Daemon
Page 31
“You’re talking about a couple billion dollars a year.”
“There is anecdotal evidence that these payments represent an outsourcing of the IT security function of these criminal gangs to some unknown entity.” She paused, either for effect or to gather her courage—even she wasn’t sure which. “We suspect that the entity is not a living person but a massively parallel logical construct. I believe it’s Sobol’s Daemon.”
The room erupted in talk for several moments until someone in the back shouted over the din, “How do you know it’s not just another gang?”
The noise died down to hear her response.
Philips nodded. “Because that was the first thing the Russians thought. Quite a few hackers died at their hands in an effort to identify those responsible. At some point the Russians were presented with evidence that convinced them no living person was behind this attack. We don’t know yet what that evidence was—but we have operatives attempting to get their hands on it.”
The division chief just looked at her. “This is reckless conjecture. We’ve got Detective Sebeck convicted and on death row, Cheryl Lanthrop dead, and Jon Ross on the run. This situation is under control.”
The most senior NSA suit spoke. “I disagree. Right now the media is stoking a panic on cyber crime. A public discovery that Sobol’s Daemon was preying on Internet business could spook the financial markets.”
A visiting analyst from the FBI Cyber Division shook his head. “The facts don’t support the media panic, sir. Overall reported incidents of computer break-ins this year are down slightly—not up. In fact, we could spin the demise of gambling and pornography sites as a positive.”
Philips regarded the FBI agent, then turned to the room in general. “Anyone have anything on the media’s current fascination with cyber security? Does anyone know what’s driving it?”
“Sebeck’s trial?”
The FBI analyst began to hold court on the topic. “The government has few real controls over either the Internet or private data networks. This manufactured panic is addressing an actual deficiency in the cyber infrastructure. It’s the invisible hand of the market in action.”
Philips looked impassively at him. “Unless it’s already too late.”
The NSA section chief raised an eyebrow. “Is your copycat Daemon up to something more than demanding tribute from pornographers, Dr. Philips?”
She revealed no emotion. “For one, I believe it is Sobol’s Daemon.”
“Highly unlikely.” The FBI analyst looked ready to disprove anything. He just needed fresh grist for his logic mill.
Philips continued. “Gentlemen, there are loose ends all over the Sobol case. There’s the poisoning death of Lionel Crawly—the voice-over artist for Sobol’s game Over the Rhine. What dialogue did he record that we have no knowledge of? The introduction of a strange edifice in Sobol’s online game The Gate at almost the instant of his death. And then there are the back doors in his games—”
“There are no back doors in his games.” The FBI analyst scanned the faces in the room. “It’s a fact.”
The NSA chief kept his eyes on Philips. “Your Internet traffic analysis was interesting, Doctor, but if you have evidence linking Sobol’s Daemon with the Daemon attacking G/P sites, then where is it?”
“In Sobol’s game maps.”
“Steganography? Didn’t you explore that last year?”
“Fleetingly—before Sebeck’s arrest. But let’s not forget that Sobol was an extraordinarily intelligent man. He was able to envision multiple axes simultaneously.”
“Is that a polysyllabic way to say he thinks outside the box?”
A senior cryptanalyst nearby removed his glasses and started cleaning them. “No offense, Dr. Philips, but if Sobol’s games contained steganographic content, you should have readily detected it by plotting the magnitude of a two-dimensional Fast Fourier Transform of the bit-stream. This would show telltale discontinuities at a rate roughly above ten percent.”
Philips aimed an anti-smile in his direction. “Thank you, Doctor. Had I not spent the last six years expanding the frontiers of your discipline, I’m sure I would find your input invaluable.”
The division chief cleared his throat. “The point is still valid, Doctor. How could Sobol hide a back door in a program using steganography, of all things? Doesn’t that just hide data? You can’t execute steganographic code.”
The FBI analyst couldn’t hold back. “Even if he was storing encrypted code within art asset files, he’d still need code to extract the encrypted elements—and we would have found the extraction routines in the source.”
Philips turned to him thoughtfully. “Yes, but the back door isn’t in the code. It’s in the program—but it’s not in the code.”
Her audience looked confused.
The division chief shrugged. “You lost me there, Doctor.”
The senior cryptanalyst offered, “You mean the relationship of things within the program?”
“Ah, now you’re seeing it.”
The division chief cut in. “What brought you back to the stego angle? The DDOS attacks on G/P sites?”
“No.” She paused again. “Jon Ross brought me back to it.” She turned back to face them. “For the last several weeks I have been exchanging e-mail communications with the man known as Jon Ross.”
The impact of this revelation left her audience stunned briefly. Then there was frantic movement; previously untouched presentation binders were grabbed and thumbed through hastily.
“Why weren’t we informed of this?”
The NSA chief interjected, “The Advisory Panel was informed.”
“What evidence do you have that these e-mails are authentic?”
Philips was calm. “The first e-mail made reference to a conversation Ross and I had in person at Sobol’s funeral.”
The FBI analyst nodded slowly. “No doubt he claims innocence and that the Daemon really exists.”
“He’s doing more than that. He’s pursuing the Daemon, and imploring us to do the same. Which leads us once again to the back door in Sobol’s software. Because it was Jon Ross who helped me find it.”
“That’s convenient for him.”
“I thought so, too. That’s why I asked for a face-to-face meeting.”
The NSA chief nodded in apparent recollection.
The FBI analyst looked surprised. “And he agreed?”
“After a fashion.” Philips nodded to the back of the room, and the lights dimmed again.
The screen filled with an animated 3-D environment. It was a narrow, medieval-looking city street, with buildings leaning over it in irregular rows. Few in attendance recognized it because none of them had the time or inclination to play online computer games. A title in plain Arial font briefly appeared superimposed over the image:
Session #489: Elianburg, Duchy of Prendall
Philips narrated. “What you’re looking at is Sobol’s game The Gate. This is an online role-playing game—meaning that tens of thousands of users access game maps from central servers. The game covers a large area of virtual space. Jon Ross requested a meeting at this specific location; at the corner of Queensland Boulevard and Hovarth Alley in Elianburg.”
“A meeting in an online game?”
“Yes. But since it’s difficult to arrest an avatar, I decided to go into God Mode.”
“Meaning what?”
“Meaning I cheated; I enlisted the aid of the CyberStorm system administrators to place the intersection under surveillance with virtual cameras.”
“You set up a stake-out in fantasyland?”
A chuckle swept through the room.
Philips nodded. “Something like that. The goal was to monitor every character that entered this intersection up to the appointed meeting time. It’s a busy intersection—in the middle of the market where players purchase equipment—and I wanted the maximum amount of time to trace Ross.”
One of the uniformed military officers spoke up. �
��Like tracing a phone call?”
“Similar, yes. Each player has a screen name hovering over their character’s head that must be unique for that server cluster. We wrote a script that scanned for suspicious player names on the servers. It autoharvested IP addresses for likely suspects and traced them back to their ISP for follow-up. We also established a manual system where we could select any player name, and the CyberStorm techs would look up that player’s originating IP address.”
“Why bother with IP address? Doesn’t CyberStorm have a record of each player’s billing information?”
“Yes, but it seemed likely that Ross would steal or borrow an account. By using his IP address to locate the Internet Service Provider, and then contacting the ISP for the physical address of the connection, we were more likely to actually find him.” She looked around the room for emphasis. “We scrambled airborne strike teams in several U.S. cities in preparation for this meeting in the hopes that Ross would be hiding in a major metropolitan area.”
The FBI analyst couldn’t resist. “I gather from the fact that Ross is still at large that this plan did not succeed.”
A voice in the darkness: “Can we continue, please?”
Philips nodded.
The screen suddenly came to life. Animated 3-D people moved through the scene. It was eerie how realistically the people moved—although only half of them had glowing names floating over their heads.
“The characters moving around without names are NPCs, non-player characters—they are computer controlled. Only human players have names.”
The perspective of the screen changed. It was a first-person view from Philips’s character as she moved through the crowd.
“We conducted this session from our offices in Crypto. The game permits players with VOIP capability to speak directly to nearby players over a voice channel. Ross requested that we have such a hookup. I am controlling this character in the game, and it is my voice you will hear talking with him. I had a MUTE button on my headset, and you will also hear me issuing instructions to my team. Ross did not tell me in advance the name of his character, but he said I would be able to pick him out of the crowd. Which is why we put the auto-trace script in place. But Ross took a page out of Sobol’s playbook.”
The screen view changed as Philips’s character turned this way and that, checking out the shoppers in the market. Then the POV moved toward a Nubian female 3-D character wearing a black leather corset with a plunging neckline. Something resembling a French-cut steel thong wrapped her shapely hips. She was a hentai cover girl. As the frame moved closer, the Nubian woman turned, revealing what was unmistakably a computer-generated version of Philips’s face.
Mild amusement spread through the audience in the meeting room. Philips ignored it.
On-screen the glowing name over the Nubian avatar read: Cipher. Philips’s recorded voice came in over the speakers:
Philips: Get me an IP for the screen name “Cipher.” That’s spelled c-i-p-h-e-r.
NSA Tech: Got it, Doctor. Looking up ISP…
The screen perspective moved right up to Cipher, and stopped. The scantily clad warrior princess faced the screen. A male voice came in over the speakers:
Ross: Good evening, Doctor.
Philips: Mr. Ross. Apparently you can’t resist identity theft. How did you upload my likeness to this game?
Ross: I didn’t upload anything. Players can edit the geometry of their avatars. I sculpted this one to resemble you.
Philips: I didn’t realize you studied my appearance so closely.
Ross: How could I forget you? Besides, I knew you’d try to identify my account in advance of this meeting, but your automated forensics tools don’t know what you look like, Doctor. Your physical appearance is a graphical encryption that the human mind is uniquely qualified to decode.
Philips: That doesn’t make it any less unsettling to have a conversation with myself as a transsexual lingerie model.
Ross: I find it just as uncomfortable being seen with you.
Philips: How’s that?
Ross: Well, you’ve got the default skin of a generic warrior, and nobody keeps the default skin. You are the fantasy world equivalent of a Fed. I recognized you a mile away.
Philips: Jon, why did you call me here?
Ross: To prove to you that I’m innocent.
Philips: And how do you intend to do that?
Ross: By showing you one of the back doors in this game.
Philips: We’ve been through every line of the source code, Jon. There are no back doors.
Ross: None here, true.
Ross’s female warrior gestured dramatically, as if performing a spell. In a moment a magical portal appeared in the street. A wandering player character tried to walk into it but bounced off. After a few tries, he got bored and walked off.
Philips: What’s this?
Ross: A Type II gate. It will only permit those I choose to enter, and I just typed your character’s name in. What does “FANX” mean, anyway?
Philips: I’ll let you puzzle it out.
Ross: Please step through the portal.
NSA Tech: Doctor, we’ve got a physical address, but it’s in Helsingborg, Sweden.
Philips: [MUTE ON] Notify local authorities and Interpol. [MUTE OFF] Where’s this lead to?
Ross: What does it matter? Look, I hope efforts to trace my physical location are not distracting you. I’m running several layers of proxies, Dr. Philips. By the time you track them all down, this will be long over. Just pay attention, please. This is important.
Philips: Jon, I’m not—
Ross: It’s okay, Doctor. That’s your job. Just step through the gate, please.
The perspective of the screen changed as Philips moved her character through the gate. It was a swirling vortex of blue lines, and then suddenly the view changed to a darkened masonry tunnel filled to a depth of a couple feet with black water. The area was lit by the swirling lights of the nearby magical portal. Rats scurried away along ledges, and the water’s surface rippled with the dazzling lights.
Someone in the dark muttered. “Nice algorithm…”
The NSA chief craned his neck. “Shhh!”
On-screen, Ross’s hentai warrior princess waded out into the water and stood in front of Philips’s character.
Philips: What is this place?
Ross: It’s a sewer beneath the Temple District. Not accessible without a magical portal.
Philips: What did you want to show me, Jon?
Ross: Look straight ahead. What do you see? You may need to move side to side to notice it.
The view on-screen changed as Philips focused straight ahead. There in the semidarkness of the slime-covered wall was the outline of an oxidized bronze door—nearly the same color as the surrounding stones.
Philips: A door.
Ross: Not just any door. A back door.
Philips: It’s a literal door?
Ross: You were expecting a code snippet? Maybe something that accepted anonymous connections at a certain port address or carried out actions on the user’s computer with their rights? But you didn’t find that. You didn’t find it because you shouldn’t have been looking for a back door leading IN. You should have been looking for a back door leading OUT.
Philips: But how would that permit Sobol to control a user’s machine?
Ross: It isn’t their machine he’s trying to control.
Philips: You’re saying he was trying to control the user?
Ross: Why don’t you step through the portal and find out?
Philips: Wait a minute. We still should have found this in the code.
Ross: Why? Were you looking for a graphic of a door that when used as an object in the game environment loads a game map? Do you know how many times that innocuous function call appears in the source code? The code itself is benign—it’s the map it loads that isn’t. Because the map in question is not on the CyberStorm servers, and I’ll bet you didn’t look farther than the IP
addresses of the map links.
Philips: [a sigh of disgust] You mean he’s using a redirect.
Ross: It will look local in the map database, but when you try to load it, it redirects to an external IP address—which logs the user off the current game and establishes a new connection on an alien server. In short: this portal leads to a darknet.
Philips: A darknet. An encrypted virtual network.
Ross: Correct. Except that this is a graphical darknet.
Philips: How do you know all this?
Ross: Like I said—step through the portal. However, I will leave you now. Your colleagues are quite skilled and have probably located my zombie in Sweden, maybe even my zombie in Germany—and I really must be going. Please remember that I am innocent, Natalie—if I may call you Natalie. I’d really like to tell you the whole story over dinner sometime.
Philips: I don’t date felons, Jon—especially cross-dressing felons.
Ross: Till we meet again, Doctor…
At that, Ross’s avatar disappeared—as did his magical gate—leaving her in relative darkness. There was just the faint glow emanating from the door.
NSA Tech: He’s off-line, Doctor.
Philips: We’re still recording?
NSA Tech: Affirmative.
On-screen, Philips approached the door and activated it. It creaked open, the noise echoing down the sewer tunnel. Animated cobwebs stretched. A dialog box appeared reading “Loading Map…”
NSA Tech: Connection severed to CyberStorm server. We’re establishing a connection to an IP address assigned to a domain in…South Korea.
Philips: Are the packets really routing there?
NSA Tech: Stand by.
Philips: Get us a fix as soon as possible.
In a few moments the map was loaded. Philips’s character moved out into a medieval hall, with a gallery on either side above and pennants hanging down bearing heraldic symbols. Set into the wall straight ahead was a statue of a man, disquietingly similar to Sobol, in flowing robes, hands outstretched. Virtual water glimmered like a fountain as it rolled down each cheek from his eyes. Mineral stains marked the path. A perpetual fountain of tears.