Shift Delete
Page 10
Loretta had a whole cast of characters including Iranian, North Korean, Chinese and Arab hackers all replete—like Vladimir, with histories that DCA carefully cultivated, managed and operated. The virtual identities had detailed false social networking profiles on sites like Facebook, VK, LinkedIn, Twitter and Google+ with credible and convincing covers and backgrounds. Each identity even had IP addresses in his respective country, further strengthening their story should anyone check up on them. With patience and persistence, these virtual identities, or avatars, made contact and established trust with the hacker community and beyond. The challenge-or contradiction—lay in establishing and maintaining chatroom credibility in this world of activists, operatives, instigators, provocateurs and revolutionaries where one had to contribute, without causing others to harm the United States.
This was part of DCA’s proactive defense approach—their way of anticipating cyber threats and actions against U.S. Government networks, rather than just responding to attacks. Signals Intelligence, or Signet, collected reams of information via technological means. But the human element, known as Humlnt (Human Intelligence), often provided the most crucial intelligence data, like an intelligence agency’s agent or mole penetrating an enemy’s innermost circle. Cyberspace was no different.
“What other Intel did you pick up?” Parovsky asked Loretta. “Did these Estonians of yours brag about the vectors?”
“All I have right now is their claim of responsibility. And they’re not ‘my Estonians,’ thank you very much.” She did not appreciate what she believed was Parovsky’s intentional harassment.
“Well it doesn’t help us any. Who in Estonia? Get us something that matters, like the type of attack or whatever else they’re bragging about,” he snapped at her, a combination of frustration and tension, his lack of sleep and dislike for her.
So many questions remained. The attack could have been launched by lone hackers, patriotic hackers, cyber criminals, Russian or Estonian government operations, or cyber operations initiated by other nations or actors taking advantage of a situation when they wouldn’t be suspected. The possibilities were many.
“If it is indeed Estonians, then why the hell didn’t we know this was coming?” Parovsky demanded to know, looking directly at Loretta. “They had to have done reconnaissance before deciding to attack State, before deciding which victim would make the biggest splash.”
“How would you know?” Layla asked no one in particular, partly out of curiosity but also to help ease the tension in the room.
“It’s part of the counter-intel activity—trolling Facebook, ,Twitter, even Google searches to see who has been searching for information on the State Department,” Brendan explained.
“So much information,” she said, shaking her head in amazement.
“That’s where all our specialized software comes into play—helping to manage and process all that data we collect,” Brendan explained. “It also looks for connections between people and events, just like Facebook and LinkedIn suggest people you may know based on who your contacts know.
Ted asked, “Have you ever heard the term ‘Big Data’?” Without waiting for her answer, he continued in his dry tone: “Think about the electronic footprint we generate each day.” He paused for effect. “When we were young,” he added. “It was called a paper trail.”
Brendan continued. “Emails, telephone calls, YouTube posts, WhatsApps, Google Maps, photos, Facebook, Twitter, Flickr, Instagram...”
Oh Shit, Parovsky thought. Brendan is going off on one of his tangents.
But he stopped on his own, concluding, “We all generate tons of data, and it all adds up to Big Data.”
“The challenge is to find usable information in that sea of data,” Loretta chimed in. “It’s not only content that is important, but connections.”
Brendan then went from user-friendly to technology mode. “Semantic graphs map relationships among words, concepts and other constraints to allow for unstructured data to be connected. Our monitoring solution runs algorithms evaluating enterprise-wide data and customizable detection capability to help in identifying and qualifying threats.”
Layla’s mouth dropped open.
“In plain language,” Ted explained in layman’s terms with a smile, “It connects the dots!” He was a good counterweight to Brendan’s at-times over-technical explanations.
Loretta had wandered over to a PC workstation set up on a table in a corner of the conference room.
“Here, Check this out,” she called out in her strange drawl. Looking at a page that had come up after she typed “Online in 60 seconds” into Google, she told the room: “Here’s a chart showing what goes on in the internet every 60 seconds. Eleven million instant messages, 72 hours of YouTube videos, 41,000 Facebook posts a second! 278,000 Twitter posts, 204 million emails sent, 347 new WordPress blog posts, and so on and so on.” She pointed to the different colored slices of the pie chart as she read off the examples she chose from the larger list.
Layla made an expression that said. Now I understand.
“Folks, let’s get focused on the matter at hand,” Parovsky barked to corral the group’s focus.
Loretta returned to a seat at the conference table, while the others rotated their chairs to face the table, which was accompanied by an orchestra of squeaky cries from the chairs.
“Other than Loretta’s report of Estonians claiming responsibility for this, do we have any fingerprints?” Parovsky asked the team.
He was inquiring if the IP address or addresses the attack was originating from were identified as that would help determine the hacker’s attack tool.
“We’ve traced a handful of IP addresses for the attack’s opening salvo.” Loretta reported in her slow, strange drawl, “to Estonia,” giving credence to her initial report suggesting Estonians were indeed behind the attack.
Brendan reminded everyone of the previous week’s defacement of State’s site by Estonians protesting Washington’s lack of action, suggested that this was a continuation and escalation.
“As for the method, it may be ‘Low Orbit Ion Cannon,”’ he suggested, referring to a well-known, readily-available attack tool for this very type of flood attack.
“Did you know LOIC was developed for testing purposes?” Brendan offered. “A tool developers could use to test their own servers with heavy network traffic!”
Not exactly the time for trivia, you moron! Parovsky kept his thoughts to himself.
Brendan added, “The attackers changed tactics and it’s been harder to trace.” Indeed, the Estonian attackers were using a flood attack weapon called High Orbit Ion Cannon.
“Matches the signature of attacks on the Department of Justice and others after they took down that illegal file sharing site,” Parovsky remembered.
“Textbook Anonymous for their DDOS attacks,” Loretta added, referring to the “hacktivist” group that uses the internet to attack what it views as injustices.
Summing up their findings, Parovsky reported, “So team, it looks like we may be under attack by our notorious friends at Anonymous, or someone in Estonia, or a combination of the two.”
Grimacing apologetically, one of the interns asked, “Just one more question, if I may?” And without waiting for an answer, he asked, “With all this technology at our disposal, how come we don’t know these things are coming before they happen?”
Parovsky lit up with delight. “That’s a very valid question!” He would have used the boy’s name, but he had no idea and didn’t care to ask. Turning to look directly at Loretta, he queried accusingly, “So Loretta, why didn’t we know this attack was coming?”
“You can’t fault me for not knowing about an attack before it happens!” she objected, straightening in her chair.
“You bet you’re at fault,” Parovsky chastised her publicly before the team. “This attack didn’t jus
t come out of nowhere. Someone recruited resources for it, designed an attack strategy and issued marching orders before launching it.” He counted the three steps with his fingers for effect before continuing. “You’ve got all sorts of sensors out there monitoring the web for this very activity! Didn’t you report last week that someone had run a port scan on the State Department network—this after State’s website was defaced by Estonians? How many clues do you need?”
Loretta turned red with anger and embarrassment, and Parovsky feared she might burst into tears, in which case he would wind up looking like a shmuck. He was enjoying this, and figured the others were also enjoying the verbal lashing she was receiving. He had never asked anyone else outright—it wasn’t one of those questions one asks—but he had a strong inkling he wasn’t the only one put off by her abrasive and condescending personality.
He couldn’t resist firing off one final shot. “Obviously an attack was brewing. There were ample clues. Had we been forewarned, maybe the attack could have been contained and its damage minimized. The whole purpose of intelligence is to stop attacks through advance knowledge.”
“Espionage is the first step in an attack,” Brendan stated matter-of-factly, oblivious that he was interfering in a showdown. “They learn the architecture, physical systems and technical details before developing their attack plan.” He paused for a moment of introspection, then added: “Whoever did this clearly knew State’s topology.”
“Their what?” someone dared to ask.
“Their topology,” Brendan repeated before realizing it wasn’t that they didn’t hear him, but rather they didn’t understand him. “Their network map.”
The room went silent, the only sound perhaps being that of glances darting around the room with fleeting looks, everyone too shocked or embarrassed to say anything. The buzz of a Blackberry thawed the freeze. Brendan reached for his device affixed to his black leather belt holster, punched in his password and after a brief glance, announced that State had sent over a graph of typical web traffic profile, by time and location, with the present traffic surge superimposed, to give a sense of regular traffic patterns.
He quickly entered his credentials into the conference room computer, accessed his email and brought the chart up on an overhead projector for all to see. Someone flipped a switch that lowered electric blinds over the window to the SIC.
State’s normal traffic started as the U.S. east coast business hours began and people did their personal business while on the clock at work. A steady increase could be seen throughout the day as the sun rose from east to west and the country came to life. State’s web traffic remained mostly constant as the west coast woke up and began its work day, then began tapering off as the West coast wound down, leaving a smattering of traffic as people across the country accessed the site in the evening, probably from their home computers, and a trickle of international traffic during the U.S.’ off hours.
While they looked at the graphic layout before them, Brendan disassembled his ballpoint pen into its component parts and then reassembled it. “ADHD,” he had once explained to his colleagues during a similarly stressful cyber event. “Attention Deficit Hyperactivity Disorder.” This was at least quiet, albeit distracting to others; he had learned not to repeatedly click the pen’s retractable tip with the button spring since that tended to really annoy people.
DCA’s CISO—Parovsky’s direct boss—came in the conference room and encouraged the team with a pep talk. They heard her coming from the sound of her shoes on the raised-access computer flooring covering all the wires and network cabling. As usual, her skin was unblemished, not one of her brown hairs was out of place and certainly there wasn’t a trace of gray hair. She was stylishly dressed in a designer outfit, with everything impeccably pressed and in order, down to the scuff-free shoes. A gold brooch and scarf capped her outfit. Parovsky saw her as a Barbie doll: plastic and fake. He may not have realized it, but his enmity stemmed from seeing her as a roadblock to career advancement.
“This is how we’re judged,” she began with a smile that Parovsky saw as artificial. “Unfair as it may be. Our government constituents don’t see all the great work you people do day-in and day-out. We defend against two billion cyber-attacks on government networks each month. They don’t judge us by the near-100% network availability; all our constituents see is down time. But you guys truly are unsung heroes, but that’s the way it is when you work in a TLA.” They all understood the acronym for Three-Letter Agency, where so much classified activity that protects and defends the nation remains hidden from public view.
“The Secretary of State is threatening to notify POTUS,” she continued, using the abbreviation for President of the United States.
Beyond the annoyance with her use of acronyms, Parovsky didn’t like being threatened. That asshole CISO at State had gone to his boss after all. He interrupted his boss sarcastically: “What’s the Secretary going to tell the President? That some teenage hacker in Estonia has shut down the State Department?”
“It doesn’t matter what the Secretary tells POTUS,” she responded calmly, “It puts us in the spotlight. Which means we need to put this to bed fast.”
He knew she was right.
She continued her talk. “Contain the attack, do your jobs like I know you know how to and keep me informed every step of the way.”
They thought she was done, but then she added, “Whoever is behind this will be dealt with severely and will pay a price. When the President personally called me to offer me this job, he assured me he was fully committed to cyber defense...”
“Yeah, yeah. We’ve all heard over and over again how the president offered you this job and how great you think you are...” Parovsky thought to himself, trying to mask his contempt for her.
She concluded by saying, “No one can attack the United States with impunity!’ I am in contact with people at the highest levels in the Administration.” Maybe she was trying to show that this is taken seriously, but it came off to him as bragging. She abruptly left them to their work.
Not that they needed encouragement; Parovsky knew he had a motivated team of true professionals, but it’s always nice to know that management actually cares, although he couldn’t stand how she always had to insert herself into the spotlight. It was always about her, like her usual remark about how when she was in industry, she handled attacks far more complicated than whatever Parovsky’s team was combatting at the moment, “so this should be an easy one for DCA.” Actually, he realized, she hadn’t said that this time. Parovsky understood what she was trying to do, but her egocentrism pissed him off. He wondered if he was the only one who saw through her.
10. POPCORN
‘The cyber-attack on the State Department continued escalating at a constant pace, but now StateApp was hardly responding to any kind of request. As each infected IP repeatedly sent HTTP GET requests for various online pages, StateApp’s resources couldn’t cope, making the online pages unbearably slow—if functional at all—for legitimate users.
Loretta used the Gnosis search engine to scour social media networks like Facebook and Twitter—so often used by activists to reach a larger pool of potential recruits and calling on others to join them, some of whom did so out of conviction, while others just for the hell of it. Searches revealed a blog including a YouTube video, a countdown to the attack date and instructions for those wishing to participate. Joining was as easy as downloading software, entering the IP address provided by the organizers, and clicking “Enter.”
DCA shared information with the government agencies responsible for prosecuting cyber-attackers, when possible, and those for countering their moves. One of their tools was to hack the hackers by tricking others interested in joining the anti-Washington Op into downloading trojans, thinking they were DDOS programs. The technique would mimic the attackers to stop and expose their new recruits before they attack. Once the Trojan program infe
cts the hacker’s computer, the hacker’s real identity (rather than just their nom du guerre under which they act with bravado), details and even photos are publicly exposed. If a friendly country is involved, then these people could be put on a watch list with law enforcement agencies.
Parovsky loved the feel of being in the fight. He saw himself in a 155mm artillery piece preparing counter-battery fire to suppress, neutralize and destroy the enemy. While Brendan began droning on about user access authenticity, Parovsky’s mind began to wander to more tangible warfare. He was decked out in camouflage fatigues, a ballistic helmet and Kevlar flak vest.
“Echo Three Seven Niner. You’ve got a fire mission,” the voice over the radio crackled.
“Roger, go ahead,” was the response, as the camouflage-clad soldier prepared to accept the target location.
Coordinates were punched into the automatic fire control system computer, which calculated a firing solution before automatically unlocking, elevating and traversing the cannon tube to the commanded deflection and quadrant. The loading system fitted a shell into the breech before the loader completed the process, manually pushing the shell further in and stuffing it with propellant charges before slamming the breech closed.
“Permission to prime!”
The loader inserted a primer, attached the firing cord and stood aside awaiting further orders. Sweat stained the underarms of the tight olive green t-shirt he wore, which contrasted with his baggy BDU’s.
“Firing for Effect!” said the voice crackling over the radio. “FIRE!”
With that, the gunner pulled the firing cord by holding it taut and swiveling his body away from the weapon. The 30 ton vehicle rocked as the high explosive 155mm projectile burst out of the howitzer’s long 39 caliber barrel, traveling some 900 meters per minute as it burst from the barrel, tearing through the sky before smashing into its target in a fireball and massive grey-brown cloud of smoke and dust, its blast wave wreaking destruction and throwing twisted wreckage and rubble high into the air.