Upload
jamaica-marjadas
View
218
Download
0
Embed Size (px)
Citation preview
8/13/2019 Intro about the motive of hacking.docx
http://slidepdf.com/reader/full/intro-about-the-motive-of-hackingdocx 1/8
(lights off in front of the room, Maxine is standing at the back, where she picks up an envelope on
the computer/desk nearest the door. She opens it and looks at its contents, and pulls out an ID.)
MAXINE: (on cellphone) Understood, Sir. We guarantee everything will go smoothly. Leave this to us.
Yes, I understand what’s at stake. Nothing will go wrong…for us. (ends phone call, calls Keembe.) I’ll
launch a Distributed Denial of Service attack on Azacar Company tonight, so they can’t informLinopod they haven’t authorized this transaction. Has Giah uploaded the Trojan horse into our IRC
networks?
KEEMBE: (should be sitting down somewhere with the class) The program has been downloaded by
over one thousand computers through their IRC clients, Max. Our zombies are ready. Giah has an
appointment set for tomorrow evening with Linopod Corporation’s vice president. She’ll be going as
Azacar’s CEO. Can you secure fake IDs for her?
MAXINE: Can I? Of course I can. Just make sure everything goes well on your end, and get the
handprint of their Vice President. I’ve already IP spoofed Azacar and placed an order with Linopod,
actually. [lights off]
[SCENE 2 – lights on in front; Giah enters in front, and Beth stands up to greet her. Giah is wearing
latex gloves. Beso beso]
Beth: And you would be the CEO of Azacar? Wow, such a young CEO for such a successful company!
I’m Beth, Vice President for Public Relations of Linopod Company. Chill, our CEO, apologizes for not
being able to make it today. She’s been out of the country, and she won’t be back until next week.
Giah: Thank you, Miss Beth, but I’ll have you know I’m impressed with your company’s work on IT
security as well. We are very excited to be able to enter this deal with your company, and finally be
able to set up a direct private communications link between our companies, as your ‘trading
partner’. Shall I sign the contract? We can have a photo op after.
Beth: (flattered) Definitely! A value-added network (VAN) wouldn’t suffice for major clients such as
you. Here’s the contract and here (gives one of our classmates a camera), take a picture of us!
Giah: Wait! I want a picture with us shaking hands.
[pose, picture.]
Beth: Oh, I know! How about we have a celebratory dinner? I’ll go ahead and have the car prepared.
Do you want Japanese? Native? What kind of food?
Giah: Anything will do, Miss Beth!
Beth: Oh, call me Beth. We can’t have dinner together calling each other “Miss”. (walks away) Don’t
take too long, okay?
Giah: All right. I’ll just keep my things. (turns around and presses earpiece) Keembe? Giah here. The
contract terms have been decided on. The EDI process should be underway soon, and her handprint
plus a picture has been secured.
Keembe: Good. Now it’s up to Max.
[lights off, Giah exits. SCENE 3 opens at the back.]
MAXINE: (on cellphone) Yes, I know it’s been a week, and the transactions are ongoing, but we can’t – I can’t just – urgh. I know and am working on it. But even so, we only have limited access. I’ve
8/13/2019 Intro about the motive of hacking.docx
http://slidepdf.com/reader/full/intro-about-the-motive-of-hackingdocx 2/8
already bypassed the firewall. Just be patient. Fine! You know what, I’ll launch a DoS attack on
Linopod Corp’s system as well, if that’s what you want. You mean a Smurf attack? Yeah, yeah. I’ll do
that. That IS a kind of denial of service attack, you know, along with the distributed denial of service
attack and SYN Flood attack. What? Fine. I’ll hurry. (ends call) This is so not going to end well, but the
customer is always right.
(goes to computer and starts typing)
MAXINE: AAAAAAAAND now it’s closed. For a company with high network security level, they didn’t
even try to catch the culprit red-handed using deep packet inspection. Great. I knew this would
happen. Now I can’t get in. I need an inside identity…hmmm… Oh I know! I’ll use HIS account to
enter, since this is all his fault.
(Types again, but a few minutes later max’s cellphone rings and she answers)
MAXINE: Yes? Keembe!
KEEMBE: Max, what are you doing? He just called me, and he’s furious because you used his accountto access the system while it was under a quarantine. Is this true?
MAXINE: Yes, I did.
KEEMBE: Max! What the. Why would you do that? Do you know how dangerous this is? He could get
caught, and that was not part of the deal. Our reputation as criminal consultants would be
destroyed! You need to fix this. Delete the system audit log, now.
MAXINE: What? But Keembe, that’s kind of really obvious, and I needed an inside account.
KEEMBE: Now, Max. Delete it.
MAXINE: Fine. It was useless anyway. Their mainframe is too tight. I can’t get into their operating
system. We need to have software inside the company.
KEEMBE: You mean a virus?
MAXINE: Yes. I could write the program for it, but there’s no way they’ll let me plug in there.
KEEMBE: I’ll talk to the customer. Just write the program, and I’ll take care of the rest.
[LIGHTS OFF, SWITCH TO FRONT, WITH JUSTICE AND JOHONEY AND A FEW OTHER TEAMMATES
SEATED]
JUSTICE: *looking stressed, typing a lot on Sir’s computer+ Who would do this…How…?
JOHONEY: What’s wrong, Just? You look stressed.
JUSTICE: Someone just launched a Smurf Attack on our system. I guess I should be glad they didn’t
use a DDoS instead, but still…
JOHONEY: …What does that mean?
JUSTICE: *sighs+ A smurf attack is an attack wherein the perpetrator’s computer IP spoofs us and
sends a ping message packet to an intermediary, so that the intermediary sends a lot of echo
responses to us and crashes our system.
JOHONEY: Oooh! I know! That’s a denial of service attack, isn’t it? So this means our website is
down?
8/13/2019 Intro about the motive of hacking.docx
http://slidepdf.com/reader/full/intro-about-the-motive-of-hackingdocx 3/8
JUSTICE: Yes. [Goes back to typing]
JOHONEY: …What about a DDoS? Why the extra D?
JUSTICE: [mutters]
JOHONEY: What?
JUSTICE: I SAID Distributed Denial of Service.
JOHONEY: Oh. So lots of websites crash, not just us?
JUSTICE: [Facepalms] No, it means the perpetrator uses a lot of computers to crash our website. It
causes more damage cause it comes from more computers than a SYN Flood or a smurf attack.
JOHONEY: …SYN Flood?
JUSTICE: [annoyed now] A SYN Flood attack transmits hundreds of SYN packets to the targeted
receiver, but he never responds with an ACK to complete the connection, so the receiver keeps
requesting for acknowledgment until it times out. Don’t you have something else to do? I’m busy.
JOHONEY: *sad+ I was just curious about…Never mind. I’ll go away, then.
TEAMMATE 1: [sees Johoney sad] You want to know what a Smurf attack is?
JOHONEY: [Happy] Yes, please! Will you tell me? Thank you so much.
TEAMMATE 1: A Smurf Attack is when the perpetrator of a smurf attack uses a program to create a
ping message packet that IP Spoofs the victim’s computer to an intermediary, and so the
intermediaries, which are a bunch of computers, all send an echo response to the victim’s computer
and overwhelms it.
JOHONEY: But what about our firewall? Isn’t that a system that enforces access control between two
networks? Won’t that stop the attackers?
TEAMMATE 1: Well, all we have is a network-level firewall, which is efficient but it’s kind of low
security. It has a screening router that examines the source and destination addresses attached to
the incoming message packets and accepts or denies requests based on filtering rules programmed
into it. Actually, it’s a firewall that offers less security but more convenience. We could have had an
application-level firewall, buuuut Mr. Tiu, our chief operating officer, rejected the idea because
although it provided a higher level of network security, it adds a lot of overhead to connectivity. We
could have run security apps called proxies to perform user authentication for some tasks, plus
gotten some sweet auditing tools and transmission logs for unauthorized activity.
TEAMMATE 2: Yeah, and he wouldn’t let us invest in an intrusion prevention system that employs
DPI to stop DDoS attacks either, because he said it was a waste of time or something. It’s not – deep
packet inspections would inspect the entire content of the message packet, not just the header
portion.
JOHONEY: *Sighs+ I don’t really know a lot about these things…Why don’t I ever know them? *is sad
and leaves the room]
8/13/2019 Intro about the motive of hacking.docx
http://slidepdf.com/reader/full/intro-about-the-motive-of-hackingdocx 4/8
TEAMMATE 1: She’s kind of hard on herself.
TEAMMATE 2: Well, she has to meet big expectations. Word is they’re planning to promote her to
Justice’s role when he gets promoted. Justice was, after all, the one who suggested message
sequence numbering, which is why we now add a sequence number in each message so no one can
delete or change the order of the messages we receive.
TEAMMATE 1: Oh yeah, wasn’t he the one who suggested that thing where we have a log of the user
ID, time of access, and terminal location from where the access originated?
TEAMMATE 2: Oh, you mean the message transaction log? Yeah, that’s also him.
TEAMMATE 1: But you know, Johoney isn’t so bad. She was the one who suggested multilevel
password control, where different functions need different passwords. It’s saved the company a lot
of money, cause many employees can share the same computer now without mixing functions.
JUSTICE: Hey, back to work. I just realized we also lost our system audit trail and our event
log…someone is really out to get us. Maybe I should have pushed for keystroke monitoring insteadof just event logging. That way, we could have records of both the user’s keystrokes and the
system’s responses instead of just the key activities of the system. Not that it matters, if they’d
deleted it. [Slams hand on table] What in the world are we up against? How did they even get in our
system? I should’ve implemented a one-time password system, so we can have new algorithm-
generated passwords every minute instead of just reusing the same password over and over again.
TEAMMATE 1: Sir, could it be a line error that deleted our data?
JUSTICE: No, Johoney made sure all electric motors, atmospheric conditions, faulty wiring, defective
components, or noise spills from other communications channel don’t cause any line errors. I’m sure
it’s not that.
TEAMMATE 1: At least it doesn’t seem like the attacker is making much progress either?
JUSTICE: But we’re in a deadlock – a draw. That’s no good either. We can’t go on like this; our
customers need to access our website…
[LIGHTS OUT, SCENE ENDS, STARTS AT THE BACK WITH ONLY JOHONEY AT FIRST]
JOHONEY: I’m so useless…I couldn’t even understand what was going on there. What am I going to
do? All I can really help with at this point is those of network topologies – the communication lines,
hardware components, software…*SIGH+ But network risks? Not my thing.
MATTHEW: *enters room, swinging USB around a finger+ Who do I….Oh, Johoney! What are youdoing? Why so blue?
JOHONEY: [Surprised] Mr. Tiu! What are you doing here? Oh my gosh, I’m so haggard-looking, not
professional and neat at all! I’m so sorry. Also, what do you mean blue? Are my clothes not white?
Did I accidentally choose something blue?
MATTHEW: No, I mean why so sad?
JOHONEY: Oh…Oh, it’s nothing, sir.
MATTHEW: Come on, you can tell me.
8/13/2019 Intro about the motive of hacking.docx
http://slidepdf.com/reader/full/intro-about-the-motive-of-hackingdocx 5/8
8/13/2019 Intro about the motive of hacking.docx
http://slidepdf.com/reader/full/intro-about-the-motive-of-hackingdocx 6/8
BETH: Oh honey, don’t be sad! She’ll be back tonight, so I’m sure she’ll fix everything. Wait here, I
know how to make you feel better! I’ll get you a bar of chocolate!
JOHONEY: Oh, that’s a great idea Miss! I love chocolate!
BETH: [running outside] Should I get Toblerone? Or Cadbury? Maybe just Snickers? I think Snickers! I
love Snickers!
JOHONEY: [looks at door until Beth is gone, then quickly sits down and plugs in the USB] Okay, here!
Now this will work…
MAXINE: [sitting down at back+ I don’t really need the DoS attack anymore, so I’m just going to… fix
it.
JOHONEY: OMG! Eveerything is okay again! I did it! I did it! I’m amazing! I can’t wait to tell Justice,
he’ll be so proud of me!
[EXIT, Then enter Justice and Co, with Johoney and Beth and Matthew]
BETH: Let’s have a toast to Johoney tonight! For saving our systems, without even breaking a sweat.
Tell us, Johoney, how did you do it?
JOHONEY: *looks at Matthew+ Well, it wasn’t just me. Actually it was mostly –
MATTHEW: Don’t be humble! Accept credit where it’s due!
JOHONEY: [Surprised] Really – Sir? Weren’t you the one who -?
JUSTICE: I’m really proud of you, you know. I always knew you had it in you. Could you tell me how
you did it? That was a really impressive hacker you just beat.
JOHONEY: Well, I didn’t really -
MATTHEW: We’ll have a celebratory dinner tonight –
[Suddenly, all lights turn off. People gasp, and the lights turn back on. Justice runs to the computer
and starts clicking and typing like crazy. If possible, we can project that thing Jamaica talked about
where the circles break and stuff? ]
JUSTICE: What in the world – Everything! All our defences, they’re compromised. What happened -
[realizes something] Johoney, tell me exactly what you did to fix the system. Now.
JOHONEY: What, I didn’t – I saved everything – I didn’t do this!
JUSTICE: NOW, Johoney! There’s no time. The hacker has just breached another level.
JOHONEY: Well, I just plugged in this USB into Miss Beth’s computer –
JUSTICE: You did what? Oh no! Whose USB was it?
JOHONEY: It was –
MATTHEW: What have you done? [points accusingly at Beth] You, you let her access your account?
When you know your account has privileged access? Do you know what abuse of that kind of access
does to a system?
BETH: I didn’t - Johoney, while I was out getting chocolate, did you…? *hurt+
8/13/2019 Intro about the motive of hacking.docx
http://slidepdf.com/reader/full/intro-about-the-motive-of-hackingdocx 7/8
JOHONEY: Miss, I didn’t…I was only trying to help… *looks as if she’s about to cry+
JUSTICE: That USB must have had a malicious program…Now the attacker has total access to our
files! What do we do?!
MATTHEW: Beth, if Chill hears about this…
BETH: It’s not my fault, it’s Johoney’s!
MATTHEW: But it was your responsibility! When I tell the president –
CHILL: *Enters+ When you tell me what? What’s going on? I leave the company for a few days and
now you’re in trouble?
<<<<<<ikaw lay insert synopsis from start until niabot te chill jaece.. O.o mao ni iya iingon>>>>>>>
In the first place, there is no one sweep solution against an expert hacker. Johoney, you should have
been more skeptical because a USB drive with contents you don’t even know is clearly suspicious.
What’s the status?
JUSTICE: Ma’am, the hacker has breached all but our last two levels, ____ and ____. It’s only a
matter of minutes until our mainframe server goes down, or worse, goes to the hands of that filthy
hacker.
CHILL: I understand. We don’t have a choice, then. (adto sa office nit te chill..turns on the computer)
Activate Almadel. (screen turns black the system appears. Hopefully we’re not too late. This virus
will set up another security control: a dual-homed firewall, with 256-bit advance encryption
standard keys.
As te Chill’s virus is countering Max’s virus, te Chill talks about security.
CHILL: Our operating system is the core of our company’s operations, as it runs in our mainframe
server, it integrates all our processes. We need to let the operating system do its job. As the OS
protects itself from users, protects users from themselves, protects users from each other, protect
itself from its own, and protects itself from its environment, WE have to protect it.
Now, I get that the hacker has found a back door because of the USB. Even our most secure log-on
procedures and access tokens were bypassed. We need to tighten our access privileges, both at
physical and logical level.
Beth, do not let others get inside our offices without supervision, and DON’T let anyone plug
anything, or touch our computers. Review our employee records to check our people who may havepossibly worked together with the hacker to jeopardize our information system.
Justice, there should be some system log records left in our server. Check for the TCP/IP and IP
addresses associated within the timeframe of the attack, we might catch our hacker. Also, after
Almadel has finished cleaning our system, implement a one-time password via PIN. But keep
Johoney suggestion of multilevel passwords.
Do you have pen and paper? Because you really have to write this.
a. All of us should provide passwords before we can access sensitive data.
b. Make sure our passwords are not sloppy nor weak.
8/13/2019 Intro about the motive of hacking.docx
http://slidepdf.com/reader/full/intro-about-the-motive-of-hackingdocx 8/8
c. Check our encryption keys at irregular intervals because they might be compromised,
rendering our password encryption useless.
d. Have someone review and modify our log-on and lockout procedures. Someone may have
made too many mistakes in logging on.
Johoney, fix our system logs, and this time, provide a high level of security so that it won’t be easilyerased. Also, we are going to send a distress signal to the ____, our trusted security team. Conduct
echo check, parity check and prevent unauthorized sniffers from intercepting our message.
I will send a digitally signed document with RSA encryption, so make sure it gets across ____
uncompromised.
Matthew, you and I are gonna have a talk.