Fictional Internet

Network Analysis

The cyber incidents that occurred from 2020 to 2025 include attacks on critical infrastructure, massive system outages in large enterprises, targeted attacks on sectors such as healthcare and education, among others. The impact ranges from single regions to global spread, with some incidents causing huge economic losses and serious social consequences. The following is a detailed summary:

• 2025 Year

  • Cloudflare global large-scale network outage: In November, the company's automatically generated configuration files for managing threat traffic caused a system crash due to exceeding the entry limit. A large number of platforms and organizations, including X, ChatGPT, and IKEA, were affected. Incident tracking platforms reported over 2.1 million related issue reports, and the outage took nearly four hours to resolve.
  • US NSA attacks on systems related to the Asian Winter Games: In February, the US NSA, using multiple jump points via Dutch cloud hosts and exploiting reserved Windows backdoors, launched 270,000 attacks on the Asian Winter Games event information systems and key infrastructure in Heilongjiang. The attacks targeted athletes’ biometric data, and this was the first time AI agents were used to carry out automated attacks.
  • Northwest Energy DNS tampering incident: In January, attackers launched attacks through the supply chain path from device vendors to core routers, using DNS pollution technology to create regional service disruption risks. The crisis was later resolved through a “golden 72-hour” quick repair mechanism and a jointly developed attack surface management platform.
  • Hikvision old vulnerability exploited on a large scale: Attackers exploited a high-risk vulnerability disclosed in 2017, combined with weak password brute-force attacks. This incident serves as a warning that improperly handled older vulnerabilities can pose a long-term and persistent threat to device security.

• 2024 Year

  • CrowdStrike update causes global Windows system crashes: In July, a configuration update for the company's Falcon Sensor security software contained a fatal logic error, causing blue screen crashes on approximately 8.5 million Windows systems worldwide. Industries such as aviation, banking, and healthcare were severely affected, leading to flight cancellations and payment disruptions, with estimated economic losses as high as $10 billion.
  • Change Healthcare hit by ransomware attack: In February, the U.S. healthcare payment giant was attacked by the ALPHV/BlackCat group. Hackers accessed the system through a portal without multi-factor authentication and remained undetected for 9 days. The attack disrupted operations at thousands of pharmacies and healthcare institutions, affecting the personal information of around 100 million people, with total costs estimated to exceed $2.45 billion.
  • Seattle airport suffers ransomware attack: In August, key systems at Seattle-Tacoma International Airport, including passenger display screens, self-check-in, and baggage handling, were paralyzed by a ransomware attack. Although flights were barely able to take off and land, manual check-ins and paper boarding passes caused massive passenger congestion, and some critical functions remained offline for weeks.
  • AT&T customer information major leak: In July, telecom giant AT&T disclosed that sensitive information of nearly 109 million customers was leaked. Hackers exploited account vulnerabilities on a third-party cloud platform to steal customer call and text records. AT&T reportedly paid $370,000 in an attempt to regain control of data deletion rights but still faced regulatory investigations and class-action lawsuits from customers.

• 2023 Year

  • On July 25, 2023, the Wuhan Earthquake Monitoring Center reported that some network devices at the front-end stations collecting rapid earthquake data had been implanted with backdoor programs. After verification by the National Computer Virus Emergency Response Center and 360 Company, it was confirmed that the center was attacked by a foreign organization. Police investigations found that the backdoor programs could illegally control and steal earthquake intensity data. This behavior poses a serious threat to national security. It is initially determined that the attackers are a foreign hacker group with government affiliations, and the police have subsequently filed a case for investigation.
  • From May to October 2023, a major Chinese smart energy and digital information high-tech company was subjected to over 30 cyberattacks suspected to be from U.S. intelligence agencies. The attackers used foreign stepping stones from Germany, Finland, and other locations, exploited Microsoft Exchange vulnerabilities to infiltrate the company's mail servers, and implanted backdoor programs disguised as open-source project files to steal executives’ emails, core network device configuration lists, and other sensitive information, cumulatively stealing 1.03GB of data. In addition, during the same period, another advanced materials design research unit was also targeted by this suspected entity. Over 270 hosts were implanted with control trojans, resulting in the theft of large amounts of trade secrets and intellectual property.
  • On November 8, 2023, ICBC Financial Services LLC, a wholly-owned subsidiary of the Industrial and Commercial Bank of China (ICBC) in the United States, suffered a LockBit ransomware attack, causing some systems to be disrupted. Although this attack did not affect ICBC headquarters or other overseas branches, the subsidiary was unable to settle pending U.S. Treasury trades and had to transfer settlement data via USB drives, which temporarily disrupted the U.S. Treasury market. Subsequent reports indicated that ICBC had paid the ransom, and the incident also prompted global major banks to enhance and upgrade their cybersecurity defenses.

• 2021 Year

  • Northwestern Polytechnical University was targeted by cyberattacks from the U.S. NSA: As a typical state-level APT attack, foreign hacker organizations stole faculty and student email data and citizens' personal information through phishing emails and other methods, reflecting the intense nature of cyberspace competition between nations.
  • Vodafone Portugal suffered a destructive attack: This attack directly caused large-scale disruptions to multiple communication services in Portugal, including 4G/5G networks, landlines, and television, demonstrating that cyberattacks can inflict devastating damage to a country's communication lifelines.

• 2020 Year

  • U.S. natural gas pipeline operator hit by ransomware: The attack exploited insufficient IT and OT network isolation, causing gas compression equipment to shut down after the ransomware intrusion. This incident turned theoretical threats against critical infrastructures like energy into a reality, sounding the alarm for cybersecurity protection in the global energy sector.
  • Domestic healthcare system ransomware attack: In June, certain domestic healthcare systems suffered a cyberattack, forcing surgeries to be canceled and completely encrypting medical data. This incident prompted the National Health Commission to launch a special security action, gradually establishing long-term protective measures such as patient data encryption standards.
  • Education data leak incident: In December, due to SQL injection vulnerabilities and risks of storing data in plain text, an education data leak occurred. Afterwards, the Ministry of Education carried out special inspections, promoted the deployment of a data security platform, and established a classified management system for education data.

Many cyber incidents from 2020 to 2025, such as the leakage of AT&T customer information and the hacking of public Wi-Fi accounts, have exposed problems like the vulnerability of public networks to attacks and the difficulty of protecting personal information. In contrast, home networks offer significant advantages in terms of security protection, stability, and privacy. By using NAS devices to build a home storage center, users can share photos, videos, and study materials without relying on third-party cloud storage platforms, thereby avoiding the risks of data leaks associated with these platforms. At the same time, home networks can be configured with a guest network. When visitors come, they can connect to an independent guest network, isolating core devices and data. This setup not only ensures visitors can use the network but also prevents accidental access or tampering with core resources.

Theoretical Conception

The essence of using a Mac mini to set up a home NAS is to 'leverage existing device advantages to build a lightweight data management system tailored to home scenarios.' The core focuses on 'storage security, smooth network connectivity, and convenient services,' balancing needs and costs to achieve efficient home data management. The key goal is to realize 'stable access within the local network and on-demand access over the public network': within the local network, macOS's native 'File Sharing' (SMB protocol) is enabled, allowing home devices to access the Mac mini directly via its network address; for remote access, public IPv6 can be used (no port forwarding required, simplifying configuration), combined with modem bridging and router IPv6 dialing, ensuring the Mac mini obtains a public IPv6 address. Then, using a DDNS tool (such as ddns-go) to bind a domain name resolves the issue of dynamic IP changes.

Suitable for users who want to have in-depth control over configuration, the core focus is on completing IPv6 network connectivity, setting up NAS services, and configuring DDNS resolution. The specific steps are as follows:

1. Pre-network setup (Enable public IPv6)

   • Modem bridge settings: Log in to the modem management interface (the address is usually on the back of the modem, such as 192.168.1.1). If the default account does not have sufficient permissions, contact your ISP to obtain super admin access. Change the modem mode to bridge, note parameters like VLAN ID, and disable the IPv6 firewall to avoid blocking connections.
   • Router IPv6 dial-up: Connect the router to the modem, access the router’s backend, configure PPPoE dial-up, and enter your broadband account and password. Enable IPv6 in the network settings, set the address acquisition protocol to automatic, and you can use Cloudflare's 1.1.1.1 as the DNS. After a successful dial-up, confirm that the router has obtained a public IPv6 address starting with 2.
   • Verify Mac mini's IPv6: Open the terminal on your Mac mini, enter the 'ip addr' command, and check the inet6 address under the en0 (Ethernet) or en1 (Wi-Fi) interface. Record the stable IPv6 address that is neither temporary nor deprecated.

2. Setting Up NAS Core Services

   • If web access is needed, you can install Caddy as a web server, or use Python for temporary testing: in the terminal, enter cd [target folder] && python -m http.server 2333, setting the target folder as the shared directory, with 2333 as the port number.
   • Open ports on the Mac mini: go to “System Settings - Network - Firewall” and allow inbound connections for custom ports like 2333 to ensure the service can be accessed from the public network.

3. Configure DDNS to Solve IPv6 Dynamic Issues

   • Install ddns-go: On Mac, quickly install via Homebrew by entering 'brew install ddns-go' in the terminal, then execute 'ddns-go -s install -l 23333' to launch the control panel.
   • Bind domain name resolution: First, purchase a domain and complete identity verification on platforms like Alibaba Cloud or Tencent Cloud. Then, go to the ddns-go web console (IP:23333), choose your domain service provider, enter your domain, AccessKey ID, and Secret, specify the record type as AAAA (for IPv6), set IPv6 address to be obtained automatically, and once done, ddns-go will automatically synchronize IP address changes.

4. Public Network Access Verification: Use a browser on an external network device to enter http://domain:2333. If you can open the shared folder, it indicates that the setup is successful. If you need a secure HTTPS connection, you can apply for a free SSL certificate on Alibaba Cloud and configure the certificate through Caddy to enable encrypted access.