Ali had worked a time at the Daimler AG factory, building diesel engines. But his necessary trips proved too frequent to continue a job with such steady hours. Now he was working as a handyman for several rich Jews. He found that amusing.
Though they passed close to the Swiss border, Ahmed stayed within the EU to avoid passport controls as long as possible. The longer they were out of the Swiss security computer system, the better. He didn’t drive often. He enjoyed the sensation of the car, the calming drone of the engine, the muted whine of the tires on the smooth surface. They were moving across space in this comfortable cocoon. From time to time, he took, in the enormity of the road system, considered the opulence that made it possible, and wondered how much would remain in the promised caliphate. He wondered if he’d live to see it. He certainly hoped so. He hadn’t joined Iranian intelligence to die for a cause. He was content to leave that to others.
Toward dawn it began to rain. Ahmed turned on the windshield wipers, which slapped back and forth in a steady rhythm. The road was soon slick with water and he eased the car into the right line to merge with the slower traffic. At the first major truck stop he pulled in for breakfast. They took a booth in a corner and spoke sparingly in quiet voices.
Two hours later, the trio cleared immigration and customs at the Swiss border. Only then, in the security of the moving car, did Ahmed tell Karim and Ali their mission. They listened intently, taking it in with professionalism. Unlike most of his agents these were not wide-eyed fanatics. They’d been trained for the long term, to stay in place for years. For each of them, this would be his first aggressive action in Europe, though they’d both dispatched operatives on assignment previously.
Ahmed slowed as he pulled into Geneva. They’d just missed the morning rush-hour traffic, which was a matter of luck and which Ahmed took it as a positive sign. He drove cautiously through the city streets. He’d never before been in Geneva and found himself at once disoriented. He pulled to the side of the road and removed a portable GPS device from his jacket. He input the address he’d been given and was soon on his way.
He left Geneva proper and entered the small town of Meyrin, though the two blended together as one. The first blush of spring was emerging from winter and the trees were filling with bright leaves. The building was located just off the Avenue de Vaudagne, near the commercial district in Les Vernes. The street’s buildings had two stories and a number of them had taken up the ground-floor space with a narrow garage. The street was not the best, ideally suited for their purposes.
Spotting the address, Ahmed nosed onto the sidewalk up to the closed garage to be less conspicuous than stopping on the narrow street. He turned off the engine. “Remain here,” he ordered as he climbed out, blood returning to his cramped legs at his first steps. He approached the building and realized it was abandoned. Perhaps a third of those on the street seemed to be. There were signs in French that he could not read but the message was clear: no trespassing, stay out.
He took the place in. The trees to either side were unkempt, overgrown, nearly concealing the structure. He couldn’t tell what it had been from the outside. He peered through a dirty window and saw abandoned machines of some kind, looking archaic, like something out of the last century. He thought of leather. Perhaps a shoe repair shop. He moved to his right and found the narrow stone walkway up the right side of the building.
He went to the rear and stopped at a heavy metal door. It was as described. Glancing about the yard he spotted the flat stone like something out of a Christian cemetery. He wondered for a moment what it had once been, how it came to be here. With some effort, he managed to lift it out of the soil, then flip it over. Within the damp soft soil was a small container. He withdrew the key from it, then unlocked the door. The hinges needed oil, he noted, as he pushed it open. The door creaked so loudly Ahmed wondered if anyone nearby could hear.
Inside, he spent only a few minutes examining the room with its adjoining bathroom. This had been a storage room with an office space in the corner at one time. While there was no equipment here there were discarded bits and pieces of machinery scattered about, the large ones left leaning against the walls.
He located the canvas bag in a cabinet above the toilet, and checked its contents. Then he took time to urinate. Locking the heavy door behind him and using the key again, he entered the garage from the rear. Inside, he found the white Volkswagen Crafter van.
He went back to the Jetta. “All is well.” He handed the bag to Ali, then started the car. He backed it onto the street and parked. Now he opened the garage door, Ali and Karim helping him with it. The van’s tank was also full and it started at once. He pulled the van out and parked on the street. Then he pulled the Jetta into the garage, locking the door behind them.
Back outside, the men climbed into the van. “Someone likes VWs,” Ali said and the men chuckled. Karim passed cigarettes around and they lit up in minor triumph. Though Ahmed had been assured all would be in readiness, he was relieved that it was so.
He drove the short distance to Route de Meyrin, taking a few moments to get used to the feel of the top-heavy vehicle. It handled well but differently from the smaller and more agile Jetta.
In less than ten minutes, the street took him almost directly to his destination. Traffic was moderate for a busy city and they attracted no attention. He soon found a parking lot near the street and across from UNOG that did not require a sticker. It was almost nine o’clock. He parked and killed the engine. Once certain no one paid them any attention, he reached into his jacket, removed several photographs, and passed them out.
“When will he be here?” Karim asked, studying the photo of the man carefully.
“I have no idea. We must be vigilant,” Ahmed said.
“How long will we wait?” Ali asked.
“As long as necessary. We will take turns so as not to attract attention.” He stretched behind him and pulled the canvas bag onto his lap. He reached inside, feeling the various objects, then extracted and handed over two cell phones. “Use these for communication sparingly, my brothers. We cannot know who is listening.”
The men turned the phones on. They were HTC Heros, which used the Android operating system. They were generic, not tied to any specific network and had been jail-broken, meaning Ahmed could acquire any apps he required from anywhere. They were fully charged and immediately acquired a cell tower.
“This must go smoothly,” Ahmed cautioned. “We are to attract no attention of any kind. No littering. This is Switzerland and they take that very seriously. Our orders are explicit about what we must do. You understand?”
The men nodded. Ahmed withdrew two small American revolvers from the bag, Smith & Wessons with short barrels. These were standard weapons, no silencers, no special alterations, nothing that would identify them as part of a foreign operation. “Put these out of sight. Allow yourself to be arrested as a common criminal if necessary. In no event make any hostile move to a Swiss policeman. You understand?”
The men nodded again.
“Allah is with us,” Karim said as he pocketed his weapon.
Ahmed smiled, slipping a heavy automatic from the bag into his waistband. “Let us hope so.”
PRAGUE 3, CZECH REPUBLIC
TABORITSKA 5
9:12 A.M. CET
At almost the same moment in Prague, Saliha opened the door to Ahmed’s apartment and found it empty. She closed the door behind her, then placed the bag she’d brought back for him on the table. The small room was stale, smelling of cigarettes. It felt abandoned. She opened the window to let in air, then took the room in again, carefully.
Could he have moved without telling her? It didn’t seem likely but if he were to end it with her that was how she expected it would be. She crossed the room and examined his closet. A small athletic bag he kept there was gone and so was a jacket. But most of his things were untouched.
Another of his trips. She looked around but found no message from him for her. Th
at was no surprise. He liked his secrets and she was, after all, only a woman.
So . . . no money. Not now at least. He’d not thought to leave it out for her. Well, he’d pay her when he returned.
Saliha sighed, took one last look about the room, then closed the window and locked the door as she left. At the entryway, the gross gypsy, dressed in a ratty soiled undershirt, eyed her in such a way that she shivered.
18
GENEVA, SWITZERLAND
UNITED NATIONS OFFICE AT GENEVA (UNOG)
OFFICE FOR DISARMAMENT AFFAIRS
PALAIS DES NATIONS
11:34 A.M. CET
Though used by the DOD, mIRC was not exclusive to it though it had modified the code to require both public and private key codes between parties, something that was usually optional. The system allowed secure communication between computers anywhere. All messages, or video for that matter, were encrypted en route, and then unscrambled by the receiving computer.
Daryl received the incoming message on her laptop. Jeff crowded over to her. It was, as expected, Frank Renkin, who often used video in contacting them. The picture was sharp, and revealed how tired the man was. It was very early morning there and he looked as if he’d worked all night.
“I see you found your man all right,” Frank said with a grin after greeting them.
Daryl smiled. “Thanks for your help.”
“Any progress?” Frank asked.
She nodded. “I’d say so. But we still have lots of unanswered questions. How about your team?”
“As I messaged you earlier, we found the self-deleting concealment software, the same as you. Very sneaky and a nasty sign if crackers are going to start using something that sophisticated. My big news is it appears the purpose of the malware is to copy any document the infected computer has and is able to alter it. Does that sound familiar to you?”
Jeff filled him in on what they’d come up with, explaining in some detail how the Trojan made it possible to modify a document in the middle of an e-mail transmission.
“The what?”
“That was our reaction. You send an attachment,” Jeff said, “even check it before it leaves your computer, but an altered document arrives at the other end.”
Daryl answered. “They must copy the file to their system, study and modify it, then send back the altered version. They have their version already in place to make the switch when the e-mail is sent. In the process they manage, in effect, to suspend the application of the digital signature. It goes on the altered document.”
Frank thought about that a moment. “They must have had someone watching the development of this report for a while since I take it this Iranian draft report was a work in progress.”
“The replacement is automated,” Daryl said. “If a change is made in the document before it is e-mailed they’d be alerted and react accordingly. They might miss something changed at the last second but most of the time they’ll accomplish what they want. And if it’s important enough to them, then by watching any one computer continuously they can always do a substitution. But there’s nothing to prevent them from actually altering the document within the infected computer at any time if that’s what they want.”
“You can see what this means, right?”
“It’s bad, that’s for sure,” Daryl said.
“It means,” Frank said, “that we can’t know if a digital communication is an original so we can’t trust anything we read that we’ve received by e-mail, even if there’s proof it originated with someone you trust. Nothing, and that includes attachments. We can no longer take anything at face value. And then there’s stored data. A document you read one day might read differently later. If the Trojan is in your computer you have no idea what’s been changed, none. It spreads doubt and suspicion throughout all Internet communication. Can you depend on what you see? Are you being lied to? Or is it a Trojan?” He sighed. “So, who do you think is doing it?”
“Based on the sophistication of this thing,” Daryl said, “we think China is the likely author.”
Frank nodded. “That’s where we’ve gone. It targeted UNOG and the British Foreign Office. We think it’s the big boys in cyber spying, though we’ve found no direct trail as yet.”
“Why would the Chinese care about a United Nations report on the Iranian nuclear program?” Daryl asked.
“My guess,” Frank said, “since we’re talking about Iran here, is that oil is the connection. China already has a well-developed nuclear weapons capability at a time when the mullahs are creating their own. Iran has lots of oil and China needs it.”
Jeff and Daryl often encountered Chinese penetrations when working for government agencies or government contractors. On occasion, they were able to trace the “call home” feature of the virus to a server located in China; far more often they did not.
Chinese cyber penetrations were noted for the extensive reconnaissance that preceded the actual penetration. Before making the effort they gathered as much information about the computer system and the people using it as they could. They determined what data would be available and which additional networks they could infect when access was accomplished. Once inside, they moved with incredible caution so as not to alert the IT team.
To this end valuable data was most often moved to e-mail servers, since they handle large volumes of data. There, the stolen files were renamed to avoid suspicion, then were compressed and encrypted before being exported. In one case such an attack had utilized eight computers at U.S. universities as drop boxes before transmitting the stolen data from them. They then distributed it to more than ten countries before it was finally funneled back to the highly secretive PLA Cyber Warfare Center.
A Pentagon report said that the Chinese military was making “steady progress” acquiring online-warfare techniques, believing that its computer skills could help compensate for its underdeveloped military. It was usually not possible to make that final connection to China but the sophistication of the cyber-attacks and the nature of the data stolen left only one possible conclusion in many cases. One such Chinese attack on the computers at Oak Ridge, Tennessee, for example, had successfully obtained nuclear development data. DOD weapons programs were routinely extended. In one penetration, between ten and twenty terabytes of classified and highly sensitive data was downloaded. Considering that the entire Library of Congress consisted of twelve terabytes, the loss was enormous.
For all that, the most disturbing penetration was the Chinese systematic mapping of the American electrical grid. They’d dropped software all over it and no one knew what it was meant to do, or when it would be called on to do it. No sooner was it located and removed or neutralized than fresh code took its place, often not discovered for months. In the event of a national emergency, the justified fear was that some computer tech in China would send a command and the entire United States power supply would cascade into darkness. It might take weeks, even months, to rebuild and there was no knowing what might happen while most of the U.S. national defenses were blacked out.
“So you’re suggesting,” Daryl said, “that Iran is giving China low-cost oil in exchange for nuclear weapons assistance. And this cyber operation is meant to advance Iran’s agenda?”
“It’s a theory at least, though one beyond our purview. Let’s see if we can link this thing back to the Reds. My report will pack more punch if we’ve actually made the connection.” He paused, then asked, “Do you have any idea how many computers are already infected there and in London?”
“No,” Jeff answered. “You should contact Graham Yates for that information, as well as whoever runs the show here. Go as high up as you can. The guy we talked to, Nikos Stefanidou, was noncommittal. We were just shown to the computer, which, by the way, they’d not even bothered to secure.”
Daryl spoke. “If they can alter an OW file, they can change data also. Think about it. A tweak here, an alteration there, in the middle of a voluminous report someone relies on. We were jus
t lucky this one was discovered. Who knows how much other data they’ve modified already? Or where? And what modifications have been made to the software that runs our critical infrastructure by inserting a backdoor? If that happens we have . . .”
“Disaster,” Frank said, looking very weary. “You have disaster.”
19
GENEVA, SWITZERLAND
UNITED NATIONS OFFICE AT GENEVA (UNOG)
AVENUE DE LA PAIX
8:09 P.M. CET
Jeff yawned, glanced at his watch, and decided to call it quits. He was getting nowhere. He disconnected his laptop. Daryl was sitting across the room working independently on her laptop.
“Let’s call it a day,” Jeff said. “I think we wrap this up tomorrow. I haven’t found any more clues.” When she didn’t look up he said, “What are you doing?”
“Oil. Remember? Have you ever noticed how many reports on the Internet don’t have a date? It’s like they are written for a magazine or something with a date on the cover, and it never occurs to anyone that the article will exist forever on the Internet. Anyway, this report’s kind of old but it’s authoritative.”
“About what?”
She looked up. “China and oil, remember? Okay, here goes. This caught me by surprise—China is the second largest importer of oil in the world, after only you-know-who. Its economy grows at nearly 10 percent and its appetite for oil is all but insatiable, growing at 8 percent a year. You see, they decided to go with cars instead of sticking with mass transit.”
“Big mistake,” Jeff said. “Cars are a dead end.”
“Maybe, but you need an enormous infrastructure to support a thriving car industry and it is a quick way to provide jobs while giving the industrial base a huge boost. Plus, factories that produce cars can easily be converted to military needs.” She gave him a cockeyed smile. “Remember that crack about cars when you go shopping for one next month. I’ve seen you trolling the Web sites. Anyway, within twenty years they’ll have more cars than the U.S. and that same year they’ll be importing just as much oil as we do. So here’s the deal. They don’t have it. Want to guess where they get it from?”
Trojan Horse Page 12