in Los Alamos – on what, Mick couldn't determine. And he had no traffic tickets or recent insurance claims.
“I also plan to maybe do a little exploring, and perhaps some camping this weekend, too. Anywhere you'd suggest?”
“Chaco Canyon is pretty cool – it is very remote and lots to see in terms of Native American history and ruins,” suggested Anil.
“Are there any good trails I could ride my motorcycle off-road?” he asked.
“Tons. Just make sure you don't wander into any reservations. Its not that it isn't safe or something, but it is a different country, and our laws don't apply,” Will cautioned.
“OK – I'll make sure to mark them on my GPS. Thanks for the info,” Mick replied happily. “I’m really looking forward to this.”
“Well, thank you for coming out here so quickly. We would like to get this wrapped up as this might be our last investigation of this type,” Vince replied. Noticing Mick’s confused look, he explained. “We are getting ready to turn over our IT and security services to UBK. I’m not at all happy about it, but we have no choice.”
“I’ve read about them,” Mick replied. “They subcontract a bunch of government services these days.”
“Yep, they run a couple of federal prisons in this state.”
“I can’t remember, are they a U.S. corporation?”
“No, they are multi-national, dealing with dozens of governments world wide.”
“Is it just me, or does this seem like a bad idea? Do they even have the competency to handle IT? Have their systems and software been audited?”
“Well, their systems are extremely efficient, and they take advantage of economies of scale. For example, they standardize on a single hardware platform and single set of software, then replicate it across their systems and customers.”
“Hmm. That sounds like a ‘monoculture’, which as you know, has very bad security properties. If a vulnerability is found, it can be exploited on a massive scale.”
“Maybe you should write to your congressman…” Anil replied.
Mick was shown to a workstation and given his accounts for the servers to examine the logs. He barely looked up for the next three hours until Will came to take him to lunch. After lunch, he continued poring over the logs. Intriguingly, although one of their servers had been compromised, LeydenTech had not shut it down or removed it from their network. Instead, they had carefully set up a dummy subnet or sub-network and created some other servers with fake corporate accounts. Then, they had moved the server over and redirected all other communication to another server that mimicked a failed network connection. As a result, the compromised server was still operating as it had been, but it was isolated from the real LeydenTech network and data. It was as if the server had been put in a cleverly concealed cage so it could be observed in the wild.
Currently, all the server was doing was sending spam – lots and lots of spam emails. Mick began to wonder if perhaps this server was part of a botnet, short for a robot network of computers, a collection of compromised, or hacked, computers, known as zombie computers, organized to receive commands over the Internet and operate as a group. A botnet combines the power of each of each of the individual computers. The larger the botnet, the more powerful it becomes. Mick was aware of botnets made up of thousands, some claimed millions, of zombies on the Internet used to send spam – so called spambots. Lately, however, there was evidence botnets were being put to other, more sinister purposes.
So far Mick hadn't been able to find evidence of the LeydenTech server trying to contact a botnet controller for instructions, to 'call home'. Usually, a newly compromised computer would reach out to its creator to report in and request new instructions.
Studying the compromise, he realized it
Dean Wesley Smith, Kristine Kathryn Rusch
Martin A. Lee, Bruce Shlain