Authors: Daniel Suarez
Reuters.com/business
Dow Sinks 820 Points
on Renewed
Cyber Attacks
—Network intrusions
destroyed data
at two publicly traded multinational corporations Wednesday—bringing the total to six
cyber attacks
in as many days and sending financial markets into free fall. The stocks of
Vederos Financial
(NYS—
VIDO
) and
Ambrogy Int’l
(
NASDAQ
—
AMRG
) fell to pennies a share before trading was halted. Federal authorities and international police agencies claim cyber terrorists infiltrated company systems, destroying data and backup tapes. In a worrisome development in the War on Terror, unnamed sources indicated that Islamic terrorists were likely to blame—possibly students educated in Western universities….
O
ps Center 1 was the National Security Agency’s mission control room. Dozens of plasma screens lined its walls, displaying real-time data from around the world in vibrant colors and vector graphics. There were color-coded diagrams of telecom, satellite, and Internet traffic. Other screens displayed current satellite coverage zones and still others showed the status of seabed acoustic sensors, missile launch monitors, the location of radar, radio, seismic, and microwave listening posts. The moderately sized room had a central control board, but individual workstations were arrayed around it in aisles. Each was manned by a specialist case officer: Latin America, the Middle East, the Terrorist Threat Integration Center, the Drug Interdiction Task Force, and on and on.
Uniformed military personnel dominated the space. They were relatively young people for the most part, not the seasoned analysts who developed strategy but the younger officers who worked in the world of operations, monitoring the data feeds. They were the nerve endings of the United States.
They were especially keyed up as they watched the large central screen and its digital world map. Hundreds of red dots on that map were scattered throughout North America, Europe, and Southeast Asia. And in this business, red dots meant trouble.
Dr. Natalie Philips stood behind the central control board operator. A three-star general and the NSA’s deputy director, Chris Fulbright, stood alongside her. Fulbright had the earnest, soft-spoken manner of a high school guidance counselor, but his mild demeanor masked a steely-eyed pragmatism. Philips knew that mild-mannered people did not rise to Mahogany Row.
She gestured to the digital map filling the screen. “Approximately thirty-eight hundred corporate networks in sixteen countries have been hijacked by an unknown entity—and these are just the ones we know about. We have good reason to believe the entity is Sobol’s Daemon.”
The general stared at the screen. “Sergeant, notify the Joint Chiefs; inform them that we are under attack.”
The board operator looked up. “Already taken care of, sir.”
The general looked to Philips again. “Where are the attacks coming from?”
Philips stared at the world map. “You mean where
did
they come from, General. The battle is long over.”
“What the hell is she talking about?”
Deputy Director Fulbright interceded. “She means these networks were compromised some time ago. We’re only learning about it just now.”
The general’s nostrils flared. He looked darkly at Philips. “How is it possible no one noticed these networks go down?”
“Because they didn’t go down. They’re still operating normally.”
The general looked confused.
Philips explained. “Someone took them over, and they’re running them as if they own them.”
The general gestured to the screens. “Why wasn’t this detected? Our systems should have sounded the alarm the moment anomalous IP traffic patterns occurred. Isn’t that what the neural logic farm is for?”
Philips was calm. “It wasn’t detected, General, because there were no anomalous traffic patterns to detect. The Daemon is not an Internet worm or a network exploit. It doesn’t hack systems. It hacks society.”
The general looked again to Fulbright.
Fulbright obliged. “Dr. Philips discovered the back door in Sobol’s video games some months ago. One that allowed users to enter secret maps and be exposed to the Daemon’s recruitment efforts.”
The general nodded impatiently. “So the Daemon recruited people to compromise these corporate networks on its behalf?”
“Yes. We believe it coordinated the activities of thousands of people who had no individual knowledge of each other.”
“The Daemon Task Force was supposed to detect and infiltrate these terror cells.”
Philips regarded the general with deliberate patience. “Our monitoring resulted in several dozen arrests, but the Daemon network is massively parallel—no one person or event is critical to its survival. It has no ringleaders and no central point of failure. And no central repository of logic. None of the Daemon’s agents knows anything more than a few seconds in advance, so informants have been useless. It also seems highly adept at detecting monitoring.”
“Forget arrests. What about infiltration?”
“We’ve been working with the interagency Task Force, but progress has been slow. My people are not undercover operatives—they know far too many national secrets to be put at risk of capture—and the operatives who’ve been brought forward from Langley and Quantico are not expert enough in the lingo and culture of computer gaming—or cryptography and IP network architecture for that matter. A third of them are evangelicals with little or no experience in online gaming. Developing their skills will take time. We’re painfully short of suitable recruits.”
The general pounded his hand on a chair back in frustration. “Goddamnit, this thing is running circles around us.” He looked to Philips again. “How does recruiting kids through video games translate into taking over corporate networks?”
Philips was looking at the big screen. “Because it didn’t recruit kids. Have a look at the demographics of video game sales. The biggest market segment is young men aged eighteen to twenty-eight.”
Fulbright nodded. “IT workers.”
“Maybe.” She turned to them both. “It could be any mid-to low-level employee. Not necessarily an IT staffer. Their efforts would be augmented by a massively parallel cyber organism that coordinates the efforts of thousands of other people—and it can pay.”
The general tried to wrap his head around it. “But why would employees want to destroy their own company? It doesn’t make sense.”
“There are always disgruntled or greedy people. The Daemon most likely deals them in.”
The general had murder in his eyes. “These terrorists need to be found and shot.”
“Careful. The Daemon has already destroyed two dozen companies that disobeyed its instructions. Among the currently infected are several multibillion-dollar corporations, representing a cross section of strategic industries—energy, finance, high-tech, biotech, media, manufacturing, food, transportation. The targets were obviously selected to maximize economic and social disruption in the event of their collapse.”
The general was starting to see the big picture. “This is no different from a strategic bombing campaign. This Daemon could gut the global economy. What are our options?”
She sighed. “Before we knew the extent of the infection, we attempted to penetrate a couple of compromised networks. But our intrusion attempts were detected and the target networks—and thus, the companies themselves—were destroyed by the Daemon in retribution.
“Wiretaps and surveillance of individual employees by the FBI resulted in similar retribution. Apparently, the Daemon does not hesitate to destroy the companies it has taken hostage. Further infiltration attempts have been put on hold until new strategies can be developed.”
“Doctor, I repeat: what are our options?”
Philips paused. “Right now we have only one: inform the public. Tell them what’s happening.”
“That’s crazy talk. The stock market would crash.”
Fulbright pointed them to a side conference room and spoke softly. “Please, let’s continue this discussion behind closed doors. Everyone here may be cleared top-secret, but they all have retirement funds.”
They entered a small conference room, and the deputy director closed the door behind them.
The general glared at Philips. “Doctor, what would informing the public accomplish other than to destroy the 401(k)s of millions of taxpayers?”
“Right now Sobol has you exactly where he wants you. His Daemon can prey upon millions of unsuspecting people because we haven’t warned anyone. At some point the Daemon is going to show itself—and we’ll lose all credibility with the public. Look, announce its existence before you’re forced to, and we’ll have billions of allies to help us destroy it.”
Fulbright shook his head. “It’s not that simple, Doctor. A news headline announcing that the Daemon exists might trigger a Daemon event—possibly the deletion of all data in these compromised networks. It could cause financial Armageddon. It could cripple the world economy and lead to widespread conflict—even thermonuclear war. We can’t risk that possibility.”
Philips didn’t blink. “That’s an extreme conclusion.”
“Extreme conclusions are what I’m paid to come to.”
“Do you ever plan on telling the public?”
“We’ll inform them after we’ve developed a countermeasure.”
“But that might be never.”
He didn’t say anything.
“Sir?”
“Yes, Doctor?”
“If you don’t intend to announce the existence of the Daemon, then I hope you’re planning to intervene on behalf of Peter Sebeck.”
The general looked to her. “The cop on death row?”
“His appeals are moving through the federal courts unusually fast. He’s scheduled to die by lethal injection.”
Fulbright didn’t respond immediately. “I’ll take that under advisement, Doctor.”
“You could fake his execution—”
“This might seem harsh, but Peter Sebeck must suffer the full penalty demanded by law—and the sooner the better. Faking his execution would risk tipping our hand to the Daemon.”
“Sir, please—”
“Philips, you yourself said that the Daemon has operatives in thousands of organizations. It could also have operatives in the penal system or law enforcement. So we must take the safe course. Sebeck is a casualty of this war, Doctor. You must put him out of your mind and concentrate on saving the lives and property of millions more Americans.”
Philips stared at him for a moment. “But surely we—”
“There is no ‘but,’ Doctor. Please focus on your work.”
She was about to speak again when the general leaned in.
“Any word from Jon Ross?”
Philips was still distracted but collected herself. “Not recently.”
The general nodded. “
There’s
a hacker we need in custody ASAP. All these hackers should be rounded up and shot.”
She eyed the general. “
I’m
a hacker, General, and if it weren’t for people like Jon Ross, we’d be in far worse shape than we are now.”
Fulbright kept his eyes on her. “Find him. We need him on the Joint Task Force. Tell him we’ll offer amnesty and U.S. citizenship, if you think it will matter. Just get him here. In the meantime, I need you and your people focused and working to find a way to stop this thing. Is that clear?”
She did not respond with enthusiasm. “Yes, sir.”
Fulbright didn’t relent. “Are we clear on this?”
“Sir, I—”
“You are a perceptive woman, Natalie. You, of all people, should be able to do the math on this. If we risk the lives and livelihoods of hundreds of millions of people to save the life of a single man, we’ll be guilty of a heinous crime. Do you see the truth of this?”
She nodded after a moment.
“Now perhaps you can gain some appreciation for the cruel calculus I’m forced to use every day.” He put a hand on her shoulder. “Your heart is in the right place. There’s nothing wrong with that. But keep a sense of perspective. Ask yourself how many children you’d be willing to sacrifice so that Detective Sebeck can live.”
Philips realized he was right.
The general cleared his throat. “I need to report back to the Pentagon.”
Philips turned to the deputy director. He nodded. She called after the general. “There’s more, sir.”
“Let’s hear it.”
“I detected something unusual emanating from the networks of Daemon-infected companies. It’s a pulse—an IP beacon of sorts. The tech industry calls these ‘heartbeats.’ This one consists of a lengthy burst of packets issuing from TCP port 135 at a predictable interval and bit length. Once we noticed the beacon was present at infected companies, we started looking for it elsewhere on the Internet. We found it echoing all over. That’s how we estimate that thirty-eight hundred corporations have been compromised. Some of those companies might not even know they’re infected yet.”
The general was nonplussed. “What’s the purpose of this ‘IP beacon’?”
“That was the question. We first thought it might be a signal to indicate a company was a Daemon host. But then the signal wouldn’t need to be so long—and each burst is a pretty long stream of data. It’s always identical for a single company, but never the same between two different companies. And all companies project it in a sequence—like a chain. A pulse from Company A is sent to Company B, then from Company B to Company C, and so on until we start back at Company A again. Stranger still, when our infiltration attempt caused one company to be destroyed, another beacon appeared at a new company to take its place, and it exactly matched the beacon that was lost.”
She paused. “That’s when I first suspected this was a multipart message.”
“The companies are communicating with each other?”
“No. They’re communicating to
us.
”
The general weighed what that meant. He regarded Philips with something akin to dread. “What are they saying?”
“The message was encoded with a 128-bit block cipher. It took us weeks to decrypt—and that was on
Cold Iron.
The good news is that, besides the Japanese and maybe the Chinese, it will take other nations years to decrypt, so we’re convinced that Sobol intended it for us. When we assembled the constituent pieces from all the beacons at all the companies, we discovered a single, very large GNU compressed file. When we extracted the package contents, we found two things: an API and an MPEG video file.”
“What’s an API?”
“It’s an application programming interface—rules for controlling a process. It’s basically a guide for communicating with—and possibly controlling—the Daemon.”
“Good lord! Why would Sobol give us that?”
“I think it’s a trap, sir.”
“What sort of control is it saying it will give us?”
“We’ve only begun our analysis, but the most significant function we’ve discovered is in the Daemon’s Ragnorok class library. It’s a function named
Destroy
. It accepts a country code and a tax ID as arguments. We believe that invoking it destroys all the data in the target company.”