He didn’t answer.
“But you should be doing more security evaluations and vulnerability testing,” Parovsky admonished, refraining from shaking his index finger at the old man like a teacher scolding a misbehaving pupil. He continued, “That’s what we do for our site and recommend to all agencies. Test under a load environment that gives a more realistic and complete test.”
The CISO nodded again, guilty that he hadn’t done more to prevent this embarrassing situation of a high-profile attack on State—especially a week after his website had been defaced.
11. NIGHT
Layla was back each night, dressed more professionally in dress slacks, blouse, blazer and heeled shoes, given the extra personnel on hand as the attack continued. She thought she caught Parovsky glancing at her on more than one occasion, and was embarrassed that her customary nighttime anonymity was gone.
To Parovsky, who had never paid much attention to her before, Layla now stood out and he took an interest in her. He made a point to thank her for her work, which made her feel appreciated, and they sat and had a coffee together at a small round brushed metal cafe table in the break room during the wee hours one morning. He drank percolated coffee from a Styrofoam cup while she sipped a cup of tepid tea from her Thermos as they spoke. His clothes were wrinkled and disheveled from having been at work for more hours than he could recall, while she had showered before work and had a fresh scent of perfume or body lotion. She had taken the time to put on makeup and eyeliner, accentuating her deep brown eyes, and had manicured, bright red painted fingernails—making her even more inviting. He noticed she had one dimple. There was a certain warmth to her. At first, she felt she was doing something wrong by agreeing to have coffee with Parovsky, but why should I? she asked herself. She subconsciously fiddled with her wedding ring as they chatted. It was certainly exciting to have someone show interest in her again—it had been quite some time since that had last happened. All she saw during her daytime off-hours were housewives and young stroller-pushing moms, and here was an attractive, athletic-looking man taking an interest in her.
She tried to keep the conversation professional, asking about progress in determining who was behind the attack and what had been learned, but he quickly redirected the conversation to put the focus on her, with questions like when she joined DCA, about her IT background, and where she grew up.
“It’s actually all related,” she told him, launching into her family story of a comfortable life in Lebanon until civil war broke out, caused by the influx of Palestinians expelled from Jordan. When their Beirut neighborhood was destroyed in the fighting, Layla’s civil engineer father took the family to the United States, settling in the Washington DC area. Her father couldn’t find adequate work in his field, so he ended up opening a Lebanese restaurant. One of those “intangible casualties of the war,” she called it. Her two older brothers worked at the family restaurant, while Layla went off to college and studied computer science as a way out from waiting tables through her teenage years under the watchful eyes of her conservative parents and brothers. “I couldn’t wait to get away from this restrictive and claustrophobic upbringing while the rest of the family thought I was rebellious and unappreciative.”
“Were you?” he asked, smiling and winking at her. She smiled back and brightened, but then her eyes saddened again and her head dropped as she continued.
“After the upheaval of moving the entire family half-way across the world and rebuilding our lives,” she told Parovsky that after the September 11 terror attacks someone smashed a window of the family restaurant and spray-painted in large red letters: “Go home, you fucking Arabs.” And how her father, appearing weak and vulnerable for the first time, firmly told the family that the United States was their home, and that they would not be uprooted again. Ironically, her parents still read the Daily Star—Beirut’s English-language daily, to keep up on all things Lebanon. Even after 40 years, they still longed for their country; hearing news from Lebanon, which they still referred to as “home,” made them feel good.
Parovsky wasn’t interested in sob stories; he had ulterior motives. As far as he was concerned, all Lebanese were terrorists, same as Palestinians. Many cyber-attacks against U.S. Government systems came from the Arab world, and he didn’t care for Arabs very much to begin with. He smiled to himself at the prospect of screwing a terrorist and thought how he might be repenting for this on Yom Kippur.
He shifted gears. “And what about your special name?”
“It means ‘night’ in Arabic. As a name, it comes from romantic poems during medieval times.”
“So it’s a romantic name?” he asked with a smile. She blushed and crossed her legs under the table, glancing down to make sure she hadn’t accidently kicked Parovsky.
“I think my parents called me Layla because I was conceived at night!”
Parovsky smiled and perked up at the mere mention of sex, even if it involved her parents. “I like the night,” he said, looking for her reaction as he spoke. He looked into her eyes.
“So do I. I work the night shift, don’t I? I guess my name suits me.” She smiled, pleased with her response.
“It does,” he agreed, adding, “I like the mystery of the night. The quiet, the depth, the beauty.”
She was charmed by his inviting smile and by his revealing his softer side, which people at work normally did not see as it was hidden away behind his aloof exterior.
And then he began moving in for the kill. “What happened to your flip- flops?” asking about her simple rubber sandals. He looked under the table.
“Oh my God! You noticed those? I was mortified!” He had disarmed her and put her on the defensive.
Parovsky smiled back and shrugged, as if to say, “Of course I noticed.’’
Layla’s face turned red and she began twirling a lock of her hair around her index finger.
“You did a good thing by calling me in the other night when this attack began. Even if I used bad words on the phone!” He smiled and winked at her. “This has been a serious attack on our systems.”
She smiled at the praise.
He leaned forward and put his elbows on the table. “You know, you can always feel free to call me.” Vague. Perfect delivery, Parovsky! He wanted to pat himself on the shoulder for a job well done. He raised his eyebrows as if to say, “think about it. “
It was actually new ground for him, as he’d never done this with a married woman, and certainly not with someone from work. But he simply couldn’t stop himself now that he felt sex with this woman might be within reach.
Layla was certain Elliot, whose name he encouraged her to use, could hear her heart pounding so loudly in her chest as a rush of adrenaline shot through her body. She subconsciously moved her chair back to keep him from hearing the palpitations. Her head was awash with exciting thoughts and even fantasies as she considered her mundane marriage to a man who seemed more interested in watching sports on his HDTV than spending time with her. She couldn’t remember the last time she had felt such a charge in her body.
In the days that followed, Layla hoped Parovsky would still be around when she clocked in at 23:00, or that she would see him arrive in the morning before she headed home. The DDOS attack kept him at the office very late—sometimes all night long, or he headed home for a few hours of sleep before arriving very early to work.
I wonder if his schedule has anything to do with me? Layla wondered. She caught herself constantly searching him out with her eyes and looking his way, and even went out of her way to walk by him or his office. She couldn’t help but reveal an affectionate smile when she saw him dozing at his desk late one night.
She began having forbidden thoughts unlike any she had ever had in her entire life. Of being with him. Of cheating—no less with a manager at work—who happens to be a Jew. She simply couldn’t stop thinking about the idea of being with him. Her ima
gination got the best of her, and she worked herself into a frenzy, craving him. When she thought about him, her heart beat frantically and blood coursed through her veins, her hands shook and her eyes grew wider as she was overcome with excitement. Seven years of motherhood had worn her down; she no longer felt like a sexual creature. Her body parts became functional rather than anything erotic: her vagina a birth canal, her breasts like an animal’s teats with its offspring suckling on them for nourishment; they no longer provided pleasure. She had lost nearly all appetite for sex. All feelings of womanhood were nearly extinguished. Life revolved around her children, who were bratty, unappreciative and disrespectful. Chasing after them to brush their teeth, get dressed for school or ready for bed, eat, do their chores. After all the sacrifices she made for them, her children complained she was never around, or never spent time with them. She felt her life seemed only children, children, children, and she had lost all sense of herself.
Little things now irritated her, like her husband leaving the toilet seat up, or shoes left in the middle of the walk-in closet’s floor. Maybe it was all imagined and she was just looking for excuses. Thoughts of being with Parovsky invigorated her, and for the first time since as long as she could remember, made her feel like a woman again. All spurred by one guy’s remarks which she was sure was him hitting on her. Pathetic, girl!
It would be more than 100 non-stop hours before the attack was fully contained and halted. “Not bad as far as attacks go.”
“Yeah. APT’s can go on for months, but this was just a DDOS attack, and it seems to be contained.”
“’Just a DDOS attack’ makes it all seem so simple. This was pretty serious.”
“It appears to be over. Now we’ll see what the investigation determines.”
“We’ll be carefully stepping through the code looking for more difficult to find vulnerabilities and stacked attacks, checking for database integrity issues, undiscovered exploits, unnecessary user access levels, and insecure access methods. Actually, I’ll handle that,” Parovsky volunteered. Compromised web pages might have been loaded with malware, as hackers are still able to modify the content as they wish, leaving them as “sleepers”, set to go active at some future date, or when so commanded.
“How long will it take?”
“Investigations of attacks can take a few hours or, in some cases, a month or even months, all depending on the complexity of the attack.”
DCA would later learn that the Russians had come under a similar attack, evidently by the same attackers. Estonia with Honor was using social media networks to spread the word on how to attack targeted Russian sites. The Russians retaliated by blocking community and social media networks in Estonia to thwart resistance or appeals to carry out anti-Russian actions, or to participate in unsanctioned public events, and shut down Twitter to prevent activists from using this channel to organize.
This actually differed from DCA’s approach, which was to keep Twitter and other social media sites open as an intelligence-gathering tool. By monitoring social media and underground hacker forums, DCA Intell could gauge the effects of their counter-action, and get a damage assessment of their response.
Parovsky glanced at the morning “Early News”, an online compilation of cyber and related news that someone at DCA put out each morning. His eye caught a picture of the Kremlin—which he recognized from his trip to Moscow—illustrating an article blurb: “Hackers Shut Down Kremlin Website”
He began reading: “The tense situation between Estonia and Russia continues. During the weekend hackers opposing Russia’s aggression against Estonia managed to shut down the Kremlin’s official website. The site was back up a few hours later. Credit for the attack was claimed by Anonymous Russia, which hinted on Twitter that it was behind the attacks”
Parovsky was intrigued by the Russia-Estonia situation which he normally wouldn’t have cared about had it not been for his colleague Chaseman’s predictions playing out precisely as predicted. He clicked on a “Related Topics” link and came upon an article on Russian and Iranian cyber cooperation.
Parovsky had grown up in the Reagan years and still believed in Ronald Reagan’s branding of the Russians as the evil empire. “Today’s Russia is the Soviet Union wearing a smile,” he told Chaseman in one of their now frequent conversations or email exchanges. So here was Russia, or the Soviets, or whatever you want to call them, in cahoots with the Iranians. All that was missing was the North Koreans and Syria. These rogue nations had nuclear connections, the North Koreans having been tied to both the Iranian and Syrian nuclear weapon development programs. He missed having a president like Reagan, or even George W. Bush who portrayed things in simple terms of goods guys and bad guys. Parovsky detested these countries and all they stood for. He wasn’t sure they even stood for anything; they seemed to just stand against the enlightened ideals of the West that he subscribed to.
North Korea was run by a nutcase regime, but he dismissed that country as Japan and South Korea’s problem, although their cyber unit 121 was his adversary on the cyber battlefield.
Arabs with nukes definitely bothered him. Israel had taken care of Syria’s reactor by bombing it to oblivion back in 2007. The Iranians—that one scared him. OK, so they weren’t Arabs, but he grouped them all in that same category, up there also with the Pakistanis who already had nukes. He had hated Iran since the 1979 U.S. embassy take-over, when Iranian revolutionaries had held the embassy staff hostage for 444 days. He remembered as a young boy feeling humiliation and how he hated then-president Jimmy Carter for making America appear weak, kowtowing to Iran’s fundamentalist Islamic regime and seeing it on the news every single day for well over a year. Fast forward 35 years later, and he found the idea of a nuclear Iran troubling, if not terrifying.
“What about pinpointing the attackers? Are there any similarities with other known attackers?” Parovsky asked his team.
“Nothing indicative of anything beyond possible information sharing, scripts or on-line tutorials,” Ted answered.
So it looks like our ‘friends’ Anonymous are up to ...” Ted stopped speaking abruptly and held up his hand like a traffic cop to stop the conversation, quickly pulled a tissue from his pocket and let out a loud sneeze into the tissue, his head jerking forward and eyes pressed tightly shut. His eyes were watery, and he blew his nose, which became a shade of red from the abuse. “Sorry about that,” he continued. “So either Anonymous is up to something new...”
“Not likely,” Brendan interrupted, shaking his head from side to side.
“Or we’re dealing with some rogue group,” Ted completed his evaluation. He removed a battered tissue from his pocket and blew his nose again, shaking his head in frustration at his cold.
“When did you manage to get sick?” Parovsky asked. “You seemed fine yesterday.”
“Probably this damn air conditioning keeping all these machines cold,” he answered, gesturing towards the ceiling vent. “I started feeling lousy last night.”
“And your short-sleeve shirt!” Parovsky retorted with a smile.
Humorless Loretta added in her drawl, “From the evidence I’ve seen, the defacement signature was previously unknown.”
“Evidence supports the assessment that the attack did indeed come from Estonia,” Brendan stated. “An analysis of the fonts used in the defacement of State’s site indicate it originated from an Estonian language keyboard.”
“Not a big surprise considering they were protesting American abandonment of their country!” Parovsky’s sarcasm was evident.
After a pause, Parovsky continued. “Let’s get in touch with our international partners. The cyber authorities in allied countries can get us information about the servers being used to stage the attack.”
“I can’t imagine the Estonians will be particularly helpful right now given our country’s lack of support,” Loretta countered.
Annoyed
with her negativity, Parovsky responded curtly, “We don’t know that. This may be a rogue attack.”
“Or government sanctioned,” Brendan added.
Turning abruptly towards Brendan, Parovsky barked back: “They’re a NATO partner, for Christ’s sake!”
“Yes, but a NATO partner who can’t be very happy with their so-called ‘allies’ right now,” Brendan reasoned.
Calming down, Parovsky reasoned, “I can’t imagine the Estonians would be stupid enough to attack us. They’ve got to figure we’ll get to the bottom of this sooner or later.”
“Agreed. It’s probably a bunch of pissed-off people.”
“Well, there are lots of them involved, and they’re talking on social media,” Loretta noted, adding, “I’ll stay on top of that.”
“And as for the attacks,” Parovsky added to wrap up the discussion, “Partner nation CIRT’s can call in law enforcement agencies or contact the service providers that own the servers being used to attack us— that’ll help block attacks coming out of there.”
In the subsequent days, Parovsky spent much of his day painstakingly combing through the State Department’s website, cleaning it up and checking for residual damage or hidden exploits inserted during the chaos of the DDOS attack that might communicate with a command and control server. This normally would have been delegated to someone his junior, but Parovsky actually found the investigative work therapeutic and relaxing. He began by searchDDOSing in the passport section, as a major data dump of citizen’s personal details would be a huge embarrassment if DDOS—entrusted with protecting people’s personal information—was accountable for its public release onto the internet. The work was monotonous, and Parovsky’s mind began to wander. He somehow got to Lippnow—his college nemesis.
Lippnow, Darrel. Enter.
Almost instantaneously, Darrel Lippnow’s scanned DS-82 passport application with all its personal data appeared on the screen before him. There was nothing of interest there. For a moment Parovsky just stared at the Social Security number, date of birth, email address, street address and telephone number. Without any thought, he hit the PrtScr key to copy the data and pasted it into a blank document, with no inkling this would become an obsession.
Shift Delete Page 12