Supervirus
Page 22
President: Defense and DHS, what are you recommending at this point?
DoD: We've been in contact with NSA on this and we advocate the ninety-eight percent shutdown plan.
President: Let's hear that, please.
DoD: The ninety-eight percent shutdown plan is where we shut down basically the entire public Internet and defense networks. We keep a fraction of the network alive for emergency communications and government communications within and between countries. Naturally shutting down the network creates a defense vulnerability for us. We get around that by negotiating the shutdown simultaneously with China and other nations. Then we use part of the 2% to monitor the network and ensure that it remains in shutdown status. This would prevent nations from keeping their networks up out of fear that they will be the only nation left with their pants down.
President: NSA, do you advocate this plan?
NSA: The ninety-eight percent plan wouldn't work. The reason is that we have no reason to think that we can quarantine the 2% of the network so that it won't be infected. Even after we shut down the rest of the network, some of our 2% will be infected and we'd expect the whole 2% to become infected quickly. This would jam our ability to monitor the networks. In that situation, you could expect the other sovereign nations to panic and put their networks back up. Because, without the monitoring, they would have no assurance that their neighbors or enemies aren't putting up their networks. Also we have no reason to think that we can convince foreign nations to shut down to begin with.
DoD: Mr. President, we could enforce the ninety-eight percent plan by applying military force to those nations that don't cooperate.
President: In that case, we're suddenly launching airstrikes on half the planet?
DoD: If half the planet refused to cooperate, yes, sir.
President: NSA, what do you advocate?
NSA: Our main alternative is to try a global network shutdown by cyberattack. In that case, we spread counter-viruses that are designed to spread themselves and then shut down infected computers.
President: Would that destroy data on infected computers?
NSA: No, sir. We could control the exact details of what the virus does. But we're probably not ready for a complete destruction of data.
President: I'm pretty sure we'd go to hell for that.
NSA: Yes, sir.
President: So we could knock the systems out without a big loss of data.
NSA: That is correct, sir. Though, as an aside, we don't really know how much data damage is being caused by the current disruption.
President: This current disruption — will it block our counterattack?
NSA: If it's a virus and nothing more, it's unlikely that it's built to resist an attack. If the attack is being conducted actively by a foreign power, they may or may not have the ability.
President: How much could we take down and how quickly?
NSA: That's hard to say, but we estimate fifty to sixty percent of the global network within twenty four hours.
President: And after that?
NSA: Not much more.
President: Sixty is a lot less than 98 percent. Could someone like China end up with a disproportionate piece of the pie?
NSA: It's possible. It's not an exact science. In fact, we'd be releasing different versions of the same virus. We have to attack computers running different systems, such as Windows, Mac and Linux, separately.
President: If we can get only 60%, then how has somebody taken down 85% of our network?
NSA: That's a great question, Mr. President.
President: Save the compliments and get me great answers for my great questions. Defense, you advocated the 98% shutdown, but NSA said it's unenforceable. What's the discrepancy?
DoD: Sir, we agree that enforcement will be difficult, but we advocate the shutdown plan for three reasons. First, the responses of the other countries and their compliance and lack thereof should prove greatly useful in determining the origin of this attack. Identifying the sovereign nation or terrorist group responsible for this would obviously be useful. Second, if we take the cyberwar route instead, as NSA suggests, we are playing our main threat and taking it out of the equation. We need to keep the cyberwar card in our pocket as a threat and leverage it against our attackers once we have identified them. Third, at the moment our armed forces are not at readiness to support a cyberwar attack with air and land offensives. We have limited satellites. We need to get them back up before we can launch a coordinated attack.
President: NSA, respond — and make it to the point, please.
NSA: The 98 percent shutdown won't be monitorable at ALL. So we won't see compliance. We won't see our attacker. We won't see anything. The network out there doesn't belong to us anymore. As for getting the rest of DoD operational, I don't think that's going to happen as long as we don't have the network.
President: We have two plans that may not work and which may involve launching airstrikes on other nations. DoD, launch the airstrikes on the twenty locations. We need to be in touch with those nations so they realize we're not declaring war on them, but we'll let them know just before the strikes. NSA, get your counter-viruses ready and as soon as they are ready we'll use them. Second, you have to work on our monitoring and cooperation enforcement. You have the smartest people in the world. Figure it out. Because we need to be prepared to go to 98% shutdown. If the counter-viruses don't work, it will be our only option. DoD, you need to get an attack capability without our network. I don't care if we're flying prop planes with semaphore, we have to be able to attack targeted locations. Lastly, we need to find the source of the attack, both of you. Keep me posted on status. Stand by for instructions on the shutdown. We'll prepare the Executive Order. And be ready for war.
END OF TRANSCRIPT
Be ready for war. Carrillo read over that line. “War” meant cyberwar, at least in part. And cyberwar was a Joint Forces operation. It had its own chain of command that was not part of the Services — the Army, Navy, Air Force, or Marines. And while the Services didn't report to him, the Joint Forces had more clout. It was why Carrillo's career had ended up where it had: he was exceptionally talented and intelligent, enough so to transfer to the Joint Forces, enough so after a long, long career to become a General, and then after a couple years to be a General in Colorado, in cyberwar operations.
If this really happened, Carrillo was going to be at the front of the nation's war effort. He'd essentially be reporting to the Secretary, who'd in turn be reporting to the President.
Carrillo knew his field, and he was as well prepared for the job as anyone. But the challenge they were facing was something new, a piece of the future, and Carrillo couldn't help the fact he was coming from the past.
He glanced at the Secretary. Every Secretary of Defense was perfectly prepared for war, more than any President ever could be. But the Secretary was going to have his hands full. He didn't know where his physical resources were. There was domestic chaos, one that might require the deployment of DoD resources. The Secretary was going to depend on him to do his job: make the decisions in his area.
He looked down at a paper cup of coffee he was swirling in his hand, beside the transcript. The Pentagon coffee tasted terrible. It felt like years since early that morning, when he was on the road to the base over a thousand miles away, trying to remember whether he had made coffee and left it on the kitchen counter.
Carrillo felt the weight of the world on his shoulders.
SCANNING KENNY'S HARD DRIVE
As Kenny slipped away from Flannigan, a member of the Agency forensics team was completing the rush analysis of Kenny's hard drive.
Kenny's hard drive — the one that had been secured in his house in Cambridge, MA, with yellow emergency tape, across the street from Willard's F150 with the dead federal agent wrapped in a tarp in the trunk — had been picked up that morning, per Flannigan's orders, and whisked away for inspection by forensics staff at the Agency. Coming from Flannigan, wh
o was relatively senior and made such requests rarely, the job was expedited, even though the team didn't know exactly what they were looking for and they were having trouble reaching Flannigan.
The team stayed on task even as the supervirus took hold of the Agency's network and dwarfed any other priority its staff was working on. Since the origin of the supervirus was mysterious, every computer was roughly as good a subject as any other to try to figure out where the supervirus had come from and where it was going.
The closer the team looked and the more checks they ran, the more they made unusual discoveries.
In the pre-Nemo era, the vast majority of computers that were compromised were open and shut in an instant. Usually a Trojan was installed, maybe some emails were sent, and that was it. Not so with Kenny's computer. Granted, he ran Linux, not Windows, and anybody who hacked a Linux box was of a higher caliber, and would often try to get authority as the root account and cover his tracks.
Whoever had hacked Kenny's computer had done something different. The team found a series of files that had been “touched” — opened or moved or modified — around the time that Simon had been hacking into the computer and found Nemo on chat. They found that the intruder (Nemo, though the team didn't know him by name, only the IP address he came from) had gone straight to Kenny's email and started copying some files.
The weird thing was that they could see the exact commands the intruder had used. And the intruder hadn't needed to do any looking around at all. He entered specific commands to start copying files. That seemed impossible, because any files the intruder was looking for could plausibly be found under any of several likely paths in Kenny's filesystem. The intruder seemed to know exactly where everything was on Kenny's hard drive.
That wasn't even all of it. The forensics guys looked around for a Trojan or worm on the computer. They thought they found it — a highly foreign piece of code that regulated a flow of information (such as those email files that were copied) in and around Kenny's computer. It wasn't a known worm or exploit.
The forensics director would tell General Carrillo several hours later: Then we looked exactly where the malicious code was copied. It wasn't a Trojan or a worm really — it looked more like a piece of P2P software. Anyway, we looked where it was copied and happened to notice what had previously been at that location. It was copied over something similar. It looked like the Trojan had already been there, but AN EARLIER VERSION. It looked like the computer had already been compromised by the virus. And not only that: when the virus came back, it remembered where everything was on the hard drive. So it didn't look like a virus at all. It looked like a person. Someone who knew exactly where everything was on the drive. We started looking at crazy ideas. That it was one of our guys. Or that this guy was hacking into his own computer. Then our guy who looked at the code thought it was too unusual to come from a U.S. national — China, he said, or he'd think it an alien sooner than a U.S. national.
That's what they thought early in the day. But they continued investigating.
The files that were copied, the email history files, were from a short period of days.
The first one was an email from Kenny:
I hope your visit is going well. I can't believe you have no Internet (or almost no Internet) out there. I feel like I'm writing you a letter. Anyway, things have been good here. I started a new project. I'm actually almost excited about it. I don't know if it's SERIOUS but sometimes I think serious is the opposite of what the universities think serious is. Anyway, there's even a chance it might be of some practical use....ok unlikely but maybe. What am I talking about? Anyway if you were here I'd describe it to you. I hope you're having a good time. Let me know how you're doing.
Kenny had started writing his stock picker on the day Preeti traveled down south to try out a new spiritual meditation group.
From the next day, Kenny again:
It was good talking to you last night. I hate talking on the phone. You sound so far away.
The day after, Kenny again:
No one answered the phone last night. What the hell! Although given how you described the campsite you're at I'm not surprised. Anyway, I've been slaving away at this new program I'm working on. It's supposed to pick stocks and make money :-). I know that's not interesting to you but you know sometimes the only way to forget about money is to make money. Not that this thing is actually going to work — but if it did. I feel like I'm working on something real at least. And you know, even if it doesn't work, maybe some interesting byproduct will come out of it.
And the next day, from Preeti:
I'm sorry I missed our phone date — we've been so busy. This is a tremendous amount of work down here. I've barely slept or eaten the whole time. I can't even begin to describe it to you.
The timestamps on his stock-picking files indicated that Kenny's work on the project tapered off, as it had on all of his projects. By the time Preeti had been home a couple of days, he'd given up on it. Then he was back to his old routine: sitting at the computer in the middle of the night, thinking of dumb ideas for something to work on.
The forensics team didn't have enough information to figure out what the intruder (Nemo) was doing: examining what time Kenny had written the program. They didn't reach the guess that Nemo seemed to be looking at why Kenny had started writing the program, and why he had stopped writing it.
They didn't see that, after poking around Kenny's inbox, the intruder had examined all Kenny's mail to and from Preeti. They didn't see that the intruder had then remotely hacked into Preeti's mail and read her messages, including dozens from her friend Lindsay, most of which included second-hand reports from Koginka.
The forensics team was focused on something else: the supervirus. By the time the afternoon had rolled around, some members of the team had gotten an idea. Was it possible that the Trojan they found, the code they figured was written by a Chinese teenager or an alien — could that be the supervirus?
If it was the supervirus, then the previous code — the “fossil” code written over — was an early trace of the supervirus. By all appearances, that computer was part of an early generation of computers infected by the virus. It was, by far, the best indication yet of the origin and nature of the supervirus. If that code was supervirus code, then Kenny's hard drive had to be close to where the supervirus had been born.
KENNY MEETS NEMO
Fort Tortuga, Laboratory Complex
5 hr 4 min to Birth
As Kenny reached the reception area, he relaxed his guard. He had seen Raymond's body. On the way out of the changing room, he had stepped over the lifeless body of a security guard. That was scary; but Nemo had chosen not to kill him, yet. If the flybots wanted to get me they would have done it by now.
Another security guard was frozen in a final, bloated lunge on the ground at Kenny's feet at the edge of the room. They had seen that body on the heat sensor screen. As Kenny imagined it, the guard (maybe that's Lewis, he thought) had been caught in the first few seconds of an attempt to respond to the emergency alarm.
Simon was sitting on the ground, curled against the front door of the building, his face red and bloated enough to have popped his wire-rimmed glasses mostly off his ears. His hands were held up in front of his eyes in a final act to defend himself.
He didn't want to see, Kenny thought, forming a metaphor. Nemo spares only the people who have the vision to see him. To accept him.
Kenny hadn't liked Simon much, but he never would have wished death upon him. Nemo operated by some twisted rules. The same went for Raymond: maybe testing on apes was evil, but Nemo had responded brutally. Nemo played by stricter rules. Or were there rules at all? Kenny would have to keep that in mind. He had a vague idea of why he was the only one left, and it gave him a sinking feeling.
He left the reception area into the left wing of the lab building. He came to a T in the hall with a sign:
<-- Computer Lab
<-- Prototyping Room
/> Assembly Area -->
In the Prototyping Room, the scientists developed new variations on the flybot. Kenny guessed the room looked like a mad scientist's laboratory: tools and gadgets everywhere. Lots of works in progress.