[MN] nddrhreaegsot

[Odinson]

In Moscow it was 3:30 in the morning. July 15 was probably expected to be an uneventful Sunday in Moscow. Most people in Russia's capital were asleep and unaware of the security breach that was about to take place. Secured government servers - specifically those belonging to the Ministry of Defense and Ministry of Foreign Affairs - were compromised. Some of the compromised information was about all 420 members of the Russian State Duma. Before the government was even aware of exactly what information had been compromised, the private phone numbers of members of the Federal Assembly began to erupt with text messages and phone calls from Russian citizens, and some of their private email accounts were suffering from similar problems. The private physical address of every member of the assembly was also published, which meant that they would also probably start getting an obscene amount of mail from Russian citizens and possibly people abroad. All of this information was posted on a number of random public message boards, which were quickly copied and posted on thousands of other websites, and hundreds of reputable news websites. Containing the spread of this information became an impossibility minutes after it was published. By the time the government was aware of what was happening, they also detected that the hackers were trying to obtain information of who was on the flight crew for President Putin's aircraft - the Tu224M that was used to fly to China. If the appropriate people in the Russian government decided to stop the infiltration, they would have the time to physically disconnect the servers before the hackers were able to get the information regarding the flight crew.

From what they would be able to determine, no secret or sensitive information from the Ministry of Foreign Affairs or the Ministry of Defense had been obtained by the hackers other than the information about the members of the Duma.

@Andy

 

[Andy]

---

With staff manning the servers 24/7 they would’ve noticed within the first few minutes hackers would’ve been trying to enter the servers, they would’ve been disconnected from the servers almost instantly once entering. Once they were kicked their IPs were logged and given to the FSS and the GRU of the Russian Military. Even though the information was leaked about flight crews and Duma members, this information wasn’t considered ‘classified’ as Vladimir Putin liked the transparency within his government.

With the information of the IPs and now the information regarding the suspects from the IPs, a Denial of Service attack (DDoS) would be issued in the IPs of the hackers to hi h would instantly disconnect the hackers internet and cause major distribution for them. OMON teams were readied within a matter of minutes to raid the suspects building of where they were. Information on the sites would also be taken down within the Russian Nation as it was early morning, not many civilians would be bothered or read such information.

---

 

[Odinson]

The sensitive personal information and the details of the President's flight crew were successfully leaked. Despite the efforts of the Russian government to contain the outbreak, the information was posted on not only Russian but other international websites which the Russian government had little to no control over including websites like Reddit, Facebook, Twitter, YouTube, and presumably international media outlets. However, the Russian government did have the power to take down any website whose server was in the Russian state. When the Russians inspected what the IPs were for the hackers that infiltrated the servers, it quickly became clear that they were using VPNs which made tracking their true locations almost impossible. One of the IP addresses appeared to be Los Angeles, California, another appeared to be coming from The Hague in The Netherlands, a third appeared to be in Hong Kong, the fourth appeared to be from a small Argentine city, and the fifth made it appear as if it was coming presumably from the Office of The Prime Minister in the Kremlin. Although there wasn't an exceptional amount of appeal to calling the number or writing a letter to their MP via information that had been illegally MP, some Russians still found the time to do so for whatever reason. The small minority of the nation of 140-million that decided to do this still amounted to a lot. Eventually, the MPs' emails were being spammed with malware, porn, and other undesirable messages. Every MP also received a similar email which was mostly an unintelligible assortment of random characters, however they all ended with "nddrhreaegsot". This looked to be, however, the conclusion of the attack.

A week or so later in Rome, another situation began to develop. Telecommunications began to be a bit strange, but not totally out of the realm of normality for officials in the King's Royal Council. It wasn't until a few days has passed that it was obvious that something was wrong. The private phones, especially cell phones, of these officials were either sluggish or would sometimes randomly drop calls. In fact, even King Vincenzo found there to be issues with his private line.

@Logan

 

[Logan]

With the breaching of governmental phone lines, all major high-level officials would be directed to use (and frequently change/replace) prepaid "burner" phones until the breach was finished. IT Staff would attempt to isolate the cellular phones and figure out what was going on, while the phone company would work on replacing the hard lines. The Policia Stato would attempt, however they would not get far due to the lack of a trained cybercrimes division, to track down any digital signals that might be affecting the telecommunications systems. The King Himself would resort to coordinating military operations through secure military Combat-net radios, namely the CNR-2000, SRT-278s.

 

[Odinson]

Transitioning to burner phones seemed to do the trick, though whomever was listening to the Italian's calls seemed to understand that the phones weren't being used anymore. The numbers of these public officials were leaked to the public, meaning that they would also have to be changed. Because the Italian government didn't have trained professionals to deal with cyber warfare, combating this attack or detecting where it came from should have been a virtual impossibility, however they were lucky and came to the following conclusion. Security at some government and private telcom servers had been compromised by hackers. While these kinds of servers are usually isolated so that outsiders can't hack into them, some minor security issues had larger consequences. Specifically, government and private professional employees were using inhouse computers connected to the main servers to connect to the World Wide Web. Text messages were sent to the old numbers of the government officials which only said, "nddrhreaegsot". The texts were all from unlisted numbers which were probably also burner phones.

A few days later, the Dutch Ministry of Foreign Affairs received an encrypted message from an unknown source. The message was unique because it had the encryption and security of a sovereign state. The following message was sent to the Foreign Ministry, and then the three largest newspapers and television stations in The Netherlands three hours later. However, the banking information was not included. The message was sent at 6:00AM Netherlands time. The press were publishing stories about it by 9AM, just in time for the entire country to hear about it.

"Dutch Government,

We have the capability to bring havoc to you and your international friends. However, we giving you an opportunity to avoid crisis, destruction, and death. If the Netherlands government deposits $10,000,000 into our bank account, we will not attacks. But, if the money is not deposited, we will kill at least 100 British citizens. We will give you 5PM.

We don't want hurt anyone don't make us please,
nddrhreaegsot"

@Dutchy

 

[Dutchy]

The message would of been received by the Dutch government and forwarded to the Joint Sigint Cyber Command of both the Military Intelligence & Security Service (MIVD) and the General Intelligence & Security Service (AIVD). They would secretly begin the process of analysing the message, covertly tracing the message back to its point of origin.

The Defence Cyber Command department of the Military Intelligence & Security Service (MIVD) would increase their monitoring of essential systems, improve securty and be prepared for a breach of security. Commando's and Marines would also be prepared for action.

All terrorism intervention teams from the Special Interventions Unit of the National police would be placed on standby and be prepared for immediate deployment. Officers would also be conducting extra patrols of places with lots of civilian traffic. The Koninklijke Marechaussee would deploy at the following locations:

- Amsterdam Airport Schiphol - 2 BSB Peleton
- British Consulate-General Amsterdam - 2 HRB Peleton
- British Embassy The Hague - 1 HRB Peleton
- British Consulate Willemstad - Curacao Eenheid
- European Treaty Organisation Headquarters The Hague - 1 BSB Peleton
- Peace Palace The Hague - 1 BSB Peleton

The British Embassy and the British Security Services would privately be informed of the threat being posed to their citizens.

 

[Odinson]

At 5:01P.M. a red light turned to green just outside of London - this was no error or accident. Two highspeed bullet trains, going in opposite directions toward each other, were travelling between London and Bristol. Unfortunately, the trains both met on a turn which meant that there was very little time to react. Only one of the conductors was able to hit the emergency breaks in time, but it only slightly slowed one of the trains. Both were travelling just a little under 200 kilometers an hour as the locomotives slammed into each other with an incredible amount of force. Both locomotives exploded upon impact as the passenger cars behind each one continued with their momentum to slam into each other. Train cars derailed and flipped off the tracks after impacting with one another, instantly killing dozens of people. Once all motion had ceased, 147 people were dead, 52 were almost dead, and the remaining 212 were injured to various degrees. The crash occurred on the outskirts of London, not far from the M25.

An encrypted message, which wasn't too different in security from the Dutch message, was oddly sent to the British Home Office. The message read,

"We are sorry that we had to destroy your trains and kill your people. We were not given other choice. We asked your friends in Netherlands for money and that in return, we would harm no British, but they refused. So now, we give you a similar choice. Maybe we were being to unreasonable. This time, we only demand $5,000,000 to be deposited into our account. If you do this, we will stop our attacks. But if you do not, we will kill 400 Portuguese. We give you until 9PM tonight.

Please do not makes us kill, we will stop once you give money,
nddrhreaegsot"

Information for a different bank account was submitted this time. The message was sent at 5:30, less than half an hour after the trains collided. Her Majesty's Government now had 3 hours and thirty minutes to make a decision.

_____________________

It wasn't until 5:00PM that the Dutch were able to locate the actual origin of the message. It appeared to have come from the computer of the Dutch Minister of Foreign Affairs, Leopold Albronda.

@Jamie
@Dutchy

 

[Jamie]

---

Following the warning from their Dutch Counterparts, the British Government had informed Security Services which included not just Emergency Services, but the Domestic Intelligence Service Mi5 of the potential threat. This warning, especially following the recent bombings in London, was enough to enlargen a presence nationally. London been of critical importance given it was the capital of the United Kingdom and often targetted. Unaware of the potential threats, screening in and out of the country was enhanced, additional checks from the moment the warning had been given. Extra searches on all methods of transport, an increased police presence including that of armed police. Mi5 Operations begun to not only begin tracking known suspects, but to turn a focus onto Cyber Security to cover any eventuality.

In response to the Dutch Warning, the British Government privately informed them of their support regardless of any decision, and recommend not obeying any terrorist threats. Given the severity of the message, and it getting sent at 6am in the Netherlands (5am UK time), it would be presumed to have been picked up by security services quickly and the UK Government informed by 8am (Dutch time) at the latest. With this in mind, the time to arrange security was convenient enough given their were no indications of an attack during Rushhour. The day was relatively normal, no signs of threats, possibly a hoax? They could never be sure. As it got to 5PM (or 4am UK time), methods of transport were much busier as it entered the rushhour period. The time where the majority of UK workers were leaving to go back home for the evening. However, the route between London and Bristol was relatively straight forward. A multitude of lanes and turn-ins to keep the train traffic flowing.

Nonetheless, due to the route from Bristol to London was relatively straight around the M25 area, a few curves which slightly reduced visibility for the conductors on-board but only before the Slough Trading Estate which featured multiple stops. However, this route in particular has two seperating runnings. One heading into London, the other out, and not unlike the road system, trains operate from the left side; thus confirming that the earliest point a train going into London could enter the opposite direction would be near St Mary's Road, Middle Green, Slough. Although having to comply with the change over, the Conductor raised his concerns given it involved swapping lanes going into London, a route they had done hundreds of times before. Beginning to decrease his speed and contact Control. Control, at this point, were already aware of the light change due to their robust systems.

Sparking concern and putting a procedure into place to prevent any problems; an eventuality that training will aim to cover over the course of their careers. Given the collision was closer to the M25, the train exitting London would need to roughly be near the Southhall Track, still picking up speed but with Control aware of the problem, alerts went out to all active trains of new plotted routes designed to get the first train back on it's rightful path at the earliest point possible. That been beneath the Middlegreen Road Bridge. In response to this plan, the train leaving London would only need to reduce it's speed to roughly 50mph, giving that extra time for the trains to be on their right paths again. In the nearby stations, delays were expected due to the light issue, recognising it as a fault due to the normality of technical problems throughout daily lives. Delays were expected throughout the evening as the staff remained extra vigilant, ensuring the light was adjusted and an engineer dispatched to assess it on the line. Whilst coursing a nussiance for those trying to get home, it was hopefully going to be a safe trip here on out.

The problem was logged and no doubt an investigation into what could've occurred, unsure of any tampering given how often events like this could happen; the main concern was that without the swift thinking of the Rail Network, it could've been a tragic event. In the meantime, security services remain vigilant and unsure what to expect in regards to the promise of attack against up to 100 British Citizens. Only time will tell.

---

 

[Odinson]

Some time had passed since the last attempt at a cyber attack in the United Kingdom. The hackers were frustrated with their failure and decided to take a break to reassess their abilities and make sure that their next attack went without issue. The hackers never confirmed that they were behind the light change outside of London, but what they found remarkable is that the British didn't warn the Portuguese government that a threat had been made against them.

Weeks later, a very detailed plan was put into motion. A fully-loaded 747-400 departed Lisbon's international airport. It's destination was Edinburgh. Onboard the flight was an unusually undiverse group of passengers - 402 of them were Portuguese, 14 were Scottish, and the pilots were all Portuguese. Everything appeared to be normal at take-off and for most of the beginning of the flight. However, when the aircraft was at its most isolated point over the Atlantic, a passenger inserted a USB into his in-flight entertainment system. From the in-flight entertainment system, a virus from the USB was inserted into some of the plane's software when the USB connection was recognized. Currently, the flight was at a cruising altitude of 35,000 feet over the western edge of the Bay of Biscay. The aircraft was ~280 kilometers from Brittany and ~280 kilometers from northwestern Spain. There was a strong westerly wind across most of the bay, and stormy conditions below.

The pilots would first hear, and then receive alerts, that all four of the 747's engines were rapidly winding down. Multiple emergency alerts began blaring in the cabin when engines 1 and 2 both dropped below idling RPM, and then shut off. Engines 3 and 4 followed about four seconds after. All of the lights and electrical equipment in the aircraft that depended on the engines for power shut off, including the equipment in the cabin. In the event of a total-engine failure, many passenger aircraft, including the 747-400, were equipped with a Ram Air Turbine (RAT). The RAT was a small wind turbine that would be automatically deployed from the bottom of the aircraft, and literally used the passing air to power the most essential electrical equipment for the pilots. This did not include main hydraulic power. Attempts to restart the engines or the aircraft's computer systems were futile and yielded no results.

In favorable conditions, a 747-400 is capable of gliding about 170 kilometers from cruising altitude. The closest airport was in the opposite direction the aircraft was flying, in northern Spain - Santiago de Compostela Airport. It was a little under 400 kilometers away.

@Fairhold