The Dark Web: The stunning new thriller from the author of The Angolan Clan (African Diamonds Book 3)
Page 30
‘It was developed at XPC by Scotty Fitzgerald, a real encryption wizard. But last week I accidently found a different version of the upload package. It’s identical, apart from three extra lines of code attached on the end. Look.’ He showed Sharif’s test code on the screen.
‘It’s just sending the same message over and over again to that cell, S470C887,999,’ Abby said. ‘I think it must be a sleeping cell that’s already in the processors, and it’s telling it to wake up so it can do something, but I don’t know what. Where did it come from?’
‘Sharif, the design guy was testing it, but I’m sure he was doing it for his boss, Shen.’
‘You think he was duped as well?’
‘Probably. He’s not the type to plan anything like this, not enough imagination and too honest. Shen put me in prison, so that cell must come from him somehow. Here, I’ll run it and show you what happens.’
Leo ran Sharif’s revised test. They could see the flash of the repeat instructions being passed thousands of times per second. In less than a minute, the mini-network shut down.
‘That’s impressive, but weird.’ Abby frowned. ‘It must wake that cell up and there’s some kind of handover that shuts down the network. If it’s to introduce a virus or something, I don’t see the point. When the network’s down, it can’t be instructed to do anything.’
‘Maybe that’s all it does, shut the system down.’
‘You guys are right. That cell’s asleep somewhere on the Lee-Win processors.’ Julia, a pretty, statuesque Swazi woman with an abundance of frizzy curls, intervened. ‘I read about something like this a while ago. See if I can find it.’ She started interrogating her laptop.
Abby asked, ‘When is this upload supposed to happen?’
‘The plan was to launch Mark VII at the same time they deploy the uploads, to get maximum bang from the buck. That would be in a month or so, depending on production.’
‘Are the uploads interconnected or independent from the new modules?’
‘They’re in the same package, but they’re not interconnected. All the software will be deployed together to the existing pool of processors, but the Mark VII modules can only be distributed after they build them.’
‘So, if the plan is to do something when they send the upgrades, it could be right after they finish testing in Shanghai. Before they even manufacture the new modules.’
‘That’s what worries me. If they’re going to attack the existing pool of machines they can do it as soon as they get the upgrades. They could deploy the modified code this week.’
‘It would really cut down our timescale for doing anything. We need to look at that shutdown function right away.’
‘I know, but I don’t understand how the shutdown happens. That cell is just like any other cell, it can’t suddenly take over the management of the whole microprocessor.’
‘That’s not what it does, Leo.’ Julia looked up from her screen. ‘I found that item I remembered. It’s called an “Analog Back Door Attack”, code name “A2”. I’ll distribute it.’ She forwarded an article published by the University of Michigan.
‘A2? I’ve never heard of it. How does it work?’
‘It’s a physical change to the processor, they add a malicious cell in the manufacture process. It’s a capacitator cell that accumulates an electric charge when they trigger it with those multiple commands, then it hands over control to a logical function that’s already programmed in the processor. In this case, it just shuts down the system.’
‘Shit. All the processors in the devices we’ve got here shut down, so they’ve been tampered with. That means someone discovered this A2 backdoor cell idea some years ago. It must be Shanghai that’s behind it, and they’ve been preparing an attack all this time.’
Julia was still reading. ‘Hang on, Leo. Stop sending that code and see what happens.’
He terminated the programme on his laptop and they all waited in silence. After a minute or so, the network came back to life. Leo shook his head. ‘Now I’m totally confused.’
‘That’s what’s supposed to happen,’ Julia said. ‘When you stop sending those trigger instructions, the cell loses its electricity and the network reverts to its normal state. Check that it’s still running ACRE, Rod.’
‘Yep. It’s back to where it was before, with the upgrades working.’
As they were reading and discussing the report, Coetzee walked into the room with Karen. ‘Hi guys, how’s it going?’
‘We think we’ve got it, Dad. Julia, you explain.’
She summarised what they’d found, finishing with, ‘We haven’t looked at the cell yet, so this is all theoretical.’
‘OK, guys. We need to do some strategic thinking.’ Coetzee decided it was time to restrict the flow of information. ‘We’ll break for lunch. See you later.’
In his office, Coetzee said, ‘All the equipment in that network is less than five years old. Didn’t you tell me they’d been incorporating the connectivity module for the last four years?’
Leo nodded. ‘I was thinking the same, the timing of the changes is linked. They started planting that cell at the same time as providing the connectivity capability to contact it later.’
‘I suppose you know Lee-Win changed hands five years ago. This plan must have been hatched soon after that.’
‘That figures, if they’re targeting all the processors built in the last four years.’
‘What happened when you stopped sending the trigger commands?’ Coetzee asked.
‘The network came back to life in a minute or two.’
‘So, the command has to be sent continuously to maintain the network shutdown?’
‘Exactly. But if it’s downloaded by millions of users, their systems will stay shut down until a new command is sent to stop triggering the cell.’
‘Is there any way of finding that command and overriding it to make it harmless?’
‘We haven’t got that far yet, but that’s what we need to get the team focused on now.’
‘I wonder how they’ll do this.’ Abby was going through the plan in her mind. ‘Will the package they send from Dubai contain the extra code, or will they add it in Shanghai?’
‘I’ll ask Ed. The final package must be ready now if they’re sending it tomorrow, and he knows about that cell instruction. It would make sense for Shanghai to send out the clean version first, get it accepted, then follow it up with the A2 code afterwards.’
‘You’re right. Once the customers are happy with the upgrades, they’ll accept a minor correction without question, then the world shuts down.’ She frowned. ‘The other thing I can’t understand is why they set up the XPC facility in Dubai in the first place? Wouldn’t it have been simpler to do everything from China?’
‘No idea, but they must have had a reason. It might have been to attract first-rate people who don’t want to go to Shanghai, like Scotty. I think the key to this is ACRE. They doubled their sales last year because of it, so the number of networks it gives them access to is huge.’
Coetzee said, ‘I think there’s another reason. Whoever’s behind Lee-Win and this potential attack, they’re hiding their identity from the world. They have to remain anonymous because the processors are in top level organisations, hospitals, government departments and the like. It could literally bring everything to a standstill, cause a worldwide panic.’
‘While they do what, Marius? Why would the Chinese or anyone else deploy something so devastating, knowing it could start a new war? We’ll have to give the bad news to General Chillicott. He knows there’s going to be an upload, but he doesn’t know what might be in it.’
‘And there’s this possible link to Russia. Ask Ed for a status report, then we’ll call Homeland Security. I don’t know what good it’ll do, but they need to know what’s going on.’
Leo texted Ed, asking him to call when he found a quiet corner. His mind was racing, desperately trying to work out if they could do something, anythin
g, in time to prevent whatever was planned, before it was too late.
FORTY-FOUR
Dubai, United Arab Emirates
Tuesday, 13 July 2017
‘The package is assembled. Shen’s sending it tonight. He talked Tom into proving to the Lee-Win people how well we can manage without you and moved it forward another day.’
Ed was in the XPC car park, speaking to Leo. He’d finished his last clean-up of the software and signed it off to Shen. Sharif’s design template for Mark VII was also delivered. Now it was out of their hands.
‘You’re not delivering it to Shanghai yourselves?’
‘Tom decided that there should be only one person in contact with them, for security purposes. Shen’s the direct link, so he’s sending it. It’s not rocket science, even he can manage to do it right.’
‘So, after Shanghai retests everything, they could put the upgrades out without waiting for the Mark VII launch?’
‘I suppose so. No one’s actually given us a date for the release, but you’re probably right, it’ll be a fast turnaround. There’s nothing to be debugged and we don’t expect any glitches. It works fine, thanks to you.’
Leo explained what they’d discovered about the rogue cell. ‘We don’t know if the upgrades will trigger it, or if they’ll do it in two stages. Any thoughts?’
‘Fucking hell! That’s what Shen’s been plotting? That devious, arrogant Chinese arsehole.’ Ed sounded apoplectic. He popped a piece of gum into his mouth and chewed aggressively. ‘Let’s think about the deployment. The package has got our original software, so it would make more sense for them to send that clean version out to test the process. When they know it’s been successfully downloaded by the networks out there, they follow it up with the trigger. Sound logical?’
‘That’s one of the theories we’ve come to down here, but it’s a hell of a risk to take.’
‘Well, there’s no way I can find out now it’s in Shen’s hands. We just have to make that assumption.’
Leo thought for a moment, cursing the fact that he’d never been in direct contact with Lee-Win in Shanghai. ‘Any chance of getting the address and handshake that Shen’s sending to? Maybe the hub network coordinates?’
‘I get it, try to get in the back door and take a look. I’ve never had any contact with them, so the only way would be through Sharif, if he’s sent stuff before. He’s gone for the night, I’ll see what I can find out tomorrow. I’ll check with Daniel as well, but Shen probably used his laptop, so there’ll be nothing in the main network.’
Washington DC, USA
‘Leo, how’s it going? It’s great to hear your voice. That must have been a hell of an experience.’
‘Educational, I keep telling people. Billy, I’m calling you about the Lee-Win upload that’s scheduled. I think you know Marius Coetzee, I’m on the speaker with him here in Joburg. We’ve been running tests on the corrupted version of the software.’
‘That figures. Hugh Middleton and I were talking about it in London yesterday. Hello again Mr Coetzee, glad you’re looking after Leo down there. This whole thing sounds like it could be that imminent catastrophe you were warning me about in San Diego, Leo.’ Chillicott said nothing about the Russian troop and naval movements. No need to complicate things in their minds, he thought. One thing at a time.
Leo quickly brought him up-to-date on their tests. ‘The package will be in Shanghai tonight,’ he finished, ‘and I don’t know how to prevent it from being deployed.’
‘That’s a new one on me. A physical cell added to a processor. How do they do that without it being noticed?’
‘Maybe you’ve never seen one of these silicone chips, Billy. They’ve got a billion components on a fingernail. Impossible to see what’s there or not. But that cell is definitely there and it’s not on the XPC design, so it must have been added at Lee-Win in Shanghai.’
‘You know, guys, the more we find out about that Chinese outfit, the more it looks like a barrel of worms. The problem is, we don’t have one single solid fact. We don’t know who owns it, what’s really going to happen on this upload, and we don’t know why.’ He asked the same question as Coetzee had. ‘What does it do?’
‘They send a trigger command to the cell and something in the processor switches it off. The whole network goes down, as simple as that. You’ll have billions of devices all over the world that stop working.’
‘Jesus Christ! Lee-Win’s main market is government departments, industrials, banking and essential service industries, correct?’
‘Right, the infrastructure of the world’s business.’
Leo’s words seem to hang in the air as Chillicott was silent for a moment. ‘But if they deploy your original upgrades without that additional code you found, the new software works fine?’
‘Perfectly. We think that’s what they’ll do, then they’ll follow up the clean version with that code as a minor update and “wham bang thank you mam”! I’ve got Ed trying to find out what’s going on up there, but we’ve heard nothing yet.’
‘Is there any way you can find out how to access the hub network they’ll use for the deployment?’
‘Ed’s on that as well. And we’ve got a team of people here in Joburg trying to identify the exact command that does the shutdown. Then we could try to hack into the hub to override it, or maybe your Homeland people could, you’ve got a lot more resources in that area than we have.’
‘I didn’t hear you say that, but it sounds like a plan. See if Ed can get us some kind of link. And while you’re at it, ask him if he can manage to get a photo of that woman, Elodie. We know all about Shen Fu Liáng, but nothing about her. If she’s on any kind of file, we might have some luck with our image matching kit. And Leo, tell him to be real careful. Those people don’t play by the rules, as you know better than me.’
Delmas, Mpumalanga, South Africa
‘Hello Jenny, how’s everything with you?’ Coetzee had gotten to enjoy speaking to Jenny Bishop. She seemed to be like him, didn’t waste time talking about things, just got on with it. He regretted what had happened in 2010, but it didn’t appear to have left any lasting scars, apart from his.
‘I just wanted to keep you informed. One of my family, Patrice de Moncrieff, is a director of BIP in Spain, and he works closely with their Hong Kong subsidiary. He’s gone there on our behalf to try to get details of the payments made to Mme Lee-Win.’
‘That’s great news, Jenny. What are his chances?’
‘Honestly, I don’t know, but he knows what we need and he’s a clever man. He wouldn’t have gone if he didn’t think he could do it. I’ll know in a day or two if he can find out what we want. Is there any progress on the technical side?’
‘I’ll get Leo to give you an update. He was just explaining it to General Chillicott, so you’re in exalted company.’
Leo explained what the team had discovered about cell S470C887,999. ‘We just don’t know what they’re going to do with it, or when they’ll do it,’ he finished lamely.
‘Remember what I told you about those billions of anonymous processors all over the world? “The most terrifying thing I’ve heard in my life”, I said. And I was right.’
Dubai, United Arab Emirates
‘I’m ready to send the package off. Anything special you want me to say in the message?’
Shen had just come up to Tom Connor’s office, where the CEO was finishing his report to the Lee-Win board.
‘I’ll email this report shortly, so you don’t need to add anything. This is a great result, Shen, and I’m giving you all the credit, you and Sharif. It could easily have gone wrong when Leo went AWOL, but you guys managed to save the day. Thanks for being a trusted partner and getting it done within the timeframe, I won’t forget it.’
Shen smiled modestly. ‘You’re welcome Tom, we owed it to you. After what happened to poor Scotty, and then this episode with Leo Stewart, we just had to deliver to prove the value of XPC. I’ll get it off now with the
appropriate signature protocols. See you later.’
He went down to the lab with his laptop, and collated the bundle of firmware and connectivity programmes and the ACRE upgrade into a machine-readable executable file with the agreed Lee-Win handshake signature. After further testing in Shanghai, the upgrades would be distributed with that same trusted signature; the customer devices would open them and override their firmware with the new versions. The design spec and mask was a CAD document that could be read by Lee-Wins CAM machinery to manufacture the Mark VII processors, although that wasn’t one of his priorities. If everything went according to plan, it might never even be produced.
He called Elodie. ‘Everything’s finished and ready to go. I’m pressing Send now.’
‘Well done, darling, it’s finally over. When are we leaving? I’m sick and tired of this place, and the people. Can I start booking flights and hotels?’
‘We’ll wait until the uploads are deployed, then we’ll make our move. We don’t want to be here when the trigger upload goes out, it’s likely to get a little nasty.’
‘So, a few more days? Are we going back to Ireland as you promised? It’s months since I was there, and you know how much I love it. And it’ll be a long way from the problem areas. We’ll wait it out until everything’s settled down, then the world’s our oyster. I can’t wait.’
‘Just a few more days, then Dublin. I promise.’
Shen rang off, then called a number on his encrypted phone. ‘I’ve just sent off the package,’ he said in Russian. ‘Yes, it should be just a few days, not more. I’ll keep you informed.’
Dubai, United Arab Emirates
‘Hello, darling. The software package was sent off to Shanghai a few minutes ago.’ Elodie Delacroix was on her other mobile phone again.
She listened for a moment. ‘Yes, Shen sent it. He says it will go out in a couple of days. I know, not long now. I’ll keep you informed as soon as I hear anything more. Take care, I’m missing you.’