Cyberstrike
Page 19
‘And is there a viable threat?’ he asked.
Just as Morgan had done a couple of minutes earlier, Simpson also glanced round the coffee shop before she replied. ‘Yes, there is,’ she said, looking troubled. ‘At least, I think so.’
As Morgan slid his empty plate to one side, Simpson leaned forward and explained what she’d found. Or thought she’d found.
Grant Rogers, her FBI handler, for want of a better word, had kept her supplied with encrypted thumb drives containing the take from dozens of different data sources, including extracts of passenger flight arrivals at all the major airports from New York down to Charlotte and west as far out as Indianapolis and Detroit. This data catchment initiative was based on two slightly shaky assumptions: first, that any terrorists planning an atrocity in DC wouldn’t be home-grown and radicalised in America but would be travelling from the Middle East, so all arrivals with Arabic names or passports issued by any of the countries in that region were being backtracked through airline records to their point of origin to check on their entire route. The second assumption was that if the target was DC itself, the terrorists might try to throw the authorities off the scent by flying to a different destination and then travelling on to Washington by train or car, hence the huge catchment area for the collection of data.
‘I figured this was probably a total waste of time and resources,’ Simpson admitted, ‘but then I noticed something that seemed a bit odd. Not in the current data set, but in one of the historical blocks going back almost three years. Unless you’re travelling with somebody you never know who’s going to be on an aircraft with you, obviously, and unless you’re talking about a popular route with several stops you’re unlikely to find the same people on a number of successive flights. I’m quite good at making connections and seeing links that aren’t obvious, and I noticed something that didn’t really make sense. Or perhaps did make sense, but only in one particular context.
‘Just under three years ago, a passenger with an obviously Arabic name and holding a passport issued in Iraq – a genuine passport, as far as I could tell, as it had been scanned at various airports – flew into Baltimore. Nothing unusual about that, obviously. Also on the flight were two Chinese males travelling on PRC passports. Again, so what? The anomaly was that when the analysts in the Bureau backtracked the Arab’s routes over the last few years they didn’t make a lot of sense. He’d hopped all round Europe and the Middle East, and even made three flights to Saint Petersburg. ‘But what I found interesting was that the one place where he’d stayed for the longest periods of time was Beijing. I also backtracked further. I went back eight years in fact, and I found that the first flight he’d ever made using that passport was from Riyadh to Beijing, but not direct: he made a few stops in Europe first. Again, perhaps a little unusual but not suspicious.
‘The real anomaly was that when he flew out of China the last time, three years ago, the same two Chinese males who were on his flight into Baltimore were on the same aircraft. And they were also on all the connecting flights he took in Europe.’
Simpson checked that Morgan was still paying attention, which he was.
‘I marked the Arab down as a person of interest to the Fibbies, but he seemed to drop off the radar almost as soon as he landed here. I didn’t make a big thing of it because I couldn’t find out what he was up to and he was just another name on a very long list. He’s popped up a few more times, flying into or out of America, but what he does while he’s here we don’t know. And the two Chinese males also effectively vanished from sight soon after they arrived. They don’t appear to have credit cards or driving licences or any other documentation we could use to track them and nobody seems to know where they are or what they’re doing.
‘Now, I didn’t want to look like a paranoid idiot because I was worried about where a couple of Chinese nationals had got to, so I bypassed the FBI and contacted my boss in the Met. I asked him to try to run a check on them through Five and Six, just in case either of them had ever popped up on their radars. I don’t know the source of the data, but Six came back with the information that both men were – and as a matter of fact the man my boss spoke to at Six believes they still are – serving officers in the Chinese People’s Liberation Army. And before they climbed onto the aircraft in Beijing to leave the country they were based at Tonggang Road in Pudong on the east side of Shanghai. Does any of that mean anything to you?’
Morgan nodded. ‘Definitely. If they were PLA at Pudong that means they were almost certainly serving in Unit 61398. Some people call that the Comment Crew or Byzantine Candor or Threat Group 8223, but whatever name you use, it’s one of the most persistent and dangerous cyberattack and hacking units in the PLA. And that does raise an obvious question.’
‘Exactly,’ Simpson replied. ‘Cyber isn’t my thing, but I do know that to launch a cyberattack you don’t have to be located in the target country. In fact, it’s much better if you’re somewhere else, somewhere a long way away. So why would they have flown all the way to America?’
Morgan nodded. ‘The only reason that makes any sense, assuming that they didn’t just pop over to do an extended driving tour of the United States, paying cash for absolutely everything, which seems pretty unlikely, is that they’re here to do something that requires their physical presence. And I can tell you that I have no idea what that could possibly be, but I certainly don’t like the sound of it.’
Chapter 28
Tysons, Virginia, United States of America
It was both the first meeting of all four of them and also the last, because the deadline was almost upon them. Previously Sadir had just met them on a one-to-one basis so he could explain what he wanted and expected them to do, or they’d communicated using burner phones.
They were meeting on the outside terrace of a popular coffee shop – Sadir knew the value of crowds and the importance of meeting in busy places – on the edge of a shopping mall not far from Greensboro Station in Tysons. The four men sitting around the circular table were casually dressed in jeans and open-necked shirts and appeared unremarkable, except perhaps for their similar dark hair, beards and tanned complexions. But most people probably wouldn’t have given them a second glance: they looked just like four people taking a break from work and enjoying some coffee together in the sunshine.
In fact, the three men with Sadir were doing exactly that – taking a break – and had been summoned to that spot at that time by the Iraqi.
Two of them had baulked slightly at the idea of a face-to-face meeting, but Sadir had his reasons, and he was the man with both the plan and the money, so they turned up anyway. And almost the first thing Sadir did once they’d bought their coffee and sat down was to explain his reasoning.
‘I know you might have preferred a virtual meeting,’ he said, ‘but I have a problem with that. If we can all log on to a virtual meeting, then so can other people and organisations, and you don’t need me to tell you who I’m referring to. Or they can potentially listen in, anyway. And if they were sitting there quietly on the Internet monitoring us, we would never have any idea that they were there. But here—’ he gestured at the pavement around them ‘—we would immediately notice if anyone was paying us any attention. So here we can talk freely and securely.’
That sounded reasonable to the other three men, but in fact Sadir had another, and rather different, reason for not wanting to communicate over the Internet, something he would only ever do if there genuinely was no alternative. He was, and always had been, paranoid about the possibility of betrayal, and he didn’t believe he could properly gauge a man’s responses and reactions by watching the changes in his expression through the small and inadequate lens of a webcam. In the kind of discussions he was involved in, he wanted to be able to look at, listen to and even smell the man in front of him. That way, he knew he should be able to detect the slightest hint of deception in his voice or body language. And that was of crucial importance.
In fact, Sadir dou
bted if any of the men he had become associated with in America would do anything to betray him, not least because he had made it very clear what would happen to them if they did. They were all totally dedicated to the cause and had enthusiastically welcomed his initial contact, a couple of years earlier, as a validation of their beliefs. They had been told that one day somebody like Sadir would approach them, and they had all known what to do when that happened. But still, it never hurt to check.
‘So where are you now, Karim?’ he asked the man sitting opposite him. ‘And be careful how you answer. No dates or proper names, nothing like that.’
Karim Ganem was the youngest of the four men, tall and slim, with delicate, almost feminine features and long black eyelashes. He had been approached by Sadir because he was a talented hacker and the leader of a group that called itself AnArchy An0nym0us that had attacked numerous American government and corporate websites, causing damage and defacing the former and stealing data and commercial information from the latter.
‘We have access to three of the locations, Abū Tadmir,’ Ganem replied. ‘We’ve created backdoors and we’re checking each one at least once a week to ensure our points of access have not been detected or blocked. We’re working on the newest site you specified but cracking that is taking longer than we expected. Of course, because they are all high-value sites we had always anticipated that we might encounter some difficulties.’
That was not good news for Sadir, because now they had so little time in hand. He thought for a few moments, then made a decision.
‘The deadline is set and cannot be altered. Abandon that site and just ensure that your accesses to the other three aren’t compromised.’
Half an hour later, having received similar information, in vague and non-specific language, from the other two men, each of whom had confirmed they had access to the targets he had given them, and discussed the operation, again in general and non-specific language, Sadir issued very specific orders for what they were to do and when they were to do it. Then they stood up, shook hands and walked off in different directions.
It was all, he reflected as he strolled along the street in the general direction of his hotel, coming together neatly and as he had hoped and expected. The men he had recruited were motivated primarily by ideology – just as he was – but the essentially unlimited funds at his disposal meant he could cut corners and purchase equipment like fast, high specification computers to facilitate the tasks they had to perform.
And now the culmination of what he had been planning for the better part of the last decade was only a matter of days away.
Chapter 29
Tysons, Virginia, United States of America
Just like the other three members of the group, Karim Ganem was supremely aware of his surroundings and the people near him as he constantly checked to make sure that he was not being followed. When he reached Greensboro Station, he was certain that he had not picked up a tail and that nobody was paying him anything more than the most casual attention, the same kind of attention anyone would give to a fellow pedestrian on the street.
But in this he was not entirely correct.
Evolution has taught human beings to look at eye level and below because that’s where they’ll see both predators and prey. Birds were not usually a threat, but bears and sabre-toothed tigers certainly were, so early man naturally concentrated on looking in the most likely threat direction. Millions of years of evolution only reinforced the message and today people rarely look higher than their own eye-line unless there’s some object in that area which draws their attention. Or if there’s movement, of course. The human eye is particularly well adapted to detecting moving objects, a trait again reinforced by countless millennia of evolution.
Sadir had been right in his belief that they would notice anybody around them paying any special attention, but his belief that they could talk freely at the cafe was badly flawed, because in this case the threat was not anywhere around the table where they had been sitting, but above them and well outside their immediate vicinity.
The FBI team tasked with the surveillance of Karim Ganem had been aware from their initial surveillance of him almost three months earlier that he was always conscious of his surroundings and people in his vicinity.
The Bureau had started taking an interest in the man’s activities following a tip-off from the English policewoman Barbara Simpson who, in the process of investigating some of the low-level tips received by the FBI, had got close enough to Ganem in her normal street persona of a penniless vagrant, the kind of person that people saw but didn’t notice, to overhear part of a conversation he’d been carrying out on a mobile phone. What she’d heard – references to a sponsored hacking project as part of a much larger and more destructive operation – had been enough for her to convince Grant Rogers to elevate Ganem’s status to that of a person of interest. That status and level of surveillance meant that a tap had been placed on his landline, which turned out to be a waste of effort because the target never made or received calls on it.
After several weeks Rogers had begun to have his doubts, because Ganem didn’t appear to be involved in any kind of criminal activity, or indeed much activity at all. He spent most of his time in his apartment working on his computer. The techies at the FBI were able to confirm that he had a broadband connection, but as he invariably used a virtual private network, a VPN, whenever he was online they were unable to see what exactly he was doing. All they could establish was that his connection showed data being uploaded and downloaded, just the same as they would expect to see from anybody using the Internet. But they had no idea what was being uploaded or downloaded.
The Bureau had been able to get a bug into his apartment by going through the floor of the flat above and positioning the microphone within the structure of the ceiling of Ganem’s flat. As a security precaution and also to conserve its battery life, the mic was only switched on when a hidden camera mounted in the hallway on that floor of the building showed that the target was in the flat, and only then after at least an hour had passed, just in case he used some kind of bug detector as a precaution when he returned home. Deactivating the microphone wouldn’t prevent a sophisticated detector from locating it, but that technique would be enough to defeat most of the commercial devices on the market.
Simply getting authorisation to position that single microphone had taken longer and required far more form-filling at the Bureau than Rogers had hoped or expected, and he’d realised that trying to obtain permission to conduct video surveillance inside the apartment was unlikely to be granted: they simply hadn’t got enough information – or even credible suspicions – to justify it. So they could hear him, but not see him.
Rogers had almost been ready to pull the plug on Ganem’s surveillance, until the take from the microphone suggested he was heading out for a meeting, something he hadn’t done since the start of the surveillance. All his previous forays out of the apartment had been purely domestic, mainly shopping and visits to one of a handful of restaurants in the area that served Middle Eastern food.
But that morning the target had received a call on his unregistered mobile phone that, from the sound of his responses – because of course they could only hear his side of the conversation – he had been waiting for. Ganem had agreed the time without any apparent attempt to disguise what he was saying and had obligingly repeated it twice so that the microphone was able to pick it up clearly.
But just in case when he’d said ‘ten thirty’ that was actually code for a quarter to one or half past five or some other time that day, or even a different time on a different day, Rogers had immediately prepped and briefed the team ready to go. He’d positioned one agent with a pair of powerful binoculars, a mobile phone and a two-way radio in a high-rise on the opposite side of the street from Ganem’s apartment with orders to make the call the moment the target started doing anything that suggested he was about to leave the building.
But because they had kno
wn of the target’s preternatural awareness of his surroundings, they weren’t going to follow him from his apartment building. Instead, they identified the choke points, the places he would have to pass once he’d left the building, irrespective of where he was going, and positioned a watcher at each of them.
The FBI agent covering the building had used the radio at ten minutes to ten to alert the team that the target was on the move. Then he’d taken the elevator down to street level and walked out onto the pavement at virtually the same moment that Ganem had appeared opposite him. The target had walked down the street and the agent had immediately turned in the opposite direction to head away from him, at the same time again using his radio to warn his team which way Ganem was walking.
As the target had passed the first choke point, the closest watcher had called in the sighting using his mobile phone, which allowed other personnel to re-position to get ahead of him. Using this kind of leapfrog technique they had shadowed him as far as the Metro station. Then they’d risked sending a watcher after him to confirm the direction he was heading and to stay on the train until Ganem got off it, and at the same time they sent a car and a van along the Metro’s route to pick him up again when he disembarked. It wasn’t the most secure surveillance tactic because it depended on the level of traffic and the speed the vehicles could maintain, but Grant Rogers, as the man running the surveillance operation, had decided he would rather risk losing sight of Ganem than risk the target realising he was being watched.
And in the event, it had worked.
When the target had walked out of Greensboro Station, the car and van were already in position, close enough to positively identify Ganem as he had emerged. Once they were sure of his destination, the men in the van – which was signwritten with the name of a general building company but with a phone number that would be answered by another team member at the J. Edgar Hoover Building on Pennsylvania Avenue should anyone wish to have some construction work done – had swiftly grabbed tool boxes, pulled on white overalls and made their way into the shopping mall.