Cyber Countdown

Home > Other > Cyber Countdown > Page 29
Cyber Countdown Page 29

by Terence Flynn


  “Where are you?” James asked, ignoring her joke.

  “I’m at the Hawk ‘N’ Dove, celebrating the election of the new majority leader, Senator Domingo.”

  “Well, don’t celebrate too much. You might want to take a taxi home.”

  “Why, do I sound drunk? I only had a few martinis.”

  “Please take a taxi home, JoAnn. I’ll call you tomorrow.”

  When they got back to the condo, James pulled the DVD for Hypervisor Patch 0215-3a from his briefcase and made several copies.

  “Here’s a copy of the VSI hypervisor patch, Rick. Put it in a safe place.”

  “What’re you doing with the other copies?”

  “I’m putting one in my safe and taking the remaining one with me. I’m also taking the original DVDs of the patch and the Zeus worm to VSI for storage in their vault.”

  “Why are you making so many copies of the hypervisor patch?”

  “I think the patch on this DVD is what enabled many of the cyber attacks from China. I’ll find out for certain when we get to VSI tomorrow. I just want to make sure the evidence is safe in case it’s needed.”

  The next morning, James called Tom before he and Rick left for VSI.

  “Hi, Tom. Rick and I should be there by ten.”

  “The lab is ready, boss. It wasn’t really a problem, since Chris and his development team are off-site at a customer facility and Theresa is on vacation.”

  “When you get a chance, could you find out who has been working in the lab recently? I also need some engineers and techs to set up the test on the patch.”

  “Is there anyone in particular that you want?”

  “Just enough technical support to load the patch I’m bringing on the VSI test system. I’ll also need you to set up the attack simulations.”

  “Okay, I’ll have everything ready by the time you get here.”

  “I’m also bringing a folder with data on what Philip was working on, as well as a guest from the FBI. So watch your language.”

  James and Rick arrived at the VSI facility. They signed in at the reception desk and were given VIP visitor badges. An escort took them to the VSI system development laboratory, where Tom was waiting.

  “Hi, Tom. This is FBI agent Rick Tanner.”

  “Nice to meet you, Agent Tanner.”

  “Nice to meet you as well. You look younger than I expected.”

  Tom smiled. “Thanks. Working at VSI keeps me young.”

  James laughed. “Here’s the patch DVD and the Zeus folder, Tom. Let’s load the patch and see what we’ve got.”

  Tom loaded the files from the DVD.

  “The files are loading, boss. It’s very strange. I’ve never seen a patch this large, and it has some unusual files. I’ll have the techs start the simulator. Okay, guys, bring the simulator up and select the ‘end of days’ attack scenario.”

  “Nothing’s happening, Tom. The simulation screen is blank.”

  “I know, boss. None of the files on the patch are loading, and the test firewall and intrusion protection system are working fine.”

  “That’s not what I expected, Tom. Damn it!”

  “This is the first time I’ve ever seen you disappointed that one of our systems worked perfectly, boss.”

  “Very funny. Why wouldn’t the test firewall and intrusion protection system load the patch?”

  “I have no idea. The simulator checked all the files on the patch and didn’t indicate any problems. It should have loaded.”

  “Let’s discuss this in the cafeteria. I need some breakfast and coffee.”

  James felt better after eating.

  “You know, Rick, I can’t figure out why those patch files didn’t load from the DVD.”

  “Maybe it’s not a valid patch or it’s corrupted.”

  “I guess that could be it.”

  “What time do you plan to leave, James? I need to meet with the director this afternoon.”

  James looked at his watch to see what time it was. Suddenly, a big smile appeared on his face.

  “That’s it, Rick! Time is the trigger! The patch was probably set to be enabled at a certain time, and I’ll bet that it was set to be disabled at a set time. Call your boss and ask her for the date and time based on Coordinated Universal Time that the attacks began and how long they lasted. Tell her it’s important.”

  Rick made the call to the director and suddenly realized what James was up to.

  “Your boss is a genius, Tom,” Rick said, as he made the call.

  “Yeah, I’ve always known that, Agent Tanner. I just wish he’d stop playing detective and come back to work.”

  “Maybe he can do both.”

  After a few minutes, Shelly Brockner called Rick back and provided the requested information. Rick wrote it down on a napkin and gave it to James.

  “Let’s go back to the lab and see if this works,” James said. “Tom, I want you to set the network time protocol for the lab to the date and time on this napkin.”

  Tom entered the information from his lab console and said, “Okay, I reset the date and time.”

  “Run the simulation again, Tom.”

  “Okay, here we go. Keep your fingers crossed. The test system is up and the attack scenarios are running, boss. Something’s happening. The files from the DVD are loading, and the test firewall system is being reconfigured. Holy shit, everything is getting through our defenses! It’s like the firewall and intrusion protection system disappeared. There’s something else going on, as well. I’m seeing additional traffic on the network that the simulator isn’t generating.”

  “Record the traffic and download it to the forensics sandbox so you can analyze it later. Get the report to me as soon as you can.”

  “Okay, boss.”

  James and Rick left VSI and drove back to Rick’s house, where they stopped to make some calls. A new Mustang sat in the driveway.

  “Hey, look at that, Allison must’ve picked up my new Mustang. Well, I guess I have transportation again, James. You’re no longer my chauffeur.”

  “That’s great, Rick! Try not to get in any more accidents.”

  As they walked into the house, Rick was greeted by Allison, who gave him a big kiss. James called Shelly Brockner and told her what they found.

  “Good afternoon, Director. It appears that the patch that was sent out to all the VSI customers disabled their VSI security systems. It also seems to be generating some additional network traffic.”

  “What kind of traffic?”

  “I’m not sure. I’ve asked VSI to do a forensic analysis and give me a report. They should have it to me by tomorrow morning.”

  “That’s great. I want to thank you and Rick for determining the nature and source of the attack on the businesses. Can I talk to Rick?”

  “He’s right here,” James said, as he handed Rick the phone.

  “Great work, Rick. Take the rest of the day off.”

  “What about our meeting, Director? I thought you wanted to tell me something.”

  “I do. Captain Kinsley confessed to being responsible for your accident.”

  “Did he identify the driver of the pickup and the shooter?”

  “No, he wants witness protection first. We’re working it, Rick.”

  “Thanks, Director.”

  “What’s up with your boss, Rick?” James asked.

  “She said it was Kinsley who was responsible for my accident.”

  “That’s progress. I hope I can find the bastard who developed that patch.”

  “Any ideas on who it could be?”

  “It had to be someone at VSI with advanced technical knowledge of our products. Do you have a place where I can lie down? I have a monster headache.”

  “Sure, use the bedroom at the top of the stairs. We’ll have dinner when you wake up.”

  James got about two hours of sleep and was awakened when Rick knocked on the door.

  “James, I have the president on the phone.”


  “I’ll be right down.”

  James put on his shoes and went downstairs. Allison handed him the phone with a surprised look on her face.

  “Hello, Mr. President. What can I do for you?”

  “Can you meet me tomorrow at the White House at nine? We have another crisis.”

  “Can you tell me what it is, so I can be prepared?”

  “The Chinese ambassador just called me and said that his government’s websites were under attack. He said it appeared that the attacks were designed to embarrass the Chinese government and to promote dissension within the Chinese population. I think he believes that we had something to do with it as retaliation against the attack from China. He’s bringing proof when we meet tomorrow. I need you to be at the White House for a meeting at nine tomorrow morning.”

  “Can I bring Rick Tanner from the FBI with me?”

  “Bring whomever you need. I need to put this fire out as soon as possible.”

  “I understand, sir,” James said, as he ended the call.

  “What’d the president want?”

  “Can we talk in a more private location, Rick?”

  Allison overheard them. “Don’t worry, I’m leaving.”

  “I apologize, sweetie, it’s just business.”

  When Allison was gone, Rick asked James what was going on.

  “We need to meet with the president tomorrow at nine, Rick. The Chinese think we attacked their government web pages, and the president is upset that things are spinning out of control.”

  “What can we do?”

  “I’m calling Tom. Hi, Tom. How are you coming with your forensic analysis on that traffic we downloaded from the patch?”

  “I’ll have it done by tomorrow, boss.”

  “I can’t wait that long. Use any resources you need, but I need a full report before I meet with the president tomorrow morning.”

  “Okay, we’ll work through the night, if necessary.”

  “Call me as soon as you know anything.”

  After hanging up, James saw a text from JoAnn asking him to call.

  “Hi, baby. Did you get home from the Hawk ‘N’ Dove okay?”

  “Yes, I took a taxi like you suggested. What’s going on with the Chinese, James? The media is all over a story about how American businesses have been the target of a cyber attack from China. Now there are reports that we’ve retaliated with a cyber attack on them.”

  “I can’t tell you much, baby, since I’m leading the investigation. Don’t worry. I’m certain we didn’t attack the Chinese. I don’t think we’re going to war.”

  Allison had walked in to tell them dinner was ready and overheard the end of James’s conversation with JoAnn. Rick saw the look of fear on Allison’s face.

  “Don’t worry, honey, this is just a normal day at the office for us,” Rick said with a smile.

  “You need to find another job, Rick,” Allison replied, with a grim look on her face.

  When James got home, he poured himself a scotch and watched the late-night news reports on the cyber attacks. The reporter made it seem as if China and the United States were on the verge of war, which James hoped wasn’t the case. James fell asleep on his couch and was awakened by a call from Tom.

  “I hope this is good news, Tom. What’d you find?”

  “The traffic being generated by the patch is a very sophisticated worm. Its payload is designed to modify Chinese government web pages. It looks more like a prank than an attack to cause any real damage, but it could easily have done so if that was the plan.”

  “Thanks, Tom, that’s great work. Fax me the complete report.”

  “Who do you think did this, boss?”

  “I’m not sure.”

  “It would have to be someone who used the VSI development laboratory to develop that patch.”

  “I agree, Tom. After you get some rest, I want you to review all the audit logs for the systems in the lab for the last two weeks. I need you to identify the audit logs for that patch and then correlate them against the laboratory log book. See if you can identify who was in the lab when the patch was being developed and tested.”

  “Will do, boss.”

  James went back to sleep, but was awoken by the fax machine in his office. He got up and retrieved the report from VSI. The forensic analysis indicated that the structure of the worm was similar to a design James had seen before. James made copies of the report and put them in his briefcase. He then showered, dressed, and waited for Rick. They arrived at the White House and were led to a small conference room. The president showed up a minute later with Barbara Chang.

  “What do you have for me, James? I hope it’s good news.”

  “Yes, sir. I have a complete analysis and forensics report.”

  “Thanks. Can you just give me the highlights?”

  “We believe that the attack was initiated by Chinese hackers at several universities in Beijing, Harbin, and Shanghai. A security system made by VSI was modified by a maintenance patch that disabled the security system at a preset time. That allowed the attack to have a much higher success rate than it should’ve had. The attack also triggered malware sent from the patch to preselected Chinese government websites. This malware was designed to seek out Chinese web pages using a specific type of software and inject text to modify their content with slogans that would embarrass the Chinese government. None of the malware was designed to steal or modify data or cause denial of service attacks. In addition, all of the malware had a lifecycle of fortyeight hours, which means it should end shortly.”

  “I’m very sorry to hear that it was initiated from VSI, James. Do you know who’s responsible?”

  “Not yet, Mr. President. We’re reviewing the VSI laboratory logs to see if we can identify who developed and tested the patch.”

  “VSI has already suffered significant damage due to the actions of a military officer. I’ll order that no information be released on VSI’s potential compromise to avoid any additional damage. This will also have no impact on the compensation owed to VSI.”

  “Thank you, Mr. President, but my primary goal is to find out who’s responsible for the cyber attacks.”

  “So as it stands right now, we believe Chinese students were probably responsible for the attack on American businesses, but the Chinese government is denying it. Is it possible the Chinese government wasn’t involved in the attack on our businesses and knew nothing about the students, Barbara?”

  “It’s definitely possible, and if that’s the case, the Chinese would never admit that the attack was initiated from within China without their knowledge. The only way they can save face is to pin it on us.”

  “Thanks, Barbara. That makes their motivation less ominous. I still can’t ignore it, however. American citizens are scared and angry about what happened. We must identify who was responsible for this.”

  As they drove to the Hoover Building, James and Rick discussed the recent attacks.

  “These attacks are definitely linked, Rick. There had to be some coordination between the Chinese attacks and the response from the VSI security systems in the United States. It can’t be a coincidence.”

  “I entirely agree, James. Someone or some group set up this attack using resources in China and the United States.”

  “It’s a sophisticated attack that had to be expensive. Yet, the data taken wasn’t valuable. I have no idea what their motive was.”

  James turned on the news on the car radio. The cyber attacks had caused the stock market to plunge over four thousand points in two days. James suddenly realized who might be responsible.

  21

  Kim was extremely worried about what was being reported on the Chinese national media. There were news reports of cyber attacks from America that were changing Chinese government websites. Cai sensed his anxiety and asked him what was wrong.

  “I think the cyber attacks on the Chinese government websites are related to our attacks on the Americans and the disaster discussed in Nadya Mu
rin’s email to Flaherty. I’m worried we could be in trouble.”

  “What can we do?”

  “I need to check my laptop to see if the software I loaded onto Flaherty’s computer is letting me monitor any useful email accounts.”

  “If you load your email account on my laptop, I’ll also be able to see the emails.”

  “That’s a good idea. I’ll do it now.”

  “Good, I’ll make us some tea. Where is it? I’m not familiar with your kitchen yet.”

  “It’s in the cabinet next to the stove.”

  Ten minutes later Cai returned with the tea and saw Kim smiling.

  “You seem happy, Kim. Is your program working?”

  “It is. I can see the emails that Nadya Murin is receiving and sending. She seems to communicate with Flaherty a lot. The software I loaded on your laptop will let you see their emails, too. Take a look.”

  Cai looked at her laptop display and saw the emails sorted by their date and email account name. She began reviewing Nadya’s emails.

  “Nadya is forwarding many of Flaherty’s emails to the account of gsolomon,” Cai said. “It has the same domain name as Nadya’s account. Do you think they work for the same organization?”

  “Yes, I looked at some of them while you were in the kitchen. Many of her emails with gsolomon include information that seems to relate to the project. I haven’t seen any emails between gsolomon and Flaherty. Flaherty said he had no contact with Whitey. Maybe Whitey is gsolomon.”

  “I think you’re right, Kim. Here’s an email between Flaherty and Nadya that she forwarded to gsolomon in which Nadya describes a security problem in China as if it’s ongoing and was related to the recent crash of the American stock market.”

  “I saw that. There are also more recent emails where gsolomon is copied. I found one between Nadya and Flaherty in which she says, ‘the Chinese could identify the students as being responsible for the event.’ There’s a response from Flaherty saying, ‘we need to implement the vacation.’ Her response to him says, ‘Whitey is dragging his feet on the payments.’ I think the event isn’t just our attack on the Americans, Cai. It also includes the attack on the Chinese web pages.”

  “I’m doing a web search on gsolomon. Look at this, there’s a George Solomon of the Solomon Group investment firm. It says he’s a billionaire and president and chairman of the board of the Solomon Group. Look at his picture, Kim.”

 

‹ Prev