Brain Jack
Page 2
“How you doing?” Fargas asked.
“No problems so far,” Sam murmured. “ ‘Wireless security’ is a contradiction in terms. Like ‘military intelligence’ or ‘jumbo shrimp.’ ”
“I like jumbo shrimp,” Fargas said.
Sam transmitted a generic disconnect signal, dropping the other station off the network. Lost and alone, it immediately began bleating, like some kitten mewling for its mother.
He intercepted the reconnect signal and broadcast the same signal from his laptop. Less than a second later, he was part of the network.
“Anything happening?” Sam asked quietly.
“A few security guards in the foyer.”
“What are they doing?”
“Line dancing,” Fargas said.
Sam smiled. “Okay, let’s do it,” he said.
With another quick glance around at the other patrons, he reached out cool cyberhands into the network, into the digital world on the other side of the wall.
2 | TELECOMERICA
The New York corporate headquarters of Telecomerica is located on the Avenue of the Americas, but the nerve system is downtown in their offices on Thomas Street. It occupies forty-two floors of prime Manhattan real estate.
From the roof of the building, a forest of aerials and satellite dishes poke holes in the clouds above the city. On the ground floor, security is at its tightest, with armed guards and metal detectors on every entrance. Crash bars protect the front of the building from vehicular attack, and bombproof shutters can be lowered from the ceiling in seconds, if called for. The building was designed, from the outset, to be self-sufficient and protected from fallout for up to two weeks after a nuclear blast. Back when it was built, during the so-called Cold War with the USSR, that had probably seemed like a good idea. Since Vegas, it was a federal requirement.
The physical security is one thing, but the electronic security is just as advanced.
A skilled hacker might make it through the outer defenses but not without setting off alarms, and the system administrators would shut them down before they had a chance to break through the secondary defenses.
None of which mattered to Sam.
Next door to the highly secure Thomas Street facility is a small cafe, popular with the Telecomerica staff.
Just a heavy concrete wall, lined with brick on the cafe side and wooden paneling on the Telecomerica side, separates the cafe from the facility.
Sam sat at a small table on the cafe side and slowly inched his way into the computer network on the other side of the wall.
The rings of firewall security were not a problem. He had already bypassed them simply by connecting to an access point on the inside. Behind all the layers of expensive security.
The trick now was to analyze the network traffic: the tiny packets of data that flowed continuously like high-pressure water through the pipes of the network.
Sam’s custom-built network analyzer was based on a couple of the more advanced black-ops programs used by other hackers but with special mods of his own. It didn’t look like software at all. More like a random collection of code fragments in no particular shape or order. “Ghillie,” he called it, after the shaggy camouflage “ghillie suits” worn by Special Forces snipers.
Ghillie slithered into a small space in the network, just a shapeless pile of old code, computer droppings, lying in the memory of one of the big network routers. It lay there undetected, skimming the TCP/IP packets as they flew past, studying them, reporting on them.
The first thing Sam noticed was the silence. The TCP/IP traffic to and from the access point was minimal. There were no computers connecting to the wireless access point that he had hacked into. That indicated that the room was empty. An unused office maybe, or a conference room.
He scanned the room for peripherals: a printer, a digital projector, and a Smart Board. A conference room for sure.
He kept low, watching for intrusion-detection programs—the network’s guard dogs, smoke alarms, or trip wires.
“One of the guards is talking on his cell,” Fargas said in his ear. “You sure they can’t detect this program of yours?”
“Positive. What’s the guard doing?”
“He’s smiling. Probably ordering Krispy Kremes.”
“Got a big router running hot on the fifth floor,” Sam said. “Think I’ll just go hide in the packet flood and hunt for a network controller.”
“One strawberry, two cinnamon twists, and a chocolate iced. And don’t hold the sprinkles,” Fargas said.
Softly, softly, Sam thought, insinuating himself into the new router and making no further movements, just keeping his head down, watching the flow of data, looking for the software that would be looking for him.
There was nothing. And yet …
He couldn’t shake off a feeling that somewhere in the depths of the network, an eye, like the Eye of Sauron, was turned in his direction.
“Ever get that feeling you’re being watched?” he asked.
“You are being watched,” Fargas said from the other side of the street. “I’m watching you. Or your feet at least.”
“You’re supposed to be watching the guards,” Sam said as he ran a triple check for all known detection programs. Nothing.
“We can back out of this,” Fargas said.
Sam ignored him and began to look around, sending tiny cyberfilaments out through the network, scanning for servers.
There were hundreds of servers scattered throughout the building. Some big number-crunchers, others smaller, dedicated to a single task. The one he wanted was a network controller, one of the DHCP servers that ran the network.
It wasn’t hard to find. He simply had to trace the security requests, which all had to be routed through the network controller. This was the machine with the key to the entire system, the SAM database where the network passwords were stored. Unlock that file and the network was his.
“Got the SAM file,” he said. “I’m going to run a rainbow crack and—”
He froze. Something just passed right over the top of him, reading his code. Anti-intrusion! This was new, though. Not so much a watchdog, chained to a post, barking at intruders, but something infinitely more dangerous. Something unseen that crawled in the dark places of the network, probing here and there with electronic feelers. A network spider. He had heard of them, had even got a copy of one and taken it apart to see how it worked, but he had never encountered one in the wild before.
He shuddered as the digital legs of the dark creature probed his code, sifting through it, analyzing it.
Then it was gone. Fooled by the electronic ghillie suit.
“What?” Fargas asked.
“Security spider. Just went right over the top of Ghillie.”
“Pick you up?”
“Cruised straight past.”
Sam traced the shape of the spider and fed it into his early warning system. The next time the spider, or one of its kind, came crawling in his direction, he would have fair warning.
Cracking the network controller was going to be tricky. He briefly considered an ARP poisoning attack against one of the network switches, turning it into a hub and making it accessible to anyone. But that would leave evidence of the hack, which would defeat the whole purpose.
He decided on a MAC spoofing attack.
Every machine on a network has a Media Access Control address, a unique ID number programmed into the network card. Sam’s next trick was to find a suitable machine and “borrow” its MAC address, fooling the network controller into accepting him as an authorized part of the network.
It didn’t take long. A few minutes of watching and waiting and a new computer came online. A laptop, almost certainly, attaching itself to one of the many wireless access points on the network.
Sam smiled as the laptop revealed its MAC address in the probe request and was confirmed a nanosecond later by the probe response from the network controller. Before it even had time to authenticate the r
equest, Sam was in, jamming the network card of the laptop for a moment while he reprogrammed his own MAC address, “spoofing” that of the genuine machine.
The network controller looked him up and down, decided that he was the new laptop, and happily authenticated him.
He was in.
Someone would be calling tech support about now, Sam thought, complaining about a laptop that was not connecting to the network. But if the help desk here was like most, it would take twenty minutes to answer, and then the first suggestion would be to reset the laptop.
Plenty of time.
• • •
Ethan Rix put on his telephone headset and answered the call with a click of his mouse.
Business was light this time of the morning, and this was his first call since coming on shift.
Most of the problems were simple technical questions that he could clear up quickly, the same problems over and over, in fact. Some people seemed to have the same problem each week and never learned from the week before what the solution was.
The voice on the other end of the phone was complaining about a laptop that wouldn’t connect to the network. As usual, he advised resetting the machine.
“First pinhead of the morning?”
He looked up. Erica Fogarty, one of the on-duty system administrators, was hovering over his desk.
“John Holden from fourth. Can’t connect. System says he’s already on. Couldn’t be a MAC spoof?”
“Inside the firewall? Not possible.” Erica shook her head.
“I’ll run a check of current log-ins, just to be sure,” Ethan said.
The spider came back as Sam was delicately probing the hard drives of the network controller. He paused and the spider passed by, although he couldn’t shake off that disquieting feeling.… Was it the spider? Or was there something else? That burning Eye of Sauron.
There were trip wires on the network controller. Sections of the hard disk that, if accessed, would immediately sound the alarm. He maneuvered cautiously around them and probed deeper into the bowels of the big server.
The SAM database is the record of all the usernames and passwords on the network, all encrypted into secure hashes with over eighty billion possible combinations.
Supposedly unbreakable security.
In fact, it took 7.7 seconds, using a rainbow crack to retrieve the first password, and within five minutes, he had the one he wanted. The SysAdmin password: the system administrator. The key to every door in the network.
Suddenly, the entire network lay open before him. Barefaced, unprotected, vulnerable.
No time, though, to stop and congratulate himself. He was already moving, racing through the wide-open corridors of the network.
Next stop, the primary transaction database. Millions, billions, of database records. A library of information, all laid out in neat rows in front of him with his new godlike SysAdmin powers.
“I’m in,” he said.
“You serious?” Fargas asked.
“I am God, and Harold be my name,” Sam replied.
“Harold?”
“Let’s go shopping. What’ll you have?” Sam asked.
“One strawberry, two cinnamon twists, and a chocolate iced.”
“Let’s start with a couple of the latest, paper-thin Toshiba notebooks.” Sam scanned the database as he spoke, writing and executing SQL statements, looking up product codes and making matching entries in a sales order table.
“One of those new neuro-headsets,” Fargas contributed.
“Two headsets coming right up. Can I upsize you to a supercombo?”
Records updated, the results window informed him a few minutes later. Just a minuscule drop in the massive Telecomerica data ocean. A transaction that never was but that, to the computers that ran Telecomerica, was now a matter of record. An undisputed fact.
Job done. Time to leave.
He closed the SQL manager and waited—just for a few minutes to make sure that his covert operation had not attracted anyone’s attention.
If Telecomerica suspected the break-in, they would run checks on the data, and that would reveal the change he had made. Which would lead them straight to him.
But so far, so good.
“Excuse me, Erica,” Ethan called across the room.
“Yeah?”
“You using SysAdmin?”
“Nobody uses SysAdmin. It’s just a backup in case of password corruption.”
“Someone is.”
She came and stood over his shoulder again. “What are they accessing?”
Reflected in his screen, Ethan saw a horrified expression fall over Erica’s face. “The central database server,” he said.
Sam was just completing the cleanup, erasing every trace of his presence, when all hell broke loose.
The network lit up like a fireworks display as intrusion alarms went off on all the main servers simultaneously. Powerful anti-intrusion code checkers roared through the network pipes, searching, scanning for anything out of the ordinary. Spiders, not one but a hundred of them, appeared on his radar, crawling everywhere. There were thundering crashes all around him as electronic doors slammed shut.
“Crap!”
“What is it?” Fargas asked.
“They’re on to me. It’s like the Fourth of July in here.”
“Then kill Ghillie and get out of there!”
Frantically, Sam keyed in a self-destruct command, but he hesitated before pressing the button. “Can’t do that yet,” he said.
“Sam, you know if they find it, they’ll pull it to pieces, figure it out, and add its profile to the antiviral databases. You’ve got to delete it and get out of there.”
It was true. If they caught and analyzed Ghillie, it would be rendered useless, not just now, but always.
Still, he hesitated. Without Ghillie, he was deaf, dumb, and blind.
“I need it,” he said. “If they know the database has been compromised, then they’ll look for the most recent changes, and that’ll lead them straight to us!”
He logged back on to the database, a desperate plan forming in his mind. As system administrator, he had full power over the database. Power to create. Power to destroy.
Gritting his teeth, he fired a data bomb right into the heart of the transaction database server. It exploded with a huge whumph, scrambling the database into a billion fragments.
Scanners swept over him, oblivious, fooled by the camouflage. That gave him a ray of hope. Maybe there was still a way.…
“Whatever you’re doing, do it fast,” Fargas said.
If they are looking for something, better give them something to find, Sam thought, reaching into his bag of dirty tricks and releasing a couple of vicious viruses into the arteries of the network. The Russian Black Flu and the Japanese Kamikaze. Self-replicating, shape-shifting viruses. Nasty little critters, highly destructive and difficult to stamp out. The network security should cope with them, but it would occupy them for a few minutes: a diversion.
What he needed—urgently—was the location of the database backup files. They wouldn’t be on-site, so where would they be?
The SQL database management engine gave him the answer: London.
There were alternative backups in Washington, D.C., and Melbourne, but London was the first go-to place if the system crashed—which it just had.
He digitally rocketed across the Atlantic and burst through the security in the London facility. Not bypassing the defenses so much as kicking the front door down, using his SysAdmin powers as a battering ram.
Even as he did so, he realized that Ghillie was under attack. Something, someone—a human being, not a program—was reading its code, line by line. Nothing he could do about that now. He still needed his eyes and ears if he was going to finish this.
Erica was making Ethan uncomfortable, hovering just behind him. She was on the phone now, her voice loud enough to vibrate the earphones in his headset.
“No, we don’t know how they
got in!” she said.
He twisted around. “Logs show a wireless-router disconnect and reconnect in Conference Three.”
“Might have pirated a wireless router,” Erica said, not too calmly. “I’ve warned and warned about wireless inside the DMZ.”
“I’ve got viral alerts on three floors,” Ethan yelled. “Variant of the Black Flu, maybe something else too.”
“If it’s wireless, then they’re close. Get security onto it.” Erica hung up and sat down at the spare terminal next to him.
“I’ll take the viruses; you stay on the hacker,” she said.
The backup files were stored in a SAN, Sam realized. A Storage Area Network. This SAN was well secured, padlocked, as it were.
He could break it, but that would leave traces of his visit. He had to pick the lock. He struggled to concentrate, knowing that they were already on his tail. He prodded the locking software gently, studying the mechanism.
“What have you done now?” Fargas yelled in his ear. “I’ve got security running around like their butts are on fire. Running out into the street.”
“What are they doing?”
“Checking cars, stopping traffic, scanning the buildings. It’s only going to take them a few seconds to figure out where you are, Sam. Get outta there! Crap, coming your way right now!”
Sam slid the laptop off the table and onto his knees as an armed guard burst in through the doors at the front of the cafe.
His heart was hammering in his chest, but casually, ever so casually, he began to sip his chai latte. It was barely lukewarm.
The guard ran his gaze around the cafe and raced back out again, shouting into his radio.
Underneath the table, Sam’s fingers flew across the keyboard. He was hyperventilating now and tried to force his breathing to steady, but it would not.
The locking software sprang open, and he rifled through the backup files. They were encrypted and compressed, although no trouble if you had the right tools.
He carefully edited the most recent backup of the transaction database, closed it, then reset the time and date on the file back to what it had been before he had made the changes.