The Director: A Novel (18 page)

Junot put the spotting scope and the laser microphone in the closet of his room. He affixed a jam lock to the closet door so that his tools were safe. The tension in his body eased. He was hungry after the long trip and ordered a club sandwich from room service. The sandwich had chicken salad, mixed with mayonnaise, which he disliked, instead of the grilled chicken he had wanted, and the fries were soggy. He ate half the sandwich and put the tray in the hallway.

Junot was restless: After waiting a few minutes to digest the foul meal, he went down to the hotel “fitness room” to work out. The gym had a set of free weights, but they only went up to fifteen kilograms. A woman was using them when he arrived. Junot noisily did push-ups and crunches next to her until she left. The weights were so light that Junot flung them back on the rack. Everything was pissing him off. He went upstairs and showered, and thought about sex while he lathered himself.

He knew he shouldn’t go out, but the room felt claustrophobic. He put on a black T-shirt, this one bearing the name of a band called Slipknot, and put the studs back in his ears. He went downstairs and asked a handsome young bellman where to go in town for music. The young man recommended a club across the river, located in an old military barracks. Junot cruised for a while, looking for someone interesting and submissive, but the music was insipid, just east of ABBA, and his black mood returned. Just before midnight he went back to the hotel and jerked off.

The next morning Junot got up early. He ordered breakfast from room service, and when he had eaten and bathed, he hung the
DO NOT DISTURB
sign from his doorknob and went to the closet to retrieve his surveillance tools. He placed the spotter and the laser microphone side by side. He focused them on the eighteenth-floor window he had identified the night before, and settled in to wait for Ernst Lewin to arrive for work.

It was 7:30 a.m. when Junot began his watch. An hour later, he heard through his earphones the sound of a door clicking open and then closing shut, and then he saw through the eyepiece the face of Lewin as he took off his jacket, hung it neatly in the closet and settled down at his desk to work.

Junot recorded useful notes through the morning. Lewin’s secretary buzzed him at 9:20 to announce Bridget Saundermann had arrived for her 9:30 appointment. Junot made a call to BIS and asked for Miss Saundermann, and was transferred to the office of the deputy information officer. Evidently she worked with other IT staffers at the second BIS office, a round white stone building at the Aeschenplatz, several hundred yards down the street from the Hilton.

Saundermann entered the room at 9:25 and gave her boss a report on a new trading management system that was being put into beta testing in the trading room. She mentioned several employees who were working on the project, the software vendor who was supplying it, and the bugs that had been found in the networking software that connected the new platform to other parts of the bank’s system. They talked about the pressure caused by the recent downturn in Asian financial markets.

Just before 11:00, Junot heard what he had been waiting for. Lewin called someone to confirm his luncheon appointment at 1:00 that afternoon at Maison Verte. Lewin asked for the man by name, Aldo Heubner, and said that it was Mr. Lewin calling. Heubner came on the phone and said that lunch was indeed on as planned, and that he had already booked the table. They spoke in English; that was their shared language, evidently. Junot made notes.

Junot waited a few minutes and then called the restaurant and made a lunch reservation for himself at 12:30. He asked for a table overlooking the river, figuring that Lewin and Heubner would want the same. The maître d’hôtel said he would do his best.

Junot went to his computer and found an Aldo Heubner who worked as a vice president for information systems at a big pharmaceutical company that was headquartered in Basel. So they were fellow IT managers, and social friends, to boot.

Junot listened to a bit more of Lewin’s morning routine and made a few more notes, but at 11:45 he changed into his white shirt and blazer and knotted a striped silk tie. He went to his computer bag and removed a final piece of gear he had brought along. It was a miniature shotgun microphone designed to look like a ballpoint pen, with a tiny earpiece to monitor conversations up to fifty feet away. Junot put the pen mike in his breast pocket, checked his tie and headed out the door just before noon.

The restaurant was a mile north of the hotel, on the banks of the Rhine, in the city’s grandest old hotel. The main dining room was small and elegant, with crystal chandeliers suspended from the high ceiling, crisp white tablecloths and deep red plush chairs. The room was perfect for surveillance: good acoustics, low ambient noise, tables well separated but none beyond range.

Junot was one of the first to arrive for lunch and only one table was taken in the main room overlooking the river. He put twenty Swiss francs in his palm as he shook the maître d’s hand and reminded him of his request to be seated in the main room. Junot was shown to a table in the middle of the room, set back from the windows that overlooked the Rhine, but close enough. He had brought a book to read, along with a notebook in which to scribble what he overheard. He put the earpiece in his right ear, away from the door, and studied the menu.

Junot was ordering his meal when Lewin arrived; he was taller and more gaunt than he had appeared through the scope. With him was a shorter man with curly hair and a loud voice, who had to be Aldo Heubner. Junot watched them take their seats by the window, perhaps thirty feet away and in direct line-of-sight range.

He told the waiter, hovering so attentively, that he would have the lobster medallions to start, and then the pigeon breast with Tasmanian pepper, and then cheese, and then a champagne parfait for dessert. He removed the pen microphone from his breast pocket and placed it on the table, under a newspaper he had brought along.

Lewin and Heubner talked with the pleasure of two friends meeting in a fine restaurant. They discussed a mutual friend: Roger Friedman, who worked for UBS; they made plans to see Benjamin Britten’s
War Requiem
oratorio with their wives the following week; Lewin’s wife was named Rachel and Heubner’s wife was called Angelique; they discussed Christmas holiday plans, and the annual dilemma of whether to go skiing in the Alps or fly to the sun in the Caribbean.

Junot feasted on his meal while he listened to the conversation and made occasional notes. The sound quality was nearly as good as if the two were sitting at Junot’s table. They weren’t wildly indiscreet, but they laid open their personal lives in the way that friends do during a social encounter.

Lewin and Heubner ate their entrée and main course as they talked, but they skipped cheese and dessert. They had to get back to work. They left promptly at 2:30, as Junot was beginning his champagne parfait. He ate the raspberries but left the rest. He had already eaten enough for a week. He put his tiny shotgun microphone back in his pocket and gently removed the earpiece, palming it so that even a waiter standing over him wouldn’t have seen a thing.

Junot paid the bill. It came to over three hundred francs. He thought how pissed off his Denver handlers would be when the expense account came in. Junot looked at the waiter again as he walked out, thinking how he would like to jump him in the men’s room.

The rest was rote work, once Junot had acquired the raw material through “social engineering.” When he got back to his room at the Hilton, Junot put the surveillance gear back into his suitcase and set up his laptop computer. Morris had loaded him up like a “script kiddie”—with ready-made hacking tools that he could use once he had set his target and payload. He worked carefully, making sure each step had been completed correctly before he executed anything.

The first step was to steal Aldo Heubner’s email address. Junot explored the Internet site of the pharmaceutical company where Heubner worked until he had figured out the basic format for employee email addresses. When Junot had assembled what looked like the right configuration for Heubner, he tested it by using the “email dossier” at a site called centralops.net and found that it was indeed a valid address. He sent Heubner a dummy message at that address, just to make sure. Heubner didn’t answer, but the message didn’t bounce back.

Now Junot constructed the bait on his digital hook: It was a spoofed message for Ernst Lewin that appeared to be coming from Aldo Heubner’s email account, with his normal address visible as the sender. The subject line was
Thanks for lunch
. Below the subject line, the message read:

Enjoyed our meal at Maison Verte today. Angelique and I will buy tickets for the Britten oratorio for you and Rachel. And holidays? What about this place at Pointe Milou in St. Barts? Expensive, but let me know what you think. Aldo
.

Below the fictitious Heubner’s farewell, there was a live link for a resort called the Hotel Francois in St. Barts. Anyone clicking it would see a dreamy picture of a cabana and blue water, with a menu across the top including “Rooms and Suites,” “Bar and Restaurant,” “Spa,” “Rates, “Services” and “Contact.” It would be rude for Lewin not to click on the link, since his friend Huebner had asked for feedback.

The St. Barts resort page was the hook. Encoded with that Web page, so that it would be activated in Lewin’s computer as soon as he clicked on the link, was a piece of malware that was a zero-day exploit of the Windows operating system used by the bank’s internal computer network.

James Morris had entrusted the zero-day to Junot for this operation. It used a gap in the BIS operating system that would allow installation of malware that would mirror Lewin’s account. Once the malware had installed itself, Morris could monitor every keystroke made on Lewin’s machine and capture his “root” account passwords that controlled the entire system. Using this root access, Morris could create backdoors and move through the network to discover the usernames and passwords of other “root” administrators. With a few lateral moves, he could alter databases, steal and corrupt data files, create phony accounts and server files and conceal himself by deleting any evidence of the original penetration.

Junot sent the spoofed email message to Ernst Lewin. A few minutes later, to cover his tracks, he sent a message to Heubner from a mock-up of Lewin’s address. The subject line read
Christmas holidays
. Below that, the message advised:
Caribbean is too expensive. Let’s talk next week at War Requiem about alternatives. Ernst.
If the subject came up, each man would think the other had misunderstood.

Now Junot waited. Forty minutes later he had a text message on his cell phone from a number that James Morris sometimes used. The message read simply:
We’re inside.
At a computer terminal on another continent, Morris had registered the beacon confirming that Ernst Lewin had opened the link and installed the custom malware without realizing it. Morris was now able to feed other malware through a backdoor that the initial exploit had opened, and create multiple backdoors to make sure he could remain in Lewin’s root account even if the initial penetration was detected later. He could now dump account names, crack passwords and roam through the secret activities of the bank at will.

Why hack the Bank for International Settlements, the clearinghouse for central banks? Junot asked himself that question, though he didn’t dare to pose it to his boss. But had he done so, he would have received a simple, if cryptic, answer: Because it’s a symbol of everything that has gone wrong since 1945.

16

WASHINGTON

Graham Weber paid an
unannounced visit the next morning to the Information Operations Center. He suspected that James Morris had already left town, but he wanted to see the place and meet Morris’s deputy, Ariel Weiss, whom Sandra Bock had recommended as a talent worth cultivating. The IOC was located a few miles from Headquarters, in one of those featureless modern office buildings that populate Northern Virginia. It was hidden away from the main highway, in a low-rise shorn of any corporate or other identification. Leafy shrubbery masked the thick electric fencing; a curved driveway hid the guard station that blocked the entrance to the building.

Weber hadn’t told anyone he was coming, so the guard was flummoxed when he saw Weber’s Escalade and chase car. Jack Fong spoke with the site security chief, and then the two-car motorcade rolled past the lowered steel barrier and into the complex. A few senior officers of the division were gathered in the downstairs lobby when Weber entered the building. They had tumbled out of their offices when the guard announced that the director was on the premises.

It was an odd group, thought Weber as he scanned the bodies that were assembling. They looked barely out of college, most of them, wearing T-shirts and jeans, running shoes or sandals. The best and brightest in the Internet age were not also the best-kempt. They looked unhealthy, to a man or woman: too fat, or too thin; faces puffy or sallow, and not a one of them seemed to have had any exercise in the last month.

“Is James Morris around?” Weber asked the first person who approached him, who identified himself as the IOC’s deputy chief for administration.

The administrative officer was a beady-eyed young man in his early thirties, one shirttail exposed. He said he wasn’t sure whether Mr. Morris was in or out. He explained that for security reasons Morris never told people where he was.

“That’s ridiculous,” said Weber. “Call his office.”

Morris’s personal secretary advised that he was out of the city, on an extended operational trip that he had logged with the deputy director for Science and Technology, to whom he reported.

“I’d like to see Dr. Weiss, then,” said Weber. “She’s in, right?”

“For sure,” said the admin officer, tucking in his shirt as he led the director down the hall to the deputy chief’s office. On one wall were posters for Kiss and Megadeth. On another was a banner promoting
Star Wars: Episode VII
. The corridor opened up on a main operations room with several dozen cubicles, each framed with multiple computer screens.