by Tom Clancy
There was only one problem with Tong and his endeavors, as far as the Chinese were concerned. He was too successful. He’d been given nearly free rein to go seek out access to U.S. networks, and eventually, the Americans began to notice. The U.S. government realized someone was, in effect, attaching a vacuum cleaner to their data and sucking it out.
They called the persistent attacks into their government and industrial networks at first Titan Rain, and a second series of attacks they called Shady Rat, and the Americans tasked hundreds of investigators with finding out who was behind them. China was suspected from the beginning, and as Tong’s operation grew in scope and importance, the MSS and the Politburo insiders who knew of the cyberprogram grew worried that some of the more high-profile attacks could be positively attributed to China.
The United States made a series of arrests of hackers involved in the operation, and some of them were ethnic Chinese. This worried the Chinese greatly, and pressure was put on the PLA and MSS to do a better job covering their tracks in the future.
When the full scope of Tong’s vulnerability became apparent to the PLA and the MSS, the decision was made that he needed to be protected at all costs, and his organization needed to be completely sequestered and distanced from the Chinese government. Deniable computer network operations were critical in this time of declared peace, and to remain deniable there could be no comebacks to China itself.
But Tong had become known in the United States as a key civilian computer operations official working for the PLA. The investigators in the FBI and NSA looking into China cyberoperations referred to his influence over cyberstrategy as the Tong Dynasty, and when the Chinese realized Tong had been outed to such a degree, they knew they had to act.
After much discussion, the decision was made by the head of the Ministry of State Security that K. K. Tong, whose official title of director of technological training for the Chengdu Military Region First Technical Reconnaissance Bureau belied his field-marshal level of influence on one of war fighting’s five domains, would be arrested on false charges of corruption, and then he would “escape” from custody.
Then Tong would relocate to Hong Kong and go under the protection of the 14K Triads. “Triad” was something of a catchall title referring to an organization with many unaffiliated branches, but the 14K was the largest and most powerful branch in Hong Kong. The MSS and the 14K had no operational relationship with each other. Triad activity had long been a thorn in the side of the Chinese government, but Tong would “sell” himself and his army of hackers to the Triads, and then repay them for their protection with money from any of the dozens of financial schemes his men and women ran around the globe.
The 14K would, of course, know only that Tong had escaped prison on the mainland and now was working in computer-related embezzlement and blackmail operations — black-hat computer crime.
The Triads would have no idea that ninety percent of the Tong organization’s productivity involved cyberespionage and cyberwarfare, all on behalf of the Communist Party of China, the enemy of the Triads.
Tong was “arrested,” and a short notice of his charges was printed in the People’s Daily, a newspaper in China that served as a mouthpiece for the government. He was charged with computer crimes, and the article described an effort by Tong to embezzle electronically from ICBC, the state-owned Industrial and Commercial Bank of China.
The article was written to show the West that the mysterious Dr. Tong was out of favor with Beijing, and it was written to show the Triads in Hong Kong that this mysterious Dr. Tong had skills that could make them a great deal of money.
Tong was sentenced to the firing squad, but on the day of his scheduled execution, rumors came out of the prison that he had escaped with inside help. To enhance the ruse, prison officials ordered several guards shot the next day for their “collaboration.”
The 14K Triads, the largest and most powerful underworld organization in Hong Kong, and the largest Triad in the world, took K. K. Tong in weeks later. He rebooted the army of civilian hackers that he had cultivated, and he reacquired his botnet army, and within months he was generating money for the Triads by using tens of thousands of nodes from his botnet to swindle credit card numbers with phishing e-mails.
Tong then started a new endeavor. With the 14K’s blessing, though without any understanding of what he was really up to, Tong purchased hundreds of computers and recruited top-level hackers from the mainland and Hong Kong to operate them, bringing them slowly into Hong Kong and into the fold of his new operation.
K. K. Tong adopted the handle “Center” and called the physical hub for his new worldwide operation, his nerve center, the Ghost Ship. It was housed on the eleventh through the sixteenth floors of a Triad-owned office building in Mong Kok, a gritty high-density and lower-income portion of Kowloon, well to the north of Hong Kong’s lights and glamour. Here the Triads watched over Tong and his people night and day, although they remained oblivious of his true mission.
Tong employed dozens of the best coders he could find, mostly men and women from his earlier hacker “armies.” The rest of his employees he called controllers — these were his intelligence officers, and they all used the handle “Center” when dealing with their assets. They operated from workstations on the operations floor of the Ghost Ship, and they communicated via Cryptogram instant messaging with the hackers and physical assets who unknowingly worked for them around the world.
The controllers used cash payments, coercion, and false flag trickery to co-opt thousands of individual hackers, script kiddies, criminal gangs, intelligence operatives, government employees, and key tech-industry personnel into a massive intelligence organization the size and scope of which the world had never seen.
Tong and his top lieutenants patrolled the hundreds of Internet forums used by Chinese hackers, and from here they found their army. One man and one woman at a time were discovered, vetted, approached, and employed.
The Ghost Ship now had nearly three hundred employees working in the building itself, and thousands more working on its behalf around the world. Where language was a problem they posted in English or used high-quality language-translation software. Tong recruited foreign hackers into his network, not as Ghost Ship operators but as proxy agents, none knowing they were working for the Chinese government but many certainly recognizing that their new employers came from Asia.
The physical agents came last. Underworld organizations were recruited to work on “meat space” ad hoc projects. The best of these received regular assignments from Center.
The Libyan organization in Istanbul was an example of this, although their controller saw almost immediately that natural selection would work against the fools, especially their communications officer Emad Kartal, a man who did not follow his own security protocols.
The controller overseeing the cell in Istanbul had discovered that a group of Americans who worked for the company Hendley Associates was conducting surveillance on the Libyans. With Dr. Tong’s blessing the controller allowed the assassination of the entire five-man cell, all for the objective of planting a virus on the closed network of Hendley Associates so that the Ghost Ship could learn more about them. The plan had failed when the masked Hendley Associates gunman took the entire computer with him instead of doing what the controller had hoped, pulling media off the machine and returning to the States to place it on his own network.
Still, Tong’s controllers had already been working other avenues to learn about the true nature of the curious organization Hendley Associates.
Other criminal organizations hired by Center included Triad groups in Canada and the United States, as well as Russian bratvas, or brotherhoods.
Soon Tong began active recruitment of more high-level espionage professionals to work as field assets. He found Valentin Kovalenko and decided he would be perfect for this task, used one of his Russian bratvas to get him out of prison, and then used blackmail to retain the strong-willed ex — assistant re
zident.
As with many other spies, Center started Kovalenko out slowly, monitored his success and his ability to keep himself undetected, and then he began giving him more and more responsibility.
Tong also had another type of spy unwittingly under his command.
The converted spy.
These were turned employees in government agencies around the world, in businesses like telecommunications and finance, and in military contractor and law enforcement positions.
None of these co-opted members of the organization had any idea they were working on behalf of the Chinese government. Many of these assets felt the same as did Valentin Kovalenko, that they were conducting some sort of industrial espionage on behalf of a large and unscrupulous foreign technology concern. Others were convinced they were in the employ of organized crime.
Dr. K. K. Tong was in control of the entire operation, taking directives from the Chinese military and intelligence communities, and so directing his controllers, who then directed their field assets.
It helped, perhaps more than anything else, that Dr. K. K. Tong was a sociopath. He moved his humans across the earth much as he moved 1’s and 0’s across the information superhighway. He had no more regard for one than the other, though the failings of human beings caused him to look with more respect at the malicious code he and his hackers developed.
After two years of Ghost Ship activity, it became clear to Tong that his near-omnipotent control was not enough. Word was getting out about brilliant new viruses, worldwide networking of cybercrime, and successful penetrations of industry and government networks. To combat the spread of information, Tong told the PLA and MSS leadership that in order for his cyberoperations to have maximum effect, he would need additional kinetic assets, a unit of soldier-spies in America, not duped assets but men dedicated to the Communist Party of China and completely beholden to Center.
After argument, deliberation, and finally the involvement of senior military officials, the computer operations man Tong was given command authority over a team of PLA special-operations officers. Everything Tong did worked, they reasoned. His two years of running proxy assets around the world had greatly empowered the PLA and strengthened the Chinese cause. Why not allow him a small unit of additional deniable forces?
Crane and his team, eight men in all, came from Divine Sword, a special-operations unit of the Beijing Military Region. They were highly trained in reconnaissance, counterterrorism, and direct action. The team sent to the United States to follow the instructions of Center was given additional vetting for bravery, pure ideological thought, and intelligence.
They were infiltrated into Vancouver Triad crime for a few months before making their way south over America’s porous border with Canada. Here they lived in safe houses rented or purchased by Ghost Ship front companies, and they had documentation, thanks to Center and his ability to generate resources of all types.
Crane and his cell, if captured or killed, would be explained away as a team of Triad gangsters from Vancouver, working for computer criminals somewhere in the world. Certainly not at the behest of the CPC.
As in the operation in Menlo Park and the operation in Las Vegas, Crane and his men performed wet operations, killing people who represented a threat to Center’s operations and stealing code and records necessary to further Ghost Ship activities.
Those few highly placed individuals in the PLA and the MSS who knew about Center and his Ghost Ship were pleased. The Chinese had their weapon, and their plausible deniability. They could steal secrets from American government, military, and industry, and they could prepare the battle space for any upcoming conflict. If Tong and his organization were ever discovered, well, he was an enemy of Beijing, working with the Triads — how could anyone make the claim that he and his people were working for the Chinese Communists?
* * *
It was a short walk from Tong’s office up a well-lit linoleum-floored hallway to a set of double doors, guarded on either side by hard local men with space-age-looking QCW-05 submachine guns hanging from their chests. The guards wore no uniforms; one wore a scuffed leather jacket and the other a blue polo shirt with the white collar turned up to his ears.
Dr. Tong did not address the men as he passed through the doorway, but this was nothing out of the ordinary. He never spoke to them. Tong did not make small talk with any of his underlings, much less the thirty or forty local Triads on and around the premises who had been tasked with protecting him and his operation.
A strange relationship, to be sure. A strange relationship that Tong himself did not care for, though he understood the strategic necessity of leaving his homeland to come to Hong Kong.
Through the double doors K. K. Tong walked down the middle of the open operations floor, passing dozens of men and women hard at work at their desks. Twice someone stood and bowed to Center and asked him for a moment of his time. Both times Dr. Tong just held up a hand as he passed, indicating he would get back with them momentarily.
Right now he was looking for someone specific.
He passed the banking and phishing department, the research and development department, the social media and engineering department, and made his way to the coders’ department.
This was where the men and women worked who did the actual computer network hacking.
At a workstation in the back corner of the room, next to a floor-to-ceiling window that, had it not been covered over with red velour drapes, would have given a southerly view over Kowloon, a young man with dramatically spiked hair sat in front of a bank of four monitors.
The young Chinese punk stood and bowed when Tong appeared behind him.
The older man said, “Kinetic operation complete. You should be receiving data shortly.”
“Sie de, xiansheng.” Yes, sir. With a bow the man turned back to his desk and sat down.
“Zha?”
He quickly stood back up and turned around.
“Yes, sir?”
“I want a report on what you find. I don’t expect DarkGod’s code will reveal anything you can use to optimize your RAT before we attack DoD, but keep an open mind. He did well to get as far as he did in the CIA Intelink network with his limited resources.”
The punk rocker said, “Of course, sir. I will look at DarkGod’s code and report to you.”
Tong turned and headed back through the operations room without another word.
* * *
The young punk rocker’s name was Zha Shu Hai, but he was known in cyberspace as FastByte22.
Zha was born in China, but his parents immigrated to the United States when he was a child and he became a U.S. citizen. Like Tong, he was something of a child prodigy in the computer sciences, and also like Tong, he went to Caltech, graduating at age twenty. When Zha was twenty-one years old he obtained a U.S. government security clearance and began working in the research-and-development department of General Atomics, a high-tech defense contractor in San Diego, and the manufacturer of unmanned aerial vehicles for the military and intelligence industries. Zha was tasked with testing secure and encrypted networks to see if the systems could be hacked into.
After two years of work, Zha reported back to General Atomics that such hacking was virtually impossible without specific knowledge of the networks, the communications gear that transmitted signals to the drones, and incredibly sophisticated equipment.
And then the young Chinese-American tried to make contact with the Chinese embassy in Washington, D.C., telling them that he would like to offer them his specific knowledge of all these things, and then help them build incredibly sophisticated equipment to help them exploit this knowledge.
Unfortunately for Zha, a routine polygraph required to maintain his clearance picked up strong indications of deception, and a search of his computer picked up the correspondence with the Chinese embassy. The young General Atomics penetration tester was arrested and sent to prison. As soon as Tong started the Ghost Ship, however, he used his resources to he
lp the young man make his way out of the United States so he could join Tong in his operation in Hong Kong.
With Zha’s knowledge of computer code and penetrating secure networks, he developed the Ghost Ship’s powerful remote-access Trojan, the malware that allowed Center to steal data covertly, as well as see through the cameras and listen through the microphones of every machine it infected.
Zha’s virus was as insidious as it was brilliant. It began by performing a port scan, looking for computer security’s version of an unlocked window. If it found the exploitable port, it then began a series of common password attempts to make entry on the machine.
All this happened in the span of a few hundredths of a second. No one operating the computer at the time, unless they were watching the machine’s resources carefully, would notice anything amiss.
If the worm succeeded in getting into the machine’s subconscious, it then performed an ultra-high-speed reconnaissance, taking note of the applications installed and the quality of the processor and motherboard. Low-quality or older machines were rejected; the worm would instantly relay information back to the hacker that the node was not worth probing further, and then it would delete itself. High-end machines, on the other hand, were invaded further by the malware, the brain of the computer was taken over by the virus, and the message would go back to the hacker that another member of the robot army was reporting for duty.
Once the computer had been taken over by the Ghost Ship, a subroutine designed by FastByte22 himself would go into the system’s machine code and remove any vestige of the delivery system.
Or so Zha thought. In truth, his subroutine missed a single strip of code, and this is what Gavin Biery detected on the Istanbul Drive.
With this virus Zha had been the first to break into the CIA’s Intelink-TS network router for cable traffic, but on one of his maintenance forays into the source code, he realized he was not alone. He traced the other hacker, narrowing down the man’s identity by monitoring research done at open source bulletin boards and technical directories, discovering he was a well-known amateur hacker in the United States named Charlie Levy. And then Center’s controllers went to work trying to convince Levy to work for his organization so he could exploit the man’s knowledge.