Abruptly, the bedroom door crashed open. Three, four, five muffled rounds thumped into flesh and bone. A body hit the floor hard.
The Russian’s footsteps paused just outside the closet, and Sami’s gurgling, rapid breathing ceased with a final, silenced round. I held my breath and body perfectly still, my muscles screaming in pain.
“Check the other room,” came the other, strained voice. A curt reply came back in Russian. “What did you do with the Florentine?” asked the same voice.
“Fuck you,” spat Khalimmy weakly.
“Nechevo,” said the other.
“What the fuck did you do with it?” repeated the strained voice.
“Fuck you, you fucking godless—” The bullet silenced Khalimmy.
“Fuck it! Grab the computer and help me up—the police will be here any minute.”
The front door slammed shut.
Heeding the screaming pain in my arms, chest, and stomach, I eased myself down and around the masses of junk and onto the floor of the cramped closet. Two, then three minutes passed uneventfully. They weren’t coming back.
I hesitated when the closet door resisted, instead peering cautiously through the narrow gap. Sami’s bullet-riddled corpse lay sprawled against the closet door, the fresh pool of blood still growing and, to my horror, flowing under the closet door and around my feet. His bloodless face held a waxy, almost theatrical grimace of pain and anger. I shoved my shoulder against the door and when the aperture had opened wide enough, gingerly stepped through it and over Sami’s body, leaving a trail of bloody footprints in my wake.
I needed to get out—fast. Sami had almost certainly launched the attack. Or had he? Maybe he didn’t think he had enough time? Had he just spent his last few seconds sending the decoded Florentine files to his compatriots, deleting them from his computer, a last-ditch effort to conceal the botched attack? That was a possibility too, but one thing was clear: If I was around when the police arrived, I’d be detained for days, and by then, it would be too late to stop an attack. I worked my way over to Sami’s desk. A confusion of handwritten scraps of paper and Post-Its littered the desk, the Farsi script unintelligible. I poked through the pile, grabbed several with the most writing and shoved them into my pocket, then worked my way to the main room.
Khalimmy had propped himself against the living room wall prior to his execution. His body now slumped sideways, mouth ajar, a single, narrow bullet hole adorning his graying left temple. Good riddance.
I twisted the knob to the front door and took off.
Chapter 59
“Hillary?”
I nodded to the gas station attendant in thanks.
“Alex, we’ve been worried sick. Where the hell have you been?”
“It’s a long story. I need your help. Can you come pick me up? I’m in North Hollywood.”
“North Hollywood? One second.” In a more muted voice she asked Steven, “Will you be okay by yourself for an hour or so?”
Steven mumbled something unintelligible.
“Okay, where are you, Alex?”
I cupped my hand over the phone and asked the attendant.
“The corner of Lankershim and Victory. At the Shell station,” I said.
“I’ll be there in thirty minutes.”
Hillary arrived in forty-five, her face a conflicted mixture of anxiety and relief.
“What the hell happened, Alex?” She frowned at me as I buckled the seat belt. “What happened to your wrists? Jesus!”
“I’ll tell you everything. But right now I need you to get me to UCLA. As quickly as possible.”
Hillary nodded uneasily, then signaled and turned right onto Victory.
“Yesterday after I left the hospital, I picked up the thumb drive, then went over to Tom and Gennady’s place to try to decode the video file. I was right, the video held a bunch of hidden files.”
“What was in them?” she asked, switching into the left lane.
“It’s hard to explain,” I said, “but basically, the files are the digital equivalent of a key.”
“As in lock and key?”
“Yeah. The files in that video are capable of unlocking and controlling a Russian cyber-weapon. That’s what the Florentine is, Hillary. It’s a Russian cyber-weapon.”
“A cyber-weapon?” she repeated, shaking her head.
“Like a computer virus, only orders of magnitude worse.”
She gazed at me in amazement. “This whole thing, all this violence, was over a stupid computer virus? You’ve got to be kidding.”
“It’s not a computer virus. The Florentine is a back door that’s embedded into every computer running Windows on the planet. Those thumb drives we found hold the key that can unlock that back door, and whoever controls it has the power to decimate the world’s computers.”
“Holy shit,” she said, “that’s why everyone’s after it.”
“That’s right. Khalimmy’s an Iranian agent, Hill. Iran wants to use the Florentine to nuke the US computing infrastructure.”
“But where have you been?”
“It’s a long story. Basically, Khalimmy kidnapped me to get to the Florentine, and I’m pretty sure one of his guys used it to launch their attack. And meanwhile, the Russian intelligence service is trying to cover the whole thing up.”
“Jesus. We’ve got to get you back to the NSA, Alex.”
“I’ll call them as soon as I can, but right now I need some advice. I need time to think.”
“What’s there to think about? Just call the NSA and let them take care of it.”
“It’s not so simple, Hill.”
“I hope you know what you’re doing, Alex.”
Hillary pulled into the right lane and slowed for a red light. When the signal turned green, she turned right and accelerated onto the 101 Freeway onramp.
“Any news about Linda?” I asked.
Hillary hesitated.
“What?” I probed. “Just tell me.”
“She’s not doing well. Her lung was improving yesterday, then all of a sudden this morning she started wheezing.” Hillary grimaced. “I just don’t know. They rushed her back into surgery right before you called.”
“Oh God.”
“We’re praying for her, Alex.” Tears began streaking down her cheeks.
“Me too,” I said. “Me too.”
“I’m sure they’re doing everything they can,” she continued, wiping tears. “But right now, I’m worried about you.” She paused. “Just for God’s sake, try to stay safe. I don’t know what I’d do if anything ever happened to you.”
Twenty minutes later, Hillary pulled up to the UCLA turnaround in front of Engineering IV, then gave me a kiss on the cheek and another admonition to be safe. I took off for Boelter Hall with a promise to call and report my status later that evening.
Boelter Hall, the home of UCLA’s Computer Science Department, was also my home away from home during my four years studying at UCLA. Built in 1959 and showing its age, Boelter had a long and storied history. Its rooms had not only housed countless generations of engineering students, but also the first computer routers of the ARPANET, predecessor to the Internet, and even a small nuclear reactor.
Amir Taheri opened the door to his third-floor lab on the fifth knock and stared at me for a long second. Then his face lit up.
“Alex … Alex Fife! How long has it been?” Amir embraced me warmly. “Three, no, four years since you graduated? Come in, come in!”
Amir Taheri, aka the “Hardware Guy,” was a Comp Sci department fixture, the kind of guy who never seemed to age, always had a smile on his face, and somehow managed to help generations of pimply-faced undergrads with their advanced algorithms homework while still putting in an honest nine-to-five day fixing department computers. I’d served as Amir’s intern and chief gopher during my junior and senior years, but hadn’t seen him since. My faced flushed in a mild pang of guilt for not visiting the man who most helped me cope with the death of my grandmother
during my college years.
“I hoped you’d be here,” I said earnestly. “I figured you’d retired by now but it was worth a shot.”
“Well, you’ve come just in time, Alex. In fact, I retire next Friday after forty-five years of service. I hear they give you a UCLA Engineering watch at forty-five. I could use it,” he said, tapping the old Mickey Mouse-themed timepiece strapped around his wrist. “I’ve had this one since you were solving integrals down in thirty-four hundred.”
“Good timing then!” I said, momentarily cheered. Amir’s tender smile at once rekindled the warmth I’d felt for him during my time at school. “You look exactly the same,” I said. It was mostly true; prematurely gray, he’d looked in his fifties as long as I’d known him, and with the exception of a few new wrinkles, he looked just as I recalled.
“Would you like some coffee?” he offered.
“Please. I could use some.” I nodded, leaning up against his workbench.
Amir filled a Styrofoam cup with instant black coffee and deposited it next to me. “So what brings you here, Alex? Just reminiscing? You know, three of your classmates have come to visit—with darling children of their own, no less—in the last few weeks. When it rains it pours, I guess!”
“It’s strange how that happens, sometimes,” I said, “but I’ve come for a different reason. I need your help. Do you have an hour to hear me out?” I withdrew Sami’s notes from my pocket and laid them on the table. “It’s literally a matter of national security.”
Amir’s smile melted and his face inspected me with a look of incredulity.
“I have time,” he said. “What’s this about, Alex? And why me?”
“May I?” I asked, walking over to lock his door. “I’ve become more paranoid over the past few days.”
“Go ahead,” he said, easing himself into his cracked leather desk chair.
Over the next hour, I downloaded and decrypted the files from DropBox, then brought Amir up to speed on the nature of the Florentine, briefly going over each section of Gennady’s translated document.
“Let me summarize my understanding for you. Please correct me where I’m wrong,” he said once I concluded.
“Sure.”
“The Russian intelligence service has embedded a back door inside every copy of Windows running today.” He touched his laptop. “This laptop, for example, has the back door.”
I nodded, and Amir took my cue and continued. “Each back door gets its commands from Microsoft’s update servers, which are traditionally used to distribute legitimate bug fixes and security updates to Windows computers.”
Again, I nodded.
“The Russian intelligence service also added a back door to Microsoft’s update servers, which allows anyone with the Florentine Controller tool to submit attacks to the update servers without Microsoft’s knowledge. Once the attack is sent to the update servers, anytime a Windows machine connects to a server to retrieve the latest, legitimate updates, it will also retrieve the attack commands, if any are present—”
“That’s my understanding,” I interrupted.
“Okay. Let me finish.” Amir stood up and began pacing. “In their default configuration from the factory, each Windows computer is configured to contact these update servers once every twenty-four hours, to download these legitimate updates. So within a twenty-four-hour period, all machines that are turned on and connected to the Internet will contact Microsoft’s update servers as a matter of course and unknowingly retrieve the attack—along with any other legitimate updates posted by Microsoft—if an attack has been submitted for distribution. Is this correct?”
“Yes.”
“Okay. And finally, every attack must be encoded with a special cryptographic authentication key provided by the Russians, or the attack won’t be accepted and executed by the back door in Windows. This limits someone who discovers the Florentine system from abusing it, since they won’t have a valid key. Is that right as well?”
“Yes.”
“Okay. I think I’ve got it.” He paused. “And you are certain that this man, Khalimmy, used the Florentine to launch an attack?”
“Not positive, but I’m pretty sure. They had the entire attack prepped and ready to go. They were waiting for the results of a test run on their own, guinea pig computers, before launching the full-scale attack. When everything went to hell, the other agent began pounding away at his keyboard, and I don’t think it was to eliminate evidence. He knew what was coming. I took these from his desk.” I pointed to Sami’s notes. “Any clues?”
Amir picked up the clutter of college-rule notebook pages and Post-Its and diligently reviewed each.
“This essentially confirms some parts of the attack,” he said, shaking his head. “These people are sick, they …” He grunted. “When the payload software arrives on a new PC, it goes to sleep,” he rifled through the sheets until he arrived at a stained sheet of notebook paper, “until ten a.m. Pacific Time on Wednesday morning. It doesn’t say anything about what it does after it triggers. It also lists two Windows settings values. One has a value of ‘en-us,’ and the other ‘he-il’.”
“Ring any bells?” I asked.
“Yes, yes, this makes sense. You said their goal was to attack American and Israeli computer systems. This is how they identify which machines to attack. They are checking to see if the currently configured display language in Windows is either American English—that’s the ‘en-us’ setting—or if it’s ‘he-il’—that almost certainly stands for ‘Hebrew-Israel’. In fact, I configured these very settings for a recent visiting Taiwanese professor who wanted his computer’s language changed from English to Traditional Chinese. We set his computer to ‘zh-cn’. But with this program, if the machine is configured to use either the English or Hebrew languages, they launch the attack.”
“Well, at least that clears up how they identify target machines,” I said. “I had assumed they’d use the time-zone setting to decide what computers to terminate.”
Amir set down the pages and stared thoughtfully into space.
“You need to contact Microsoft and get them to shut down their update servers, immediately. If, as you say, the Florentine distributes attacks through Microsoft’s Windows Update servers, then the faster you shut down those servers, the fewer machines will be able to contact them over the Internet and retrieve the attack program. As for those computers that are already infected, I’m at a loss.”
“I agree, but I can’t just call Microsoft and ask them to shut down thousands of servers. They’ll think I’m crazy, assuming I could even find the right people to call.”
“Call your contacts at the NSA then.” Amir grabbed his phone and deposited it at the edge of his desk. “Call now.”
I habitually reached into my pocket for my smartphone and came up empty.
“Dammit. I don’t know how to contact the NSA people I talked to earlier.” I picked up Amir’s phone and called my old boss at ViruTrax. His voicemail picked up immediately—he was on the phone with someone—so I left a brief message, recited Amir’s number into the handset twice, then hung up.
“He’ll call right back. He’s obsessive about checking his voicemail.”
“In the meantime, we must think of a backup plan for those computers that are already infected,” said Amir, glancing down at his watch. “On the typical computer, Windows checks the Microsoft Update servers once per day, so roughly one-twenty-fourth of the affected computers would check every hour. So if this man launched the attack three hours ago, up to twelve percent of American computers may have already been infected. Fewer in Israel, where it is in the middle of the night and many computers will be turned off. Even if the NSA can shut down Microsoft’s update servers, it won’t do anything for those that have already been infected.”
“So the question is,” he continued, “how can we use the Florentine to cure these infected computers? Could we send a cancellation message—tell the infected computers to abort the attack?”
<
br /> “Not without the right password.” I paged down through Gennady’s translation and pointed. “Here. ‘When launching an attack with the Florentine, the operator must specify a password and an authentication key in addition to the attack instructions and targeting parameters. After the attack has been launched, it may only be cancelled or have its parameters adjusted by an operator in possession of this original password and the authentication key of the original attack.’
“Any hint on possible passwords or keys in Sami’s notes?” I asked.
Amir sat up in his chair and rifled through the crumpled sheets. “The password could be anything…. I don’t see anything that stands out. There is a number circled here,” he held up a Post-It “which could be the authentication key.”
“But that’s worthless without the password,” I lamented.
Amir began pacing the room in thought, then stopped. “Ah!” he said brightly. “I have a solution. We can use the Florentine to send a new command to all of the computers, and instruct them to rewind their internal clocks backward a few days, perhaps even a week or a month back. Say we set the internal clocks of all those computers back forty-eight hours. When the trigger time on Wednesday comes around, all the computers will think it’s still today, preventing them from launching the attack. That will give the NSA two extra days to properly fix the problem. Or you could fast-forward the clocks to Wednesday, after ten a.m., and bypass the trigger date completely.”
“I considered both options,” I said, “but the document says that the Florentine back door in Windows intercepts all attempted changes to the system clock, and adjusts the trigger time of existing payloads accordingly. So rewinding or fast-forwarding the time won’t have any effect.”
Amir’s smile dimmed. “Back to the drawing board then.” He glanced at his watch. “Maybe you should try contacting your boss again? Or asking another colleague for the NSA contact number? And perhaps we should experiment with the Florentine software now. That way, should we identify a weakness, we can use it to deploy a cure immediately.”
“Okay,” I said nervously, “but I feel like we’re playing with live explosives. We’ve got to be extremely careful.”
The Florentine Deception Page 28