Thorsen turned back to his specific problem. He was being paid to speed up the load time of certain encrypted codes. Even with newer and faster machines, start-up times were noticeably slower once a computer was infected. He’d been instructed to fix the problem, but was making little progress. He took another pull on his cigarette and turned to the work.
Two hours later his computer pinged. Thorsen opened Thunderbird.
Subject: RE: Lady looking
Date: August 18 01:38 AM
To: Dante
u know hr? Wht does she wnt?
Superphreak
21
MANHATTAN, NYC
IT CENTER
FISCHERMAN, PLATT & COHEN
THURSDAY, AUGUST 17
11:58 P.M.
Trying not to nod off, Jeff focused on Sue. Since midafternoon, she’d been working on an untainted stand-alone server. With her work CDs, she’d rebuilt the firm’s standard operating system, then made a copy of the last nightly backup, before installing it into the server.
Jeff had spent fourteen hours searching through the copy of the nightly backup, seeking out the same signs he’d found in the melted-down server with the virus. He’d found no sign of a rootkit, no indication of a virus. The backup had appeared free of any malware, but he’d reminded Sue that not finding a virus didn’t mean it wasn’t there.
Harold watched them both with keen interest. He’d been responsible for seeing to the creation of the backups, so had decided to stick around to watch what happened. He’d called home to tell his mother that he’d be late and was standing just behind Sue as she said, “Jeff? It’s ready.” When Jeff didn’t respond, she nudged his shoulder. “We’re ready. Unless you’d rather get your beauty sleep.”
Jeff blinked, then rubbed his eyes. “What time is it?”
“Almost midnight. It’s Thursday, in case you’ve lost track.”
“Right. Give me a minute and I’ll be right with you.” In the restroom, Jeff scrubbed his face hard with a dampened paper towel. He looked up at the mirror and for an instant was startled by what he saw. Strain and exhaustion were written all over him. He laughed to himself as he realized he felt just as bad as he looked.
When he returned, Sue pointed to the coffeepot. “It’s fresh. Harold went out for sandwiches earlier, if you’re hungry.” She watched as Jeff poured himself a cup of coffee. “We’re set to go.”
Jeff picked up half of a chicken sandwich, then walked to her screen. He was impressed with all the work she’d put into this and with her effort to get the law firm up and running. He wondered if Greene appreciated her dedication. “Cross your fingers. I’ve been searching for elusive code almost from the start, and the bastard’s used at least one rootkit that I know of.”
“What else can I do? At worse we risk the new server and some of my not so valuable time. It’s not connected to anything. No harm, no foul.”
Harold stood beside Jeff, looking on with concern, and Jeff gave his fleshy shoulder a light squeeze. Sue glanced up and gave them a wan smile. “Here goes.” She clicked the mouse to boot the restored system and held her breath. When it came up, she logged in. Nothing happened for a moment. The screen seemed to hiccup, turned blue, and read:
Rebooting …
After a few seconds, the screen flickered and read:
NO OPERATING SYSTEM FOUND.
Then the screen turned black.
“Shit!” she said. “Shit! Shit! Shit!” She stood up and glanced around the room as if looking for something to throw. Finally, she slumped back in the chair.
It was as bad as Jeff and Daryl had feared. This virus was one of the toughest he’d come across. His standard approach wasn’t going to work. He and Sue might get lucky—it was still possible—but with a sinking heart he realized this was all a small part of something much bigger. They were far more likely to sink into an electronic abyss than find their way to success.
“I guess…,” Sue said finally, “I guess we could try a copy of the monthly backup next.”
“Like that’ll do any good,” Harold said, before he slunk out of the room.
WEEK TWO
“WE ARE LOSING THE MALWARE WAR”
David Lynch
Cyber Security News Alert
August 17
Security software companies are not keeping up with the release of computer viruses, according to a report released this week by the Cyber Security Consortium.
“Make no mistake, we are at war and we are losing,” said Edith Hedberth, director of the CSC in Washington, D.C. “Malware is being released at a rate faster than our ability to counter it.”
According to the report, the Internet is the new home of organized crime and is a hotbed for financial fraud. In the midst of what Hedberth described as a “virulent attack,” no security software can offer complete protection. None, in fact, can guarantee so much as 90%. “They are all reactive and malware is increasingly sophisticated,” she added.
Financially motivated cybercrimes are increasing at a dramatic rate, costing Americans tens of millions of dollars each year. “We hope this is a wake-up call, but are not optimistic,” Hedberth concluded.
Cyber Security News Alert, Inc. All rights reserved.
22
MOSCOW, RUSSIAN FEDERATION
DMITROSVSKY ADMINISTRATIVE DISTRICT
FRIDAY, AUGUST 18
2:07 A.M.
Vladimir Koskov was twenty-one, and deeply in love, when he and nineteen-year-old Ivana were returning from the theater as he described the future he envisioned for himself. These were exciting times in Russia, and it seemed to his fertile mind that almost any career path was available to him.
They had met at the university, where Ivana was majoring in computer science and taking a course Vladimir was teaching. Though skilled with computers, her interest in them had waned and she’d turned to languages, but they continued to see each other. By that night, they had been a couple for two years.
As they laughed and joked, Chechen rebels, in reprisal for the Russian president’s latest crackdown in Chechnya, detonated a car bomb just off Red Square, striking at the late-night crowd. Ivana was walking beside a building wall, with Vladimir between her and the full force of the blast. She recalled only a blinding, silent white light and what seemed to her the heavy yet gentle press of Vladimir’s body against her own. Waking in a hospital four days later, undamaged except for a temporary hearing loss, a doctor informed her, “You were one lucky girl, Ivana, to be walking with a gentleman.”
Vladimir had been both lucky and unlucky that night. Lucky, in that thirty-four people were killed by the explosion while another dozen were seriously maimed. He was the closest to the Lada to live, but not without a cost. There, he was unlucky. The blast threw him against Ivana, and the pair of them against the wall. He had just leaned over to kiss her, turning slightly, and took the full force of the explosion on his back. His spinal cord was all but ruptured just below his waist.
When Vladimir swam back to consciousness, he learned in quick succession that Ivana had lived and was expected to recover with no permanent injuries, and that he would never walk again. The same doctor who spoke with Ivana said, “I know you don’t consider yourself fortunate, but you are. The others are dead and have no life at all. You will live, and unless you choose to climb into a bottle of vodka, you can have a good life. It may not seem like that today, but it’s true.”
Vladimir didn’t agree. His life was over. Ivana wouldn’t stay with a cripple. His plans were destroyed. There were no more dreams.
But he’d been wrong, though for one long year he’d done everything he could to make his dark vision a reality. He’d drunk bottle after bottle of cheap vodka, called every friend and every member of his family vile names to drive them from his life. In many cases he’d succeeded, as he wallowed in a pool of debasement.
But Ivana was made of tougher stuff. No matter how hard he worked to drive her from his life, she stayed. She pulled him from
despair and gave him life. Two years after the explosion, they were married. The next year she found their apartment, where they’d lived ever since. Life hadn’t been easy. She’d worked all manner of jobs to support them, finally finding steady work as a translator.
Vladimir had long ago given up being bitter over his fate, though he couldn’t avoid bouts of self-pity that overwhelmed him from time to time. He’d slowly learned to live by burying himself in the hacker world he’d discovered on the Internet. He acquired computing skills that gave him a worldwide reputation among those who did such things and regained some of the self-respect he’d lost in the accident.
Later, he learned to earn a modest but growing income, about which he was enormously proud. He’d become so skilled at writing code he’d been recruited by more than one of the new Russian computer companies, but in each case he’d declined good pay to remain his own man. He might be trapped in a wheelchair, but in his work he was free. To be employed by a corporation was to throw away his most important freedom for a paycheck.
Now, as he did from time to time, he reached over and laid his hand on the FireWire drive on his desk. He kept all his work in it and either took it with him on those rare occasions when he left his computer or hid it. It was too valuable to risk. The information there was his private gold mine.
Vladimir took a final pull on his cigarette, then crushed it into an ashtray. Time to go back to work. He lit another cigarette as he entered one of the chat rooms where he was a regular visitor. He knew perhaps a dozen hackers well from this one room. They exchanged problems, sought solutions, bragged about successes, but most of all they discussed hacking and the latest developments.
He opened his IRC chat client, then entered the h@xx0rd chat room. Six hackers were signed in and listed along the right pane of the window. A few of the names he’d heard of here and there—just script kiddies. A few were chatting, but often some who were signed in just sat and watched. Some of the names might be IRC bots, programs that monitored chat, which was no surprise, especially since the chat thread was about Internet security. That was the principal subject of the hackers who spent a lot of time there.
Ulysses:
prblm is that when I try t close bdcli100.exe it crashes casng server t crash : tried in 2 box’s now
Saintie:
you could close bdcli only using exit command in top shell there
Ulysses:
thanx ☺
Saintie:
hxdef is simple, dOOd, u hve t configure your inifile and run .exe file, that’s it but u shld know many rootkits are working on NT kernel only if u just download hxdf archive in download section, unpack it to some directory and run main exefile it should disappear from your explorer or whatever u use t manage your files, that’s the correct functionality, so try it and see where it works or not
Xhugo:
Thanks for all the sweet information here. I am looking for information on detecting rootkits. Pointers welcome … Read the SecurityFocus articles, but want more … ☺ know!
A detailed description of rootkits and the means for implanting and detecting them followed. It was nothing new to Vladimir. The chat turned to computer security.
Xhugo:
Don’t be a fool! They can’t fix all the holes … there is always a way …
Dante:
Its not open like it used to be but at least any h@ck3r wntng to pwn the inet …
Xhugo:
They’re all scum … beneath me … they cause trouble and it just closes down t openness net should have.… If it wasn’t for all these cr33ps there’d be no need t tighten down the hatches.
Saintie:
They’re destroying it, dOOd … can’t you see?… are u people stupid!… the webs just another way t make money … that’s what its all about … it’s about filthy lucre … they deserve what they get, and I give them plenty, believe me …
Xhugo:
j3rkov and sp@ts got shut down … they gt taken in by a hunnypot … the server looked wide open … looked like a financial server too.
Dante:
yeah, they’re stupid shits too!… I told them … I heard they go p0wnd … they were able to trace them down … how dumb is that?
Pere:
ouch! Not the way it used to be … that’s for sure … you can’t get into certain sites … not anymore … the time you could guess at passwords and user names is over … secure firewalls and patched systems everywhere … I’m working harder at this all the time …
Superphreak:
Don’t be such idiots … course you have to work at it … u thnk they’re going t just gv it away?… nothings really secure, nothing will ever be secure … u can gt into anything if u want t and spend the time … u can steal money, turn systems off, turn systems on … only thing different is not everyone can do it anymore … newbieZ R out of game …
Vladimir took a drag on his cigarette, glanced up at his poster of a bare-chested Rick James with dreadlocks, then continued typing.
And there’s people who pay for it … pay very well. Anyone know Dragon Lady?
23
FAIRFAX COUNTY, VIRGINIA
FRIDAY, AUGUST 18
9:51 P.M.
George Carlton retired to his den, splashed brandy into a snifter, and took a sip. At his leather easy chair he removed a Dominican corona cigar from the humidor, cut the tip, then lit it with a lighter that emitted a blue-and-gold flame like a miniature blowtorch. Setting the lighter down, he pulled on the cigar, then took a longer sip of the brandy.
Carlton and his wife, Emily, lived northwest of Alexandria, Virginia, some two miles from the Beltway, not far from the Ivy Hill Cemetery. Their house was one common to the area, with a decent though not extravagant expanse of yard thick with overgrown trees and a hedgerow between each plot.
The Carlton family was American blue blood. The first documented ancestor, William, had come to the British colony of New York to serve on the staff of General William Howe in early 1777. He’d proved popular on the social circuit that consumed the interests of the British officers during that first winter of occupation. In general, his staff work was adequate and his American career was marred only by an aborted field command. A less senior officer took the blame for the debacle, and Carlton was transferred to England, where he was soon well wed. But within twenty years he had spent the family into the poorhouse. His oldest son, also named George, with no realistic prospects in Britain, emigrated to the United States.
For three generations the Carlton family prospered in America. They were connected by marriage, schooling, or business to most of the new country’s families of influence. But in the period following the Civil War, the family’s wealth began to decline. Carlton’s grandfather, Edward, had invested heavily in the stock market following World War I, and for a time it appeared the Carltons would be restored to their former luster, but the weekend he would have received a warning to get out of the market in late 1929, he was on his yacht with his sixteen-year-old Cuban mistress, and the family lost nearly everything. Edward took the honorable way out, though he botched his suicide, which he’d tried to mask as a boating accident.
Carlton’s father, another William, served under “Wild Bill” Donovan in the American OSS during World War II, providing invaluable staff work. As a reward he was selected to be one of the five most senior officers in the newly created Central Intelligence Agency after the war. He and the fifth director, Allen Dulles, got along well, but when Dulles was forced to resign following the Bay of Pigs fiasco, William Carlton’s career went into eclipse. He retained just enough influence before dying of lung cancer to see that his son, George, who had gone into the FBI following his graduation from Yale, received a favorable appointment with the Company. The transfer had been more than unusual and raised a few eyebrows, as the FBI and CIA were rivals and rarely exchanged staff.
With a stellar family name and widespread connections, Carlton’s career should have flourished. Though the family ha
d retained their Nantucket summer cottage, his father had been compelled to sell the surviving family estate in Maryland after the suicide of his father. The fact was, the Carltons were broke.
George Carlton had sought a wife with one concern in mind—to marry well and restore his fortune. A family name, especially in America, counted for nothing without the money to go with it. The woman he chose, Emily Langsdon, was a bit horse-faced with an overbite, but she had a fine figure and her pedigree was impeccable. Her family was, reputedly, so wealthy as to be beyond comment.
George’s awakening upon his return from a honeymoon he had financed by mortgaging the Nantucket cottage was brutal. He’d told Emily that it was his duty as her husband to assume management of her finances. She’d agreed. He soon learned why: there was almost nothing to manage.
While Carlton came to learn that the Langsdon family was wealthy indeed, the details of the wealth were devastating in their effect on him personally. Emily’s father had fallen out with his father many years before. The grandfather had seen that his granddaughter lacked for nothing, that she was properly educated and traveled, but Emily’s father was omitted from the will and all but eliminated from the Langsdon Family Trust.
Emily would inherit no property and had but a single trust fund herself, containing a mere $500,000. It was managed by the family financial administrators. She received the income from it in an annual check. Upon her death the fund would revert to the Langsdon Family Trust and not go to her surviving spouse or children, if any.
Zero Day Page 12