At the height of the COVID-19 pandemic, a small midwestern startup company found themselves defending against a week-long barrage of cyberattacks executed by hackers operating from within a prestigious university in the north-eastern United States. OpenRelay’s Rivet team fought hard to defend our servers and protect the customers relying on us, and despite the efforts of an organization with vastly more resources than our own we kept our service running with minimal disruption.
We’re excited to tell this story! We want to show people what it’s like to be on the receiving end of a deliberate attack that threatens the business you’ve worked hard to build, we want to expose the prestigious institution that should have known better, and we want to start a discussion about how security research is done and how it should be done.
But one of the challenges in deciding how to tell this story was making it accessible to the widest possible audience, while still delving into details that people in IT and blockchain development would find the most interesting. Pulling inspiration from Wait But Why, we decided to go with a system of footnotes and Blue Boxes.
We use footnotes for details you probably need to understand the story, but someone with the necessary background will find completely superfluous. IT footnotes look like this 1. Web3 footnotes look like this 2.
Blue Boxes are basically the opposite of footnotes. You don’t need them to understand the rest of the story, but they’re details that will be interesting to people with specific backgrounds (and maybe those who are sufficiently curious). If you need to read the footnotes for a topic, the Blue Boxes might be over your head — but that’s fine, you can ignore them and still understand the rest of the story. Likewise, if you’re skipping the footnotes for a topic, you’ll probably find the Blue Boxes pretty interesting.
Here’s an IT Blue box:
An IT Blue Box
This is an IT Blue Box. The details here will be of interest to people familiar with IT, but are non-essential to the rest of the story.
And a Web3 Blue Box:
An example Web3 Blue Box
This is a Web3 Blue Box. The details here will be of interest to people familiar with Ethereum development, but are non-essential to the rest of the story.
With that out of the way, on to the story:
- Sunday — Attacks Begin
- Monday — A Reprieve
- Tuesday — Attacks Intensify
- Wednesday — Batten Down the Hatches
- Thursday — Waiting for the Next Wave
- Friday — A Break in the Case
- Saturday — A Stunning Confession
- Epilogue — A Look at Ethical Hacking
This is an IT footnote. If you come from an IT background, it’s probably safe to ignore them. ↩
This is a Web3 footnote. If you’re familiar with Web3, you can probably ignore these. If you’re wondering what Web3 is — Web3 is an advancement of web technology focused on decentralization, generally using blockchain technology. Unlike Web 2.0 services like Facebook and Twitter, Web3 applications are built in a way that no one company or group controls the way the application functions. ↩