’s concern about a possible inside attack, he logged into the Cyber Force’s VPN to research some ideas.  He couldn’t authenticate initially and then he remembered the computing policy in effect that mapped everyone’s home ISP IP address to their user credentials.  He ran into this issue when he was working from I/O’s house and recalled the network admin assigned him a temporary account without the restriction.  He tried that user account and it still worked.  Unbelievable!

Once on the network, Tyler did a telnet to a machine with some of his personal utilities.  This way he could run the utilities from within the Cyber Force data center network rather than over the wide area.  He booted up a wifi sniffer that searched the local area network for wireless access points.  He scrolled down the list it generated until he found one that clearly did not conform to the data center’s SSID naming convention as it had the default name of Linksys.  This suggested to him that perhaps the admin login was also default, and it was.  No user ID and the password was admin.  Brilliant.

Tyler then reviewed the DHCP log  which contained the MAC addresses that had been assigned IP addresses.  MAC addresses are 12 digit hexadecimal numbers in the format of MM:MM:MM:SS:SS:SS where the first 6 digits refer to the hardware manufacturer of the network adapter.  Tyler knew the Air Force was in bed with Cisco and most of the MAC addresses looked to be them – but he double checked against a list of vendors and they were all Cisco.  The Cyber Force were all on Apple computers and he didn’t see any of those vendor types, but then he spotted two MAC addresses that looked different.  He checked and sure enough these were from a Chinese manufacturer.  He cross checked against yet another list he had of known Chinese hackers and they matched that list in terms of the hardware vendor portion as well.

So now Tyler understood how the hackers got onto their network and were able to bypass network intrusion detection.  They were very likely sitting in the parking lot jacked into the Air Force unsecured WiFi.  Brilliant.  Talk about shooting yourself in the foot! Tyler called his Console Sergeant and advised him to search the parking lot.