Tag Archives: forensics

Cyber War – Forensics

15 Friday Jan 2010

Posted by in cyber war

2 Comments

Tags

, , , ,

Tyler was back working in the war room.  The shift started with an operations review from the Console Sergeant while the unit went through the turnover checklist.

“This is what we know team.”  The Console Sergeant would randomly look different unit members directly in the eye as he talked.  He might turn to you once out of eight staff, or twice out of three – completely random.  But the duration of his stare was almost always exactly two minutes without ever looking at his watch.  “The attack wiped the hard drives to various degrees before our defenses pulled the power.  So Forensics focused on our virtual war room since backups were less than 24 hours old.  They discovered 5 vulnerabilities.  Technically two vulnerabilities, one on 2 machines and another on 3 other machines.  These were both Adobe vulnerabilities and there’s no excuse for that!  We’ll deal with that later.  Working on the assumption the attack emanated from one or both of these vulnerabilities, Forensics discovered the exploit.  The command and control function leveraged the DoD messaging system which has apparently been compromised for several months.  Now, I’m not saying we’re responsible for those systems but going forward I want more focus on defensive measures.  Forensics was able to track the exploit into our personnel system working from the assumption that in order to find your home addresses, they must have compromised that platform.  The compromise is confirmed but Forensics isn’t yet sure of the extent of exfiltration.  This is everything I know to date, any questions?”  The Console Sergeant took a sip of his coffee and looked over everyone’s heads.  That was his MO for when he didn’t want questions but Tyler was too tired to notice.

“Sir, what about the black ice that took down the Drone Pilot?”

The Console Sergeant looked into his coffee cup before setting it down and turned his gaze to Tyler.  “We don’t really know it was black ice that killed the Drone Pilot.  He might have suffered an aneurysm coincidentally during the attack.  I don’t believe that of course, but we don’t have evidence yet of the black ice; it was apparently a highly sophisticated Aurora APT.  Clearly, given the attackers were wiping our drives, we can assume they accomplished their objectives.  I assure you Forensics  continues to work around the clock on this.”

Tyler didn’t have any other questions.