The February 2015 E Corp hack was the DDoS and installation of a rootkit on the server farm in the E Corp Dulles facility on February 24, 2015. The hacker group fsociety was responsible for the hack. Allsafe employee Elliot Alderson stopped the hack, while secretly giving fsociety access to the root directory of cs30 server of E Corp's network. This hack lead to the dismissal and criminal prosecution of Terry Colby, E Corp's former Chief Technology Officer (CTO).
Background
E Corp is the largest conglomerate in the world, with their enterprises extending internationally. The company owns 70% of the global consumer credit industry, with banking and consumer credit division. In 1993, a toxic waste leak from a E Corp chemical plant at Washington Township, NJ resulted in the death of 26 employees from similar types of leukemia, from chemicals with dangerous levels of toxicity, including Edward Alderson, the father of Elliot Alderson and Darlene Alderson. This led to fsociety, a hacker organization created by Elliot and Darlene to take down E Corp. Members of the group include leader Elliot, Darlene, Romero, Mobley, and Trenton. Elliot hallucinated his dead father as the leader named Mr. Robot due to mental illness. Seemingly as a result of memory loss, he was unaware of the group's existence prior to this attack. Elliot was also an employee of Allsafe Cybersecurity, the security firm hired by E Corp to protect their network infrastructure, and is Allsafe's largest client.
Attacks
The attacks began on February 24, 2015 with a DDoS attack from fsociety targeted at the E Corp servers in their facility in Dulles. This was accompanied by the installation of the rootkit, written by fsociety member Darlene, on server cs30. On the infected server's root directory included fsociety00.dat, a database file with a list of IP addresses, and readme.txt, stating "LEAVE ME HERE".
Following the criminal prosecution of Terry Colby, fsociety erased the data on the network computers in the E Corp headquarters, and replaced it with a video, issuing further threats and demands to E Corp. Among the threats include the potential leaking of emails and corporate secrets, which was later realized. They also demanded the release of Colby, claiming he was the hacker group's leader.
Response
The DDoS attack was first noticed by Allsafe Cybersecurity at 2:07 A.M. on February 25. Allsafe employee Elliot Alderson arrived at Allsafe offices to stop the hack, who suggested the existence of a rootkit. He, with Allsafe CEO Gideon Goddard, travelled to the E Corp Dulles facility in order to end the hack, and find the perpetrators. Elliot was able to stop the hack and supposedly deleted the fsociety directory, when he actually, after reading the readme.txt file, configured the directory so that only he could access it. After a meeting with Mr. Robot, Elliot modified the fsociety00.dat file, to include the IP address of Terry Colby's terminal.
Aftermath
Examination of the fsociety00.dat file by Allsafe, E Corp, the FBI, and US Cyber Command, resulted in the conclusion that E Corp CTO Terry Colby was at least partly responsible for the hack. This lead to the dismissal and criminal prosecution of Colby. Suspicion from Allsafe CEO Gideon Goddard resulted in the creation of a honeypot on the cs30 server. E Corp Senior Vice President of Technology Tyrell Wellick is appointed as interim CTO, and correctly assumes that Elliot Alderson is partly responsible for the hack, but initially believes that he executed the hack as a mere act of revenge against the company after the death of Elliot's father, Edward Alderson, whose death was caused from actions by E Corp. Tyrell Wellick attempted to use the dismissal of Colby in order to become E Corp's CTO, but the position is later given to Scott Knowles.
This hack was followed by the release of confidential data belonging to E Corp, which included emails that revealed that Colby was one of three high-level executives involved in the cover-up of the 1993 Washington Township toxic waste scandal. This was followed by the May 2015 hack of E Corp, which encrypted all of the financial data of E Corp, in effect making the data unusable.