The Back Door Man
Page 15
They stacked the two bodies in the rear of the Suburban. Their other three associates joined them. Rapid-fire Mandarin was exchanged and duffel bags were grabbed from the cargo hold.
Back inside the house, they systematically cleaned each room. Bleach and other chemicals were used liberally. Blood that had been spilled was effectively erased—DNA checks, if they were ever done by an investigating agency, would yield nothing.
Vacuums were used in the garage to quickly suck up spent cartridges, buckshot, and other telling debris that littered the floor. Incriminating items inside the house were quickly packed in bags, removed and placed in the Suburban.
A match was lit and the men quickly filed back into the Suburban. The fire was just beginning as they pulled into the street. By the time they drove away the garage was in full blaze.
The entire job had taken less than twelve minutes.
58
THIS was bigger and nastier than he thought. And he already thought it was pretty big and nasty. James swallowed. He was beginning to see more of the big picture.
Big.
Now that was a major understatement.
He didn’t have a monitor big enough to capture its breadth. Even before this went down James was the paranoid type. It went hand in hand with his obsessive compulsive tendencies. Like it or not, paranoia was hardwired in his DNA. He always blamed it on his job, but that was only a half-truth.
Half true in the sense that he was paranoid long before he became an information security engineer. Granted, his job did nothing to help his situation. It was like an alcoholic running a liquor store. He saw way too much for his own good. His worldview was filled with keeping abreast of the latest phishing scams and hacking techniques out there. He’d seen firsthand some pretty sophisticated black hat operations.
And with each there was usually one characteristic that was a common thread: the threats were cloaked in anonymity. Spawned by unknowns. That was the baneful reality of the information security business.
Threats he saw could have originated from kids, college students or eighty-year-old grandmothers. He never knew. Hackers were nameless. Faceless. Operating not from a static point, but from dynamic ever-shifting portals that were next to impossible to pin down. The Web was a playground for those who wished to remain anonymous. Identities were too easily hidden.
What with all the onion routers out there. TOR, for short. TOR was a second generation low-latency anonymity network of onion routers, which enabled users to communicate anonymously on the Internet.
Bunch of bullshit, is what it was.
It worked at the TCP Stream Level. Instant messaging, Internet Relay Chats (IRC) and Web browsing could all take advantage of it. It gave one a license to do bad things. View bad things. Be a bad thing.
It hid who you were.
Like Russian nested dolls—those painted Matryoshka dolls that decreased in size and were placed one inside the other—with very little effort a person could essentially do that—pose as someone else, whom subsequently could pose as another… With onion routers that’s what happened. The sequence kept going, till the person’s true identity was erased and impossible to trace with any degree of certainty.
The public frequently had preconceived notions that hackers were fringe threats: disgruntled techies that operated out of their parent’s basement; lone individuals usually more interested in causing mischief than real harm. James suspected that wasn’t the case for a lot of what he saw. Crimeware kits aside, some of the malicious traffic out there was just too coordinated, too sophisticated to be done by amateurs. He knew there were groups out there. Well organized… highly tech-savvy… that targeted companies and governments.
That was his paranoid side taking flight. But that bird had some wings.
Pterodactyl-sized wings.
And he was seeing sightings all the time. Not that long ago, one of ComTek’s competitors had had a serious security breach. Two million customers of a national bank had their data stolen. That one had really hit home, as it wasn’t so dissimilar to the data tapes that ComTek lost (or had thrown away by the cleaning service).
But in the case of their competitor, the data stolen didn’t languish in the trash, or find its way to some dump. It was taken, deliberately, by an outside entity. The information contained social security numbers, account information and other particulars. The security breach was never disclosed, least not until recently.
James had read about it in an IT trade journal. It barely made the news. And when it did get disseminated nationally, it was just a blip of an article on page 7 of the Wall Street Journal.
To James the news further validated all of his suspicions and paranoia he’d had over the years. It was the tip of the iceberg and lurking beneath was the monster that no one saw. Hidden from sight, but in plain view, at least to James, if no one else.
His eyes were wide open.
Paranoia, paranoia, self-destroyer…
He knew what was out there.
Page 7 of the WSJ summarized one example. In thirty minutes, thirty million dollars had been taken from ATMs in twenty-seven different countries. The theft was all the more amazing, considering that each ATM withdrawal was only three hundred dollars. To put that in context: 100,000 fake credit cards would have had to been manufactured, distributed, and then used simultaneously in twenty-seven different countries to take that amount of cash.
Some criminal outfit had coordinated that operation. It couldn’t have been done by a few people. Just from a logistical standpoint, it would have taken hundreds of people—mules and soldiers—to hit the ATMs, each making dozens of withdrawals. That fact, when James read about it, had chilled him to the bone. Major multi-million dollar corporations would have difficulty pulling off that type of seamless operation. There were criminal outfits out there that were pulling off capers more sophisticated and audacious than one could imagine.
And right now that theft looked minor—like some five-year-old kid stealing chewing gum from a convenience store—in comparison to this.
On the surface, those viruses he’d unleashed had done some major damage. “Created complete chaos” would be another way to describe it. But underneath it was far more insidious.
Criminally insidious.
That tertiary program, buried deep in the code, was siphoning off minute amounts from banking accounts each time. Singularly the amounts were negligible, just pennies, but it was happening to millions of accounts every few seconds. At that rate, every minute roughly equated to hundreds of thousands of dollars. The runtime factor was set for twenty-four hours, of which twenty-two hours had already elapsed. By its end, if this continued to play out, over three hundred billion dollars would be siphoned.
James had just run an algorithm to confirm it.
300,000,000,000 dollars.
Just the amount of zeros was staggering. It was a mind-bending sum.
Three hundred billion dollars.
That was one big number. Enough to shock anyone, himself included. Shame on him, though, he shouldn’t really be surprised. He should have known this was all about money. Taking money to be exact. That was always a concurrent theme with cybercrime—money.
Three hundred billion of it. A god-awful lot of dough. But truth was, even that gargantuan number could be humbled. Put in perspective. That amount roughly equated to less than six percent of the entire pool. Over five trillion dollars were warehoused in the banks and financial funds that utilized ComTek’s data recovery systems (i.e.: The Vault).
That money was parceled into almost infinite arrays of blocks of data. Those blocks, measured in bytes, bits and factors thereof, represented the monies of individual accounts. There was no vault that contained that amount of hard currency.
Collectively, looking at the entire money supply in the US, which was sometimes referred to as ‘M0’ or the ‘monetary base’, there was less than one trillion dollars of hard currency in total circulation. The majority of monies was in electronic form
, in checkable deposits, saving deposits, institutional money-market funds, short term repurchase agreements...
Everything today was electronic. When employers paid their employees, they didn’t hand them cash, they issued them checks, which were deposited into their accounts.
Like modern-day markers those checks were essentially ‘virtual money’. That was how the banking system worked. Everything was electronic. Monies were just bytes of data. And those blocks of data were being diced-up and filleted thousands of times, while simultaneously minute amounts were being siphoned and stashed in what appeared to be temporary holding accounts.
Temporary…
Bytes in the void.
James looked at what was on his screen. It was an inscrutable morass of numbers, letters and symbols. Streaming data he’d culled from one of the back doors.
Not quite Western Union here, but something else. Fed Wire was how many banks made wire transfers, particularly large sums of cash. The Vault backed-up all that type of data. But this wasn’t that.
What was this?
It was a black hole is what it was. And all that cash was going down it. Slurp.
Three hundred billion dollars.
Well… it might have been too late to stop the malicious code from doing its worst, but there was one thing James could do. Follow it. See where that money was going. From what he could tell, the cyber trail had several wormholes. Not just one, but five. And that money was slipping down them into these transitory black holes. Escrow accounts without any visible bottoms.
Intersante.
James paused. He was on the cusp, he felt. Those black holes were about to close up. In about two hours the runtime for this operation was set to end. At that point this was all over. That money would be gone. If it wasn’t already.
Time to find out. There was a trail, however faint. Just a tendril… but it might be enough.
Of course…
He flicked to the FLIR and gnashed his teeth. Right on cue. Just when he was sinking his teeth into this too.
Time to move again.
James stashed his laptop in the duffel bag. Several ideas were streaming in his head on parallel paths. He needed to do several things, and do them fast.
Prioritize. Threat number one, threat number two…
Full of purpose, he headed towards The Stacks.
59
HE took a slight detour on the way. Two hours, and then three hundred billion dollars was gone. Not if he had his druthers. Tag this on him. Make him the fall guy.
James was beginning to piece some things together. There was a term used in information security… Chained Exploit.
The easiest means to an end was never the direct path. You didn’t go through the front door to get the goodies. You arranged a sequence of events, strung together a chain of exploits.
James was one of those links on that chain. Whoever had orchestrated this operation—Enrique and company—had compromised James. They’d exploited him. Put him in the cat seat calling the shots. Or made it appear that was the case.
When this got investigated in the next few days—hell, next few hours— James would be where the blame went. Simple. He’d gone postal. Messed a lot of stuff up. He was mentally unstable. Said so in his file.
All those worms wrecking their havoc. That was a lot of noise. A diversion. It took attention from what was really happening.
Two can play that game.
James reached the APC Megawatt backups. The Vault was a power suck. Power, electricity to be exact, is what made this place run.
80 megawatts was nothing to fool around with. You could run a small city with that type of power. One thing about data centers, they weren’t green. Their carbon footprint was scary. Industrial factories spewing black smog had nothing on large data centers. Particularly one this size.
This was the mother ship of all data centers. Sucking power like there was no tomorrow. The way things were going, who could blame it. Tomorrow wasn’t looking so good.
Particularly not for James.
James looked around. The power grid was one monstrous beast. The APC Megawatt backups were just one component. Those battery cabinets each weighed over four tons. And there were dozens of them.
You also had the generators—they were located in another area. Each of those babies were the size of box cars. Add in the other UPS (Uninterrupted Power Supply) units, the PDU (Power Distribution Units), switchgear, distribution wiring, and all the other related components and you had one big, gigantic, mack daddy bunch of badass electrical shit.
All run by 480V power lines. Each one with enough power coursing through them to fry an elephant. Make him into one burnt crispy.
James knew what he needed to do. He found the manual. It was called “the book”, and it was off limits to anyone and everyone. He had to pop the lock on the cabinet to get it out.
It was a heavy tome. Full of forty pages of cautions and warnings. The other hundred and ten pages detailed the shutdown sequence.
So much for having just a simple kill switch. Murphy’s Law. Nothing was ever easy.
He got started.
60
DATA Centers have a love/hate relationship with electricity. James was more than up to speed in that arena. His job was completely intertwined with understanding power. What it could do, what you needed to avoid, and what you should never do.
He was about to open door number three. What you should never do.
Cut the juice. Initiate the shutdown sequence. Flip the switch.
Technically, according to the book, it wasn’t one switch, but a whole freaking lot of them. Semantics aside, flipping the switch was a no no. There was a reason there were three sets of redundant backup systems. You never wanted to shut a data center down.
Never.
Power kept the equipment running. Kept things like loss, corruption of data from happening. When a data center goes down, bad stuff could happen.
Words like “bump”, “brownout”, “blink”, “surge”, “spike”, “wink”, all innocuous sounding terms. All not. They meant bad things when used to describe electricity.
Power disturbances were not good. Transients, sags, swells, waveform distortions, voltage fluctuations. More power terms. All not good.
When power was shut off, it had to be done so very carefully. If not, things like explosions could happen.
Technically, a place like this, should never cut the power.
Power. Uninterrupted continuous power. That was the deal. Keep it going.
Data centers shouldn’t lose power.
Of course, it happened all the time. Usually in Tier 1, 2 and 3 facilities. Occasionally—no, make that rarely—it happened in Tier 4 facilities. But a Tier 5 facility like The Vault?
Never supposed to happen.
Never.
Ever.
Well, as they say, there was always a first time. James just hoped he knew what he was doing.
Time to make things right.
He took a deep breath. Took another one. Oh baby…
Why did he talk himself into doing these things?
Because according to his latest performance review he “exhibited erratic behavior” and needed “counseling”.
61
THERE was a method to his madness. There really was. Keep telling yourself that, boss.
James was by the main switchgear. It was a long bank that could best be described as looking like a bunch of grey-painted lockers. Except instead of plain metal doors, they had blinking LEDs, voltage meters and other things on them that made an audiophile’s high-fidelity sound system look like a joke. This was for serious badasses. Electrical engineers certified and trained on this type of equipment. Not for information security engineers. Not trained and not certified on this equipment. Who was he kidding?
Did he actually think he could do this?
He better be able to was the correct answer. He’d just turned off the first series of breakers. No going back now.
<
br /> He stepped over to the next panel. The book—he had to give it credit—was laid out so that even a complete neophyte could follow it. Complete with color graphics showing what to look for, what to do. The steps were clearly enumerated.
The ‘skull and crossbones’ and ‘lightning bolt’ icons sprinkled throughout the book were a nice touch. Guess those meant death. Surge. Explosion. Don’t do that.
The boldface text provided some subtle emphasis in spots. [Once initiated, steps 1-5 must be done in sequence and to completion. There should be no delay or interupption as this may cause a bump in current.]
James paused, wasn’t interruption spelled with two r’s, not two p’s?
He was pretty sure.
Concentrate. He was getting distracted. Not what he should be doing. That innocent-sounding word “bump” wasn’t something to gloss over. Bump was bad news. He knew enough to be dangerous. It could happen with improper switching of inductive loads. He needed to fully complete the sequence, otherwise he could be looking at a loss. Corruption of data.
All those small talks with Jerry had drilled one thing in his head. This was a serious place. For serious a-holes.
Kaboom!
That was Jerry’s sense of humor coming to haunt him. Guy had yelled that when he’d opened one of these panels.
James buckled down and reminded himself of his end goal. This needed to be done. No fuckups. No explosions.
Five minutes later he was done with steps 1-12. Only 82 more steps to go.
He checked the FLIR. Shit.
He better start moving fast. There were three heat signatures in Zone 13. That was one floor below him. Directly below him. All they needed to do was get on the closest lift and he was in trouble.