Spider-Hack

 

Spider-Hack

by Ed Skoudis

 

Peter G. Parker was a mild-mannered information security consultant by day.  This dull, socially maladroit, balding cyber nerd offered security consulting to financial firms.  By night, Parker transformed into a cyber-crime fighting vigilante known as Spider-Hack.  Spider-Hack lived an action-packed life foiling the plans of high-tech crime lords and presenting at information security conferences, all the while thrilling legions of babes.

His dual life began a year ago when Parker was troubleshooting problems with the Ethernet card in his PC.  Ignoring the manufacturer's warnings, Parker didn't disconnect the power from his system while he was fiddling with the network interface.  While Parker yanked hard on the card, he cut his finger on its sharp, exposed edge.  Instantly, this small, open wound came into direct contact with the copper prongs of the card, injecting HTTP messages at gigabit speeds right into Parker's nervous system.  After a rough night's sleep, these web messages had changed Parker into Spider-Hack, a bona fide information security super-hero.

One night, whilst swinging from building to building through the city, Spider-Hack heard the cries of a frustrated incident handler at a major military supplier.  The cries came from Stanley, who led the incident handling team at Military Widgets R Us (MWRU), a large e-commerce military contractor.  Whenever military generals needed quick delivery of advanced weaponry, they could surf to the MWRU website and instantly order heavy armaments with a simple point and click.  Stanley was frustrated because an attacker was launching a Distributed Denial of Service (DDoS) attack against the MWRU web site.  Every second, ten million bogus packets were crowding out legitimate clientele.  If customers couldn't reach the MWRU website quickly, they'd surf to the competition, Osborn Industries, to buy their military wares.  The DDoS attack was costing MWRU millions of dollars a minute in lost business to their competition!

"I'm here to help," said Spider-Hack, in his best super hero voice.  Stanley explained that whenever MWRU went head-to-head with Osborn, mysterious events would always tilt things in favor of Osborn.  When MWRU had plans for a new military assault glider, Osborn beat them to market by several weeks.  Similar events occurred with the pricing plans for their new "I Can't Believe It's Not Nuclear" bomb product.  Now, only days after launching their e-commerce site, MWRU faced this packet flood that would drive traffic to Osborn's web site.  As an incident handler, Stanley was also concerned because it appeared an attacker had broken into his network.  An intruder named the Green Phreakin' Goblin had left messages on internal MWRU systems taunting Stanley about his inability to find the attacker.  Stanley was worried that this mysterious interloper may have something to do with all the trouble MWRU faced.

Questions:

•1) What advice should Spidey give Stanley for quickly stopping the DDoS flood?

•2) What process should Stanley employ to determine where the flood originated?

•3) In the longer term, how should Stanley and the MWRU incident response team prepare in advance to handle any further massive DDoS attacks?

•4) Given that an intruder was on the internal network, what advice should Spider-Hack give MWRU for protecting sensitive e-mail and files on their network, and which tools can be used for such protection?