The Back Door Man
Page 12
There was truth to that statement. He’d spared with some talented fighters; a few that had gone to the next level. James was a skinny kid back then, and quick on his feet. He’d liked boxing, but it was wrestling he’d excelled at. He was a natural and had that unique combination of leanness, speed and brawn.
It was hard to believe—he was forty pounds heavier than the kid he used to be. His reflexes weren’t the same—not even close. Just a few hours ago, he’d allowed a man to pull him from his car without even resisting.
That wouldn’t have happened twenty years ago.
He’d changed.
Still, even that considered, muscle memory was a strange thing. It never really went away. The body remembered. It might wheeze and resist when pushed, but it went along, forgetting its current atrophy.
He hadn’t eaten today, but he wasn’t hungry. It was like reserves were being tapped into. He was remembering the person he used to be. The person who didn’t quit. The fighter.
It used to be a mantra for his life.
He’d gotten a scholarship for wrestling at Penn State and had pursued a mathematics degree. It was an odd choice for a jock, but it was something he was passionate about. He’d gone on to get his masters in computer science.
When he graduated, he’d had some attractive offers from some big names, but instead of going the traditional route he’d gone with a startup out in California. It never got off the ground, but James didn’t let that deter him. He’d taken an equity stake in another startup, till eventually he tried his own thing. Sue, his sweetheart in college, stayed with him throughout.
They’d lived in a rental; a tiny three-hundred square foot apartment. They’d married—a small affair with just a few friends and select family—and put off having kids as James took a fledgling concept and tried to hit it big. He’d swung for the fences.
Years went by. Sue’s job paid the bills. James’s didn’t.
At thirty-two, after eight years of failed starts and false hopes, James had a crisis moment. They couldn’t afford the airfare to go to his dad’s funeral. Their credit cards were maxed out. Their car was a junker and wouldn’t make a cross-country trip. His mother, who was on a fixed income herself, had to lend them the money, much to his shame.
It wasn’t long after that that James took a job out East at ComTek. The company was located in Raleigh, North Carolina. It was a stable job with a real salary, instead of a promised big payout, which was always another year away.
They’d tried to start a family, but after a few years they realized something was wrong. Sue was eventually told by the doctor she would never have kids. James had blamed himself. He’d been the one putting off having a family. He thought they’d missed their window. Sometimes nature shuts the door quickly, the doctor had said.
Sue never once blamed him. Even after all the doctor visits, Sue refused to believe she couldn’t get pregnant. I’m going to have your child, she’d said. James had thought he could never love his wife more than when she said those words, even as much as they pained him.
Two years later, on a cold rainy day in December, Sue told James the news. She was crying.
They each were thirty-seven and they were going to have a child.
There weren’t words to describe what they felt. But it only got better. When Katie entered the world and James looked down on her beautiful scrunched-up face, he’d had an epiphany moment. He told himself he would never put his family’s security in jeopardy.
He’d stopped putting energies into the stuff on the side. The programs he was writing after work; the new operating software he was creating; the website he was working on, which he was trying to get angel funded. He’d been trying for close to fourteen years. It was time he faced the facts.
It wasn’t going to happen.
But he refused to let that get him down. He made a decision then. He redoubled his efforts at work, really applied himself. There were other avenues to success.
He had to play catch-up, of course. He wasn’t a Young Turk, but the corporate world could provide a decent life for his family. A secure life with a stable paycheck.
They socked away money diligently for retirement and the girls’ college funds. They incrementally paid off their debts. They made do with little. They didn’t take extravagant vacations. They enjoyed the simple things.
Two years later they had another miracle when Sue gave birth to Hannah.
James was committed to the role of supporting his family. It was different than his dream, but it was perfect in a different way. While he had some regrets, he didn’t regret for one day the choices he’d made. Lofty dreams were for people with no dependents. There was no way he would put his family at risk, chasing after stuff that might never materialize.
He wasn’t going to be that guy who wasn’t there for his family. He worked hard and his hours during the week were long, but the weekends were all family time. He spent time with his wife and kids.
He thought he’d done the right things. Made the right choices. Now here he was, forty-two years old. Playing by those rules—doing what he thought was safe—hadn’t quite worked out as he planned. Someone had taken that security from him. Whisked it right from under his feet.
They’d put his family at risk. They had set him up for something he didn’t do, and the way it was looking he was going to go to jail for a long time. He was going to be taken from his wife and girls.
But the people who had set him up had overlooked one small detail.
The man he was.
James Kolinsky wasn’t someone’s whipping boy. He may have failed in his life’s ambition, but there was no way he was going to fail his family. They were the most important thing to him. Even more important than his dreams. He realized that when he tucked his girls in every Saturday and Sunday night. They and his wife were his rock, his life, and there was no way he was being taken from them.
No way.
James found a spot by some switchgear. The noise wasn’t as bad here.
He took out the laptop from the duffel bag. The other laptop, the one he’d hidden in the duct, was patched into the system. He’d preconfigured its interface to handle the embedded security. His laptop’s wireless connection should be able to connect to the hidden laptop, which in effect would work like an improvised router. At least in theory.
He waited as his laptop searched for the connection. It took several seconds...
He was on.
So far so good. He had access to the main matrix. He could connect remotely from anywhere within the complex. Not just the hubs.
One challenge figured out. He was mobile.
He assessed his options. The Vault had emergency exits situated throughout the facility. Each of those would trigger alarms if they were opened. He knew Security was searching the floors above him. Where though, was the question? He needed more info if he was going to stay ahead of them.
He went as fast as he could. In the back of his mind, independently of his focus, he chewed on the fact he hadn’t recognized the men. The Vault had three Security teams that rotated around the clock. James thought he knew all of them. The men he’d seen in the surveillance video were new.
That introduced another variable. Whatever was going on wasn’t isolated to Enrique and one or two others. There were more involved. They weren’t working in a silo. Too many factors came into play. To do what they’d done would take a coordinated effort. Others—more insiders—working with the same aim.
For what purpose, though?
Another question that needed an answer.
He was starting to see what lay ahead of him. These people, whoever they were, thought they’d found the perfect stooge for their plans.
Well…
Not if he had any say about it.
44
FIRST thing on the list, he needed to know where they were. He’d disabled Phalanx, but there were other ways he could keep tabs in The Vault.
On his laptop, he pulled up several vie
ws. He clicked from one to the next. Each were montages of color; streaming sensor readings. The thermographic images showed gradients of temperature: white being the warmest, red and orange being warm, and blue being cold. Throughout the facility were FLIR; ‘forward-looking Infrared’ sensors that were connected to the environmental systems.
The equipment in this facility put off massive amounts of heat and the cooling systems had to be monitored at all times. The FLIR helped regulate those systems. It was a back office, intuitive system; the PdM components operated autonomously and never needed maintenance.
He knew Enrique hadn’t been trained on it. If he had, he’d be able to use the FLIR sensors like James was using now—albeit somewhat unconventionally. The FLIR sensors, in addition to monitoring temperature, in a rudimentary way could detect movement. James was able to see where his hunters were. It wasn’t pinpoint accurate, but it was better than being blind.
He spotted a group of them. He could see them moving. They were two floors above, systematically combing the floor, looking for him. There were five. No, make that six.
The others were in different spots. Two were in the Fishbowl. One was near a larger heat mass that appeared to be a vehicle, which was in the loading dock area. There was a tenth on the first level.
He flipped to other views. Screen after screen.
There were tens of thousands of servers in this facility; all of them were arranged in stacks, like library shelves. On the screen they looked like lava flows, red and orange in running rows. The Stacks were the lifeblood of this place. They stored the data.
Other equipment was putting off heat, as well. The switchgear, PDU transformers, UPS modules, APC Megawatt backups, and all the other equipment that comprised the power grid. Multiple 480 Volt AC feeds supplied the grid. This facility was a power hog on almost unfathomable levels. 80 megawatts. An entire power plant, two miles away, was needed to run this facility.
All that power and data storage meant heat. Lots of it.
James flipped through the views.
In other quadrants, masses of blue showed the cooling systems. The thermal storage tanks with their Cryogel ice balls. The chillers ran on solutions of water and 28 percent glycol. Those Cryogel ice balls, which were 4-inch polyethylene spheres, were frozen at night. They cooled the water/glycol solution during the day.
Huge tanks, air exchangers, mechanical equipment, ductwork… all of it… was visible on the screen. Colors of blue and orange.
James kept scanning. He found the last two men. White and red traces. Both moving. They were near the generators. Pieces of equipment the size of boxcars. Level two.
That made twelve.
Enrique was most likely one of the men in the Fishbowl. The other eleven heat signatures were Security. Security, which had gone through DECON ignoring protocol. James had gotten a brief look at them on the cameras before he disabled Phalanx. They were a mixed crew; some of them had visible tattoos. None of them looked familiar. They were wearing the gray shirts that Security wore, but that’s where resemblances stopped.
He didn’t recognize one of them. Not one.
Security typically was comprised of six men. Six was the standard crew size. Six. Not eleven. And they hadn’t suited up.
Eleven men recently hired? What were the chances of that?
James watched them. Blobs of white and red moving. Two floors above.
He had some time.
He focused his attentions on following the cyber trail. The blended attack, which he’d purportedly orchestrated, had come from hundreds of email accounts. Each from different computers. It had been coordinated from a central source.
The bot-infected computers had carried out instructions, unleashing their missives every three seconds with malicious code. He looked at the attached files.
GreedKills.jwtLive GreedKills.jwtRedux GreedKills.jwtRepeat
New variants each time.
They were being sent to host addresses of different ComTek clients. He looked at the CIDR notations.
192.168.100.1/24
192.168.100.1/25
192.168.100.1/26
They were routing prefixes; IP addresses of networks. He pulled up ComTek’s database and checked against the list. The routing prefixes matched clients of ComTek’s.
Some were banks. Wells Fargo. Bank of America. J.P. Morgan. Citigroup. SunTrust.
Every bank that had a service contract with ComTek was receiving the emails. They were being sent to back-office servers. ComTek frequently sent security updates. It was all automated. It protected the systems and kept them working correctly. ComTek seamlessly backed up their clients’ data 365/24/7.
These emails were not normal updates.
They contained a worm.
A worm that was infiltrating each bank’s security network, bypassing their triple-tiered firewalls. It was replicating with each breach. Piggy-backing behind it were a series of programs that were doing their worst.
Confidential files were being compromised. Account information was being overwritten. Numbered accounts were directed to renumber themselves every few seconds.
The result was crippling. It was crashing their networks. James realized what he’d seen with his own bank account was happening on a grand scale. Transactions, millions of them, were cross-pollinating other accounts. It was essentially taking every account out there and intermixing them.
In his case, the transactions had yielded a negative result. The inverse would be true, as well. Other accounts were probably seeing the exact opposite. Accounts growing obscenely, fed by hundreds of random transactions from other accounts. Cash infusions, deposits, wire transfers.
It was taking all the funds out there and distributing them randomly. Some winners. Some losers. A big time crap shoot. Hello Las Vegas.
James took a deep breath. The scale of this cybercrime was enormous. This made past viruses look puny in comparison. Nimbda, Code Red, MyDoom, Sasser. All of those had snarled or stopped Web traffic and caused problems. But none of them had meted this sort of destruction. And he had done it. His digital fingerprints were all over this nightmare.
He had an astral body moment.
He looked around. The mechanical equipment was humming softly. The eye of the storm, he realized. This area of The Vault was partially insulated from the regular noises. He couldn’t even hear the air handlers from where he was sitting.
But out there was something else. Out there, not in The Vault, but the real world. A financial chimera that he’d caused. A virus plague spreading like locusts. The breakdown of the entire banking infrastructure. A cyclonic trail of damage, vortexing out of control, hitting other systems…anything that was remotely linked to banks. Payment servers, credit cards, online banking institutions, retail centers’ back-office systems…
In short, commerce itself.
The repercussions were almost too much to think about. He was getting distracted. His mind going off on unhealthy tangents.
He stretched his neck. He’d gotten stiff from looking at his screen for so long. He’d been absorbed.
Too absorbed.
He flipped to the FLIR and toggled through the views. The six men were no longer two floors above. It took him a moment to find them. He could see their heat traces, white and red, moving.
They were one floor above. Based on the direction they were going they had just started searching that floor. Good, he was okay. That would take them some time.
With a few clicks, he went back to his previous screen.
He needed to learn more.
45
SNOWFLAKES. It was a good analogy. All the same, until you looked at them closely.
James realized that everything was not what it seemed. He discovered that when he compared the different variants of the worm. One of them had a back-door component.
Hello.
That changed things. This wasn’t just a rogue operation meant to slice and dice. There was order within the chaos. A back-door featur
e meant things could be controlled.
Control. The hacker’s oeuvre.
Parse it down and that was what it was all about. Control, or finding a way to control. Manipulate, take over, make your server mine, your computer mine.
I own you.
James examined the code. It was definitely different than the others. Not just a carbon copy with a few tweaks. The code contained an implanted series of directives.
James isolated it. It was a matter of taking it apart, looking at its constructs. This variant of the worm was exploiting a vulnerability within the banking networks. It almost looked like something copped straight from a Zeus crimeware kit.
No, that’d be too easy, but there it was. It was so basic. Elemental.
A zero-day vulnerability. The banks were using old servers.
Are you kidding me?
He shook his head. It just didn’t seem possible. Any routine Security Audit would spot these types of vulnerabilities in a second. Every server—didn’t matter, which one—had vulnerabilities. They all had them. Even the most expensive, high-tech ones money could buy. Nothing was ever fully secure. There were always vulnerabilities some cracker could find. The key was to address them. Make those servers secure before they were put online.
These were old servers. Granted, they were back-office ones, but it didn’t matter. It was a no no, and three of the seven major banks were using them.
That explained them going down. This little worm had found the holes.
And this little piggy went all the way home.
James double-checked. It seemed crazy, but there it was. He checked all of the worms. There were hundreds of variants. He focused on two more that shouted out at him. Two more with back-door components. Again using something straight from a crimeware kit.
Whomever had created these little nasties had had some help. They’d gone to the Home Depot for hackers to get some extra tools.
He looked at the binary code. It was definitely from a kit. At least this section was. Most likely it had come from a Zeus crimeware kit. Anyone could purchase them online. They were available to any wannabe hacker. The underground economy was flourishing with the things, selling them for profit.