“Mick,” Mariana began, taking a sip of her latte, made with Ian’s excellent espresso machine in the galley.
The stored coffee reserves below decks were quite impressive as well, and Mick enjoyed the aroma.
“You’ve obviously done some cruising before.
What have you sailed, and where?”
“Well, besides a few months with Ian in the Whitsundays a few years back,” Mick began, referring to a series of tropical islands off the coast of Queensland in Australia.
“I’ve chartered yachts in Puerto Rico and sailed from Helsinki to Stockholm, once.
I’ve also done my share of
dinghy
sailing – my favorite are eighteen foot skiffs.
There’s nothing better than racing them on Sydney Harbor!”
“Very nice!
The Atlantic is nice, but there’s nothing like the Pacific.
I wanted to thank you for financing our little autumn getaway.
I had been itching to go offshore but hadn’t been able to break Ian away from his little yacht building project,” she replied, reaching out with her foot to tap Ian.
“You are most welcome.
You have no idea how important this trip is for me – I owe you one.
But Ian, you haven’t told me about this project,” Mick replied.
“Ah, well, it is a twenty meter long trimaran, built using composites, and designed to fly a hull!” Ian began.
Cruising trimarans keep all three of their hulls in the water, but performance ones are designed to heel over a little so that one hull (or even two) lift out of the water, for less drag and faster speeds.
“What a beauty!”
“I know.
But I’ve just started construction.
It will probably not be until late summer or autumn next year before she is ready to launch.
I’ve been working on her a lot, but I did need the break.
And this trip will be nice, even though I have to put up with having your sorry arse aboard!”
“Ian!
That is no way to talk to your friend!” Mariana replied, scolding him.
Mick and Ian just laughed.
“Mariana is a smart girl, but she has difficulty understanding the Aussie sense of humor,” Ian said to Mick.
He turned to Mariana.
“Mick is a mate, not just a friend – there’s a big difference.
And, I’ve told you before, dearest, the more I like someone, the more I hang shit on them.”
“Yes, yes...
whatever,” Mariana replied, looking bored.
“Don’t give me that look!” Ian replied, sliding over and putting his arms around her slight frame as he pulled her into his lap.
She giggled back at him.
Mick knew how this would end, so he finished his espresso, excused himself and went forward on the port hull.
Ian and Mariana’s berth was astern in the other hull, so they’d have plenty of privacy.
He clipped his safety harness on the rail, and slung one leg over each side of the bow, feeling the occasional spray on his bare legs, and tried not to think of Kateryna.
The next day, being Wednesday, it was time to change all his passwords.
Mick thought for a few minutes then typed:
R3adyAboutHardalee@sea
It was Mick’s turn to cook the day’s meals, and he was feeling hungry for some fresh fish.
He opened the fishing locker in the port hull and got out the tackle.
A few minutes later, he had two lines trailing in the water behind them.
He didn’t have long to wait until he had a decent sized fish hooked.
It took him more than fifteen minutes to land the fish; it fought all the way to the boat.
Hooking it with the gaff pole, he lifted the tuna into the cockpit and readied the line for another cast.
Once he had two fish, about three kilograms all together, he stowed the lines away.
He cleaned the fish, cut six large steaks and headed to the galley.
He slowly grilled them over the gas with a little lemon juice and basil.
The dinner was a great success, and Ian and Mariana toasted his culinary prowess.
Mick posted to his friends about the meal, even including a picture of his plate.
Of course, his friends had little idea of how fresh the fish really was.
A few days later, Mick sent his first message to be inserted into the P2P botnet communications network.
The next morning, Mick examined some decrypted responses from the botnet and was pleased to identify a reply to his message.
The message he sent was nothing more than a glorified “Hello World!” program, designed to generate a simple response from another computer in the botnet.
If he got an error or no response, it would have suggested he didn’t fully understand the way the botnet communicated.
Fortunately, he did get a response from another computer, confirming he was on the right track.
The information he had gleaned from the link Turing had provided him had proved to be invaluable.
It proved that the Zed.Kicker botnet was definitely using the P2P communication and messaging software developed by Turing.
Being able to send a message into the botnet didn’t mean he could control the botnet.
He still needed to do a lot more work before he could pretend to be a botnet controller and issue commands to the botnet.
But at least now he could read and understand the commands and knew how to create them.
He began to document the differences between Turing's open source code and the actual Zed.Kicker code.
The following day, Mick looked over the latest deciphered botnet control traffic.
Although he was sure he had deciphered it correctly, he couldn’t understand what it meant.
He saw a list: “
biz coop aero
” with a date and time, the next day at ØØØØZ, which meant midnight Zulu time or GMT – Greenwich Mean Time.
Mick recognized the three words in the list as Internet Top Level Domains (TLDs).
For example,
company.biz
domain name could be registered by a business and used for its web address or email addresses.
The other two were also TLDs, but they weren’t in common use.
The
aero
TLD was used for the aviation industry and
coop
was used for cooperatives.
Mick couldn’t think of any companies that used these domains off the top of his head but with a little searching, he found a few.
He also received a fraction: 1/1Ø24.
He could not figure out what this fraction meant or represented.
As Gypsy Moth progressed eastwards, his current time zone was getting closer to GMT or Zulu time, so midnight in England was now evening for him.
He arranged for Ian to take his watch that night so he could be online at that time to see what would happen.
At exactly ØØØØZ, Mick monitored the botnet traffic but didn’t see anything unusual – a steady stream of spam was moving, but otherwise nothing.
Then he sent a message to one of the
.biz
domains he had looked up the previous day – there was no response.
He tried another – the same.
He tried his list
of
.coop
and
.aero
domains and found them all unresponsive.
He knew exactly what this meant: the botnet must be targeting the domain name servers for these TLDs with a flood of traffic to take them out – a classic denial of service or DOS attack.
He performed a DNS trace using a utility called ‘dig’ and confirmed it: there was no response to either the
.biz
, .
aero
, or .
coop
domain servers.
Mariana poked her head inside Mick’s cabin as he was looking over the traces.
“Hullo there!” she called out.
“Ian says you are all excited about something!”
“Yep, I’m analyzing a denial of service attack on the Internet by the botnet I’ve been tracking,” he began, and seeing little comprehension on her face, he continued.
“You know the Internet addresses we use all the time, like amazon dot
com
or google dot com?
Well, they are called ‘domains’ and there is a bunch of computers, called domain name servers that help computers on the Internet find the services associated with these domains: for example, how to find the web server of that domain, or how to deliver an email message to that domain.
The botnet is flooding some of those key domain name servers with too many fake requests, making them crash and go offline.
So right now, you can’t send mail or get to the website of company dot biz or airline dot aero or apartments dot coop.
In short, part of the Internet is broken, which is a very serious thing.” He searched her face to see if this helped.
“You are an intense guy!” was her only reply, as she shook her head and resumed her duties above decks.
Mick now understood the fraction; it was the fraction of the hosts in the botnet that participated in the distributed denial of service (DDOS) attack.
In this case, only .1% of the Zed.Kicker botnet was needed to completely crash these
top level
domains!
This was one powerful botnet!
He did some quick web searches and couldn’t find any confirmation that this was occurring.
He attributed it to the fact that these domains were little used.
If this had happened to
com
, for example, in which every website or email that ended in
.com
would suddenly stop working, the reaction would be a lot bigger.
Mick realized that this attack, like the others over the past few weeks, was just a dry run: an experiment, a test.
A successful test, he noted.
He quickly wrote a script that polled the name servers at
five second
intervals to note the exact time when the outage would end.
He didn’t have long to wait – at about Ø1ØØZ, the outage suddenly was over.
Mick found the control messages just prior to this time and sent them out to be decrypted.
He hoped they might have some information about the source, the place from which the botnet instructions were originating.
One thing kept bothering Mick: the count of zombie computers in the botnet.
Now that he was reading botnet messages, he realized that there was a discrepancy.
About 15% of the computers did not seem to be sending messages, even though they were part of the botnet.
He still could not rule out that this was a mistake on his part, or perhaps a bug in the botnet software.
He had a feeling, however, that it meant something.
What, he didn't know.
In the morning, he did find discussion on the Internet about the outage.
He also came across some interesting speculation on a web wiki about Zed.Kicker for the first time as well, although it was mistakenly classified as a worm rather than a botnet.
However, the news failed to make the mainstream media or even the corporate press.
No one seemed to know what had happened.
Most people just assumed it was a screw-up by the operator, under the incorrect assumption that the three
top level
domains were all operated by the same company.
It seemed, once again, only Mick knew the truth.
The last few hundred nautical miles were spent working northward towards the Canary Islands where Ian planned to stop over and re-provision.
Mick was feeling impatient about arriving in England; he felt he was fast running out of time.
The wind had shifted to the northeast, which forced them to tack, or zigzag their way along.
It slowed their effective speed towards the port, since they couldn’t sail directly towards it.
But, it also meant a fun maneuver that involved everyone aboard.
When it was time to tack, Ian would get everyone up on deck, even if it meant waking from sleep.
Ian took the helm, steering the catamaran.
Mick worked the winch to pull the jib, the sail in front of the mast, from one side to the other.
The mainsail, supported on its bottom edge by a horizontal pole, known as the boom would also swing to the other side during the tack.
Mariana watched all the ropes, called ‘lines’, to make sure they all flowed freely.
When everyone was in position, Ian called out “Ready about!”
As he steered the bow of the catamaran into the wind, he called out “Hard alee!” which was meant he was turning the wheel so that the helm was hard to the leeward side of the yacht, which turns it towards the wind.
As the jib started luffing or flapping in the wind, Mariana released the line on one side and Mick winched it over the other side.
As the bow crossed in front of the wind, the wind caught on the other side of the main sail, moving the boom across.
The flogging jib caught the wind on the other side, and Ian straightened the helm.
He had steered the yacht through about 9Ø degrees of course change, completing the tack.