Andy Mayhew
Apr 12, 2016 · 50 min read

The System is Down

Chapter 2

After a long luxurious shower, Sandra finally wrapped herself in a plush terry cloth robe. Feeling nearly human, she did not even want to touch her old clothes and pushed them into a corner of the bathroom. It was time to explore her gilded cage.

[You have connected with Evan]
Sandra: Evan, yt?
Evan: Y. WhereTF have you been?
Sandra: Hard to explain. Been kidnapped and am somewhere near Guam.
Evan: lolz stfu
Sandra: I’m not kidding. Was taken right as I was finishing maintenance. btw- did that go okay?
Evan: yeah maint went good. tho you never sent out end-o-maint email. What gives?
Sandra: Damnit, I was grabbed right as I was bringing everything back online. Didn’t you think to look for me or anything?
Evan: we figged you jumped after a couple of days of no responses to emails or txts. Mark did goto the colo and found it all packed up neat.
Sandra: I was taken from the colo. They drugged me and shit. What the hell are you listening to me? Did you even try and figure out what happened to me?
Evan: well your BF, Fred called a couple days after manta. Fred said you and he went ot Vegas to party. you deserve the time off, just wish you would’ve told us you were going.
Sandra: I promise you I am not in Vegas.
Evan: Whateverz. Enjoy your time off. BUt we need to do a push next week, so get back here soon. Off to do the dog and pony with some VCs.
[Evan has disconnected.]



Subject: Project Meltdown planningIn order to get the greatest affect for this project and to have the highest probability of success, a good deal of planning and certain controls will need to be put into place. If we just try to infect and virally bring things down, then there will be large opportunities to isolate the attack and to bring about counter measures. If instead stealth and coordination are put into place, then in a 24 hour window, most if not all network systems will be shutdown.Here are the problems that I perceive and the possible plan of implementation to order to make this all work.Problems:1. distribution
2. timing
3. command and control
1a. Utilize a pre-existing network infrastructure to facilitate distribution. I would take control one (or few) of the many botnets and use their probe mechanism to sneak the router infection code into as many networks as possible.
1b. Infect as many routers and distribution nodes as possible without detection and without actually causing any outages.
2a. Once we have assurance of infection, the we cycle the melt-down code to follow the midday sun. I would suggest starting the melt-down in Asia. Really focusing on the governmental systems. The closed governments of China, Pakistan, and India will never announce they are having trouble. The western nations will just think they are having normal connectivity issues in those poor infrastructure regions.
2b. The EU suffers together pretty well being basically two time zones, but that will be a warning to the Americas due to such strong ties (especially US-UK).
2c. North America will be most problematic because of the wide range of time-zones, but also the higher number of high efficiency datacenters that utilize natural cooling. But it should still be the final strike point because if the US is hit first, then places like China and India will just shutdown their networks before full implementation can be completed causing only a partial meltdown.
3a. The existing botnet structure already provides some command-and-control structures. Taking over the botnet, though, maybe too overt and create too much visibility to the network providers and security organization that monitor the botnets.
3b. It would be better to create a separate C&C structure from the botnet distribution. Limited set of commands and responses. Some method of authenticating commands.
3c. C&C needs to have a method of obfuscation to keep the source from being tracked down before project completion. After completion, it shouldn’t matter, but always plan for worst case scenario.
Other thoughts: If we can also infect equipment which will not be directly affected by the meltdown (switches and servers), then those nodes can infect new replacement hardware as it comes online. This secondary infection should probably just have a time-delay fuse for setting off the next meltdown, not requiring any C&C to be in place to initiate.Comments and questions welcome.
— SH
Subject: Critical Router VulnerabilityI have come in contact with some individuals who are intent on causing major disruptions to the routing infrastructure of the Internet. While I can not verify the code myself, I do believe in the veracity of the individuals in question. I have included the code in question. Please review it to validate this claim. I implore you to spend whatever resources necessary to come up with a fix as quickly as possible as I believe these people plan on launching their attack as early as next week. From my understanding of the code and their plans, the only protection will be physical disconnection from the Internet and other major communications networks.Code follows:
Subject: Ignore at your own perilThe following code will in theory infect and take control of just about any router. Check it out and protect yourself. The serious asshats are planning on launching this in a few days. If you hear about any weird outages, then you better unplug if you don’t find a fix, because there is no protection.Code follows:
Andy Mayhew

Written by

Dot-com survivor, technologist, automobile enthusiast, and covered in cat fur.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade