Cyber Attack
Page 11
Peyton checks the shoe store again. More people are flooding into the store as others exit, one man carrying an armload of shoes minus the boxes. Peyton looks down at her poor feet again. It’s easier to put on the damn heels now and walk across the street for a pair of comfortable shoes rather than try to wear the damn things home. Besides, it’s just one measly pair of shoes and these assholes are carrying them out by the handfuls. One pair. That’s all. Peyton remains frozen in place with indecision. Plus, how much glass are we going to encounter on the way home? Probably lots, right? But wait . . . Shit. If I lug that food and water outside I’m going to be mugged. Peyton turns and scans the lobby, looking for a better hidey-hole. She walks along the perimeter of the lobby, trying doors to see if any are unlocked. None are and she’s back to square one. Standing in the center of the lobby, she places a hand on her hip, deep in thought.
Seconds later she nearly jumps out of her skin when a staccato of gunfire erupts outside. She drops to the floor and slithers behind the chair for cover.
CHAPTER 28
Manhattan
“Where do you want to start, Paige?” Morales asks, as they exit off the Williamsburg Bridge.
“I’d like to begin at Nasdaq headquarters.”
“Why? Because they’ve been hacked before?” Morales asks.
“Yes. I’m thinking there might be a vulnerability or two still lurking around in their network.”
“The company allegedly shored up their network,” Hank says as Morales makes a left on Broadway.
“So what?” Paige says, now cooled off from the altercation with Hank. “All software has flaws. Even if they reconfigured their systems or built in new and better firewalls, there will still be vulnerabilities. Humans write code and humans make mistakes. You just hope, as a company, you find them first before the bad guys do.”
“If you find the malware, Paige, how long to make an ID on the hackers?” Morales asks.
“I don’t know, Tomás. How long did it take the agency to identify the bad actors from the first hack on the stock market?”
Morales scowls then says, “Four years. And even then the agency said they were only seventy percent certain the Russians were involved. I don’t think we ever identified any of the individuals involved.”
“Exactly,” Paige says. “And, no, we never ID’d any of the hackers. We’re in for a long slog, Tomás.”
“Okay, we’re a long way from identifying the hackers,” Tomás says, “but how long to get a handle on this malware, Paige?”
“Well, we have to find it first,” Paige says. “After that it’s a matter of dissecting whatever it is and writing a piece of software to quarantine and kill it. That could take a while once we find it.”
Tomás grimaces. “No way to speed things up?”
Paige shrugs. “I’m open to ideas.”
Hank turns in his seat to look back at Paige. “Do you think they’re usin’ the same piece of malware for all of their attacks?”
“There’s no way to know that yet,” Paige says. “But I would find it highly unlikely the same virus is being used.”
Hank shakes his head. “They might be the best hackers on the planet, but I doubt they’ve developed a grab bag full of exploits. I think it’s more likely they’re usin’ multiple variants of the one piece of malware—malware they’ve probably spent years refinin’.”
“I’m not arguing with you, Hank,” Paige says, “but we shouldn’t base future decisions on what we might or might not find here. We need comparison samples from the aircraft manufacturer or one of the other places that was hit. We’d be shooting ourselves in the foot if we create a piece of software to scan for this particular malware and find out they’ve been using multiple types of malware.”
“Jesus,” Morales says, “I feel like we’re just waiting for the next bad thing to happen. We need to be more proactive. Why can’t we create software to scan for what we may find here and ship it out? If we find they’re using other malware, couldn’t we just create more software?”
“In theory, yes,” Paige says, “but in reality, no. The virus scan itself could cause the malware to execute its payload. Then we’d have an avalanche of bad things happening. We have no idea what else is in the works, but we need to be very careful how we proceed.”
“It’s hard to be careful when the body count continues to rise,” Morales says dejectedly. He pulls into a parking garage a block south of Wall Street, takes his ticket, and begins the search for a vacant spot. Round and round they go, finally finding a spot down on the fourth level. They park, exit the SUV, and make their way to One Liberty Plaza.
After a brief, heated argument between Morales and the company’s chairman over privacy issues, the administrator username and password were passed on to Paige and Hank and they were taken to a small office near the local server room. Morales opted to stay behind to return phone calls, so Hank and Paige grab chairs and start working. Using her laptop, Paige logs in to the company’s Wi-Fi and navigates to an FBI-created virtual private network (VPN) and enters her credentials. She downloads the new toolkit that Natalie had sent and loads it onto a clean encrypted flash drive. She hates flash drives but it’s the only way to insert the software into the company’s system without hooking up her computer, something she won’t do. The last thing she needs is for the malware to infect her computer.
“What do you want me to do?” Hank asks.
“Use one of the company’s computers and log in to the system. See if the username and password they gave us will allow us access to the source code.”
Hank steps over to a workstation and sits. The office door opens and a balding man who looks to be in his early forties enters. “I’m Kent Fitzpatrick, head of IT. I’ve been instructed to assist in any way I can.”
“Pull up a chair, Kent,” Hank says. “Have you had a chance to look at any of the source code?”
“No. I’ve spent most of the day putting out fires.”
Hank recalls the admin username and password from a compartment in his brain and enters the information and logs in. “I assume access to your source code is tightly controlled.”
“You are correct,” Fitzpatrick says. “Most of it is proprietary software and unique to the industry.”
Hank looks up at Kent. “If access is strictly enforced, how did you end up with malware in your system?”
“I’m not convinced it exists.”
As the conversation between Hank and the new guy continues, Paige spends several moments examining the new software from Natalie. They are tools she’s never seen or used before, but it doesn’t take long for Paige to get up to speed on how they function. She ejects the flash drive and pulls it from her laptop, carrying it over to the computer Hank’s working on.
Fitzpatrick spots the flash drive in her hand. “We don’t allow external storage devices on our network.”
Paige pins Fitzpatrick to his chair with a stern look. “Today, you do.” She pulls up another chair and nudges Hank away from the computer.
Fitzpatrick rubs his forehead with his palm. “I object to your use of a flash drive on our system.”
“Duly noted,” Paige replies. She plugs the drive into the computer’s USB port and launches the first application.
“What program are you running?” Fitzpatrick asks.
“One you’ve never heard of. Let’s just leave it at that, shall we?”
“Whatever,” Fitzpatrick mumbles, kneading his neck with his right hand.
“Do I have access to every server on your network from here?” Paige asks.
“Not all of them. We keep redundant systems off-line in case of emergency.”
“How do you access them when you need to?”
“They have to be manually plugged in to the network at our server farm in Carteret, New Jersey,” Fitzpatrick says.
“How often are they connected to the main network?”
“Not very. The last time was October of last year when we were do
ing some system maintenance.”
“They might not be infected, but depending on what we find here we might need them online. Are you prepared to make that call?”
“Not really. Like I said, I’m not convinced our network has been infiltrated.”
“Were you workin’ here in October of 2010?” Hank asks.
Fitzpatrick rubs a hand across his balding head. “I was working in the IT department, yes.”
“But not the lead guy?” Hank asks.
“No.”
“What happened to him or her?”
Kent sighs again. “He was fired.”
“Why?”
Fitzpatrick blows out a long breath. “Yes, we were hacked in 2010, okay? But we did a major revamp and beefed up our security.”
The program Paige had started ends with no infected files found. “Damn,” she mumbles under her breath. She clicks on her flash drive and launches another application. It runs for several minutes and a piece of source code flashes onto the screen. “There you are, you little bastard,” she mutters as she highlights the code and copies it to her flash drive.
Hank, looking over her shoulder, asks, “You find somethin’?”
“Yes. Not quite sure what it is, but it was found on a device driver in the system’s memory.”
Fitzpatrick pedals his chair over for a closer look.
“Does it look familiar to you, Kent?” Paige asks.
“No. But every driver we put on the network is accompanied by a digitally signed certificate of authenticity.”
“Oh well, that’s great. Those certificates are never stolen or compromised, are they?” Paige says, her voice filled with sarcasm.
Fitzpatrick shrugs. “It’s damn difficult to do.”
“Yeah,” Paige says, “almost as difficult as hacking an allegedly secure network.”
CHAPTER 29
Bardere, Gedo, Somalia
September 6, 2008
TARGET: al-Shabaab
CONFIRMED KILLED: 69
CIVILIANS KILLED: 41
Situated along the banks of the Jubba River in the Gedo region of Somalia, Bardere is one of the most fertile areas of the country. Palm trees line the riverbank and irrigated plots of land stretch across the Jubba Valley for as far as the eye can see. The farmers in the area grow sorghum, corn, onions, beans, and fruits such as watermelons, oranges, and mangoes. While unemployment for the rest of the country is nearly 70 percent, most of the 75,000 people who call Bardere home consider themselves quite prosperous when compared to others in this war-torn country.
One of those residents working in the fields this afternoon is fourteen-year-old Yuusef Yuusef Mohamed. In Somalia there is no concept of Western-style surnames. Children are given three names when they enter the world: his or her name, the name of the father, and the name of the grandfather or great-grandfather. To simplify things, Somalis will often create a nickname for the child that stays with him or her for life. Yuusef must have arrived during a period of low creativity because his nickname is also his first name. Yuusef climbs down the handmade ladder and carries it to the next orange tree in line and climbs back up, picking the oranges at the top of the tree and placing them carefully in the canvas bag slung around his neck. These orange trees or ones like them have been in Yuusef’s family going back four generations. And Yuusef doesn’t mind the hard work, but he has bigger plans for his life.
An excellent student with an uncannily sharp mind, Yuusef splits his time between high school and an accelerated learning program, including English, at the local university. That is, when he’s not picking oranges. Thankfully, the picking season is short and Yuusef can’t wait to get back to his studies. After a series of standardized tests over the years, Yuusef was discovered to have an extremely high aptitude for math and a Mensa-worthy IQ of 151. Teachers steered him toward all things computer related and Yuusef was off and running.
In addition to the small orange grove, the family also grows corn and watermelons and also owns a good-sized herd of goats. When not farming, Yuusef’s father often transports their goods to the larger cities, where he and Yuusef’s mother and his older sister and her husband set up shop at the local markets. Today is market day and the group of four rolled out long before daybreak with plans to return before dark when things often get dicey in Somalia.
His thoughts of upcoming studies are interrupted when he hears his grandmother ringing the dinner bell. Before heading back to the house Yuusef finishes with that tree and moves the ladder to the next tree so it’ll be ready first thing in the morning. Yuusef empties his bag of oranges into a larger crate, takes off his picking bag, and moves over to the well to wash up for dinner before going inside.
The home houses three generations of Yuusef’s family and quarters are tight. Yes, there are squabbles, but, in general, things run smoothly. Inside, Yuusef gives his grandmother a peck on the cheek and takes a seat at the table. His grandfather died two years ago and his grandmother now cares for Yuusef’s two-year-old niece, Leylo, while her parents are away at the market.
With the sun riding low on the horizon Yuusef asks, “Have you heard from Mother and Father?”
“They called when they were leaving the market. I thought they would be home by now.”
“Have you tried calling them again?”
“Yes, but you know cell service can be difficult.”
His grandmother places a bowl of stew on the table for him and Yuusef digs in. He’s hungry after a long day in the fields. Leylo takes a seat next to her uncle with a small bowl of stew and begins pestering him with questions as his grandmother sits. Moments later, dinner is interrupted when they hear the squeal of brakes coming from the front yard. Thinking it’s his parents, Yuusef stands and walks to the front door to find a strange truck in the drive. Two men climb out and approach, asking to speak to an adult. Yuusef’s grandmother comes to the door and meets the men on the porch. After a few minutes of discussion, Yuusef knows his world has been turned upside down when his grandmother bursts into tears and sags to her knees.
It wasn’t until two weeks later, long after the funerals, that Yuusef found out what happened. His family had been at the wrong place at the wrong time. Stuck in traffic, they were directly behind a car that was targeted by an American drone. The ensuing fireball engulfed the family truck, killing everyone aboard.
Present day, somewhere near Boston
Now twenty-four, Yuusef is waiting for a satellite window to open to launch their next attack. Over the weeks, the team hacked numerous communication satellites and installed back doors in the software. The back doors don’t allow them the ability to reposition satellites, but they do allow them to communicate with their targets across a wide swath of the country. The payload Yuusef is waiting to release targets a specific programmable logic controller that regulates speed.
“Where are we with target nineteen?” Nazeri asks from across the room.
“Waiting for the satellite window,” Yuusef replies. He has no idea who the passengers are, but he does wonder if it’s possible he might know someone aboard. As quick as the thought arrives, Yuusef pushes it from his mind. But, while he waits, his continuously active mind drifts to what might have been.
His professors at the university thought his research into artificial intelligence held great promise. There was mention of numerous published papers in the finest academic journals and a possible breakthrough in a field that has stumped scientists for fifty years. Not that any of his hypotheses had yet been proven, but Yuusef felt like he was on the cusp of a breakthrough that could advance machine-level intelligence to the next level. But that was before.
Yuusef sighs as he waits for the satellite. All of his research is stored in the cloud and on a portable hard drive he keeps in a hidden location, but to have an opportunity to work in an environment with that level of expertise and funding is now up in smoke. As he thinks about that, a tiny morsel of doubt begins to creep into his subconscious thoughts. He works to keep
it at bay and, when the satellite comes online, Yuusef triggers the payload and takes control of the small computer-networked device that regulates speed.
CHAPTER 30
Aboard the Acela Express
Two times a week, Gavin Minnick boards the noon Acela train from Washington, D.C., to New York City. The Acela Express is a high-speed train capable of traveling up to 150 miles per hour, but averages closer to 85 due to track conditions along the Northeast Corridor. On good days the trip usually takes two hours and forty-six minutes, gate to gate. That’ll put Gavin in New York in time to make his late-afternoon meeting and enjoy a nice meal before returning in the morning. An international banker by trade, his twice-weekly meetings in New York are beginning to erode his home life. His wife and two daughters at home often complain they don’t see enough of him. And at forty-six, the travel itself is a real grind even with the first-class accommodations aboard the train.
Gavin has made the trip enough times that he could probably drive the train blindfolded. He knows the slower sections of the track and the places where the train can accelerate to full speed. With four passenger cars bookended by two power cars capable of producing 6,200 horsepower each, the train’s acceleration can be breathtaking.
Gavin turns from the window and unloads his laptop from his messenger bag. He logs on and opens a spreadsheet for this afternoon’s meeting. Gavin has dissected thousands of corporate financials, accounting spreadsheets, and profit and loss statements, and it doesn’t take him long to zero in on the important numbers. The board of directors at the company he’s meeting with is hoping to slash payroll costs. Not their own exorbitant salaries, but the salaries of the hourly workers who make up the backbone of the company. If his bank didn’t have a financial interest in the matter, he’d tell them to go to hell. But it does, and he can’t.
Gavin removes his glasses and rubs the pressure points on the bridge of his nose. Once a basketball player at the small college he attended, his years spent behind the desk have sent his weight one way and his receding hairline the other, now extending to the back third of his skull. He cleans the lenses of his glasses with his silk tie and replaces them on his head, stealing another glimpse of the outside world. The bright sun is high in the sky, casting shallow shadows under the trees lining the track. He returns to his laptop, and, with a sigh, continues to search for cost savings.