Sunday, November 17, 2024
BackBlaze
HomeFrom The Field"We're being hacked!"

“We’re being hacked!”

Republished with permission from TheDailyWTF:

Timmy threw open the door to the team room. Panting, he cried, “We’re being hacked!”

Blair and the rest of the team slouched into action. They knew the web server was down, but that was hardly unusual. The “web server” was Blair’s desktop from five years ago, reformatted and turned into a host for their home-grow project-management software. It dwelled under his desk, away from the light, and was not generally considered mission critical. The fact that it was down, again, didn’t rate a high slot on anyone’s priority list.

Unfortunately, Blair’s boss happened to overhear Timmy’s claim. “Hacked? HACKED? Do you think… it could be… a virus?”

What should have been dismissed as a simple, “No, we’re not being hacked, that’s crazy,” was now a full DEFCON1 situation: management was roped in, and they swooped over the situation like B1 bombers over Eastern Europe. Someone barked out orders and directed the IT team to be like ICBMs and dive straight to the root of the problem.

Blair looked at the logs, and Timmy’s concern sort of made some sense. The web server was crumbling under what appeared, if you squinted, to be a DoS attack. One IP kept sending about 20 requests/second. Every few seconds, it’d take a break and catch its breath, and then keep going. If you didn’t stop to think about it, the behavior looked a little bit like an incompetent virus trying to conceal its behavior. Maybe.

But this was DEFCON1. Blair’s boss warned him that it had already escalated to one of the VPs, and it was going to the CIO next. So, Blair kept at it. Figuring out which port on the switch was carrying all the traffic wasn’t that hard, but getting from the switch to the offending computer was harder; the building was so ancient the wiring had been done by the Rosicrucians, and not a single cable was labeled. Blair had to go so far as to tone out the line to find the culprit.

“It must be a virus!” his boss said. “Go down there and clean out that computer! Fast!”

Blair went down to the workspace where the computer lived. Someone was in front of the computer, but they weren’t using it. They had pushed it up against some parts bins so that the worktable gave them some room to solder. The computer was already awake, so Blair grabbed the keyboard, closed the one open browser window, and then he ran the full battery of tests. Blair was unsurprised to find absolutely no sign of a virus. This meant that either there was a cunning, custom-engineered virus build to only attack their project server from this specific computer, or… it was just a fluke. Since reconnecting the computer to the network didn’t cause the problem to resume, Blair went with “fluke “.

He pushed the computer back out of the way, and turned to leave. Then he turned around to look at it again. Where the keyboard had been when he found it was just under the lip of one of the parts bins. Blair pushed the keyboard back another centimeter, and sure enough- if you shoved it in there just right, the parts bin was very close tot he F5 key. A little further, and the F5 key would be fully depressed.

Blair recalled that he had closed a browser window, and now that he thought about it, one that had been pointing at their project server. Blair told the workers that they should put the keyboard on top of the tower when it wasn’t in use, and then returned to his boss, ready to recount the tail of the dreaded F5 virus, bane of el-cheapo web servers that got stuffed beneath desks.

via: [TheDailyWTF]

RELATED ARTICLES