Brain Jack
Page 4
Some in the hacking community thought it was a conspiracy by the CIA to eliminate hackers, but Sam thought that was unlikely. Even for the CIA.
“The world is going to hell on a high-speed train, if you ask me,” Fargas said, shaking his head. “And there ain’t nothing nobody can do about it.”
Sam checked his watch. “Time to go in. It’s about to start.”
“I’m really not sure, dude. I’m going to feel like an idiot,” Fargas said.
“The trick is to make them feel more stupid than you,” Sam said.
“And how is that going to happen?” Fargas asked.
“Don’t speak to anyone. If they corner you, just act all superior and say something like ‘Talk to me when you lose the training wheels.’ ”
“Talk to me when you lose the training wheels, duckweed.” Fargas tried it out in a Clint Eastwood accent.
Sam laughed, then said, “And no matter what happens, don’t tell anyone about the hack we pulled off at Telecomerica.”
“What’s the point in visiting a hacker convention a couple of days after pulling off the hack of the year if you can’t tell anyone?” Fargas asked.
“You think the FBI can’t slip an undercover agent in among the freaks and geeks?” Sam asked, pulling a C-3PO mask out of his backpack. He slid it down over his face.
“I’m leaving,” Fargas said.
“Stay. It’s cool. Just don’t tell anyone it was us,” Sam said. Fargas stretched the elastic of a Tonto mask over his head and said, “What do you mean ‘us,’ white man?”
Sam took the back off his cell phone and removed the battery and SIM card and made sure Fargas did the same before they made their way across the road to the warehouse.
Defcon had been a big, glamorous three-day affair with huge competing sound systems, overseas speakers, competitions, giveaways, and even a formal dinner.
Neoh@ck Con was another story altogether. A convention that Sam had heard whispers about but had never been close to. Until now. A convention for the elite, the discreet. The dark figures who moved through the shadows of the Internet.
Hidden, encrypted three times over, in the code of an e-mail about Defcon had been the address of a Web site. A highly secure Web site. Hack into that Web site and you found the date, time, and location of Neoh@ck Con.
If you weren’t smart enough to break the codes and hack the Web site, then you weren’t invited to the convention. It was that simple.
There were two guards just inside the door. Clean-cut, broad-shouldered men with marine-style haircuts. Hired security. They looked serious and they looked mean.
The guards stopped them with raised hands.
“Are you a law enforcement official or in the employ of any government department?” the first man asked. He said it as if reading by rote. A muscle on the side of his jaw twitched as he spoke.
Sam shook his head. Would you admit it if you were? he thought.
“I didn’t hear that,” the man growled.
“No,” Sam said.
“Are you a representative of the news media?” the second man asked.
“No,” Sam said again.
They turned to Fargas. “Are you a law enforcement official or in the employ of any government department?”
“Talk to me when you lose the—” Fargas began, but stopped when Sam kicked him on the ankle, hard. “No,” Fargas said.
They entered a large storeroom lined with unused storage racks. It was dusty, decrepit, and smelled faintly of sawdust and machine oil.
Thirty or forty people were milling around a row of computers at one end. Behind them, a data projector was casting blue nothing onto a large screen.
So this was Neoh@ck Con.
Everybody wore a disguise or face covering of some kind. Some people wore masks, Buzz Lightyear and Darth Vader being the two most popular. Sam noticed one person had his face entirely swathed in bandages, like a mummy, with just a slit for his eyes. Others hid their faces with makeup. To their left was a tall, strong-looking punk, his head clean-shaven, his face painted into a grinning skull. He wore torn jeans that seemed to be held together with chains and safety pins, and a leather T-shirt covered in zips. A tattoo of a biohazard symbol on his forehead was not quite concealed by the white face paint of the skull. He stood with a girl in a denim miniskirt and a low-cut white vest, with tattoos of intertwining dragons down one arm. Her face covering, incongruously, was a lacy wedding veil.
Freaks and geeks, Sam thought. Freaks and geeks.
A few more people drifted in, and the convention got under way, not with a fanfare and a formal announcement, but simply in the groups of people that converged around the various computer workstations.
One of the larger groups was congregated around the mummy. Sam heard the word “Telecomerica.” He motioned for Fargas to follow, and they wandered in that direction.
Sam found himself standing behind Skullface Punk; unable to see, he moved to stand behind Rock Chick Bride.
“But there’s no way to beat the IPSec on that model firewall without setting off the zone alarm,” the mummy was saying. “So even if they’d used malformed TCP packets to exploit a vulnerability in the firewall and made it into the DMZ, they’d have been shut down before they could infiltrate any further.”
“That’s me ’ole bleedin’ point,” Skullface said emphatically, stabbing a finger into the air.
He was English, Sam thought, judging by his accent. Maybe even a London cockney.
Skullface continued, “It can’t have been an ’ack. It ain’t possible. It was an inside job. Some rogue trader with a grudge.”
“So if it was an inside job—” a kid in a rubber rooster mask began.
“Then it ain’t worth discussing,” Skullface said. “Some muppet on the payroll letting go a couple of wet farts ain’t what we’re here for.”
“You don’t know it was an inside job,” Sam said quietly.
“Ain’t no way in from the outside.” Skullface half turned to face Sam. “End of bleedin’ story.”
“Any network can be hacked,” Sam said.
There was a moment’s silence.
Rock Chick Bride said, “Oh, he’s so cute! Can I keep him?”
Sam glared at her through the C-3PO mask.
“I suppose you could have hacked ’em, too, if you’d felt like it.” Skullface grinned and there was laughter from somewhere in the crowd.
“If I had to,” Sam said.
“Oh, please!” Rock Chick Bride said. “I promise I’ll look after him!”
“Even if you got past the DMZ, you’d set off the zone alarm,” the mummy said.
“Yeah,” Sam said, “but what if the hacker used a signal extender to pirate a wireless station and bypass the whole DMZ? Run a network analyzer, rainbow-crack the SAM file, and he’d have owned the network.” He shut his mouth abruptly.
There was another short silence.
“Come back when you lose the training wheels, muppet,” Skullface said.
“Waste of friggin’ time,” Sam said. He whirled and strode off.
He made it almost as far as the door, Fargas at his heels, when Skullface’s voice came from behind him. “Hold up, script kiddie.”
Sam turned back, his fists clenched as Skullface and Rock Chick Bride approached.
“Back off, duckweed,” Fargas said beside him.
Skullface moved close and spoke in a low voice. “I was just winding you up,” he said. “Wanted to see what you got.”
“More than you got, ass wipe,” Fargas said.
“Just chill, monkey boy,” Skullface said, then to Sam, “You could be right about that Telecomerica job.”
Sam looked at him for a long moment, then shrugged.
“It’s just a guess.”
“It was a good guess. Better than most of them would be capable of.” He jerked his head back behind him. “You want to go to Neoh@ck?”
“Been there, done that,” Fargas said, looking around the old w
arehouse. “Ain’t buying the T-shirt.”
Skullface made that macabre smile again. “This ain’t Neo. This is just the weeding-out party. Just a bunch of muppets who were lucky enough to crack the code in the invite.”
Rock Chick Bride moved up beside him; a sneer appeared to be permanently attached to her lip.
Skullface continued, “You want to go to the real Neoh@ck, you gotta earn it. Think you’re up to it?”
Sam felt his fists unclench. “Where is it held?” he asked, intrigued despite himself.
Rock Chick Bride shook her head. “They’ll never get in.”
“It ain’t held anywhere,” Skullface said. “Think about it. Why would a bunch of serious hackers put on silly masks and compare weenies in an old warehouse? The real convention, Neoh@ck Con, is online. Tonight. Starts at nine o’clock. The best of the best from all around the world. You gotta hack your way in to prove you got what it takes.”
“Where?” Sam asked again.
“Out of your league is where,” Rock Chick Bride said.
Skullface grinned evilly. “We’re meeting for dinner. Where the president lives. If you make it, it’s going to rock your world.”
6 | THE WHITE HOUSE
No matter how deep you dug, Sam thought, there always seemed to be a level deeper. The more you knew, the more you realized how little you really knew.
The real Neoh@ck Con was held somewhere inside the White House. One of the most secure networks in the entire world. Just the idea that there was a bunch of hackers so powerful, so skillful, that they actually held their meetings within the White House without anyone knowing was mind-blowing!
And if he made it, according to Skullface, it was going to rock his world.
He arrived home just after noon. His mother had made them some sandwiches, and even though he was desperate to get on with Neoh@ck, he sat down in the kitchen with her and politely ate a couple. It was an unwritten rule in their home to eat what meals they could together. You’re always so busy nowadays, his mother would say. It’s the only time I get to see you.
She must be lonely, Sam often thought. It had been just the two of them since his father left, but that had been so long ago that he had no memories of him. His mother worked nights as an ESL teacher, and what with his school and other activities, she was spending more and more time each day on her own.
Fargas had headed off home, suddenly having remembered he had some chores to do.
Sam suspected he was really going home to play Neuro-Doom and wondered if that might be something to worry about. Game addiction was a huge international problem, and they said that neuro-games were far more addictive than normal computer games.
He resolved to give Fargas a call later and see what he was up to.
He finished lunch and closed the door of his room.
The White House. Surely an impossible hack, one part of his brain kept saying. They were just kidding you.
But Skullface had sounded serious when he said it.
He started with an hour on Google.
The computer networks at the White House are managed by the WHCA, the White House Communications Agency, which is controlled by the DISA, the Defense Information Systems Agency.
The White House was part of GovNet, a separate network air-gapped from the Internet: isolated by the very simple process of eliminating actual physical connections between GovNet and the Internet.
Sam reasoned that through. Theoretically, it was impossible to access an air-gapped system; however, the reality was that a widespread network like GovNet would be almost impossible to air-gap 100 percent, despite the best efforts of the computer administrators and their security policies. It just took one connection from inside the network to the outside world, and the entire air gap was compromised.
DISA controlled ten digital gateways that served the network from three network operations centers. The network covered the White House, Camp David (the presidential retreat), Air Force One, the fleet of presidential helicopters, the presidential limo fleet, and the president’s cell phone, along with a wide range of other governmental locations.
E-mails were routed to a cluster of specialized servers based in the Washington, D.C., network operations (NetOp) center. From there, White House traffic was filtered, monitored, and transferred inside GovNet to a secondary e-mail server in the White House itself, where it was rescreened and finally distributed to the various e-mail accounts throughout the building.
The only open connection between the Internet-connected e-mail servers in the NetOp center and the server in the White House was a two-way e-mail pipe. All other network ports were shut off.
But it was a wire that crossed the air gap.
That would do it. One of Sam’s special tricks was a clever bit of software that would break IP packets into tiny bits, attach them to genuine e-mails, and reassemble them at the other end, creating an invisible connection between the two computers that flowed beneath the constant current of e-mail messages between the two networks.
It was like writing secret messages, one word at a time, underneath stamps on envelopes and posting them one after the other. At the receiving end, someone had to assemble the words back into a full sentence.
He called it Cross Fire, for no particular reason.
He slipped his software onto the NetOp e-mail server by launching a Denial of Service (DoS) attack from a small server farm in the Netherlands that he had compromised over a year before.
While the systems and their administrators responded to that, he slid Cross Fire quietly onto the server using a variant of the old Metasploit tool.
Now for the e-mail server.
An Uninterruptible Power Supply, a UPS, protected it against power outages. The UPS was connected to the server by an old-fashioned serial cable, which in emergencies could send a shutdown command to the server. Furthermore, the company that installed the UPS monitored it so they could run diagnostics and respond to any problems in the device.
Sam crept carefully into the network of the UPS supplier and slid slowly down the wire to the UPS device itself.
It wasn’t enough to load Cross Fire onto the server, though; it had to be run. The program had to be executed, and he couldn’t do that through a serial connection.
He encased Cross Fire in a self-executing shell and renamed it to that of a common internal Windows program. Someone inside the White House would unwittingly run the program that would complete the circuit and give Sam access, through the e-mail connection, to the heart of the U.S. government.
Through the serial connection, he copied the file into the Operating System folder of the e-mail server and closed out of the UPS and the UPS company network.
Now there was nothing more he could do. It was up to the staff at the White House to open the door and let him in.
7 | NEOH@CK
He checked his watch a couple of times, not worried but a little nervous. If Cross Fire was detected, then he was sunk. If it simply wasn’t activated, then he would miss the convention.
To pass the time, he alt-tabbed back to see Ursula.
The next set of neuro-exercises involved loading a program, such as Photoshop, while thinking about that program. Very soon he could open and close programs, activate commands and functions, and even move things around on a page, all without touching the keyboard. Next, Ursula asked him to visualize each key on the keyboard in turn, while pressing it. That was easy enough.
A short while later, he was in the middle of an exercise that involved him thinking of a word, then seeing it appear on the screen, when a pop-up message alerted him that Cross Fire was now active.
“See you soon, Ursula,” he whispered, and minimized her again.
• • •
Someone had activated Cross Fire, opening up a tiny pathway onto one of the e-mail servers on the White House network.
He slipped Ghillie onto the machine, and it lay there for a while, unobserved but observing.
The amount of dat
a traffic was amazing but not unexpected for the nerve center of a world superpower.
Sam did not move at all, just watched for intrusion detectors or security spiders. The spiders were everywhere, constantly crawling through the White House network. They passed over him harmlessly, though, without seeing.
He spun a small data-web on one branch of the network, blocking packets from getting through. Not many, and they would get through on the retry, but enough for him to gauge how the network reacted.
The White House network was monitored by special software called Therminator. It presented the network as a thermal image, with any problems showing up as hot spots. But there had to be a built-in tolerance level, Sam figured; otherwise, every slight networking issue would set off alarm bells.
No alarms went off. No searchlights swept the area. A small packet loss was within the tolerance of the network, it seemed, as it should be.
He extended a probe, a clever device that emulated broken TCP/IP packets and simulated data loss, which would be ignored by Therminator. He scanned the disk structure of the big server.
There were over thirty disk drives attached to the machine. He scrolled through the list of drives, wondering where to start.
One caught his eye. A tiny drive, just half a gigabyte. A fraction of the size of the others, which was why he noticed it. It was labeled “NHC.”
It took a moment before that clicked.
NHC! Neoh@ck Con! It had to be, he thought as he accessed the contents of the drive itself.
The hackers had set up their own partition on one of the White House central server’s disks and were using that for their meetings. On the drive was just a single file. An executable. A program. That would be the online-forum software, he guessed.
His watch said it was 8:15. Too early. Not that he minded being early, but there might be risks in logging on too soon. The longer he was logged in, the greater the chance of being caught.