Cyber Countdown

Home > Other > Cyber Countdown > Page 26
Cyber Countdown Page 26

by Terence Flynn


  Barbara set up a meeting at her office with Shelly Brockner.

  “This Dimitri is very dangerous, Shelly, and if he was involved with the murder of Senator Thompson, he should be brought to justice.”

  “I agree, Barbara. But if the autopsy report says the evidence is insufficient to show that the senator was murdered, any charges would disappear. If the administration brought charges against him now, it would presuppose a murder that may never have happened.”

  “Okay, I hate the idea, but identifying and stopping an espionage ring would be a feather in the administration’s cap.”

  “Good. Let’s make a deal with the stipulation that Dimitri tell us who he’s working for.”

  Dimitri reviewed the deal with his attorney.

  “I’ll agree to the deal with one modification. I’ll tell them what I know about my employer if the government agrees to take no action against my sources.”

  “Okay, anything else?”

  “Yes, if the government decides they can’t or won’t prosecute my employer, I want the government to provide me protection from any retaliation. That includes any efforts necessary to obtain legally sufficient evidence to support a future prosecution of my employer.”

  “Okay, I’ll let them know.”

  After informing the president, the deal was agreed to by the Department of Justice. Dimitri and his attorney were flown to FBI headquarters in DC. Both Barbara and Shelly were there for the interrogation.

  “What can you tell us about the espionage, Mr. Vasin?”

  “The intelligence agent is a man named Zhou Ming who works at—”

  “We know where he works,” Barbara said. “Are you certain?”

  “Here are the pictures and videos,” Sylvester Irving said. “The US citizens involved in the espionage are also in the pictures. One is a corporate vice president named Alexander Buehler, and the other is a young enlisted man at Fort Belvoir named Koenig.”

  “How’d you identify your employer?” Shelly asked.

  “I’ve never met my current employer, but his representatives called him the Big Man. A Russian friend informed me of an individual who was called the Big Man by the KGB. He said the Big Man was a Russian diplomat who defected in 1978 while working at the United Nations. His real name was Sokurov, but he changed it after the US government relocated him and modified his appearance. An associate identified Sokurov from the information I provided to him. His current name is George Solomon.”

  Barbara smiled. She’d always suspected that George Solomon had criminal connections. Shelly Brockner also had no trouble believing Dimitri’s story, since she had independent evidence that George and the senator had a very contentious meeting days before he was killed.

  “Do you think George Solomon wanted Senator Thompson killed, Mr. Vasin?”

  Dimitri grinned. “I absolutely know that he did.”

  Shelly knew what that meant, and she also knew that there was nothing they could do about it based on their deal. She had an idea.

  “Dimitri, the deal you agreed to says that the government has to provide protection against any retaliation from your employer. It included any efforts necessary to obtain legally sufficient verification that will support a future prosecution of your employer. The only way we can obtain evidence to support future prosecution of George Solomon is if you help us. No one knows of your arrest. There was no story released to the news media because of its sensitivity with respect to our future relations with the Chinese. We’d like you to continue working with George until we can obtain independent evidence that will support his arrest. If you choose not to, then our deal with you is nullified.”

  Sylvester Irving jumped to his feet and said, “That’s an outrageous interpretation of our deal, Director Brockner.”

  “I haven’t heard any protest from your client, Mr. Irving.”

  “I accept your offer, Director,” Dimitri said. “I’d love to help you put him away, the sooner the better.”

  18

  James called Ann to tell her about what he and Rick had found in the safe at her summer house.

  “Hi, Ann. We found something interesting in your safe.”

  “Does it relate to my husband’s murder?”

  “We’re not sure. There were two large envelopes in a hidden compartment that only Philip could access. One envelope was labeled Backfire and the other was labeled Zeus. Both labels were in Philip’s handwriting. Would you know anything about that?”

  “No, I don’t, James. But that doesn’t mean anything, Philip was great at keeping secrets.”

  “I know. Rick and I just saw evidence of that while trying to crack the hidden compartment in your safe. Thanks, Ann.”

  “I take it from your conversation with Ann that she knows nothing about the envelopes,” Rick said, while staring out the window.

  “No, she doesn’t,” James said.

  “The snow’s coming down harder than ever, James. I sure hope your SUV can get us out of here.”

  James walked to the large window at the front of the house.

  “Yeah, there’s at least ten inches of snow. The only thing moving out there is that big SUV with a snow plow. It’s strange that he’s only plowing this street over and over.”

  “We need to go now, James. Do you know anyone who can retrieve my car and bring it back to my house in La Plata?”

  “Sure, Rick, I’ll have VSI take care of it.”

  “Which route are you taking home?”

  “I plan to take the main roads to my condo in Crystal City. Those back roads to your house probably won’t be plowed.”

  “I hope you don’t mind me staying at your place, James.”

  “No problem. My rates are well within the government per diem.”

  Rick smiled. “Could you load the SUV? I need to call my boss.”

  Rick called Director Brockner to tell her what they’d found in the safe and that he would be at James’s condo.

  “That’s great, Rick. I expect most government offices in DC to be closed for a few days. I’m staying in DC, since I’m tied up with some new evidence relating to Senator Thompson’s death. Call me if you find something.”

  It took more than three hours to get to Crystal City on the main roads. James walked into his condo and saw that the lights and television were on. JoAnn walked out of the bathroom wearing just a towel and a surprised look that matched the ones on James’s and Rick’s faces.

  After several seconds of silence, James said, “Hi, baby. What’re you doing here?”

  “I couldn’t drive home from the Capitol. The Key Bridge was closed due to an accident, so I took the metro here. I hope you don’t mind.”

  “Of course not. I hope you don’t mind that we have a guest. This is Rick.”

  “Not at all. It’s nice to finally meet you, Rick.”

  “Same here, Senator. Congratulations on your engagement.”

  “Thank you. Let me leave the two of you to your work so I can get dressed.”

  James took the folders out of his bag and dumped the contents of the one called Zeus on the dining room table. It included a USB flash drive.

  “Let’s start tomorrow with this one, and then we can look at the Backfire folder later, Rick. It’ll take us a few days to go through all of this.”

  “That works. The director said that the government offices in DC will be shut down due to the storm for at least a day or so. She doesn’t expect me to come in.”

  “Sounds like a plan.”

  The next morning, they began their analysis of the contents of Philip’s safe. James copied the contents of the flash drive onto his laptop and his backup laptop so he and Rick could work together. The drive contained a number of folders. They started with one labeled “Design Specification.”

  After they spent most of the day analyzing the information on the flash drive, James said, “I know what Zeus is, Rick. It’s a design specification for a sophisticated computer worm. Each of the Word files defines the specif
ication for the individual worm components. There’s a separate file for the target locator, propagator, command and control, payload, life-cycle manager, tracker, and update interface. This is Philip’s design, Rick. I recognize his style.”

  “You seem to have an enthusiasm for malware design.”

  “Not all malware, just worms. Both Philip and I found worms much more interesting than viruses. Unlike a virus, a worm has mobility that allows it to move through a network and its systems on its own. A virus relies on the media it’s embedded in. It can only move when the host program or application it’s in is downloaded or transferred by human interaction. A virus is like a bomb: it explodes wherever it’s dropped or placed. A worm is like a missile that can track targets and destroy them.”

  “It’s still malware, James.”

  “Yes, but just like a missile, it can be used for offense or defense, and the components are analogous. The worm’s target locator compares to the targeting system on a missile; the worm’s propagator to a missile’s rocket engine; the worm’s command and control to the same mechanism on a missile; the worm’s payload to the missile’s warhead; the worm’s life-cycle manager to the missile self-destruct mechanism; the worm’s tracker to the telemetry identifying the missile’s trajectory; and the update interface to a missile’s electronic interface that supports software updates.”

  “I think you have seen such worm technology before.”

  “I have, but this worm specification is more sophisticated than anything I’ve ever seen, Rick. It has a completely autonomous command and control system that can identify and track targets.”

  “What kind of targets?”

  “Virtually anything with software or firmware, including programs, applications, or malware such as other worms or viruses. The design can use specific code within the target software or firmware as a target signature. It can also use sophisticated artificial intelligence from internal or external sources to identify and track malware behavior and also attack and destroy it. It can even exchange information through a network protocol with other worms to share target information and coordinate attacks. This worm can also either destroy viruses or envelop them into its payload for infecting targets.”

  “That’s one hell of a worm, James.”

  “More like the worm from hell, Rick.”

  “Yes, and you seem to have such advanced knowledge about it. I get the impression that you’re not just familiar with this technology but have actually designed and used it before.”

  “Why do you think that, Rick?”

  “I’m somewhat knowledgeable on computer viruses and worms, but it’s clear to me that you’re an expert. You’ve picked up on the technology in the specification and its application very quickly. Much too quickly to have never seen it before.”

  James hesitated.

  “You’re right. I have seen it before, but I need your promise to keep what I’m about to say absolutely confidential.”

  “I promise.”

  “Philip was designing a very sophisticated defensive worm. It was designed to hunt down and destroy sophisticated malware using a technology that we developed at VSI years ago. It’s what we called our ‘secret sauce.’ We used it as a defense mechanism in our boundary protection systems.”

  “Why was it kept so secret? You could’ve put it in your patents.”

  “We decided when we started VSI that using malware as a defense was too controversial for a security system. No one would buy it. The design could also be modified for attacks, which is what Philip and I were afraid of. The concept isn’t new. It’s like an antiworm.”

  “Like the CodeGreen antiworm I read about in school? Wasn’t it used to attack and destroy the CodeRed worm?”

  “Yeah, that’s the one. But this one is infinitely more sophisticated.”

  “How are you so sure that Philip designed it?”

  “I recognized his programming style and the basic design as one we’ve used before.”

  As Rick went through the papers in the Zeus envelope, he came across a letter-sized envelope with the words, For James Jordan Only. He handed it to James.

  “I think this may be another message from the grave,” Rick said.

  James opened it and found a letter that was witnessed and stamped by a notary public. He quickly reviewed it.

  “This letter is signed by Philip and is notarized by his attorney, Rick. It states that Captain Kinsley requested VSI to sell its products to the federal government and that Philip denied the request. The letter also references a contract that Kinsley awarded to a defense contractor’s commercial division to procure VSI technology and test it. That’s a direct violation of the VSI product licensing agreement and federal law. Unless Philip agreed to work with the government, Kinsley threatened to reveal the test results that showed VSI’s technology was based on malware. Philip references a copy of the official test report provided to him by a whistleblower involved in the testing that Kinsley sponsored.”

  “Here’s the complete test report, James. It has the contractor’s letterhead and is addressed to Kinsley. It seems to validate Philip’s letter.”

  “Let’s go through the other envelope tomorrow, Rick. It’s getting late, and I’m tired and disgusted.”

  The next morning, James opened the Backfire envelope. It included a DVD and another flash drive. Both contained a folder identified as Hypervisor Patch 0215-3a.

  “This looks like the documentation for a patch of the latest VSI firewall and intrusion prevention system product,” James said. “It’s an update to the threat signatures in the VSI intrusion prevention system that we send to customers to update their system software. This is just normal stuff that Theresa’s product support team handled. I wonder why Philip had it in the safe.”

  “Why don’t you call Theresa and ask her about it?”

  “Good idea.”

  James called Theresa, but was told she wasn’t in. He asked to talk to Tom instead.

  “Hi, Tom. I need some help.”

  “What do you need, boss?”

  “Actually, I need two things. Could you send two guys to pick up a car at Philip’s summer house? It’s in the garage, so they’ll need to get the house keys from Ann. I’ll send you an email with the address I want it taken to. If nobody’s home, tell them to leave the keys in the glove compartment. I also need you to look up a patch on the current firewall system and pull all the relevant information from the VSI configuration management system. The patch ID is 0215-3a. Send all the data to me by email.”

  “Okay, I’ll take care of it.”

  Two hours later James got a call from Tom.

  “Hi, Tom. Did the guys you sent to get the car get stuck?”

  “I don’t think so,” Tom said. “Could you check that patch ID number again? I can’t find it in our system.”

  “The number is 0215-3a. Is that what you have?”

  “That’s it, but I’ll be damned if I can find it. Are you sure it’s correct? I asked some of the lab techs if they knew what it was about and they haven’t a clue.”

  “It’s on the patch description document I removed from Philip’s safe. It has the VSI logo and a representation of Philip’s digital signature.”

  “I have no record of it, and there are no references to it in any of the documents in our files. Can you fax a copy of what you have to me?”

  “I’ll do it right now, Tom.”

  James and Rick continued reviewing the files in both folders on Backfire and Zeus for the rest of the day.

  The next day, the government offices in DC were open, so Rick and JoAnn took the metro to work. Later that morning Tom called James.

  “I got your fax and I’m still searching our files, boss.”

  “I hope VSI’s configuration and patch management isn’t screwed up, Tom.”

  “I don’t think it is. Maybe someone sidestepped the required process.”

  “That would be even worse.”

  “I need to ask you somet
hing, boss. Did you leave the front door of Philip’s house unlocked when you left the other day?”

  “I don’t think so, why do you ask?”

  “The guys I sent to pick up the car just called me and said it was unlocked. They didn’t need Ann’s keys to get in, so they checked the house to see if anyone was there. The house was vacant and there was no apparent damage. They also said a carpet and a piece of flooring were lying on the bed in an upstairs bedroom, and there was a safe in the floor that was open.”

  “When you say open, do you mean the safe was unlocked, or the door of the safe was open?”

  “They said the door was open and there was nothing in the safe.”

  “Thanks, Tom. I’ll contact Ann.”

  James called Ann and described his phone call with Tom.

  “Do you think someone broke in? Maybe teenagers who knew the house was vacant?” Ann asked.

  “It could be that. You should call the police and tell them your house was broken into so they can investigate. I’m sure they’ll ask you to be there when they check the house. Don’t go there before the police arrive so you don’t disturb any evidence. If you need me, just call me on my cell, Ann.”

  “Thanks, James.”

  James knew it wasn’t teenagers. Someone had targeted the safe and might’ve been monitoring the house while he and Rick were there. He called Rick to let him know what happened.

  “Good afternoon, James. I’m glad you called. Our meeting with the director is set for tomorrow morning at ten.”

  “That’s fine, Rick. I called to let you know that Ann’s summer house was broken into after we left. The guys from VSI who got your car said the front door was unlocked and the safe door was open. I think someone was watching the house, just waiting for us to leave. It might’ve been the guy in the SUV plowing the street.”

  “Yeah, someone seems real concerned about that safe. Let’s talk tomorrow. I’m late for a meeting.”

 

‹ Prev