Since most of the officers in the 401st who served as OICs for attacks could not hope to match the technical expertise of the people they would be in charge of, these professional soldiers relied upon the published execution matrix. This document, set up like a spreadsheet, listed each and every step that would be made during the attack down the left-hand edge of the page. Across the top of the matrix was the title of each member of the team, listed at the head of a column. By following that column down the page, everyone in the Pit could see what action he or she was expected to take as the attack unfolded.
With this execution matrix in hand, the OIC would point to the member on the team whose responsibility it was to initiate the next action. As he and every other person in the Pit listened, the soldier or technician the OIC was pointing to explained in detail what he would do at that point. When finished the OIC would turn to another team member, sometimes chosen at random, sometimes selected because they were required to support the event in progress, to spell out what was expected of them. Every now and then the OIC threw in a “what if?” scenario before moving on to the next item in the sequence. Though he already had an idea who needed to respond to his hypothetical question, the OIC would not point to that person, waiting, instead, for them to respond to the unexpected situation. Only when he was satisfied that everyone knew his or her role in the pending operation would the OIC report to Colonel Shrewsbery that they were ready to execute.
The timing of these attacks varied. The classic window chosen to hack into a system was during off hours, when the traffic on the targeted system was light and the chances of someone noticing something unusual was minimal. There were times, however, when hackers wanted to get lost in the traffic, or when the traffic on a busy system was actually necessary, especially when the hacker was trying to collect authentic screen names and passwords which he could use later. Because the hack attack Eric was about to embark upon required him to assume the persona of macnife, the attack had to be staged at a time when the real macnife would not be at his computer.
The other factor that played into the equation was the desire to keep the number of casualties at the chemical plant low. When the OIC of the attack, an artillery captain by the name of Reitter, mentioned that during the rehearsal, Eric Bergeron could not help but laugh. Normally such outbursts were ignored. In the eyes of the professional officers assigned to the 401st the Cyberknights were not real soldiers and therefore unfamiliar with the proper military etiquette and protocol normally expected from soldiers belonging to “the real Army.” Reitter, however, was the sort that could not let such a breach of decorum go unchallenged. “As best I can see,” he snapped back, “there’s nothing funny about what we’re about to do, soldier.”
Eric didn’t shy away from the captain’s rebuke. “It’s not the fact that we’re going to be taking human life that I find laughable,” Bergeron explained. “What I find amusing is the concept that somehow, by killing only fifty people instead of one hundred and fifty, we’re being nice, or compassionate to the poor schmucks we’re zapping.”
Up to that point, Colonel Shrewsbery had been content to stand against the rear wall of the Pit, saying nothing as he listened while Reitter walked the assembled team through the operation. Eric’s comments and explanation, however, were both uncalled for and way out of line. “That’ll be enough of that, mister,” the infantry colonel bellowed. “We are soldiers, soldiers who have been given a mission. Executing that mission, and that alone, is all we are concerned with. Period.”
For several seconds, no one said a thing as Eric and the commander of the 401st locked eyes. Only when he was sure that he had made his point did Shrewsbery look over to where Reitter stood, seething in anger. “Carry on, Captain.”
When he was sure that their colonel was not looking, and while Reitter was fiddling with the note cards he had been briefing from, Bobby Sung leaned over till he was but a few inches from Eric’s ear. “Ve vere only following orders, herr judge,” Bobby whispered, using a mock German accent. Though they often joked about such things, the Cyberknights understood that they were playing the deadliest game there was. Only through the acceptance of the party line, as well as adopting the sort of graveyard humor soldiers have always used to preserve their sanity, did the Cyberknights manage to go on.
The one thing that would not be present in the Pit during the attack was something that no one in the 401st ever gave a second thought to, a gun. Once past the two MPs posted on either side of the Discrete Strike Operation Center’s red door, no one was armed. Yet the war that was about to be waged there was just as vicious, and deadly, as any war that had gone before. Only the tools, and the type of warrior who wielded them, had changed.
Five
Hack Attack
From his post in the Spook Booth, the commander of the 401st watched the bank of monitors as the members of his command prepared for combat. Just as the business community had been dragged kicking and screaming into the information age, so, too, had the Army. Professional soldiers such as Shrewsbery knew, in their hearts, that units like the 401st were necessary. While some saw this change as being inevitable, and others freely embraced it as a brave new world, all who had been raised on the heroic traditions of their fathers grieved in silence as Eric Bergeron and his fellow Cyberknights took their place in the front ranks of America’s military machine.
Joining Shrewsbery to monitor the attack were a number of advisors. One of the most important members of this second-tier staff was a lawyer from the Army’s Staff Judge Advocate Corps. Of all the people involved, her position in the scheme of things was the least enviable, since everything that was about to happen was illegal. Not only were there no federal laws that sanctioned what the 401st did on a day-to-day basis, the United States supported every effort in every international forum it could to counter cyberterrorism. While they understood the necessity to aggressively seek out and destroy those who sought to attack their country under the cover of cyberspace, it didn’t make anyone pledged to uphold the law feel good about what they were seeing.
If all went well, the JAG officer would have nothing to do. Her presence there was in case something went astray and the activities of the 401st or members of that unit had to be defended in a court of law. The JAG officers assigned to the 401st likened their plight to criminal defense attorneys retained by the mob.
Though he was also charged with enforcing the laws of the land, the FBI liaison in the Spook Booth viewed the undertaking with envy. As a member of that organization’s computer crimes unit, the FBI Special Agent followed everything that the hack attack team did. His presence there was more than a matter of courtesy. Despite the fact that the Bureau could not use the same aggressive techniques employed by the 401st, watching a hack from inception to completion served to improve his abilities to devise ways of catching domestic cybercriminals his agency would have to combat once his tour with the Army unit was over.
Also joining Shrewsbery in the Spook Booth were the CIA and NSA reps who had generated this mission as well as the Air Force colonel who was, himself, connected to the Air Force’s own cyberwarfare center in Idaho. Collectively theirs would prove to be the most difficult burden during the hack attack. While they had been the ones who had come up with the plan, none of them could do a thing once the attack had been initiated. Like the dummy monitors they watched, they would be powerless to influence the action.
This was not true of the final man in the room. As a member of the National Security Council, he had direct access to the national command authority. If all went well, he would have no need to use this access. Like the other people in the Spook Booth who were not assigned to the 401st the NSC rep would merely go back to Washington, D.C., once the hack was over and submit a written report to his superiors on what had happened. If, however, things got out of hand, the NSC rep would be the one who would pick up the phone and talk to the President and his advisors. While the NSC rep was friendly enough, Shrewsbery likened being confined
in the small observation room with him to being locked in a cage with a tiger.
“Okay, people,” Reitter announced over his boom mike after his assembled team signaled they were ready, “Here we go. Comms, open the channel.”
The first step in any hack attack was to connect the Pit to an outside commercial network. This was done to keep dark knights from doing to the 401st what Reitter and his team were about to do to the cyberwarfare center macnife was operating from. The communications section of the 401st, located in another part of the Keep, literally had to plug the cable leading from the Pit into an external access port. These ports were arranged in a row on a panel painted bright red. Each of these connections was covered with a spring-loaded cap that snapped shut when the internal cable was removed. While there were written warnings posted all over the room, across the top of the red access port panel, and over each cover, a further audio warning was initiated as soon as a cap was lifted, announcing that the connection now exposed was a commercial line. When the connection was made a banner announcing that fact flashed across the top of the big screen in the Pit. This cued the pathfinder to initiate the attack.
Entry into the World Wide Web from the Pit was rather unspectacular. The procedure used by the pathfinder was not at all unlike that used by millions of his fellow Americans on a daily basis. The pathfinder dialed up the Internet server he desired and waited for the link to be made. Patiently he watched the display on his monitor. The plotted pathway that would take them from the Keep to macnife’s system was displayed using a rather simple wiring diagram. Each server along the chosen pathway was listed in the sequence that it would be tagged. Within the hollow wire box each server was identified using its commercial name, the access code the pathfinder would need to use to connect with it, the type of equipment the server used, the nation it was located in, and the language the local webmaster used when tending to it.
The box representing each of these web servers was initially blue, the same color this particular specialist had chosen for the monitor’s desktop. When a server was being contacted the box went from blue to yellow. Once the connection was made, it would turn red on both the pathfinder’s monitor and the big screen on the wall. Only in the Spook Booth, where the nontechnicals watched, did the screen displaying the servers the hack was being routed through show up as an actual map. “Nontechnicals” was a catchall term applied to visitors to the Keep like the rep from the National Security Council and people who were not as computer savvy as the Cyberknights or their support team. When the Pit was being set up it had been decided that it would be far easier for these people to understand what was going on if they saw a map rather than the simplistic wiring diagram used by the pathfinder.
When a civilian web surfer goes out into cyberspace, he usually has a destination in mind but little concern over how he gets there. He simply instructs the web navigational program on his computer to take him to a Web address. This program does several things. It translates the user’s message into a protocol that will allow the user’s machine to interact with all the servers on the Web as well as the system at the destination site. This internet protocol, or IP, creates header information which includes both originating and destination addresses as well as the message or any additional information the sender has included. Once sent, this data is broken down into packets of data which then bounce about the World Wide Web looking for a server that is both available and capable of taking the message along to its destination. When the connection is made between the user who initiated the communications and the site he was looking for, the data packets are reformatted into a computer language that the receiver, or the system can understand. If the data is a simple e-mail message, the traffic is deposited in the memory of the computer to which it was sent or the service provider if a connection to the final destination is not open at that moment. If the sender has a desire to communicate in real time with someone on the other end, or access and manipulate information stored there, the connection between the two systems remains open until one party or the other terminates it.
Since he wanted to hit specific servers in a fixed sequence, the pathfinder had to organize the address portion of the packets so that they followed a specific route. If a selected server had no open ports, progress along the Web stopped until access was gained. Once in a server, the address for that server was stripped away, revealing the pathfinder’s instructions to send the routing message along to the next server.
The assembled Pit team sat in silence as they watched the pathfinder’s display on the big screen. Bobby Sung, a patient soul, could be as dispassionate as the computer that sat before him. Eric Bergeron, on the other hand, was unable to contain the nervous energy that was gnawing away at him. With nothing better to do with his hands, he tapped the table with a pencil. While there might have been some sort of rhythm in the Cyberknight’s head driving this subconscious response, his hand did a poor job of translating it into anything resembling melody. Instead of music, the female interpreter seated next to him heard disjointed thumps that only served to heighten her own jitters. Without a word, she reached over and snatched the pencil out of Eric’s hand. Offended by her action, Eric turned and stared at her. The interpreter met his indignant glare with an expression that all but said, “Go ahead, make my day.”
In the midst of this nonverbal exchange, the pathfinder broke the silence. “Okay, boys and girls, we’re in.” After giving the interpreter one more spiteful glance, Eric turned his attention back to the big screen.
By the time he had refocused his attention to the progression of the attack, Bobby Sung was already at work. As the electronic-warfare knight for this operation, it was his task to break through the security systems that protected the host computer macnife worked from. Since the system they were breaking into was based on an American design, and both the network-level firewalls and the application-gateway firewalls had not been modified by macnife’s sponsors, this task was relatively easy. For the first time that day, Bobby Sung betrayed the excitement he felt by humming “The Ride of the Walküre” while his fingers flew across the keyboard before him.
In the Spook Booth, the CIA agent chuckled when he heard Wagner’s oft-played piece. “Sounds like your people have been spending too much time watching old war movies.”
Kevin Shrewsbery looked over at the visitor from Langley. “I’d rather that than have them use the training we give them here to empty my bank accounts.”
While the CIA man stared at the Army colonel, the FBI liaison chuckled. “You’ve got that right.”
Back in the Pit, Bobby Sung was finishing his tasks. “Righto, mate,” he called out to Eric Bergeron, “we be in business.”
Taking a deep breath, Eric studied his screen. “Let’s see now,” he mumbled. Bobby Sung, using an old technique, had managed to enter an open port in the host computer macnife worked from by sending a message using an address that macnife’s system was familiar with. Once past the security gateways, the body of the message was not checked by the security programs, since it followed the address of a trusted user. That body consisted of a sequence of commands, written in the computer language used by the system under attack, that established a new root account.
Neither the nation that had provided the computers nor macnife’s native country altered the basic programming language, making it easy for Eric to pull up the directory of the host computer and get to work. The first phase of the attack involved the downloading of a Trojan horse. While there are several variations to this sort of attack, the one Eric introduced to macnife’s host computer involved that system’s Internet protocol instructions.
Rather than destroy a single computer which could easily be replaced, the NSA had convinced the members of the National Security Council that it could nullify the effectiveness of future attacks by keeping track of where the dark knights from that country were going in cyberspace. Their solution was to modify the header portion of the Internet protocol instructions currently on macni
fe’s host computer so that every time macnife and his compatriots connected with the internet, the NSA would be alerted. The Trojan horse in this case did nothing other than send the NSA an info copy of everything that was sent out onto the Web. With that information in hand, the NSA would be able to warn any site that was the target of an attack as well as gather information on who this particular nation was working with.
Methodically Eric made his way into the operating system of macnife’s host computer. With root access, this was rather simple. What was not going to be easy was the substitution of codes. To do that Eric would have to operate on the old code. That could create a momentary interruption in service, much in the same way that a surgeon performing open-heart surgery must stop the heart in order to work on it. Everyone using macnife’s host computer that was connected to the Internet would experience a momentary delay of service. If this interruption became pronounced, the system administrator would, quite naturally, assume that there was a problem either with his connections or his system. Either way, he would become active and begin an aggressive effort to resolve the problem while ignoring the phone calls from angry users.
To prevent this Bobby Sung would momentarily block all outgoing traffic. To the average user this interruption would appear to be nothing more than a delay in finding an open circuit at his or her Internet service provider. Even the most astute computer geek would have difficulty detecting the hiccup Bobby Sung’s break in service would create.
“Hey, Bobby,” Eric called out. “You ready?”
The EWK looked up at the big screen, where he could clearly see that Eric had the existing IP header information highlighted and ready for deletion. “On the count of three,” Bobby Sung replied. Then he began his count, “Three, two, one, break.”
Combat Page 44
