Operation Desolation (5 page)

Read Operation Desolation Online

Authors: Mark Russinovich

BOOK: Operation Desolation
13.49Mb size Format: txt, pdf, ePub

Ritter joined him with a broad grin. Once all three were there, Jeff noticed Norm move along the side of the room until he was positioned at the front, ready to move. Their agreement had been that the hacker would be announced as one of the three brought to the front of the room regardless of how they scored to make the arrest easier.

“Now, Jeff, who is the overall winner?” Clive asked.

Jeff smiled and announced that Capps had just nosed out Chuck. She grinned as several booed her while others applauded deferentially. “Thanks, everyone, for playing,” Jeff told the audience.

He stood aside as Clive closed the conference by thanking the attendees for coming and the sponsors, especially CTI, for supporting it. Jeff and the three finalists stepped off the stage and Jeff overheard Norm ask Ritter to accompany him out of the room. Ritter appeared perplexed, but Norm's firm grip on his arm guided him out one of the room's side doors. Everyone else was busy talking as they filed out the back of the room so didn't notice what had happened. Jeff was glad that his plan had worked, but was sad that an old colleague was guilty.

Clive said good-bye to someone and then walked over to Jeff with a smile on his face. “Great work, Jeff! Really creative of you. I texted Daryl to tell her that you're the man of the hour.”

As he said that, a text arrived on Jeff's phone. “I'm told you are showing off. D.”

Jeff and Clive puzzled over Ritter's motives for a few minutes until Norm came back in the room. “Ritter wants to see you.”

“Why?” Jeff asked.

Norm shrugged. “He says if you see him he'll come clean. With what we have we probably don't need that but it would be good to learn what he knows about Anonymous. I'd like you to talk to him.”

Jeff agreed, then followed the FBI agent out of the meeting room. Ritter was being held in a room not far away. At the door another agent stood as sentinel. Norm ushered Jeff in and there was Ritter seated at a table with a bottle of water in his fist, flanked by two sober agents.

“You want to see me?” Jeff said.

Ritter looked terrible, like a man about to have a heart attack. He was sweating profusely and had already removed his jacket. “Sit down, Jeff. Please.” He gestured toward a chair near him.

Jeff hesitated, than sat.

“I guess…” Ritter stopped. He lifted the bottle and took a long swallow. “I guess you're wondering why I did it.”

“Yes, and why you attacked me. It's been on my mind ever since I realized it was you.”

“I regret that. It was foolish of me. More than foolish, it was cruel.” He paused, then continued. “I heard through the grapevine a few days ago that you'd been hired by RegSec and I just wanted to warn you away. I worried you would find me if I'd overlooked the slightest thing. I saw you walking to the conference hotel through the alley yesterday and figured you'd go back the same way. But I'd been drinking and got carried away. I wish I'd never done it.” He dropped his head.

Jeff glanced at Norm, who nodded encouragement.

“Why
did
you do it, Dillon? Why'd you hook up with Anonymous?”

Ritter looked at him with sudden vigor. “I had to do something! Don't you see? We're being smothered by Big Brother. It's not just the government, though that's bad enough. It's these giant multinationals. They bleed us dry, take our personal data, then sell it. They're arrogant! Reginald Hinton deserves what I did to him. I hope it ruins his company!”

“You've never talked about any of this before. You've always belittled anyone with these views. Are you sure that's really it?

Ritter hesitated before answering. “I lost a big chunk of my retirement with those clowns. I've still not recovered and don't ever expect to.”

“You mentioned your divorce last night and I've heard that things aren't going well for you at CTI.”

“I…” Ritter stared at the table. “I guess there's some truth in that, too. My wife…my ex-wife…It's been too much. The lawyers…all that money…for nothing.” He finished the water. “And you're right about CTI. They've been nudging me out the door for months. I'm here at my own expense, you know that? I thought maybe it could buy me some time, let me catch up.” Then he eyed Jeff significantly. “Or maybe I'd land a job elsewhere.”

“So why throw it all away?”

“I don't know. I honestly don't. I just don't know what came over me. I'd contacted Anonymous, played around with the RegSec Web site, and saw the vulnerability. I kept it to myself. When I got here I was surprised to see it still unpatched. So stupid! Why are these companies so stupid! It was like an open door. When no one else with Anonymous could get in, I just…I just couldn't resist walking through. I figured that launching the attack from the conference Wi-Fi would give me anonymity and I guess I wanted to show Anonymous how good I was, and really, prove it to myself. But RegSec deserves it, Jeff. They deserve it!” He paused, then said more quietly, “Anyway, I'm really sorry I hurt you.”

Norm placed his hand on Ritter's shoulder. “Steady.” He looked at Jeff. “You can go. Thanks.”

Jeff rose, took a final look at Ritter, then left the room, leaving him with the FBI agents.

The day after Jeff was home, Daryl swept into their cozy house, all aglow and looking very inviting. “Did you see?” she said, after they'd kissed. See what?”

“Someone hacked Reginald Hinton's private e-mail account, and posted some very compromising nude photos he'd sent to one of his bimbos. They've gone viral!”

Turn the page for a look at Mark Russinovich's new novel

Follow the latest news from Mark at
MarkRussinovich.com

 

Copyright © 2012 by Mark Russinovich. Foreword copyright © 2012 by Kevin Mitnick.

Foreword

It is Mark Russinovich's in-depth knowledge of Windows and how data traverses over the digital landscape that creates the chilling realism in the backdrop of
Trojan Horse,
the highly anticipated follow-up to his first novel,
Zero Day.
I've long said that people are the weakest link in the security chain (and, in the past, frequently taken advantage of this myself). In his thrilling tale, Mark shows us that malware remains a significant threat as the sophistication of malicious programs continues to grow. The bad actors still use the age-old technique of social engineering—the method of manipulating people into performing an action in order to leverage the help of the victim to exploit a security flaw in the application software that resides on their computer. When used together, these two attack methods can lead to devastating outcomes as they leapfrog over even the most resilient network defenses. No one is immune to social engineering, and even the most technically competent can easily fall victim to this method.

In today's world, it is rare that such an attack will merely affect one network. Once again, Mark makes us aware of how interconnected our systems are, and how their dependencies can be used to create havoc in our world. Geographic boundaries are no longer an obstacle for those wishing to cause harm. Our future wars may employ people on the battlefield as a last resort. The initial efforts will likely be fought digitally over the vast technology infrastructure that the Internet has created. It is now possible to have a virus weaponized in China, employed in Berlin on behalf of Afghanistan, and have the payload delivered in Sydney or the United States—masking origination, and making detection and accountability almost impossible.

Mark has created well-defined characters in Jeff Aiken and Daryl Haugen, whose challenges will absorb the reader. His attention to detail in both the technical and backdrop settings are realistic because they are closely related to real events exposed by the media. Even the nontechie will have no trouble understanding the well-explained technical details. The story-line keeps the reader immersed, anticipating what will happen next, and the only difficulty comes in trying to put the book down.

Trojan Horse
is a work of fiction, but it makes you think about the possibilities in the future as the sophistication of our adversaries continues to grow in response to narrowing gaps in security posture. I am both honored and privileged to have the opportunity of an advance read of Mark's latest work, and look forward to sequels in the future. However, after reading his book, even I am left wondering how prudent the decision was to open an e-mailed copy of the manuscript called “Trojan Horse. doc.”

—K
EVIN
M
ITNICK
S
PEAKER, CONSULTANT, AND AUTHOR OF
THE
N
EW
Y
ORK
T
IMES
BESTSELLER,
G
HOST IN THE
W
IRES

 

INTERNAL DISTRIBUTION ONLY
SECRET

MEMORANDUM

 

DATE:

June 24

FROM:

Rhonda MacMillan-Jones
Deputy Director, Cyber Security
National Security Agency

TO:

Admiral Braxton L. R. Compton
Chairman, Joint Chiefs of Staff
Pentagon

RE:

Confirmation

 

This is a follow-up to our conversation earlier today in which I confirmed the discovery of extraneous software embedded within the U.S. Pacific Fleet Command computer structure. This malware has access to the database that manages fleet deployments. It is highly sophisticated, unlike any we have previously encountered. At this time we do not know how it penetrated COMPACFLT computer defenses, how long it has been embedded, or the extent of the infection. It constitutes the most serious penetration to date by malignant software embedded from an unknown source within a highly classified U.S. military command computer system.

We share your suspicions that this malware was responsible for the ten-hour blackout experienced by COMPACFLT during fleet maneuvers off Taiwan nineteen days ago. Be assured that we are working with your staff and will do all within our ability to locate and remove every vestige of this Trojan from your system and that we will learn how it managed to insinuate itself into such critical software.

I wish to repeat that we do not yet know the scope of the penetration or the capacity of the malware to disrupt, or direct, fleet operations. We urge great caution in the interim. Though we cannot know its origin with certainty, the level of sophistication and the nature of its disruption indicates a nation-state with national security interests toward the United States.

 

cc:

CoS, POTUS
NSA, White House

 

INTERNAL DISTRIBUTION ONLY
SECRET

Day One

Thursday, April 9

CYBER PENETRATIONS REACH ALL-TIME HIGH
By Arnie Willoughby

April 9

Sophisticated computer penetration is at record levels according to Cyril Lester, executive director of the Internet Security Alliance. In a speech delivered at the association's annual meeting in Las Vegas, Nevada, Lester said, “Despite an increase in awareness by individuals and companies, malware, particularly in the form of Trojans, continues to find its way into computers at an alarming rate.”

Though hackers still release what Lester described as “junk malware,” advanced and highly sophisticated viruses are an ever-greater cause for concern. Most target financial records and a number have been highly successful in looting personal and bank accounts.

A new version of the Zeus Trojan, for one, recently penetrated bank security then silently stole more than one million dollars from an estimated three thousand accounts, according to Lester. “Authorities have been unable to trace the ultimate destination of the funds,” he said.

The Zeus Trojan infected Windows machines through various exploits in Internet Explorer and Adobe Reader. It then lay dormant until the user entered his bank account. Through a technique known as keystroke logging it captured logon information later used to access the account. If it was determined to hold at least $1,250 dollars the money was stolen.

Though not proven, the cyber operation is believed to have been orchestrated by an East European cyber gang.

Until recently, the Zeus Trojan was considered the most sophisticated and dangerous virus of all time, Lester said. That dubious distinction has been supplanted by Stuxnet, the mysterious virus which has targeted Iran's nuclear development program. Lester emphasized that even more dangerous malware is likely already implanted in computers worldwide. “We've scarcely viewed the scope of the risk we face,” Lester said.

The Internet Security Association is funded by the major computer and software manufacturers in the U.S. Lester has requested a four-fold increase in funding.

US Computer News, Inc.
All rights reserved.

Other books

A Death in Two Parts by Jane Aiken Hodge
The Mask of Sumi by John Creasey
The Strangers of Kindness by Terry Hickman
A Cast of Falcons by Steve Burrows
Dingoes at Dinnertime by Mary Pope Osborne
Ultimate Punishment by Scott Turow
Grave Mistake by Ngaio Marsh
Project Nirvana by Stefan Tegenfalk
Evan's Gate by Bowen, Rhys