by Rahul Badami
Operation Dragon Strike:
An Asian Covert Ops Spy Thriller
By
Rahul Badami
First published in 2019
Copyright © Rahul Badami 2019
This book is a work of fiction and any resemblance to actual persons, living or dead, events and locales is purely coincidental.
All rights reserved. No part of this publication may be reproduced, stored in or introduced into a retrieval system, or transmitted, in any form, or by any means (electrical, mechanical, photocopying, recording or otherwise) without the prior written permission of the author or publisher. Any person who does any unauthorized act in relation to this publication may be liable to criminal prosecution and civil claims for damages.
TABLE OF CONTENTS
Acronyms
Prologue
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Chapter 18
Chapter 19
Chapter 20
Chapter 21
Chapter 22
Chapter 23
Chapter 24
Chapter 25
Chapter 26
Chapter 27
Chapter 28
Chapter 29
Chapter 30
Chapter 31
Chapter 32
Chapter 33
Chapter 34
Chapter 35
Chapter 36
Chapter 37
Epilogue
ACRONYMS
CEO – Chief Executive Officer
CERT – Computer Emergency Response Team
Comms – Communications
DG – Director General
DIA – Defence Intelligence Agency
DM – Defence Minister
DRDO – Defence Research and Development Organisation
ETA – Estimated Time of Arrival
EXFIL – Exfiltrate
FATA – Federally Administered Tribal Area
GPS – Global Positioning System
HAHO – High Altitude High Opening
HQ – Headquarters
HVT – High Value Target
IAF – Indian Air Force
InfoSec – Information Security
INFIL – Infiltrate
INS – Indian Naval Ship
IP – Internet Protocol
ISI – Inter-Services Intelligence
ISRO – Indian Space Research Organisation
LZ – Landing Zone
MARCOS – Marine Commandos
MEIT – Minister of Electronics and Information Technology
MEITy – Ministry of Electronics and Information Technology
MSS – Ministry of State Security
NSA – National Security Advisor
NSC – National Security Council
NTRO – National Technical Research Organisation
NVG – Night Vision Glasses
Op – Operation
PM – Prime Minister
PMO – Prime Minister's Office
R&AW – Research and Analysis Wing
SAT – Satellite
SITREP – Situation Report
UIDAI – Unique Identity Authority of India
XO – Executive Officer
PROLOGUE
One year ago.
Computer Emergency Response Team (CERT-In) HQ, New Delhi, India
Pratik Sharma blinked his eyes open.
The harsh light of the desktop monitor peered deep into his groggy eyes urging him to stay awake. He estimated he’d dozed off for a few seconds. He felt like he was going to sink back in the oblivion of sleep. It wouldn’t do. He wiped his eyes and stared up at the bright ceiling LED light that lit his cubicle like daylight. He hoped that staring at the light for a few moments would jolt him out of his stupor.
Pratik brought his attention back to his monitor screen. He sat straight in his chair. He looked at the cubicles around him. His team were working diligently tapping away at their keyboards. It wouldn’t do if his team members saw their boss slouching and snoring. He believed in leading from the front. He glanced at the time in the bottom-right of the screen. It displayed 2:53 am.
Another hour and I can go home. But before that, I need to complete my work.
He resumed work on the Access Control Lists for various servers that determined who could get access to specific databases and who couldn’t. As part of the IT Information Security team for CERT-In, he and his team had to ensure that no unauthorized person could get access to the network or databases of the country’s top cyber assets.
But the drowsiness refused to go away. Pratik stifled a yawn. He leaned forward and stared at the screen in an effort to concentrate. The screen showed an excel sheet filled with database names and details. The words on the screen were jumbling in his head.
I should have slept more during the afternoon. Better I go and wash my face.
“I’ll be back in a minute.” He said to his next-cubicle neighbour. His colleague nodded without looking up. Pratik smiled. He must be deep in his work. His colleague wouldn’t even notice if he went home this minute.
Pratik locked his desktop PC. He stood up and walked a couple of paces when the overhead lights flickered and turned off.
“What the-?” Pratik blurted. The facility turned pitch dark. He couldn’t see anything. He reached out and grasped the fibre wall of the cubicle nearest him. Behind him he could hear the surprised voices of his colleagues who were also caught unawares by the blackout.
“What’s going on?”
“Someone turn on the mobile flashlight.”
“Oh crap. I forgot to save my work. I’ll have to redo everything!”
Pratik strained his ears to hear the backup generator. Located on the floor directly below them, the generator should have kicked in by now. But it hadn’t. That was weird. He wasn’t the only one to whom this had occurred. Even his colleague noted the problem.
“Backup power is also down. That can’t happen.”
Pratik pulled out his mobile and called his friend who worked in the Network team in order to find out what had happened.
“We’re also trying to figure it out.” His friend said. “Everything is down except for the datacenter. Desktops, power, cooling systems, facility access systems, everything.”
Pratik hung up, a palpable dread forming in his stomach. This had never happened before. It was unprecedented. The failsafe mechanisms and backups had been designed to auto-activate in such scenarios. It was impossible for this to happen. And yet, he was witnessing it first-hand.
It meant their worst fear had just happened.
One of the mobile flashlights came on. The team huddled around the light. Pratik walked over to them. He had to let them know about his hunch. One guy spoke up, “We need to go downstairs and manually start the generator.”
Just then, the overhead lights turned on everywhere bathing the floor with white light. Pratik scrambled to his desktop and turned it on. He needed to check the logs. The suspense gnawed at him. He was half-scared of what he would find.
“I’m checking the logs.” Pratik rapidly typed on the keyboard. A series of windows popped up.
“No…” he blurted, looking at the information on the screen. It was a punch to his gut. Hard-hitting and impossible to breathe. “No… no… no.” He choked as the realization settled in.
It was like the gasp of a dying man.
CHAPTER 1
Ministry of Defence, South Block, New Delhi, India
Present day
“How did this even happen? It’s a disaster.” Someone declared.
Shikha Tiwari peered at the man in a small crowd gathered outside the conference room. She recognised him as one of the aides in the Defence ministry. The man looked definitely agitated. Shikha wondered how many in the crowd knew why they were called for this emergency meeting. They would all know soon enough.
“Quiet.” His colleague next to him said. “Let’s go inside.”
Shikha followed along with the crowd and they entered the conference room. The room was modern and spacious with a large rectangular mahogany table in the centre. A dozen comfortable chairs surrounded the table. Hookups for electronic equipment and teleconferencing phones were lined up in front of the seats. The walls were plain coloured and the room was swept every day for bugs. On the far wall were mounted multiple large flat screen monitors.
Shikha took her seat and mopped the beads of sweat that had formed on her forehead. She focused on the notes in her hand. The conference room was air-conditioned, but Shikha felt a hot dread in the pit of her stomach.
I am only a messenger. She told herself as she looked at the notes for the umpteenth time. Shikha wasn’t sure how the Prime Minister would react when he heard the news.
The members of the hastily-convened emergency meeting streamed into the room taking in their seats. A video conference call was enabled on one of the large screens. It showed a man in his fifties. His face was darkened with anxiety and his scalp was shining with perspiration. Shikha looked at him. He’s the one the PM will question first, not me.
Her heartbeat eased just a beat. She wasn’t the only one worried.
A buzz filled the room as people started talking amongst themselves. Most of them had only heard of the incident a few minutes back. The meeting constituted the members of the National Security Council, the Finance Minister, the National Security Advisor, the Minister of Electronics and Information Technology, the NTRO, their aides and select other people. The buzz came to an abrupt stop as PM Jagdish Inamdaar strode in and took his place at the head of the table.
PM Inamdaar came right down to business. He looked at the man on the video wall and said, “I want to know exactly what happened.”
The man on the video wall was Venkat Aiyarr, the CEO of Unique Identity Authority of India (UIDAI). The UIDAI issued Aadhaar cards; an identity card for 1.2 billion Indians that served as proof of residence and helped Indians open bank accounts, get government subsidies, file taxes as well as obtain mobile SIM cards. The enrolment for Aadhaar cards required the biometric identity of the person including fingerprints and iris scans.
“We have had a cyber attack on the UIDAI database.” Venkat Aiyarr’s voice was strained as he spoke. There were a couple of gasps as some of the members weren’t aware of the reason for the emergency meeting.
“How is that even possible?”
“We are still investigating the breach, but our team has revealed the firewalls were breached and the database was locked.”
“What do you mean the database was locked?” The Minister for Electronics and Information Technology asked. The UIDAI was under his purview, and he was most concerned ever since he had heard about the incident.
“It means the database has been encrypted. We can no longer access it. It now asks for a password. It means if someone now goes into a bank to open an account, the bank won’t be able to authenticate his fingerprint with the database, because the database will no longer respond.”
The buzz in the room resumed, louder this time. Shikha looked around the room. Now that the problem had been highlighted, she was sure the blame-game would start. The politicians would disown their responsibility of their respective departments and accuse others of failing in their duty. It didn’t matter. It would be the bureaucrats that would ultimately have to do the grunt work no matter the amount of mud-slinging politicians did.
“I knew this was going to happen,” Defence Minister, Dayanand Mistry spoke up. “I’ve been opposing the Aadhaar Identity project ever since it was proposed. I was worried about privacy issues. But none of you listened to me. And now everyone’s personal information is up for grabs by the highest bidder. The hackers will now have everyone’s names, bank accounts, and fingerprints.”
“We don’t know if they copied the data as well.” The UIDAI CEO said. “The database size is in Petabytes. We physically disconnected the link, the moment we got the alert. They could have gotten a few millions of biometric information. At this point, the database is locked; that’s all we know.”
“And what if mine is one out of those few millions?” DM Mistry stood up. “If I lose my credit card, I can block the current credit card and get a new one. What if the hackers have my fingerprints? Do you expect me to cut my fingers and attach new ones? They can now impersonate my identity. Why did we have to link so many things to Aadhaar? This Aadhaar was a single point of failure, and now it has failed and there’s no Plan B.”
“The data on the Aadhaar database is in a hashed format. Even if they get some of the data, it will be very difficult for them to decrypt it.”
“Am I supposed to be reassured by that?” Mistry retorted. “You’ve said very difficult. It doesn’t mean impossible. Sooner or later they will be able to crack the database and get their hands on our personal information.”
“Gentlemen,” PM Inamdaar spoke in a quiet voice. “We are here to fix the problem, not fix the blame. Let the people who can figure how to resolve this crisis speak. First, I want to know the repercussions of this incident.”
“The repercussions are catastrophic, sir.” The UIDAI CEO didn’t beat around the bush. “It’s not just the Personally Identifiable Information like names, addresses, birthdates, phone numbers that are exposed, it’s the millions of bank accounts that are linked with Aadhaar that really scares me. We are looking at impersonation on a scale of millions.”
Shikha’s blood froze at the words. The entire room sat stunned.
The CEO continued. “Hackers will be able to log into bank accounts, transfer money into any of the millions of compromised accounts multiple times and eventually route it to their own accounts. There will be no way we would be able to find out which account is genuine and which one is hacked. Further, they would be able to call any of the hacked account’s business partners, colleagues, friends or even banks, masquerading as the account holder and do social engineering and gain access to even those accounts that weren’t hacked. There won’t be any trust left in the financial system. We will witness a hacking of a magnitude never seen before in the world. Forget about losses in billions and trillions, we are looking at losses in terms of quadrillions and quintillions. We will need to recreate the entire financial industry from scratch. Banks, stock markets, companies, non-banking financial institutions, everything will have to start from zero. The Indian Rupee will crash and reach the levels of Zimbabwe. And like Zimbabwe, we will be forced to ditch our own currency and start trading in gold or dollars.”
Shikha’s head sank in her hands. This was an extraordinary disaster. Behind her, she heard someone sob. She looked up at PM Inamdaar. His face was still calm even after receiving the bad news. He asked just one question.
“What can we do to stop this?”
“Our first step was to contain the leak, which we did. The next step is to remove the encryption on the database. Our team is working on it. So far, there hasn’t been any positive progress. The database is still locked.”
“What about the backup in Manesar?” The MEIT asked. “That one was the failsafe for exactly this kind of issue.”
Shikha nodded as she listened to the conversation. The Aadhaar database contained the names, addresses, and biometric details of a staggering 1.2 billion Indians. It was the largest biometric database in the world. To protect the database from being des
troyed in an act of god, war or any unforeseen event; they had decided to duplicate the database in two different cities. The UIDAI sites at Bengaluru and Manesar were separated by thousands of kilometres. If one went down, the other site would still be functional.
The CEO mopped the sweat on his forehead with a handkerchief. “That’s what we don’t understand. Both databases were attacked in a coordinated effort at the same time. It was a very sophisticated cyberattack. We immediately coordinated with the NTRO and they informed the National Security Advisor.
The National Security Advisor chipped in, “We have our best folks investigating this at the moment. We traced the source of the attack and it’s pointing to an IP that originated from China.”
“China?” PM Inamdaar raised his eyebrows.
“Yes sir,” the NSA continued. “The Americans, Russians and Chinese are notorious for cyberattacks. Sometimes it’s an individual, sometimes a team, and at times, it’s a state-sponsored hack. I spoke with General Singh and roped in the DIA team. Shikha here has been trying to help us out by understanding the cyberattack type and looking for patterns to previous attacks. Shikha?”
Shikha had already memorized the details. “This attack happened three hours ago. We looked at the logs and determined that the attack originated from China. We have now triangulated the location to a central business district in Urumqi. Urumqi is the capital of China’s largest province Xinjiang, the westernmost province of China. Based on the sophisticated nature of the attack, I’m led to believe this could be a Chinese state-sponsored cyberattack. We already know they have a cyber-force in the People’s Liberation Army called Unit 61398. This could be their doing.”
“Are you sure?” the PM asked.
“Right now, it’s only an educated guess.” Shikha said.
“Which means it’s still a speculation.” The MEIT said. “We need something better than just speculation. But why would they do it?”
The UIDAI CEO interrupted, “I just got an email from the hackers. They are saying they will provide the encryption unlock codes only if we pay them a ransom of One Billion dollars in bitcoins.”