Shift Delete
Page 23
During Parovsky’s visit to Moscow, the Russians had provided real actionable intelligence, while today the Americans provided effete words about mutual support. Annoyed, the Russians began asking overly-probing questions, like Grigoryev’s, “Once you have identified signs a cyber-incident is underway, how soon before you know what the attacker looks for?”
Parovsky, Brendan, Ted and Loretta all exchanged glances, wondering if someone would attempt to answer or kindly tell them they could not answer the question. The uncomfortable silence built, but Grigoryev held his ground, knowing that silence encourages the other side to talk. The exchange of glances spread to the other Americans, all of whom were afraid to say anything—before one of the TLA guys chimed in with the canned response, “I’m afraid we cannot answer that.”
DCA had to develop special tools for transferring information for their monthly discussions with the Russians regarding specific incidents and periodic summaries and joint case studies.
“And can you identify your attacker? And the attack vector, its location and techniques?” Grigoryev continued hammering away. He was going for it all, Parovsky thought to himself.
“Are you conducting your offensive operations from this location?”
Grigoryev’s normally red skin turned crimson; Parovsky understood he was pissed off.
With that, the NSA representative—a heavy-set man with a double chin—perked up, glanced at the agenda projected on the screen to be sure there was nothing after “Q&A/Discussion,” stood up and ended the meeting with, “OK. Time we wrap this up and get on with our day.”
When the meeting ended, Parovsky escorted the two out to a waiting Russian embassy car outside DCA’s building. As they entered the car before departing, Grigoryev suggested Parovsky stay in touch about things going on at DCA. “Parovsky, we need some more output from you. Where are your monitoring sensors located on the web? How quickly do you get your systems back online after debilitating attacks? Give us some real information. Information we can use! That’s what you get from us!”
“I’ll see if 1 can get you something,” he shot off without really thinking about how they might interpret his response. He felt bad the Russians were going home completely empty-handed.
As the Russians drove away, Parovsky began to wonder, What the fuck does he mean by that? What do they expect from me?
Parovsky figured the Russians were simply trying to get some useful information as part of the bilateral information sharing. Or were they pressing for something beyond that? He figured the practical and results-oriented Grigoryev was trying to make a point that the visit had been a farce. When Parovsky visited Russia, the Russians provided material bordering on espionage about Estonian hackers, yet here the Russians did not learn or see anything new, and asked questions a little too intrusive. Parovsky really wasn’t sure, but figured he might as well report the curbside conversation to the colonel, just to be on the safe side.
When Parovsky mentioned the Russian’s strange remarks to the colonel, he found his friend more interested in reminiscing about some episode from his military days. Parovsky actually enjoyed the stories, and it made his friend feel good retelling them.
“I was the junior shore patrol officer back when I was a lieutenant. We set up shop at the local police department in some Spanish port. Oh yea—it was Palma de Mallorca.” Seated across from Parovsky, the colonel’s face brightened as he recollected the story.
“We got a call about one of the non-coms—a black belt karate expert—who was quite drunk and causing trouble. That’s ‘drunk and disorderly’ in military lingo.
When we got to him, I told him that we were gonna’ take him back to the ship.
He immediately went into a confrontational karate stance. I was with a few enlisted guys, so I told them that I’d take the first blow, and they damn well better jump the guy when he goes after me. Sure enough, that SOB did a job on my face with some kind of kick, and the guys with me jumped him. Once we got him in the paddy wagon, it was unspoken that they had carte blanche to kick the crap out of him.”
And with that the colonel stopped talking.
What did he mean by that? Parovsky wondered. Is he trying to tell me something, like warning that if someone gets out of line they ultimately pay the price for their actions? Or perhaps he is just reminiscing for his own benefit and found me as an available listener. In any event, it shook up Parovsky; the uncertainty aroused by the colonel’s visits and stories unsettled Parovsky for a few days, but as its effect wore off and the draw of Parovsky’s curiosity about Lippnow tugged at him. Parovsky soon found himself scouring Lippnow’s emails once again, where he found an abundance of emails seeking quotes for more vacuum pumps, thermal ionization mass spectrometers and arnokrome magnetic tape.
At first it was curious voyeurism, not unlike what he had done back in college, peering into coed’s windows with a pair of binoculars from his dorm room.
Parovsky began deleting emails regarding price quotes and orders, some of which Lippnow had already seen, which drove Lippnow mad, and others before they were opened and read, all of which served to slow down the process. It meant more emails or calls asking for the already- issued quote to be sent a second time, or to have it reissued if its validity had expired. Parovsky could only imagine with glee the consternation he was causing Lippnow as he searched for emails he knew he had seen but couldn’t for the life of him find in his Inbox or Deleted Items folders.
Parovsky read an Intelligence report put out by Loretta, which was actually based on a CIA document but portrayed by her as if she were the one with the news scoop—only adding to his disdain for her—of Iranian and Russian cooperation in launching cyber-attacks. Parovsky could imagine his Iranian counterpart sitting in that same room at FSB headquarters in Moscow with Grigoryev and Bashlykova plotting offensive activities on their common foe, the United States. It certainly didn’t serve to enamor him any more with the Russians; he already hated the Iranians. His only present connection with Iran was through that scumbag Lippnow. It was time for action...
Parovsky was bored. He had been to the gym for a workout but still had residual energy that kept him from packing it in for the night and going to bed. Wandering over to his laptop in the corner of his living room, he checked his personal email account and found nothing but a TripAdvisor email temping him to visit the ten hottest hotels one mustn’t miss, and a LinkedIn request to connect from some guy he didn’t know. He shift/deleted both.
He pecked at INN but found himself staring mindlessly at the page rather than reading. And then he thought of Lippnow. His browser remembered the IP address, and the password was already configured, so accessing Lippnow’s computer was just as easy for Parovsky as logging into his own gmail account.
More boring emails. He clicked on Explorer and reached a Google search page, Lippnow’s default home page. The voyeurism invigorated Parovsky. Bored a moment ago, he was now alert and engaged. He was curious to see Lippnow’s internet “Favorites”, but found mundane sites like his bank, The New York Times, INN and Amazon. His browsing history was more interesting. A porn site offering thousands of free amateur videos.
Nice, Lippnow! We have something in common after all!
Industrial machinery manufacturers, a hotel in Istanbul, the White House.
What the...
When Parovsky began typing the address www.whitehouse.gov it automatically jumped to: /administration/executive office of the president, reaching a bio for an Asian man with the rather excessive title of “Senior Advisor to the President for National Security Affairs, Special Projects & Initiatives.” He didn’t give it much thought.
For now, his attention was focused on Lippnow. Since catching on to his illicit activities on Iran’s behalf, Parovsky became obsessed, regularly snooping on Lippnow’s email Inbox and Sent messages, looking for...well, he didn’t know exactly what. Maybe just to know more, no
t that he even had an idea of what to do next. Most of Lippnow’s emails were boring, legal-related correspondence—no different from the first time he hacked into Lippnow’s account, plus the occasional off-color sexist or racist joke received and then forwarded onwards. Parovsky found himself checking Lippnow’s email as much—if not more—than he checked his own. He was completely captivated, interfering with his focus at work and at home. Lippnow appeared in his dreams. They were back in Anderson Hall at American University, hanging out in Lippnow’s room since he always had beer, potato chips and other snacks on hand, and usually an expensive bottle of vodka or whisky he had swiped from his parents’ liquor cabinet. Music would be playing on his top-of-the-line hi-fi stereo component system, orders of magnitude superior to the portable radio cassette player that was all audiophile Parovsky could bring on the flight with him from California. In the dreams, Lippnow was decked out in his standard outfit of faded blue jeans, pink or other preppy-colored Ralph Lauren or other designer button-down shirt and maroon penny loafers, while he consciously flaunted his gold necklace and gold bracelet. And to keep the focus on himself, Lippnow was always sure to bring his wealth into the picture.
“Hey, let’s go for a joy ride in my ’Beemer,” he would say referring to his black BMW convertible, or make offers to spend weekends or even spring break at his family’s beach house on the Jersey shore. Parovsky had gone on several road-trips with reckless Lippnow to see Washington’s monuments at night, to Baltimore to catch an Orioles’ baseball game, zipping up to Atlantic City at high speeds for some gambling, or even New York City for the hell of it. He remembered Lippnow’s car had a built-in phone, as if a full-time college student really needed one in those days, and recalled thinking back then that it seemed obnoxious, as if he were some business magnate who had to be reachable at all times. Since these were the days when car phones were the reserve of the rich and famous, it was a flagrant status symbol meant to impress people, which it did. The free-flowing alcohol, readily-available transportation to fun outings, cool gadgets and his bon-vivant style made him popular back then.
Parovsky’s mind now got the best of him; he imagined Lippnow having dinner with Layla—his Layla—and then in bed with her, and he actually felt possessive of her for the first time.
Parovsky wished he had never met this jerk, and was angry with himself for allowing this guy back into his mind. He wished Lippnow didn’t exist.
And then it dawned on him. I can make that happen! His eyes opened wider and brightened as a smile came to his face. Not only could Parovsky thwart whatever Lippnow was up to, but he could almost wish Lippnow away.
He wasn’t even concerned about being detected, snooping around in so many government agency’s files not related to his work. His cyber agency credentials were like a master key that allowed him to go almost anywhere, always with the plausible excuse that he was combating a cyber- intrusion that was being kept quiet. Truth was that press reports of the radical Islamic State threatening war on Iran to get their hands on Iran’s nukes, all he could focus on was the need to stop this madness. Parovsky took only limited data, so monitoring equipment didn’t pick up on the data being exfiltrated. It went undetected because he had authorized access, even though he wasn’t using it for a true business purpose and he was viewing private information against policy. The red flags and warning bells were set up to detect large data exfiltration. He knew and understood that he was breaking his trusted access to protected information. Parovsky at times worked long hours, or came in early and stayed late. Because of the nature of his work, no one thought twice about his out-of-pattern behaviors.
Parovsky’s first move was to visit the State Department system to delete Lippnow’s passport. Using his master key password, bypassing the read-only access rule established to avoid any accidental deletions, or the required permissions, to make changes.
“Goodbye asshole,” he said as he began his little war with a click of the Delete button on his computer keyboard, voiding Lippnow’s passport. Then to the Social Security Administration where Parovsky deleted Lippnow’s Social Security number.
He easily made the deletions and exited out. To make sure it was gone, he entered: Lippnow, Derrell into the search function, and smiled when it produced no results. A large grin came to his face as he savored the power he wielded at this moment.
26. DELETE
After discovering Lippnow’s clearly illegal activities, Parovsky found himself in a conundrum: he couldn’t turn him in because doing so meant forfeiting his own career, and the information on Lippnow was not obtained by lawful means, meaning the only loser in this scenario would be Parovsky himself. He could do nothing, but that seemed the easy way out. With no legal recourse to screw Lippnow, he decided to take his hacking a step deeper.
Next he wanted to void Lippnow’s driver’s license and vehicle registration.
He knew how to do this one on his own—he would use the tactic known as spear-phishing that had been attempted against him on so many occasions. A simple one he picked up in a hacker chat room was to email an exploit in an attachment labeled **SECRET**. People simply can’t help themselves; their curiosity to see the secret document causes them to throw caution aside and open the seemingly innocuous attachment that—unbeknownst to the victim—contains an embedded attack. By simply opening to view the attachment, their computer is automatically and silently compromised. It might quietly embed a key-logger or other malware that capture’s log-in credentials as the user logs into various accounts, whether work or personal ones like banks or credit card companies. The hack may be about committing fraud like stealing from a bank account, security clearance details or, on a much grander scale, like stealing intellectual property for an advanced weapon system design.
Another proven spear-phishing success was to send an “accidentally misdirected” email appearing to come from the Human Resources department with an attachment labeled as containing executive salaries, which proves irresistible to recipients.
In a scheme known as spear phishing, Parovsky engineered a clever ploy to email employees at the state Motor Vehicle Department with emails disguised as internal messages coming from their IT department, seeking username and password verification. He used a social engineering technique known as “spoofing” to make his email appear to come from a legitimate sender. While most people know to be wary of any email asking for password information, the legitimate look and feel of a crafted spear phishing message causes people to let down their guard.
After assembling a list of some two dozen names garnered from LinkedIn, Parovsky created a simple form, with the Motor Vehicle Department logo on top, and an introduction about the IT Department conducting a security survey to validate its procedures. Please complete this short form at your earliest convenience, he requested.
His cell phone rang. Layla’s name appeared on the screen, but he didn’t feel like dealing with her, so he silenced the ringer and ignored the call and continued with his project. A moment later his phone vibrated and sounded its incoming text message notification. “You haven’t been available lately,” she keyed cryptically, ever careful about messages that might inadvertently be seen by her husband. “Are you OK?” She was both concerned about him, and scared that he had had enough and was cutting off his extra-curricular activity with her. Layla had noticed his behavior change, but merely thought it was about her. In any event, she didn’t know who to tell, and feared it might expose her relationship with him, so she kept her concerns to herself, just as Parovsky had to keep his covert war against Lippnow secret. Parovsky did not fear detection. Often someone crossing the line has sudden change of behavior, but Parovsky’s job involved erratic work hours, and accessing nearly any federal government computer network, so nothing he was doing stood out as extra-ordinary.
He mulled confiding in Layla some of the Russia dealings, or maybe even the Snowden stuff to satisfy her curiosity and concern, but decided aga
inst it. He replied with a simple, “I’m busy.”
Truth of the matter was that after his last trip to Moscow, his thoughts were more on an exotic Russian woman than an American suburban mom, although sex was far more readily available and frequent in northern Virginia than Moscow.
He set about crafting his Motor Vehicle Department message without even investing much time by turning to MS sample form templates to create a few simple fields:
Last Name:
First Name:
Email address:
User Name:
Password:
And a “Submit” button that merely emailed back to him at a camouflaged address.
For good measure, he added advice at the end:
We recommend the use of “strong” passwords of at least 8 alphanumeric characters combining both capital and lowercase letters, numbers and symbols, such as #, $, and @.
The system will not allow the reuse of any of the previous 12 passwords for each specific userID.
Passwords should be changed at least every 60 days.
And to be even more cynical, he added:
Think before opening any email, any attachments or clicking on a Web link (URL). If you receive an email that you believe to be suspicious, be sure to contact the Computer Incident Response Team (CIRT).
It looked real enough and appeared to come from an internal department.
He sent the message in the morning, as a late-night message might raise a red-flag with anyone savvy enough to realize that people aren’t normally working at those hours. It looked so real that the recipients didn’t notice the security flag designation in the email subject line that the email was from an external source. And he was amazed at how quickly some of his targets responded. In the industry lingo, these “suckers” were said to have bad digital hygiene habits.