Tim Washburn - Cyber Attack

“It’s not mentioned in this e-mail. I’d vote for answer C —all the above. If the bad guys have been on these networks for months, there’s no predicting how many vulnerabilities they’ve discovered. As for method of insertion, someone probably inserted an infected flash drive into their computer. Those damn things should be outlawed.” Paige looks up. “You know that’s probably how the NSA injected the Stuxnet worm into the Iranian computers that controlled the centrifuges, right?”

“Yeah. Unfortunately it got out in the wild. I wouldn’t be surprised to find we’re being attacked by some variant of Stuxnet as we speak.” Hank launches a piece of software that will allow him to drill down deeper into the system he’s working on. “I’m assuming the malware is a rootkit?”

“That’s how I’d do it,” Paige says, clicking out of the e-mail program. “I’m headed that way, myself. Look at all the device drivers and search for any anomalies. If the hackers are really good they’ve inserted it into the kernel where the most trusted functions of the operating system work. That’s where I would put it. And putting it there makes it damn difficult, if not impossible, to find.”

“But wouldn’t that cause catastrophic system crashes?”

“If these were average hackers, yeah. But these people aren’t your average hackers. Look, the software only does what it’s told. It can’t think for itself. So if you insert a piece of malware, in this case a rootkit, and it has an exploit to allow it the ability to modify the system’s software, then the system is none the wiser. It doesn’t know the malware isn’t supposed to be there.”

“Then how do we find it?”

“It’s going to take time, Hank. And even then we may not find it. The source code for these power companies contains millions of lines of code. Even if the malware did cause a system crash, I can promise you these hackers created a back door that would allow them to come and go at will. If a system crash occurred they’d wait for it to be repaired then manipulate their software to keep it from happening in the future.”

Hank’s phone dings and he lights the screen to see a text from Mercer. “I told you the bad news is going to keep coming.”

“What now?”

“Trouble at the stock exchanges. Surprise, surprise, they’re seeing some computer irregularities. Mercer’s thinking about sending us to Manhattan.” Hank leans back in his chair and rubs his eyes. “The hackers have to know this country will respond with overwhelming force, either through cyber or conventional means.”

Paige glances up. “We have to find them, first. And that’s no guarantee.”

Somewhere near Boston, Massachusetts

Working out of an undisclosed location somewhere near Boston, twenty-five-year-old Hassan Ansari pulls up the list of malware exploits on his laptop screen. Pakistani in origin, Ansari is now a second-year Ph.D. student at one of Boston’s major universities. As he scrolls down the list, he checks the scheduled times for the payload releases, making sure all is in order. And he’s not working alone. Inside the building with him are five other people—four of whom are also Ph.D. candidates at various universities around Boston. All are of similar age and all are foreigners. All are extremely intelligent and all have elite-level computer skills. And, most important, all have a reason for being there.

The sixth man is a recent arrival. Ansari first met him six months ago. That’s also the same time that he met the other four members of the group. The man identified himself as Basir Nazeri, but offered little else. Suspicious, Ansari put his computer skills to work, but after a frustrating two days, found no information on the man calling himself Basir Nazeri. He found a few Basir Nazeris, none with any approximation to this man’s age or likeness. Whoever he is, he’s now the guy ramrodding this show and Ansari doesn’t really give a damn. After all, each and every one has the same objective.

Each member of the group was recruited to the universities with offers of lavish scholarships from entities with marginal backgrounds. In return for the scholarships, each man was asked to devote some time to work on a new piece of software that they would receive upon admission to graduate school. The only stipulation was that the work was to be done in private and had to be done on a computer with no connections to the Internet. Those people granting the scholarships did attach one caveat—if it were discovered that someone wasn’t adhering to the rules, the scholarship would be rescinded and that person would be deported immediately back to their native country.

The new unit is a diverse group. In addition to Ansari, there is one other man from Pakistan, two men from Afghanistan, one man from Yemen, and one man from Somalia. Different countries, yes, but they all hail from the same region of the world. And it’s an area of the world that has endured countless wars and atrocities that stretch back generations. And all five have faced hardship, some more than others.

At first, Ansari had difficulty finding a common denominator—the one thing that compelled each man to agree to take on this mission. The five men are not wrapped up in religious zealotry nor are they hiding behind a veil of racism or fanaticism. In fact, four members of the team espouse no religious views whatsoever. Only one, Ansari, claims to be a Muslim, but by no means is he devout. But to be clear—these aren’t spoiled rich kids searching for a cause, nor are they attempting to start a movement or launch a crusade.

But they do have one very specific reason for their involvement.

In the country on F-1 student visas, the five, busy planning their dissertations, had little interest in that piece of software until Nazeri arrived six months ago. The timeline accelerated when the new administration in the White House announced that all student visas would be rescinded by the end of the year for students from a list of specific countries. The home countries of all five team members made the list and now it’s the software taking center stage, while the dissertations are on hold.

Looking at the software now, Ansari finds it remarkable to see the changes each man made while working on it individually over the years. Some were changes Ansari had never thought to make, but many of the men made similar progress and, with some fine-tuning, the software program was meshed together. Now, months later, they have created a well-honed computer program unlike anything else in existence.

Ansari knew they were creating a piece of malware, but he had no idea how it was going to be used until Nazeri arrived. The mystery man appeared with a grab bag of goodies that must have taken years to assemble. How he amassed them and from whom has not been disclosed. But with his collection of zero-day exploits, back doors, and precisely mapped networks, the group now has administrator-level access to a broad array of military and civilian networks, as evidenced by the morning’s events. Ansari has worries, though. They haven’t been told the length of the mission nor have they been briefed about the exit strategy—all red flags in Ansari’s book. But it is what it is.

In addition to his bag of software goodies, Nazeri also arrived with some computer hardware that can’t be found in any store. The modest, unobtrusive building Nazeri leased came wired with fiber-optic lines and, judging from some of the trash left behind, the building once housed some type of tech start-up outfit that was either bought out or went belly-up. After pairing the fiber-optic lines with some of the hardware Nazeri brought, the team created a max secure wireless network with speeds nearing eighty gigabits per second, allowing them to operate in real time. To mitigate communication lag, a satellite uplink was installed on the roof of the building and was connected directly to the network.