by Kate Fazzini
Then the conspiracy hatched another type of scheme: market manipulation of a different sort—insider trading.
“The top managers at NOW Bank, they have some interesting information in their email? Regarding working on the stock market, etcetera? It’s a big company, after all. Maybe they have some secrets. What do you think?” asked Leonid Kravitz.
“Yes, this is a very cool idea,” Dev responded. “We need to think how we can do it.”
23.
The Reporter
Bo Chou clicks his tongue repeatedly. A reporter who was introduced to him 10 years ago at a convention in Shanghai asks him questions about the Dev indictment.
How she’s managed to stay in touch with him for so long, he doesn’t know. But he does know she’s perpetually barking up the wrong tree. She reads back the names and the statements obtained by the Department of Justice. She wants to know what he thinks.
“These people, they’re terrible,” he says. “Listen, do you know anyone at Google? I’m really interested in making some contacts there.”
“If I knew anyone at Google, I wouldn’t be doing this job,” she says.
“I really can’t help you,” Bo says. “Sorry. I don’t know anybody who has ever worked on one of these types of schemes, come on. I don’t know anything about insider trading. No, no, can’t help, sorry.”
He hangs up. He’ll talk more to her later, when he’s not at work. Bo now lives in a world that is colorful, specifically Red, Amber, and Green. This RAG status, the term that defines how well a project is proceeding, is the ever-present code of the project manager. Red is bad; Amber is kind of bad; Green is good.
But right now, he has a project that is in red status at the hedge fund where he works that he needs to clean up. His mom’s birthday is tomorrow, and he wants to get her a card before the stores close. His official title is project manager. His projects are insider threats. His job is to manage them.
And he manages the shit out of them.
* * *
Dieter has not lost track of Sig, but his activities have become tedious and a little sad. Sig’s business operation seems to have fallen apart. Things never panned out with the girl from Marrakesh.
Surprisingly, Sig has suddenly lost interest in pursuing women. Now he is corresponding with other criminals about setting up a cryptomining operation.
Cryptomining involves using, or stealing, the power generated by computers—which is the basis for cryptocurrencies like Bitcoin. In order to do this on a large scale, individuals put a relatively benign type of malware on computers belonging to other people. It involves no phone calls, no personal contact at all, and generates passive income while the criminal sleeps.
Passive aggressive. Suits Sig well, Dieter thinks.
Dieter never published his paper on terrorism. The magazine editor thought his angle on the recurrent themes of entitlement among cyberterrorists was too “fluffy.”
He sends it to a journalist he knows through his professional network to get her opinion. She takes forever to get back to him. Her newspaper doesn’t take submissions, she replies, rudely.
She calls him later to apologize. Says she has some other questions for him, about Romania and ransomware.
He doesn’t trust journalists much. He weighs whether to talk to her. When it comes to Sig, he doesn’t expect he’ll ever see him again.
He destroys the malware he planted on Sig’s computer, losing his cousin to the ether.
* * *
Hands off. Sig just wants to be hands off. Passive income is better than anything active. Bitcoin could spike soon. He’s got a lot of it. And he wants more.
Mikael Gunther is the first and last remaining TechSolu employee; everyone else has left. Some of them wondered what happened to René. Sig told them she ran off with another man, the bitch. One of them wondered out loud if he’d killed her. Then they’d all slowly faded away, to other enterprises. Whether they were criminal or legit, no one would say.
With cryptomining, it is all passive. Mikael showed him how to infect remote computers. Control them like a botnet, but all they do is produce the energy required to create more cryptocurrency. There are new types each day. If they exploit whole databases, like the big data centers Insite is setting up in Poland, they will be rich.
If they can co-opt some of that power, they’ll have Bitcoin flowing like water along the Danube.
* * *
René reviews the project manager job description that Muhammad had sent to her. It’s filled with incomprehensible jargon and technological speak.
There’s tons of stuff about cloud servers and red-amber-green status and other protocols typically followed by corporate project executives.
Must have a PMP or related certificate, a reference to certifications typically held by project managers, which René does not have. ABSOLUTELY MUST have a CISSP or CERM, referring to cybersecurity certifications that René also does not have.
MUST understand Python, a reference to a computer coding language that René does not understand.
She thinks there is no way this will work out. Then the last bullet point gives her some hope:
MUST be a PowerPoint NINJA.
Henry is sleeping in his stroller. This is how she gets him to settle down every evening. She types with two hands and pushes the stroller with her foot back and forth, back and forth.
She glances over at him. Makes a small karate-chop motion. Ninja.
She takes her meager resume, filled with holes and half-truths, and puts it into a PowerPoint. She does graphics and sweeping transitions from page to page. She adds subtle but unique shadings and color. She enhances graphics to support the best possible readability. She submits it to both the recruiter and the executive listed on the job description as hiring for the role.
* * *
The next day, the recruiter calls her and says she doesn’t have enough experience for the job.
Five minutes later, the executive in charge of hiring calls her, too.
“Listen, can you do presentations like that PowerPoint all the time? This is amazing. Is this what you can do?”
René smiles. She knows by the sound of his voice that she has him. A throwback to her previous life. She answers in the affirmative. Breezes through a description of her experience in ransomware mitigation.
“That’s interesting, we haven’t had a very big problem with ransomware.”
“Oh really?”
“But managing the problem, as a project manager, that is what we’re looking for. From a project management standpoint. We need to set up a disaster recovery plan for ransomware; that’s something you could help with, I’m sure.”
“I can definitely do that, sir.”
“All right, let me call the recruiter and tell them. Sorry, they’re not always on the same page as us.”
* * *
After several months, René is thriving in her new job. Her manager is even sending her to a conference in New York. Henry will stay with Muhammad and Norah and their kids for two days while she is gone. It’s the first time they will be separated. Her manager warns her there will be reporters at the conference and so she should be careful who she talks to. She always is, she replies.
It’s May 2017, and it’s hot and gorgeous in Malaga. It’s going to be Mother’s Day in America on Sunday, and René has gotten herself and Henry a little cake to celebrate.
* * *
But that Saturday, a global, sweeping ransomware attack called WannaCry hits everyone where it hurts.
Including Insite.
As René is inundated with images and emails about the attack, she sees a few screenshots that—though unrelated to WannaCry—echo some designs from her previous life. She is unstirred.
* * *
But the fallout from the event is sensational. Pictures of stopped ambulances in the United Kingdom, offices shut down across Europe, panicked security personnel in the United States. Now everyone in the world knows what ransomware is
, though this attack has no resemblance to any of the work TechSolu ever did.
Still, the conditions are just right for a ransomware specialist’s star to shine. René does what René does best: she shines.
* * *
It’s a hot day in Queens. A prelude to a muggy Mother’s Day. Victor Tanninberg is cranky as hell. A gastrointestinal issue has flared up.
He spent the last week getting into vicious arguments with his doctor over the matter. He has intensely researched gastrointestinal issues. His doctor, he says, is a fucking idiot blinded by the tyranny of treatments preferred by the healthcare companies.
Although he’d rather be home, he’s come to Queens to fix the reporter’s car. She gets a text from her former colleague, Caroline, about the attack they’re calling WannaCry, and it distracts her.
He has a can of coolant in one hand, an iced tea with extra sugar in the other. The reporter is making spaghetti. It’s Mother’s Day.
“I’m going to write a book about hackers,” she says. “I want to put you in it. What do you think?”
“I’m not a fucking hacker. We’ve discussed this.”
“You say you’re not a car mechanic, either. But here you are, fixing my car,” she says, and smiles.
“Well, I’m tired of that, too,” he says, smiling.
There is no profession on earth Victor despises more than journalism. The two of them have been arguing about the elections for the past hour. Now some sort of ransomware attack is breaking out and she says she might have to cut the visit short.
“I don’t want to be in any book,” he tells her.
“But what would I call you if you were?”
He does not hesitate.
“Victor Tanninberg.”
Epilogue
We Didn’t Start the Fire
I’m sitting at my desk at The Wall Street Journal, getting ready to print out my letter of resignation, when I decide it will be easier and more efficient to email it instead.
I hit send. I’m sad. It was a dream job, combining my experience in the field and my writing ability to provide greater insight and nuance to reporting on hackers.
But it’s just not working out.
I check my voicemail. There are 10 calls, and the first seven are from PR specialists pitching insidious dark web finds.
“You may have heard of ransomware,” one of them starts. I delete it.
Then number eight. It’s an autistic Billy Joel fanatic, one of my many oddball sources, who somehow has caught wind that I’m having job trouble. Anthony is one of several sources for whom I only have a screen name.
He’s taken the time to write and sing a technology version of Billy Joel’s “We Didn’t Start the Fire” in a bid to cheer me up.
It’s bad. But it works. And for a computer geek, Anthony’s got some surprisingly good pipes:
NBS, John Curtiss, Math Lab, New Census
Lanczos, Krylov, Hestenes and Stiefel
SEAC, UNIVAC, FBI and Fingerprints
Brooks Act, MAGIC Facts, Churchill Eisenhart
FIPS 1, CST, Railroad Club at MIT
Vote Counts, Jargon File, Linux Kernel One,
Bill Joy, Larry Wall, Linus, Guido van Rossum
Captain Crunch, Ma Bell, Twenty-Six Hundred1
We didn’t start the fire
It was always burning, since the world’s been turning
It goes on like this for several verses. Anthony wends his way through the history of Captain Crunch, the Cuckoo’s Egg, the Morris worm, Winn Schwartau and the cyber Pearl Harbor, Stuxnet, Shamoon, ransomware, Equifax.
The song ends at the then-hinted-at indictment of 12 Russians for disrupting the 2016 presidential election.
This is an apt time for a reminder of how big this sea of knowledge is. How incredibly vast the universe of cybersecurity has become. How insignificant I am within it. How little I should care about my transient work problems.
After this foray into journalism, I had wanted to go back to a career in cybersecurity, but I took a job at CNBC instead. I don’t know what to expect. The stock market is a little foreign to me. Why would I do such a thing when all I want to do is sit in a back office somewhere and trade stories with other nerds?
My cell buzzes. I have an incoming, encrypted text from somebody called “the Bucharest bunny.” That’s enough of an answer for now.
I suppose there are a few more stories to tell.
Note
Epilogue
1. See Appendix B for a full interpretation.
Appendix A
Glossary of Cyberterms
Adapted for this book from the National Initiative for Cybersecurity Careers and Studies, a division of the Department of Homeland Security.
ADVERSARY: An individual, group, organization, or government that conducts, or has the intent to conduct, detrimental activities.
AIR GAP: To physically separate or isolate a system from other systems or networks (verb). The physical separation or isolation of a system from other systems or networks (noun).
ALERT: A notification that a specific attack has been detected or directed at an organization’s information systems.
ANTIVIRUS SOFTWARE: A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents, sometimes by removing or neutralizing the malicious code.
ASSET: A person, structure, facility, or material that has value. Can also apply to digital information, records, and resources, or abstract processes, relationships, and reputations. Anything that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.
ATTACK: An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity. The intentional act of attempting to bypass one or more security services or controls of an information system.
AUTHENTICATION: The process of verifying the identity or other attributes of an entity (user, process, or device).
Also the process of verifying the source and integrity of data.
BLACKLIST: A list of entities that are blocked or denied privileges or access.
BOT: A computer connected to the internet that has been surreptitiously and/or secretly compromised with malicious code to perform activities under the command and control of a remote administrator. A member of a larger collection of compromised computers known as a botnet.
BOTNET: A collection of computers compromised by malicious code and controlled across a network.
BUG: An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.
CLOUD COMPUTING: A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
CRITICAL INFRASTRUCTURE: The systems and assets, whether physical or virtual, so vital to an organization or nation-state that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.
CRYPTOGRAPHY: The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication. The art and science concerning the principles, means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext.
CYBERINFRASTRUCTURE: Any electronic information and communications system and its services, and the information contained therein. The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of these elements.
CYBEROPERATIONS: Cybersecurity work in which a person (1) performs activities to gather evidence about crimin
al or foreign intelligence entities in order to mitigate possible or real-time threats, (2) protects against espionage or insider threats, foreign sabotage, international terrorist activities, and/or (3) supports other intelligence activities.
CYBERSECURITY: The activity, process, ability, capability, or state whereby information and communications systems, and the information contained therein, are protected from and/or defended against damage, unauthorized use or modification, or exploitation. Also pertains to the strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.
CYBERSPACE: The interdependent network of information technology infrastructures that includes the internet, telecommunications networks, computer systems, and embedded processors and controllers.
DATA BREACH: The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information. Related terms: data loss, exfiltration
DATA INTEGRITY: The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.
DATA LOSS: The result of unintentionally or accidentally deleting data, forgetting where it is stored, or it being exposed to an unauthorized party.
DATA LOSS PREVENTION: A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.