Authors: R. J. Pineiro
“That looks pretty familiar,” she said to herself, launching her disassembler and running it against the body of the new virus. “Now, let's see if we can learn anything new.”
“Looks the same as yesterday's,” Reid noted.
Susan frowned. The disassembler had decoded the exact same percentage as the night before, meaning that she would not be learning anything new. “Let's see if any of the undecoded sections have changed since last night.”
Using a custom script, she performed a
DIFF
between the sections of the virus that had not been decoded. To her surprise she found that a section of 260 bytes had changed drastically, starting at Byte 367 to Byte 627. The rest of the virus, including the section that defined the routine to be executed at one
A.M.
GMT on January 1st, had not changed.
“What do you make of it?”
Susan shrugged. “Hard to tell without knowing what it does in the first place.” She rubbed her eyes and leaned back, suppressing a yawn.
“Why don't you go home and get some sleep?” said Reid. “I'll have a car waiting for you out in front in a few minutes.”
Susan nodded as her superior left, her eyes staring at the skyline of the nation's capital, uncertain of what she would do once she got to her apartment and once again found herself alone. As she was about to close her laptop, she noticed a blinking icon on the top left-hand corner of her screen.
“Shit!” She immediately clicked on it, pulling up a window controlled by the network's sentry, charged with detecting illegal breaches of the FBI's network's firewall, which Susan designed a year ago to keep Internet users from accessing sensitive FBI files without permission. Internet transmissions followed certain rigid protocols. A sender transmits an initial message containing a SYN flag, a string of ones and zeroes used to synchronize the upcoming communication. The intended receiver reads the SYN and replies to the sender with an ACK, acknowledging the request. When the sender receives this ACK flag, it sends an ACK of its own, acknowledging that it understands that the receiver is ready to begin accepting data. The three-way handshake completed, the actual transmission begins. At the end, the sender issues a FIN flag, signaling the end of the transmission, and the receiver responds with a final ACK, closing the electronic correspondence.
Susan's sentry had detected an Internet user issuing premature FIN flags into every port of the FBI's network. Idle ports had replied with resets, or RSTs, in the process letting the hacker know that no one was guarding them. Three of the ports belonged to users who had failed to log off the system before going home, in serious violation of FBI computer policiesâleaving the door wide open for an illegal user with the correct FIN scanner. After remotely crashing one of the ports to get a core dumpâalong with the critical network passwordsâthe hacker had logged into a second port, named Leonardo, and used the stolen passwords to get past the firewall and gain access to the core of the network.
Susan began to remotely log off the users, but she knew that the damage had already been done. Someone had penetrated the system. She pulled up a system log, dreading what she would find. The log provided her with the electronic record of the activity of every port in the system, including the three that had resembled open portals to the hacker using the FIN scanner. One port reported a crash, followed by a core dump. The second port reported no activity. The third, Leonardo, had performed a network search for *
GARNETT
*. The system had responded with
[email protected]
, Susan's E-mail address. Leonardo had then made a copy of the E-mail directory in her account, as well as her Internet chat log, which contained a transcript of her Internet chats for the past week.
Susan felt weak. Someone now knew as much about this global virus as she did, including the probable location in the Petén lowlands.
She slapped a hand on her desk.
“NO!”
Angry, she logged off the illegal user, but not before dumping Leonardo's log file into her own directory, reading the Internet Protocol (IP) address of the illegal user, which belonged to an account in a nearby Internet service provider,
Capital.com
. She grabbed the phone, fingers trembling as she dialed the number that appeared on her screen.
The line was busy.
Susan raced out of her office, finding Reid, alerting him of the intrusion, of the implications. The elder FBI agent immediately sent a car with agents to
Capital.com
, the origin of the FIN scanner.
Five minutes later the phone rang in Reid's office. Susan stared out of the window, a mug of coffee in her hands.
“Yes?” Reid said after pressing the speaker box next to the phone.
“Sir, I've just called for an ambulance. One of them is still alive, but barely.”
Susan turned so fast that she spilled some coffee on her jeans. She momentarily cringed from the stinging burn. Wiping it off with her hand, she reached Reid's cluttered desk.
“Still alive? Whatâwhat are you talking about?” Reid asked.
“It's ⦠it's a bloodbath in here, sir. A damned bloodbath.”
3
Antonio Strokk sat in the passenger seat of a rented Ford Taurus clutching a pair of commercial field binoculars, which he used to survey the entrance to the J. Edgar Hoover Building from a block away. Snow peppered the sidewalk, accumulating next to walls and around the bases of light posts and fire hydrants.
“¿Es ella?”
asked Celina, hands on the steering wheel. Like her brother, she now wore plain clothes, blue jeans, and a leather jacket. A tourist map spread on the backseat, the American traveler's checks in their pockets, and their passports corroborated their claim to being a Mexican couple on their honeymoon. Their dark uniforms, as well as their weaponry, were on their way back to the safe house, where two of his operatives would spend the next hour extracting intelligence on the information Celina had stored in a half-dozen diskettes before leaving the building thirty minutes earlier. Ten minutes ago Strokk had received the first phone call from his team, informing him of the Internet chat Susan had with Hans Bloodaxe, including their progress to date on the investigation of the daily global events.
Strokk nodded. “That's her.” He put the binoculars down.
4
Susan Garnett shivered on the sidewalk while watching the FBI sedan pull up to the curb. She got in the rear, sitting down, momentarily closing her eyes while enjoying the warmth.
“Back home?” asked Agent Steve Gonzales, sitting in the front passenger seat while Agent Joe Trimble drove. In light of the recent killings, Reid had decided to take zero chances and assigned both agents to escort Susan everywhere she went.
She provided them with an address that was different from her home address.
“
Where
do you want to go?” asked Agent Gonzales while Trimble's blue eyes regarded her through the rearview mirror. “That's not yourâ”
“I've already cleared it with Reid. Somebody's on to us. We're stepping up security and speeding up the investigation.”
The agents exchanged a glance.
“We ain't got all day, boys. Let's get moving.”
Trimble drove off. Gonzales sat sideways, resting an elbow on the back of his seat. “Who lives there?”
“A friend of a friend.” Staring out the window, Susan put a finger to her left temple and rubbed. She was still terribly disturbed by the events in the past hour. Someone had wanted to spy on her bad enough to kill eleven people at the local ISP. The only survivor had died on his way to the hospital.
Eleven people!
Susan closed her eyes, forcing back the shock. All shot to death like animals.
Poor bastards never had a chance,
Reid had said.
It was a professional hit. The equipment wasn't damaged.
A professional hit? What kind of people are we dealing with?
“Excuse me?”
Susan blinked. Agent Gonzales was staring at her. “What?”
“You said something about the kind of people we're dealing with?”
“Ignore me. Just thinking out loud.”
The Hispanic agent turned back around. Susan shifted her attention to the snowflakes drifting onto the sidewalk.
5
Neither FBI agent noticed the Ford Taurus leaving the curb after them from the opposite side of the street. Celina Strokk kept a reasonable distance in the late-evening traffic, far enough away to avoid detection, yet close enough to keep her quarry in view.
Antonio Strokk relaxed. His sister had done this many times before in dozens of countries, with exemplary results, never once losing her prey.
He retrieved a miniature laser audio surveillance system, with a range of five hundred feet. The unit fed off the vibrations on glass windows created by normal conversation. He had requested a specific brand and model number from his contractor because it was the most reliable, having yielded outstanding results in Moscow, Sunnyvale, and Tokyo within the past year.
His cellular phone rang. Strokk picked it up on the second ring.
“Mr. Holland?” he asked.
“This is Mr. Wharton. Mr. James Holland is busy,” the voice replied, completing the code. His subordinate proceeded to spend five minutes updating him on the information in Susan Garnett's E-mail account, including her request for help from many hackers across the country. Some of them had replied, providing some level of technical assistance, but none to the level of Bloodaxe. In the end, all of the FBI detective work to date pointed to the Tikal ruins, in the lowlands of the Petén.
The former Spetsnaz operative exhaled in disappointment, expecting the Americans to be much further along than that. Although they had been skilled enough to capture a passive version of the virus and decipher sections of it that matched the daily observations, the American analysts had failed to decipher the most important portion of the code: the routine that would be triggered on the final day of the sequence. Still, he reminded himself not to underestimate the Americans. He had done so once before and had paid dearly for his mistake.
As his sister drove them through downtown Washington, Strokk stared at the snow-covered sidewalk, remembering Afghanistan. Strokk had participated in the 1979 strike against President Hafizullah Amin's palace at the beginning of the invasion, killing the president and his bodyguards. He had later operated in the mountains, planning and executing strikes against the Mujahideen. His Spetsnaz unit, codenamed Skorpion after the Czech CZ65 Skorpion machine pistol used by its members, distinguished itself by using medieval torture methods to force information out of locals, yielding the intelligence that allowed them to hunt down numerous Mujahideen strongholds. But then the Americans began to get involved in a war that did not concern them. The CIA armed the rebels, providing them not only with sophisticated weapons, including Stinger antiaircraft missiles, but also with satellite intelligence on the movement of Russian troops in the region.
Anger swelled inside the half-Russian, half-Venezuelan operative as buildings rushed past, snow striking the windshield to the rhythm of the wipers, the same rhythm as the main rotor of the Mi-24 Hind helicopter as it had transported his team to the mountains south of Baghlán, in northern Afghanistan.
The intelligence on the hideaway was solid, confirmed both by satellite and high-altitude surveillance. The native guerrillas thought that they could hide in the high mountains following their hit-and-run strikes on Russian convoys headed for Sayghan. They believed that the narrow, mountainside trails, inaccessible to tanks and trucks, would provide them a safe haven. He planned a surprise attack by helicopter. His contact in the GRU, Russia's military intelligence division, cautioned the Spetsnaz about a recent report of sophisticated American weapons being infiltrated into the ranks of the Afghan rebels. The message from Moscow was to exercise extreme caution when flying over terrain controlled by the guerrillas. Strokk, unwilling to believe that the Americans could provide sophisticated weapons to the Mujahideen that fast, much less train the savages on how to use them, disregarded the warning, feeling confident that no rebel armed with an AK-47 could pose a serious threat to a Hind, one of the finest gunships in the world, armed with a 30mm twin-barrel cannon and a multitude of missiles under its stub wings.
The strike went on as planned.
The two Hinds came in from the north, their dark shapes closely following the uneven terrain. Antonio Strokk sat by the side door, peering out of a square window, scanning the terrain below, the sparse vegetation, the jagged hills, the desolate land. The lead chopper flew just ahead and to the side, its main rotor reflecting the morning sun.
A beam of light arced up from behind a clump of boulders, striking the lead Hind's left turbine. The craft caught fire, crashing against the mountain, disappearing behind a bright sheet of orange and yellow flames.