 |
Greg and Marty exited the data center and made a beeline to their cubicles. Their smug looks made it apparent they were up to no good and enjoying it. They had just left their partners in crime – Erin and Carl – with a laundry list of To Dos. Erin and Carl were now busily working magic across MagnaCorp’s network. Directed by Marty, the plan was quickly unfolding. “Ok. Do you think we thought of everything?” Greg asked Marty stopped suddenly. Greg’s churning legs propelled him five feet further before he screeched to a halt. Marty gave him ‘the look’. “Let’s see…Honeypots set up. DNS entries pointing to the systems. We updated host file entries to point to the honeypots. Erin is updating Active Directory to reflect these new “super secret” systems (Marty emphatically pulled out the finger quotes to Greg’s annoyance) and Carl is generating bogus traffic to the systems. Sounds pretty complete to me.” “I know. But this guy – or gal – or guys and gals – seem pretty good. We can’t find their entry points. Do you think they will fall for it?” Marty resumed his blistering pace back to his cube. Greg hurried behind him. “All I need is a few more breadcrumbs. A few more sessions to track. Some netflow. Anything that I can definitively know is the intruders. Once I have that, it will all fall in place. And those systems are locked down tight – except for a few obtuse openings I left. If anyone breathes on those systems I will know. Did you get the DLP rules set up?” “Yep. They go in tonight as an emergency update. I had to pull the ‘just do it because I said so’ card. The admins were trying to figure out why we had those phrases.” “Well, if any of our honeypot docs try to pass through the perimeter, I want alarms going off with the highest priority. The canary tokens in those files are my ticket to find out where they might exfiltrate data.” “Ok. I trust you. But the stakes are high.” “If the true target of this attack is the research work that we are doing with vNextGen, then the only people that will be looking at those systems are our adversaries. How could they miss new systems brought up in the RnD segment loaded with CAD drawings, PowerPoints and documents with titles like “SuperSecretSauce.doc”? “You didn’t really name a file like that, did you Marty?” ***** The Ghost meandered through the bustling crowd on the main thoroughfare within the castle. He took his time as there was no reason to rush. In fact, a disinterested attitude was key to remaining completely inconspicuous while walking in plain sight. He paused to peer in the windows of a few shops. After glimpsing the meager wares offered by the merchants, he became restless to find something of interest. As he rounded the corner, he spotted a disruption in the constant swirl of people. A caravan of wagons was making its way slowly through the mass of townsfolk. He quickly sprung up a staircase leading to a store so he could see over the heads of the crowd. Some of the wagons were loaded with lumber. Others carried loads of stones chiseled for paving stones and fortified walls. What is this, he thought? There was enough material in the caravan for a major project. The Ghost slipped into an alley avoiding the stream of people. Splashing through puddles and dodging trash bins, he wound his way through the dingy, dank passageway to intercept the caravan. After a few minutes of zigzagging, he emerged at another major thoroughfare. He instantly recognized where he was. The massive structure in front of him was a wing of the King’s Ministry Building. A major construction project was underway expanding some of the offices. The Ghost quickly ran through his knowledge of the maze of bureaucratic offices. He smiled. He knew exactly where the additions were being made – the offices of the Trade Master. While he circled the area, the Ghost surveyed the new foundations being laid in the ground. He also noted the heavy iron clad wagon set off to the side. A squad of hawk eyed guards were gathered around the wagon. The wagon had all the indicators of some highly important or valuable materials – a gaggle of guards, a heavy iron door with a massive lock and chain and thick oak walls reinforced with iron. The wagon oozed intimidation. The guards kept any wanderers at bay shuffling off inquisitive children rushing forward to see the laborers wrestle with the wood and stone. The Ghost became suspicious for a moment. It almost seemed too good to be true. He hesitated before circling again to get a little closer to the wagon to inspect his new target. After weighing his options, he walked away convinced that this was a real project. Too much effort was being expended for it to be a trap. As the Ghost disappeared into a murky walkway obscured by the shadows, he lovingly caressed the secret hidden in his cloak. He stopped under a meagre torch hung outside a seedy pub. Under the dim light, he slipped a simple leather binder from under his cloak. As the Ghost opened it, the torchlight caught the edge of a golden badge. It was the Ghost’s Golden Ticket to anywhere in the castle. He was anxious to play his last card and finally found a target worth its use. Come back on Tuesday for the next episode! The post E6 – Ghost in the Machine – Honey, I’m Home appeared first on Speaking of Security - The RSA Blog and Podcast. |
