Mission: Tomorrow
Page 26
Just as I got back to my office, my watch buzzed with an incoming voice call.
Amanda, read the display on my wrist.
What I wanted to do was strip the thing from my arm and fling it into the corner with the Hi-Kaf Kola can, but I sighed and took the call. “Hey, boss,” I said, trying to keep it light.
“What the hell is going on with your bird?”
“It’s rejecting my commands.” I slipped into my seat. No new information on the screen. “And the main engine burn . . . that wasn’t me. I’m still trying to figure out what caused it.”
“I don’t care what caused it. Have you seen where it’s going?”
“Uh.” That was something I hadn’t had a chance to look into. “Hang on.”
I pulled the orbital track view back from detail level to overview.
The package was on course to enter Earth’s atmosphere over the Kamchatka Peninsula, with exactly the correct angle for a successful insertion. Depending on the exact attitude of the lifting body, it might still bounce off or burn up. But even if it didn’t, it would land in the mid-Pacific . . . where the water was far too deep for a profitable recovery.
“Uh,” I repeated brilliantly.
“Do you realize how much money is riding on this?”
I knew exactly how much money was riding on it. If my package didn’t pay out, not only would there be no condo in San Francisco, but it would be the end of my job, and—given my obsolete skill set—probably the end of my career. I wouldn’t be able to keep up the payments on my Space Resources buy-in loan. Which meant bankruptcy not only for me, but for my fabulous octogenarian uncle Roberto.
Roberto had been so good to me. If I repaid everything he’d done for me by losing him his house . . .
Could be worse, though, I thought. Could be coming down on New York.
Suddenly the text window on my screen that showed the last few lines of the package’s system log file burst into life, thousands of additional lines scrolling rapidly by. “Whoa,” I said, “I just got the hourly data dump.” I hit Pause and started inspecting the data. “At least it’s still talking to me, even if it’s not listening.”
“Can you use this to get it back on course?”
“Maybe, if you leave me alone!” I snapped.
“All right. But keep me posted on your work! I want hourly updates.”
“Sure,” I said, not meaning it, and cut the connection.
Orbital tracking could tell us where the package was going to hit, assuming nothing else changed. Telescopes and radar could tell us if it did anything to change its trajectory. But unless we understood why it had fired its engines on its own authority, there was always the possibility it would do so again, throwing any plans we made out the window . . . or turning the situation worse. Much worse. I had to understand what had happened so we could figure out what was going to happen next . . . and maybe regain control before it was too late.
I settled down to read the log files.
Reading log files is tedious. Mine were incredibly voluminous, recording every system activity no matter how trivial. Some asteroid miners turned the log level down, or even off, to save bandwidth, but I kept mine all the way up because you never knew when you might need them. In this case, I was glad that I had all this data, but it still took time to sort through it.
In addition to simply skimming the text with my eyes, I used a variety of scripts I’d developed over the years to spot anomalies and trends. Every once in a while I’d notice something that might or might not be indicative of something interesting, and sometimes I’d write a new script to investigate more closely.
My first breakthrough came when a script I’d written to look for unusual numeric values spotted an unexpectedly large data upload about half an hour before the unauthorized burn. It was a standard push of doppler correction factors for Earth-based communication, but those were usually only a couple of kilobytes and this one was several megabytes. A megabyte wasn’t much by modern standards, but the package’s control system had been designed when DSN charged by the kilobyte, and it generally ran much leaner than that.
I looked deeper. Although the log didn’t record the content of the upload, just its size, it did include the sender’s network address. And that sender wasn’t the same as any of the other doppler correction pushes. I didn’t recognize the address block at all.
I sent off a query to the DSN administrators, including a snippet of the log file, asking if they had any idea what might be going on. Then I kept looking.
There weren’t any other uploads from that same address. But there were lots of log entries mentioning addresses in the same block. Not regular, and not very frequent, but there had been as many as several per day, going back weeks.
Each one was an attempted upload of some kind of data to one of the package’s many subsystems that accepted it, and every one had been rejected due to lack of appropriate authorization. In other words, they hadn’t presented the appropriate security certificate.
No, wait. Not all of them had been rejected. One of the attempted uploads from the suspect addresses had gone through. It had been a doppler correction push, of only a few bytes.
The big upload had followed that one by a few hours. And half an hour after that, my package had fired its main engine.
I was getting an itch between my shoulder blades.
I’d been hacked.
“It’s an old bug,” I explained to Amanda. “Actually two bugs. One is a security vulnerability that allows a doppler correction push without a valid security certificate under certain circumstances. The other is what’s called a ‘buffer overrun,’ which is a class of bug that used to be a big problem back when this operating system was originally written. Basically, it lets you put more data into a buffer than the buffer has room for. If this happens, the data goes past the end of the buffer and overwrites executable code. Usually this just crashes the system, but if you know exactly what you’re doing, instead of crashing it you can make it do whatever you want.” I rubbed my eyes, which burned like crazy after eighteen hours of staring at screens. I’d lost count of the number of delivery drones that had brought me Hi-Kaf Kola. “Both of these bugs were fixed years ago in the real world, but the fixes weren’t in the space-certified code branch so they didn’t get included in our updates.”
“Why the hell not?”
“I don’t know. Not high enough priority, or not tested by the right people, or maybe they just slipped through the cracks. In any case, we’re pushing a patch out even as we speak. I’ve notified our competitors, too, in case they have the same bugs in their code, and Raphael’s heading up a search for any other such vulnerabilities.”
Amanda sighed with relief. “So we’re back on track, then?”
“No, we aren’t.” I ground my teeth. “We’re patching the other packages, but not mine. When the hacker or hackers took control of the command processor, not only did they fire the engine, they changed the certificates. We’re still getting log files and a few other data downloads, but we can’t send commands. We’re locked out of our own package.”
“Hack them back! Break in the same way they did!”
“We thought of that already, and so did they. According to the logs, closing those loopholes was the first thing they did after changing the certificates. Looks like they patched a lot of other bugs, too. One of the things Raphael is looking for is any vulnerabilities they don’t know about, but so far it looks like they were pretty thorough.”
“Why . . . why would anyone do such a thing?”
“Why does anyone do anything, these days? Money.”
“Are they holding the package hostage?”
“Doubt it. We haven’t received a ransom demand, right?”
“Not to my knowledge.”
“They wouldn’t be subtle about it. And if they can get the whole package for themselves, even at black market rates that’s a lot more than we’d pay in ransom. No, looking at the orbital track, my gue
ss is that they plan a last-minute retro burn to bring the package down somewhere in the Bering Sea. The hackers could have a pickup boat waiting, bring down the package right next to it, and get away with the core before we or anyone else can make it to whatever isolated location they’ve chosen.”
“That’s not what I’m thinking they have in mind.”
Bad as the situation was, the despair in her voice surprised me. “Oh?”
“They could boost instead of doing a retro burn. With that orbital track, they’ve got enough delta-V to hit Seattle. Or Vancouver. Or San Francisco.”
My eye flicked to the clock display—two days, eight hours, twenty-six minutes—and the view from my San Francisco condo . . . condo-to-be, if I could turn this mess around. I swallowed hard.
“Whatever they have in mind, I promise I’ll do what I can to stop them.”
But when I awoke the next day, bleary-eyed and jittery after a two-hour nap that no amount of coffee and Kola could stave off any longer, I was no closer to fulfilling that promise than when I’d made it.
Raphael had come up dry. Even trolling the least savory communities hadn’t come up with a vulnerability the hackers hadn’t already closed. And almost all of the tricks I’d learned over my years as a sysadmin for resetting or rebooting a hacked system required physical access to the machine, or at least to its network or power connection, and this system was literally a million miles away. Though it was racing closer by the minute, and would be hitting the atmosphere in less than twenty-four hours.
There hadn’t been a ransom demand, nor any threats from terrorist groups. Nor had the package changed course—it was still, apparently, headed for the mid-Pacific—but if I was right about the hackers’ plan they wouldn’t make their retro burn until the last possible minute.
I’d tried everything I could think of to regain control. I’d asked DSN to intercept or cut off the hackers’ access to the package, but they couldn’t—the hackers weren’t going through them. All the security certificates and passwords had been changed. Even the low-level maintenance channel had been taken offline.
I’d been reduced to guessing passwords, and even that wasn’t going well. I knew nothing whatsoever about the hackers, not even what language they spoke, which gave me no basis for my guesses.
Amanda wasn’t even bothering me for updates anymore. I think she had given up on me. She was probably working directly with Orbital Control to take immediate action in case the asteroid was retargeted to come down on some city.
Not that there was much action they could take, other than trying to evacuate the target city. In theory, an incoming asteroid could be destroyed or diverted with a nuclear missile, but all international, national, and private efforts to actually develop the means to do so had foundered on issues of technology, treaties, liability, and especially cost. Despite the undeniable threat posed by potential asteroid impacts, whether natural or mined, nobody had ever ponied up the trillions of dollars it would take to build a system to prevent one.
I dragged myself from the filthy, sweaty couch where I’d fallen asleep and sat down at my screen. But the windows full of code and notes, and orbital tracks of doom, and hundreds and hundreds of unanswered messages stared right back . . . and I couldn’t take it.
I got back up.
I paced around my office.
Then I punched the wall so hard I put my fist right through it.
Standing there looking at the hole, sucking on knuckles that tasted of blood and drywall, I couldn’t help but think that some city, maybe even San Francisco, might wind up like that . . .
This was all my fault. If only I’d taken more care with my patches, done more research on critical security updates, kept a closer eye on my logs . . . maybe I could have prevented this.
I collapsed to the floor and bawled like a baby.
And then the doorbell rang.
It took a while for the sound to penetrate my sleep-deprived, miserable brain to the point that I could understand what it was and comprehend that it was coming from outside the apartment. I hadn’t even thought of the outside world in almost forty-eight hours . . . even though my concerns were out in space or halfway across the planet, my focus had been on the screen ten inches in front of my nose.
The bell rang again, and this time I managed to recall what it really meant.
My cleaning lady. I’d told her to come back tomorrow. And that had been yesterday.
“I’m really sorry, Cheryl . . .” I began, but she didn’t let me finish.
“You look like shit,” she said, setting down her bucket of rags and bottles. “Are you in trouble?”
“I . . .” I took a deep breath, ready to put on a good face, but somehow the oxygen just made everything worse, fueling my fears and anxieties and making me realize just how hopeless the situation was. “Yes!” I sobbed. “Yes, I am in deep deep trouble.” And I told her the whole thing, with tears running down my face and my nose filling up with snot.
“That’s quite a story, son,” she said, and handed me a tissue from the box in her bucket. “But crying never solved anything. Come on, let’s see if we can fix this.” She picked up the bucket, pushed past me, and headed up the stairs.
I wiped my eyes, blew my nose, and—not knowing what else to do—followed her.
She made me tell her everything—all the technical details, all my guesses and blind alleys and failures. She asked a lot of questions; they got sharper and sharper as we went on. Then she started suggesting solutions. Nothing I hadn’t already tried, but still . . . “You know this stuff already?”
“This stuff in particular? Nah.” She shook her head. “But I owned a contract structural engineering firm for twenty-seven years. You get pretty good at sussing out technical issues when there’s a different problem every month.”
“I had no idea you were anything other than a cleaning lady.”
She snorted. “I’ve been fighting that attitude ever since college. No matter how good my grades, how strong my evaluations, no one would take me seriously as an engineer. Later, when I started facing ageism as well as sexism, I sold out to my employees and retired. Gimme that.” She took the stylus from my hand and started poking at the screen herself. “But I got bored with retirement, so I started cleaning houses. I always liked to clean things. Made me feel good to bring order out of chaos, you know?”
“I wondered why your rates were so low . . .”
She grinned at me over her shoulder. “That was just because I thought you were cute. Most people pay market rates, but you remind me of my second husband.” She turned back to the screen. “Here’s what I’m looking for.” She pulled up a block diagram of the system on the big screen, started peering at it, snapped her fingers behind her back at me. “Get me a cup of coffee. Black.”
I went to the kitchenette and found a clean mug, then brought it back to my office and filled it with coffee. She took it with a grunt, swigged, made a face, and kept scrolling around the diagram as though looking for something she wasn’t finding. “If the roof is cracking,” she muttered, “check the foundation.”
“Huh?”
“There has to be some kind of foundation to this whole thing. Some kind of technical underpinning that touches every system. It’s not on this chart.”
“There’s the power system . . .” I took the stylus from her papery fingers—it felt weird—and called up another diagram.
“Is there some way you can use this to get around the hackers?”
I tapped the stylus against my teeth, staring bleary-eyed at the diagram and thinking like mad. There was the reactor, the voltage regulator, the . . . “Whoa.”
She gave me another over-the-shoulder grin. “I like the sound of that.”
I tapped a line on the chart. “The reactor has its own connection to the high-band dish.” Almost every other subsystem communicated only via the control processor, but the reactor had its own comm link. “We used that during start-up, before the control processor
was active.”
“Is it still up?”
“I have no idea.”
“Find out.”
To answer that question I had to pull up old documentation I hadn’t consulted in nearly five years. “Hey!” I said. “The reactor has its own OS.”
“Is that good?”
“It might be . . .” I copied a basic status command from the documentation, pasted it into a terminal window, tapped Transmit, and held my breath.
Half a minute later a reply came back, a line of hexadecimal digits. I let out my breath in a huge inarticulate yelp of joy.
“What does that mean?”
“It means I can talk to the reactor.” I put my stylus between my teeth, pulled up the keyboard, and muttered semi-intelligibly, “Now let’s see if that does us any good . . .”
Two hours later, after frenzied conversations with other miners, a retired power system engineer, and some anonymous programmers on a sketchy message board, I had a potential solution . . . sort of. “The reactor’s firmware is version 10,” I told Cheryl, “which has a command for an emergency shutdown that doesn’t require a password. The fool who coded it thought it was a safety improvement, but it was actually a massive potential denial-of-service attack. They closed that loophole in version 11 . . .”
“How does this help?” She looked nearly as fuzzy as I felt.
“Sorry, I’m getting distracted. An emergency shutdown on the reactor will force the command processor into safe mode. From there I can change the root password and get control back. But I have to get in before the hackers do, or they might beat me to it.”
“Is there any way to cut off their access?”
I shook my head. “I’ve tried, but DSN can’t cut them off. They aren’t going through DSN.” Suddenly something occurred to me that I hadn’t considered before. “Which means they must have their own dish, or dishes. Let me check something.”