Into Unscientific

Chapter 195 I have the advantage! (8.8K)

Let's start by turning the clock back a little bit by half an hour.

After deciding to provide support to UCAS.

Xiaorong immediately got in touch with Wang Qingchen of the University of Science and Technology of China, and obtained permission from the school board of directors through Tian Liangwei.

Then in the case of having the same system key.

Reinforcements from the University of Science and Technology soon appeared on the 'battlefield', quickly buying precious time for the University of Science and Technology of China to repair.

At the same time, due to adequate preparation.

Not only did Xiaorong and the others successfully take over the battlefield, but they also locked down the .

The other party's IP.

This moment.

In the network security center of Huadun Biotechnology, Xiaorong was introducing the whole situation to Xu Yun:

"Dr. Xu, in fact, under the current technical means, it is not an easy task to trace the real IP, and many links are irreversible."

"For example, physically destroying a certain hardware device in the whole link, or if the hacker only attacks once, using Tor or I2P network, etc."

"In this way, the springboard host has no way to chase, and can only rely on the historical logs of the operator to find the source, which is very troublesome in practice."

"But this time the other party made a mistake. In other words, their goal seems to be not limited to breaking into our official website."

Xu Yun glanced at him, turned his head slightly, and said in doubt:

"Not limited to breaking the official website? What does this mean?"

Xiaorong tapped a few times on the keyboard, then pointed to the screen and said:

"Dr. Xu, look at this."

Xu Yun followed the trend and saw a line of code displayed on the screen:

localhost:8080/test?name=scriptalert

"This is the JS code placed in the URL of the request parameter, which directly leads to the web server backend of the official website of the National University of Science and Technology of China."

Xiaorong first explained the purpose of this string of codes, and then said:

"This is a reflective XSS attack that can form a cross-site request forgery together with CSRF to obtain an extremely short management authority."

"This administrative authority will intercept the JSON data that should be returned to the user, and instead send the data back to the malicious attacker, which is what we commonly call JSON hijacking."

"In other words."

"The other party not only wants to crack our official website, but also wants to obtain our database."

When Xu Yun heard this, his pupils shrank violently.

Even though he has been a human being in two lifetimes, he is also a little uncertain at this time:

"Database, shit, it's so ruthless"

As the only university in China with two national laboratories, the University of Science and Technology of China must store unimaginable important data in the cloud.

Indeed.

The truly top-secret information will definitely not be in a 24-hour networked state, and the relevant defense methods are by no means broken by a sudden attack.

But except for top-secret information.

There are still a large number of experimental data or related reports of associate high school students above associate professors and below academicians in the database of HKUST.

This kind of information may not be top-secret, but it is also of high value, and quite a lot of it involves cutting-edge research topics.

And unlike top-secret databases, it is impossible for such databases to run offline.

Because many experimental results need to be entered in real time, and this thing will not abide by the nine-to-five work system.

Nine ten o'clock in the evening and two o'clock in the morning may be the time for results.

Therefore, this lower-level database must be operated on the Internet, which is a high-risk and high-value attack target in nature.

For example, in December 2019, the University of Giessen in Germany was attacked by hackers.

This is a top German university with a long history, and Wilhelm Roentgen graduated from it.

At that time, the database of Giessen University lasted only 12 minutes before being breached, and a large amount of key information was lost.

This incident directly led to a year later, more than a dozen big cows with an H-index above 45 chose to leave Giessen University and apply elsewhere, and our local exchange team took three of them.

In addition, the database of Northwestern Polytechnical University has also been attacked. The specific content is too sensitive, so I won’t go into details.

So it's obvious.

opponent this time

Big appetite.

Then Xiao Rong paused and continued to explain:

"Because of this, the other party has preset multiple channels for feedback information, ready to be used to transmit these data."

"We traced the source through several springboard machines, and finally locked the two IPs with the most ferocious attacks."

Xu Yun immediately became interested when he heard the words, and hurriedly asked:

"Oh? Where is it? Across the sea?"

Xiaorong shook her head, her expression seemed to be a bit regretful:

"Unfortunately, it may be due to the low degree of business overlap. The two IPs are from the Kyoto University of Neon and the Sydney Niobium University of Tuao."

"Neon and Niobium?"

Xu Yun nodded thoughtfully.

Friends who understand the Internet should know it.

Although it is difficult to pinpoint the specific house number through IP traceability on the Internet, it is not difficult to trace back to a general area after breaking through the camouflage.

As for the reason why the two IP addresses are colleges and universities?

It's actually very simple.

Just as many domestic hackers have been recruited, a considerable number of foreign hackers have also obtained career establishments.

All the bosses of the cyber security centers of top universities in the world count as one, and each of them has left more or less legends among the people.

In addition, most high-tech companies maintain a relatively close relationship with one or several top universities, such as school recruitment or scientific research.

This is the so-called integration of industry, education and research.

Therefore, in some shady occasions, the two sides often cooperate.

For example this attack.

The purpose of those neon peers is to paralyze the educational administration system of the University of Science and Technology, completely make Fei Huadun's first show in the Department of Biology, and make them lose face once.

The goal of Kyoto is the database of HKUST, hoping to collect some valuable reports.

Ever since.

The two hit it off.

Think here.

Xu Yun couldn't help looking at Xiaorong, he vaguely sensed that something was wrong with the well-known hacker's mood:

"Brother Rong, do you have any ideas?"

Xiao Rong was silent for a moment, finally took a deep breath, and said to Xu Yun:

"Dr. Xu, would you like to play a big game?"

"?"

A question mark floated above Xu Yun's head, asking:

"What do you mean playing a big game?"

Xiaorong pointed at the screen and said firmly:

"Counterattack back!"

Xu Yun was slightly taken aback when he heard the words, then his eyes widened immediately.

Good guy.

He was still thinking about how to defend, but Xiaorong jumped directly to the counterattack?

But soon.

He understood Xiaorong's thoughts:

If according to the original plan, with only Huadun Biotech + HKUST Network Security Center, the defense should not be a big problem, but most of it is nothing more than that.

But now with the appearance of a new teammate from the National University of Science and Technology, a new change suddenly appeared in the situation:

As I said before, the Network Security Department of the National University of Science and Technology, which has digested the Institute of Information Technology, is actually very capable, and it is also the first queue in China.

This wave is just being calculated by heart and mind, it is not a crime of war.

Therefore, if the three parties can unite

It seems that it is really possible to counterattack?

wrong.

It should be said to be self-defense.

This is our old tradition.

Then Xu Yun looked at Xiao Rong and said:

"Brother Rong, the idea is good, but how do you know that the National University of Science and Technology will cooperate with us?"

Xiaorong smiled when she heard the words, and seemed to think of some interesting past:

"Dr. Xu, you may not understand that Director Xiang and Qing Chen from the Cyber ​​Security Center of the National University of Science and Technology had some intersections before, and neither of them accepted the other."

"If Qingchen proposes a cooperation idea, Xiaoxiang will not refuse."

"Besides, from a normal psychological point of view, you are staying at home well, and suddenly someone with a hammer and stick breaks into your house to grab something. You are not a chicken, so you will definitely think about revenge."

Xu Yun pondered for a moment, and felt that what Xiao Rong said was indeed quite reasonable.

Ordinary people are angry when they wake up, not to mention the situation of being woken up by a violent beating, and not everyone is Zhang Huaiming.

So soon.

He made a decision:

"In that case, Brother Rong, let's mess with him. It's okay if he comes and doesn't reciprocate."

Xiaorong adjusted her glasses, nodded heavily:

"Don't worry, just leave everything to me."

After getting Xu Yun's consent.

Xiaorong immediately contacted the Internet Security Center of HKUST, and Wang Qingchen sent a log.

soon.

A reply came from the National University of Science and Technology.

The content is also short, just one word:

"Dry!"

Fifteen minutes later.

The Cybersecurity Center of the National University of Science and Technology of China rushed to another five or six experts who were awakened from the bed, and thus formed an ultimate body composed of three parties to counterattack the new force.

Among them, the University of Science and Technology Cyber ​​Security Center has the largest number of people, with a total of 33 people, led by Wang Qingchen.

Followed by the National University of Science and Technology, 19.

The network security department of Huadun Biotechnology is newly built, so it has the smallest number of people, only 8 people, but there is a super boss like Xiaorong sitting in it.

To know.

The importance of individual combat power in modern network offense and defense is still very high—Xiaorong, without Xiang Haihua's assistance, can only choose to defend, but with Xiang Haihua, the University of Science and Technology can launch a full-scale counterattack.

Then another five minutes passed.

The counterattack officially started.

Wang Qingchen's counterattack target is Kyoto University, which in a sense represents Nihong, which is also an old opponent.

over the past few years.

Most of what Huaxia Internet encounters comes from across the sea, but what colleges and universities encounter mainly comes from 4V, followed by Neon.

clap clap -

Wang Qingchen's slender fingers swept across the keyboard like a pianist, leading more than 30 experts from the University of Science and Technology to launch an attack.

soon.

In the invisible online world.

A huge amount of traffic was gathered together, forming a terrifying flood of data.

This is a standard DDOS attack, which is also the normal process of hacker attacks.

This thing is like the unlimited firepower in the telecommunications area, which must fight the first-level regiment in the middle. The technology is not high, and it belongs to an old routine that has been inherited.

The reason why DDOS attack can become a mainstream attack method is largely due to its convenience.

It mainly uses the loopholes in the TCP three-way handshake protocol to launch attacks, and in the course of more than ten years of development, DDOS attacks have become more and more intelligent and simple.

up to now.

Even a "script boy" who doesn't understand any technology can easily launch a DDOS attack.

Even on the pages of some overseas websites.

Users only need to input the ip address of the target website and select the attack time to launch a DDOS attack.

Generally speaking.

The cost of a DDoS attack using a cloud-based botnet of 1,000 is about $7 an hour.

The DDoS attack service charge is usually $25 per hour.

This means that the attacker's expected profit is about $18 per hour, and the gross profit rate is very high.

Easy to operate + high profit, naturally more people use it.

However, as a director-level expert, Wang Qingchen did not use ordinary DDOS attacks.

He used NTP to achieve bandwidth gain, and a 20mbps port can cause a 2gbps attack effect.

So in just one minute of attack, the peak value reached 251G/s.

at the same time.

Kyoto University.

Nakamori Intelligence Laboratory. (see note)

Unlike Huaxia's computer majors, Neon's name for computer majors is a bit special, called "Information Department Major".

It includes computer information science, mathematical information science, communication information engineering and many other subdivisions.

If you insist on benchmarking.

The meaning of the word "intelligence" in Neon University can probably be equated with local information engineering.

Therefore, Zhongsen Intelligence Laboratory is not a special service agency, but a genuine network security center.

The person in charge of the Nakamori Intelligence Laboratory is named Nakamori Shuuichi, who used to use the code name Optic, and is also one of the top hackers in Neon.

When it comes to the IT industry of Neon, many people will show their hands in disdain, saying that Neon also has hackers?

Didn't they all collapse in half an hour in 2013 when they were beaten by Guo Shenghua, and our national flag was put on the Neon website?

However, it is a pity.

This is totally fake news.

In 2013, there was no hacker war between Nihong and Huaxia at all, and Guo Shenghua never did those things:

This is a liar who became popular through hype. He got into the game in 2018, and now he started to hype again not long after it was released.

This so-called patron saint of the Internet in China is actually an unemployed vagrant in Guangdong Province.

After graduating from technical secondary school, he has no fixed job and makes a living by doing odd jobs.

The establishment of Huameng in 2007, the rejection of Ma Yun’s 100 million offer, and the fact that red flags were planted all over the neon lights during the hacker war were all fabricated. There were only 400 paid members when they were arrested.

However, it is outrageous.

Such a liar who has already entered the game still has many marketing accounts to hype.

For example, if you search for Guo Shenghua and Guo Shenghua was arrested, there are completely two kinds of content.

This kind of person with all kinds of bad records relies on fabricated resumes and claims to be the patron saint of China's Internet and the godfather of hackers. (Someone mentioned Guo Shenghua when I was writing Xiaorong before. I think it is necessary to popularize this liar. This kind of villain who steals other people's honor is really shameless.)

all in all.

Neon's hacker scene is far less flimsy than many believe.

In the long run, this is an opponent that cannot be ignored.

Sometimes it is not a good thing to belittle or belittle the other party too much.

This moment.

Nakamori said that he was sitting in front of the console, listening to the assistant's report with a solemn expression:

"Senior Nakamori, the Huaxia University of Science and Technology's branch responded much faster than we expected, and at the same time, there are reinforcements who don't know where they came from."

"At present, the opponent has organized an efficient counterattack, and the peak attack speed has reached the T3 level!"

Nakamori said that he didn't care much about the "University of Science and Technology of China"'s counterattack. This kind of hasty counterattack only needs to resist the initial burst.

Kyoto University is like a vehicle that deliberately speeds up and splashes other people's water when passing a pond of water. The so-called counterattack is just a stone thrown by the other party in a panic.

As long as you avoid the first stone, you can only stand by the side of the road in a rage.

Therefore, rather than fighting back, Nakamori said he cared more about another thing, which was also his main task this time:

"And what about the data? How much data is withheld?"

When the assistant heard this, his expression froze slightly:

"Senior Nakamori, we only got more than a thousand papers."

"More than a thousand articles?"

Nakamori said that his brows were tightened even more:

"Why are there so few?"

The assistant straightened up immediately, and lowered his head at the same time:

"The other party directly blocked any web requests with the "Ping-To" and "Ping-From" HTTP headers, forming a flanking interception posture with the reinforcements, and a lot of data could not be transmitted."

"In addition, Senior Nakamori, during the confrontation, we seem to have discovered a very strange situation."

"what's the situation?"

The assistant handed a form to Nakamori Shuoyi, pointed at the top and said:

"Look here. The handling of these scripts here is exactly the same as that 'fingertip smile' from the Huaxia Hongmeng back then."

"According to our judgment, there is a 90% probability that the two parties will be the same person."

"Fingertip laugh?"

Nakamori said that he was taken aback for a moment, and a trace of surprise appeared on his originally stern face:

"Didn't he be recruited by Huaxia Xingong? Why did he appear at the attack point?"

Xiang Haihua was just transferred from the Institute of Information Technology to UCAS in October this year, and he has been keeping a low profile before.

Although he belongs to the T1 queue in the Chinese hacker circle, there are dozens of people who are on the same level as him or even above him in ability.

In addition, the hacker circle is not very eye-catching. The Neon official must know the news, but the Kyoto University is a little behind.

After all, this is not wartime, and the function of Kyoto University is mainly at the educational level.

It is unnecessary and impossible for the archives owned by the school to be updated in real time.

Therefore, after Nakamori Shuichi's question was raised, he was naturally met with silence.

Then the corners of his mouth muttered a few times, and he was about to order another attack again.

However, the words did not come out.

A little Baga not far away suddenly shouted:

"Senior Nakamori, it's bad, our management service provider has been compromised!"

I heard this.

Nakamori's original words stuck in his throat abruptly, and his mind was blanked by the news.

After a few seconds.

He dashed to the side of the console and snatched his subordinate's tablet.

Only at this moment.

On the screen of the computer in front of him, countless codes are constantly updating.

Nakamori said that he quickly entered a few commands, but it didn't work.

Three seconds later.

He suddenly understood something, clenched his fist with his right hand, and hammered heavily on the table:

"Baga! The DDOS attack is a feint!"

If Wang Qingchen could hear Zhong Mori's words at this time, maybe he would respond to him with "Yo Xi, you are so smart".

As Nakamori said.

The DDOS attack that Wang Qingchen was in charge of was actually a complete feint.

The real main attacker of the whole route is actually Xiaorong, and his target is not the official website of Kyoto University, but STW, the management service provider of the seven old Imperial Universities.

After the Meiji Restoration, Nihong established a total of nine comprehensive national universities.

Their mission has a strong imperialist and militaristic nature, and has cultivated many bad people.

Kyoto University is one of them.

Later, Neon was defeated and the word "Empire" was abolished.

However, seven of them still exist and are known as the old imperial universities.

At present, due to background reasons, these seven old imperial universities do not use the school intranet, but a dedicated management service provider STW.

STW carries a large number of information transfer tasks, and belongs to a center located at the rear, which is almost the vines of seven gourd babies.

Once the intruder gains STW's network access, AD Explorer can be used to find accounts with higher privileges.

Then you can target the development and collaboration platform, which is the seven old imperial universities!

at the same time.

Looking at the constantly jumping code in front of him, after being furious, Nakamori Shuichi had only one thought in his mind:

How dare he?

To know.

STW is the common rear of the seven old emperors.

Although the effect of being hacked is better than breaking through the official website of a certain college head-on, it also means that he has to pass seven levels before he can do this!

Now Kyoto University has only lost access to STW, not a single byte of data has been lost.

As long as the opponent is stopped at any level, all previous efforts will come to naught.

Using the situation of the Huaxia unit as an analogy, that is the difference in difficulty between attacking the University of Science and Technology of China and the Chinese Academy of Sciences.

See this situation.

Nakamori suddenly laughed:

"One wears seven, who do you think you are?"

"If you can reach this level, you can go to the white house to plant the flag, okay?"

In fact.

Just as Nakamori said.

When it was discovered that STW was being invaded, the network security departments of the other six old Imperial Universities also responded quickly.

A number of neon top experts gathered in front of the computer.

They feel like brave Yamato samurai.

With a must-win turban tied on his head, wearing a bathrobe, he raised his samurai sword fearlessly, and rushed towards the enemy screaming.

"Ba Ga, die, die!"

But soon they discovered

The enemy on the opposite side suddenly pulled out Gatling and fired at them.

In just fifteen minutes.

Hokkaido University, Tokyo University, Tokyo University, Nagoya University, Osaka University, and Kyushu University had no ability to resist, and were "killed" one after another:

third minute.

The STW platform support panel is invalid.

Sixth minute.

The source code repository broke.

Eighth minute.

khoznadzor buffer overflow, CVE-2022-24291, CVE-2022-24292, CVE-2022-24293 three major vulnerabilities were broken at the same time.

Thirteenth minute.

In desperation, the Cyber ​​Security Center of Osaka University sent an official e-mail from China Unicom requesting the agency.

However, when they opened the mailbox, they found that not only had the sending function of the mailbox been turned off, but there was still another email in the sending column.

The message was sent seven minutes ago and the subject is .

【Advantage は私にある】.

Fifteen minutes.

Everyone left their hands from the keyboard, and the assistant desperately stopped Nakamori who was about to have a laparotomy.

at the same time.

native.

Looking at the compromised database in front of him, Xiao Rong shook his head with unsatisfied feelings:

"After all, it's just the joint defense line of seven colleges and universities. It hasn't even reached the level of the Ministry of Foreign Affairs, let alone a white house. It's boring."

According to his previous plan with Wang Qingchen.

Wang Qingchen was responsible for launching a feint attack through DDOS attacks, while he went around behind to attack STW.

Xiaorong was indeed prepared for a protracted battle before, and even drank three cans of Red Bull. After all, Nihong did have a few hard ideas.

As a result, I didn't expect that STW would just GG in the past fifteen minutes.

Fortunately, he thought that Beijing University dared to launch an attack, and there might be some capable people behind it.

A real paper tiger.

Xu Yun: "."

If someone else said these words, then he would definitely feel that the other party was pretending to be X.

But right now it is Xiaorong who is saying this, so he really can't find any faults.

After all, this is the third hacker to attack the White House after Kevin Mitnick and Jonathan James (Gary McKinnon attacked NASA)

Then Xiaorong thought for a while, pointed at the screen and said:

"Doctor Xu, do we want to leave something on it?"

Then he paused and explained:

"This is actually a habit in the hacker community. For example, in the beginning, there was a hacker organization called 'Anonymous'. After the attack, they would deliberately leave certain signs."

"Hackers are very low-key in life, but they often appear to be very public in their profession. From the perspective of the industry, this is a manifestation of their ability."

Hearing these words, before Xu Yun could say anything, Gu Qunqing on the side said first:

"Brother Rong, I don't think it's necessary to do this."

"It's not as good as before. We are under a lot of international pressure."

"If you write something like 'Those who offend China will be punished even if they are far away', it will be cool, but if you hand the knife to the hands of foreign media, then the loss outweighs the gain."

Xu Yun also nodded in agreement, and said to Xiao Rong:

"Aaron is right. Brother Rong, we really can't just hand over the initiative to others for our own selfish desires."

"As long as we don't talk about it, Neon can only swallow the loss. After all, we are not as greedy as they are for the information in the database, so the other party will not be able to find out the actual IP evidence."

Xiao Rongjian said that he opened his mouth, and said with some confusion:

"Well, actually, I don't have to leave some Chinese or something. The key is that I always feel uncomfortable without writing something. This opportunity is not common nowadays."

"Then why don't we leave some other marks, such as the marks of Death Eaters?"

Xu Yun's mouth twitched slightly.

Well, this one is obsessive-compulsive disorder again.

But then again.

Hearing Xiaorong's words, he also had the urge to keep something, and it seems really unreasonable not to keep something like this.

After a few seconds.

Xu Yun's eyes suddenly brightened:

"Hey, I have an idea!"

I heard this.

Gu Qunqing couldn't help but exchanged glances with Xiao Rong, and asked:

"what idea?"

Xu Yun first pointed to the computer and said:

"Look, there is no evidence from Neon that we did this, but we can prove that they invaded us yesterday."

"So we can contact the University of Science and Technology, make a false impression that the system of the University of Science and Technology has also been invaded, and cry miserably in public opinion with the University of Science and Technology of China."

"In this way, something happened to Neon, and something happened to Huaxia. There is a saying that I don't know if you have heard it."

Speaking of which.

Xu Yun beckoned to the two of them, motioning to approach him, then lowered his voice and said:

"That sentence says that friendship between Ni and Ni depends on China, friendship between China and Nihong depends on Nihong, and friendship between China and Ni depends on stealing the country"

ten minutes later.

On the homepage of the seven old imperial universities, a sentence in Korean suddenly appeared:

"Assi, the whole world is my Smecta of the Republic of Korea!!"