Not the Whitehaven Hoax
[An extract from The Project, in Cracks in the Ceiling]
Over the weekend, Peter decided to go ahead with his plan to attack National Civic Bank.
On D-Day, Dexter and Peter left their respective homes each armed with a mobile phone with a prepaid SIM, and a new netbook with prepaid wireless modem.
Peter caught the train to Strathfield, and at 9.20 rang the audience line for shock jock Adrian Andrews, calling himself Murray.
“Next on the line we have Murray, I hear you’ve seen something strange this morning. Tell us about it.”
“Hi Adrian. There’s a line of people outside the NCB branch in Strathfield waiting for it to open. I just walked past them, they all looked worried. Do you know why?”
“Well, Murray, that is interesting.” Adrian looked at his producer who shook her head. “There are no reports about National Civic in the press this morning. Maybe it’s pension day?” Adrian finished the sentence with his trademark chuckle. Meanwhile, the station research analyst got straight on the web to see what they could find out.
“No, it’s Tuesday. Anyway, they just all pushed into the branch when the doors opened. It’s a bit of a crush.”
“Well, thanks Murray. We’ll put a call into NCB. If anyone is in Strathfield and can give us more information, please give us a call.”
Before anyone could ring in to say there was actually no crowd at Strathfield, there was already another call queued up.
“Kate, you’re outside another NCB branch?”
“Yes, Adrian, in Hornsby. They’ve just opened and the queue goes out the door.” Peter laughed as he listened to this on air. Dexter was clearly using something to disguise the voice and make it sound older, but it was obvious that Dexter was a “she”.
“I see, thanks for that Kate. We’ll take some more calls, and we’re trying to reach a contact at NCB. For now, let’s go to the news room.”
As soon as she got off the phone, Dexter launched the denial of service attack on the NCB website, flooding it with login requests that made it almost impossible for anyone to log on. At the same time, Peter set in motion a similar remote phone attack on the radio station, bombarding their switchboard with calls that made it look like they were receiving hundreds of calls. Once that was in place, he set in place a similar attack on the main customer service phone number for NCB.
“Well, listeners, we’re back from the news and unfortunately we can’t shed any light on what’s happening at National Civic Bank. Please be patient if you’re trying to get through, we’re receiving hundreds of calls on the issue. We can tell you we haven’t been able to get onto the NCB website at all in the last five minutes or so, and can’t contact anyone at NCB. We’ll come back to this issue later in the morning, after our next interview, but at this stage, I’m afraid we can’t shed any more light on how safe your money is with NCB.”
Peter had hacked a couple of high profile Twitter accounts, and kicked things along with some deliciously ambiguous tweets like “Why is everyone taking their money out of @NCB?” and “Selling down @NCB shares – not sure what’s happening there”. By ten fifteen NCB was top of trending topics in Australia, so word that the bank was in trouble was out. NCB weren’t able to decide on the right message to put out on their twitter feed until mid-afternoon, by which time it was too late.
By ten-thirty there were queues forming at most branches, and although Dexter had withdrawn the attack on nationalcivic.com, the traffic from real customers was now keeping the site locked up – and did so for the rest of the day. NCB shares were suspended from trade on the stock market at the company’s request by eleven, having fallen thirty percent.
* * *
Polly: <Too easy. Covered all tracks?>
Dexter: <All done. Imagine what would happen if we went hard?>
Polly: <Nice voice BTW>
Dexter: <You’ll never know!>
Polly: <Good job anyway. Cya>
* * *
High above the city, with the lights and the harbour sitting peacefully on the other side of the glass, the Board and senior management of NCB were assembling in the boardroom. Normally a pristine testament to process and propriety, the room was covered in papers and filled with whiteboards. The detritus of food eaten in haste through the day lay about. No one seemed to care. They were there for only one reason – to hear the Director of Security’s report.
“Today’s event was a co-ordinated multi-platform attack that seems to have had no other objective than to push the Bank towards collapse. There is no evidence of any breaches of NCB systems, none at all. There were no unusual share market trades in the last forty-eight hours that positioned anyone to make substantial profits from the share price fall that occurred in the first hour of trade today.”
Murray Swan wasn’t sure how to take this news. “So, you’re saying it was pure malice? With what motive?”
“No way of knowing. The plan was smart, brutal and clinically executed. It was also low-tech, and untraceable.”
“Untraceable? I don’t believe you – how can someone almost make a bank collapse and not leave a trace?” Clearly, the Chairman had been hoping for more.
“It’s simple. First, two phone calls to a talk show host. I’m guessing the SIM cards for the calls were bought weeks or months ago at K-Mart, now disposed of. Then three “flood” attacks – designed to simply overload a service by multiple contacts or calls. The three targets were our customer service phone number, the radio station’s talk-back number, and of course our website.”
“We’ve had these before, haven’t we? Can’t we defend against them?”
“We have a “denial of service” defence plan, and if the only issue was a flood attack, we’d have been back online in 15 minutes. But because of the other forms of attack, the website was then overwhelmed by legitimate users trying to check their balances or transfer funds out. Creating the snow-ball meant they could withdraw the attack quickly, making it harder to trace.”
There was silence as the information sank in.
“We’ve been analysing Twitter as well. I suspect that the attackers hacked into a few accounts of influential people with lots of followers, and poured more petrol on the fire that way, so to speak. And of course, Andrews saying “I don’t know how safe your money is with NCB” at the end of the first segment he ran didn’t help.”
The Director of Security paused, carefully choosing his words for the right effect. “In my opinion, neither our own nor the police investigation will uncover the perpetrators of this attack. Again, in my opinion, these attackers have the skill and capacity to undertake a more damaging attack on this or another bank. There is also little we could have done to prevent the attack in terms of systems or response capability.”
The Chairman was not impressed with this, but there was too much to get through to argue the toss. “Thanks for your report, and please pass the Board’s appreciation to your team for their work today. Now, let’s get to the Cash Flow and Capital Report, followed by the Stockmarket report.”
The Director of Security nodded and left the room. He had a sinking feeling that his presentation had not gone well.