Threat Vector
Page 21
Other criminal organizations hired by Center included Triad groups in Canada and the United States, as well as Russian bratvas, or brotherhoods.
Soon Tong began active recruitment of more high-level espionage professionals to work as field assets. He found Valentin Kovalenko and decided he would be perfect for this task, used one of his Russian bratvas to get him out of prison, and then used blackmail to retain the strong-willed ex–assistant rezident.
As with many other spies, Center started Kovalenko out slowly, monitored his success and his ability to keep himself undetected, and then he began giving him more and more responsibility.
Tong also had another type of spy unwittingly under his command.
The converted spy.
These were turned employees in government agencies around the world, in businesses like telecommunications and finance, and in military contractor and law enforcement positions.
None of these co-opted members of the organization had any idea they were working on behalf of the Chinese government. Many of these assets felt the same as did Valentin Kovalenko, that they were conducting some sort of industrial espionage on behalf of a large and unscrupulous foreign technology concern. Others were convinced they were in the employ of organized crime.
Dr. K. K. Tong was in control of the entire operation, taking directives from the Chinese military and intelligence communities, and so directing his controllers, who then directed their field assets.
It helped, perhaps more than anything else, that Dr. K. K. Tong was a sociopath. He moved his humans across the earth much as he moved 1’s and 0’s across the information superhighway. He had no more regard for one than the other, though the failings of human beings caused him to look with more respect at the malicious code he and his hackers developed.
After two years of Ghost Ship activity, it became clear to Tong that his near-omnipotent control was not enough. Word was getting out about brilliant new viruses, worldwide networking of cybercrime, and successful penetrations of industry and government networks. To combat the spread of information, Tong told the PLA and MSS leadership that in order for his cyberoperations to have maximum effect, he would need additional kinetic assets, a unit of soldier-spies in America, not duped assets but men dedicated to the Communist Party of China and completely beholden to Center.
After argument, deliberation, and finally the involvement of senior military officials, the computer operations man Tong was given command authority over a team of PLA special-operations officers. Everything Tong did worked, they reasoned. His two years of running proxy assets around the world had greatly empowered the PLA and strengthened the Chinese cause. Why not allow him a small unit of additional deniable forces?
Crane and his team, eight men in all, came from Divine Sword, a special-operations unit of the Beijing Military Region. They were highly trained in reconnaissance, counterterrorism, and direct action. The team sent to the United States to follow the instructions of Center was given additional vetting for bravery, pure ideological thought, and intelligence.
They were infiltrated into Vancouver Triad crime for a few months before making their way south over America’s porous border with Canada. Here they lived in safe houses rented or purchased by Ghost Ship front companies, and they had documentation, thanks to Center and his ability to generate resources of all types.
Crane and his cell, if captured or killed, would be explained away as a team of Triad gangsters from Vancouver, working for computer criminals somewhere in the world. Certainly not at the behest of the CPC.
As in the operation in Menlo Park and the operation in Las Vegas, Crane and his men performed wet operations, killing people who represented a threat to Center’s operations and stealing code and records necessary to further Ghost Ship activities.
Those few highly placed individuals in the PLA and the MSS who knew about Center and his Ghost Ship were pleased. The Chinese had their weapon, and their plausible deniability. They could steal secrets from American government, military, and industry, and they could prepare the battle space for any upcoming conflict. If Tong and his organization were ever discovered, well, he was an enemy of Beijing, working with the Triads—how could anyone make the claim that he and his people were working for the Chinese Communists?
—
It was a short walk from Tong’s office up a well-lit linoleum-floored hallway to a set of double doors, guarded on either side by hard local men with space-age-looking QCW-05 submachine guns hanging from their chests. The guards wore no uniforms; one wore a scuffed leather jacket and the other a blue polo shirt with the white collar turned up to his ears.
Dr. Tong did not address the men as he passed through the doorway, but this was nothing out of the ordinary. He never spoke to them. Tong did not make small talk with any of his underlings, much less the thirty or forty local Triads on and around the premises who had been tasked with protecting him and his operation.
A strange relationship, to be sure. A strange relationship that Tong himself did not care for, though he understood the strategic necessity of leaving his homeland to come to Hong Kong.
Through the double doors K. K. Tong walked down the middle of the open operations floor, passing dozens of men and women hard at work at their desks. Twice someone stood and bowed to Center and asked him for a moment of his time. Both times Dr. Tong just held up a hand as he passed, indicating he would get back with them momentarily.
Right now he was looking for someone specific.
He passed the banking and phishing department, the research and development department, the social media and engineering department, and made his way to the coders’ department.
This was where the men and women worked who did the actual computer network hacking.
At a workstation in the back corner of the room, next to a floor-to-ceiling window that, had it not been covered over with red velour drapes, would have given a southerly view over Kowloon, a young man with dramatically spiked hair sat in front of a bank of four monitors.
The young Chinese punk stood and bowed when Tong appeared behind him.
The older man said, “Kinetic operation complete. You should be receiving data shortly.”
“Sie de, xiansheng.” Yes, sir. With a bow the man turned back to his desk and sat down.
“Zha?”
He quickly stood back up and turned around.
“Yes, sir?”
“I want a report on what you find. I don’t expect DarkGod’s code will reveal anything you can use to optimize your RAT before we attack DoD, but keep an open mind. He did well to get as far as he did in the CIA Intelink network with his limited resources.”
The punk rocker said, “Of course, sir. I will look at DarkGod’s code and report to you.”
Tong turned and headed back through the operations room without another word.
—
The young punk rocker’s name was Zha Shu Hai, but he was known in cyberspace as FastByte22.
Zha was born in China, but his parents immigrated to the United States when he was a child and he became a U.S. citizen. Like Tong, he was something of a child prodigy in the computer sciences, and also like Tong, he went to Caltech, graduating at age twenty. When Zha was twenty-one years old he obtained a U.S. government security clearance and began working in the research-and-development department of General Atomics, a high-tech defense contractor in San Diego, and the manufacturer of unmanned aerial vehicles for the military and intelligence industries. Zha was tasked with testing secure and encrypted networks to see if the systems could be hacked into.
After two years of work, Zha reported back to General Atomics that such hacking was virtually impossible without specific knowledge of the networks, the communications gear that transmitted signals to the drones, and incredibly sophisticated equipment.
And then the young Chinese-Ame
rican tried to make contact with the Chinese embassy in Washington, D.C., telling them that he would like to offer them his specific knowledge of all these things, and then help them build incredibly sophisticated equipment to help them exploit this knowledge.
Unfortunately for Zha, a routine polygraph required to maintain his clearance picked up strong indications of deception, and a search of his computer picked up the correspondence with the Chinese embassy. The young General Atomics penetration tester was arrested and sent to prison. As soon as Tong started the Ghost Ship, however, he used his resources to help the young man make his way out of the United States so he could join Tong in his operation in Hong Kong.
With Zha’s knowledge of computer code and penetrating secure networks, he developed the Ghost Ship’s powerful remote-access Trojan, the malware that allowed Center to steal data covertly, as well as see through the cameras and listen through the microphones of every machine it infected.
Zha’s virus was as insidious as it was brilliant. It began by performing a port scan, looking for computer security’s version of an unlocked window. If it found the exploitable port, it then began a series of common password attempts to make entry on the machine.
All this happened in the span of a few hundredths of a second. No one operating the computer at the time, unless they were watching the machine’s resources carefully, would notice anything amiss.
If the worm succeeded in getting into the machine’s subconscious, it then performed an ultra-high-speed reconnaissance, taking note of the applications installed and the quality of the processor and motherboard. Low-quality or older machines were rejected; the worm would instantly relay information back to the hacker that the node was not worth probing further, and then it would delete itself. High-end machines, on the other hand, were invaded further by the malware, the brain of the computer was taken over by the virus, and the message would go back to the hacker that another member of the robot army was reporting for duty.
Once the computer had been taken over by the Ghost Ship, a subroutine designed by FastByte22 himself would go into the system’s machine code and remove any vestige of the delivery system.
Or so Zha thought. In truth, his subroutine missed a single strip of code, and this is what Gavin Biery detected on the Istanbul Drive.
With this virus Zha had been the first to break into the CIA’s Intelink-TS network router for cable traffic, but on one of his maintenance forays into the source code, he realized he was not alone. He traced the other hacker, narrowing down the man’s identity by monitoring research done at open source bulletin boards and technical directories, discovering he was a well-known amateur hacker in the United States named Charlie Levy. And then Center’s controllers went to work trying to convince Levy to work for his organization so he could exploit the man’s knowledge.
That attempt had failed, so Tong then tried to exploit Levy’s knowledge by hacking into his machine.
That also failed. So Crane and his men got the information the old-fashioned way, by killing Charlie Levy and stealing it.
Tong knew Zha was cocky, and would not think DarkGod had anything in his virus that would improve on Zha’s own work.
Tong, on the other hand, appreciated how much could be learned by pooling intellectual resources of individual hackers, even hackers who did not give up their intellectual resources willingly.
Zha may not have believed that Levy had anything to add to his code, but Tong felt he had been forceful enough to make clear to the young man that he would be expected to give the data stolen from DarkGod his full attention.
TWENTY-THREE
Thirty-four-year-old Adam Yao sat behind the wheel of his twelve-year-old Mercedes C-Class sedan and wiped his face with a beach towel he kept on the passenger seat. Hong Kong was hot as hell this fall, even at seven-thirty in the morning, and Adam wasn’t running the air conditioner because he did not want his engine’s noise to draw attention to his surveillance.
He was close to his target location, too close, and he knew it. But he had to park close. He was dealing with the lay of the land, the bend in the road and the close proximity of the parking lot to the target.
He was pushing his luck parking here, but he had no choice.
Adam Yao was on his own.
When most of the sweat was off his brow he brought his Nikon camera back to his eye and zoomed in on the lobby door of the high-rise condominium tower across the street. The Tycoon Court, it was called. Despite the cheesy name, it was opulent inside. Adam knew the penthouse digs, located here in the lush Mid-Levels neighborhood of Hong Kong Island, must have cost an arm and a leg.
He used his lens to scan the lobby, searching for the target of his surveillance. He knew it was unlikely the man would be standing around in the lobby. Adam had been coming here for days and each morning was the same. At about seven-thirty a.m. the subject would shoot out of the penthouse elevator, walk purposefully across the marble floor of the lobby, and step outside and duck into an SUV in the middle of a three-vehicle motorcade.
And that was as far as Adam Yao had been able to track the man. The windows of the SUVs were tinted, and the subject was always alone, and Adam had not yet tried to tail the motorcade through the twisting narrow streets of the Mid-Levels.
Doing that alone would be nearly impossible.
Adam wished he had support from the leadership of his organization, just some resources and personnel he could call on in times like this to lend a hand. But Adam worked for CIA, and pretty much every CIA officer in Asia knew one thing about the organization: there was a breach. Langley denied it, but it was clear to the men and women on the sharp edge over here that the PRC was getting tipped off about CIA plans and initiatives, sources and methods.
Adam Yao needed some help with this surveillance operation, but he didn’t need it bad enough to risk compromise, because Adam Yao, unlike most every other CIA officer in China and HK, was working without a net. He was a CIA nonofficial cover officer, which meant he had no diplomatic protection.
He was a spy out in the cold.
Not that he wouldn’t mind something cold at the moment. He reached for his beach towel and wiped more sweat off his face.
—
A few days ago Yao had been alerted to the presence here at the Tycoon Court of a man from the mainland, a known manufacturer of counterfeit computer hard drives and microprocessors that had made their way into critical systems of U.S. military equipment. His name was Han, and he was director of a large state-owned tech factory in nearby Shenzhen. Han was in HK for some reason, and was getting picked up each morning by three white SUVs and driven off to an unknown location.
But even though this counterfeiter had managed to get his counterfeit devices into U.S. military equipment, to the CIA this was a commercial case, and commercial espionage was not something CIA put a lot of focus on over here.
Chicom cyberespionage and cyberwarfare were a big deal. Industrial computer crime was small potatoes.
But despite knowing good and well that Langley would show little interest in his initiative, Adam pushed ahead in this new investigation, for the simple reason that he very much wanted to know just who the hell the counterfeiter was meeting with on Adam’s turf.
Yao had been holding the camera to his eye for so long that the rubber eyecup over the viewfinder was filling up with sweat. He started to lower it from his eye, but then the penthouse doors in the lobby opened and, true to his daily ritual, the Shenzhen knockoff computer hardware maker stepped out alone and walked across the lobby. Just then three white SUVs rolled by Yao’s car and stopped under the awning of the Tycoon Court.
Each day the vehicles picking up the man were the same. Adam had been too far up the street to read the license plates on his earlier attempts, but today he was close enough to get a good angle and he had plenty of time to snap pictures of the tag number
s.
The back door to the second vehicle was opened from the inside, and the counterfeiter ducked in. In seconds the three SUVs rolled off, east on Conduit Court, disappearing around a hilly turn.
Yao decided he would attempt to tail the SUVs today. He would not get too close and it was unlikely he’d be able to follow them for long before he lost them in the thick traffic, but as far as he was concerned, he might as well head off in the same direction as they had on the offhand chance he’d get lucky and track them to a major intersection. If so, and assuming they took the same route each day, he could position himself farther along the route tomorrow and tail them a bit closer to their ultimate destination.
Any success using this technique would be a slow process and a long shot. But it beat coming here every morning, sitting here, day after day, which was beginning to look pointless.
He lowered his camera to the passenger seat and reached for his keys, but a loud rapping on his driver’s-side window made him jump.
Two police officers peered in the window, and one used the plastic antenna of his walkie-talkie to knock on the glass.
Great.
Yao rolled down the window. “Ni hao,” he said, which was Mandarin, and these cops likely spoke Cantonese, but he was pissed about wasting his morning, again, so he did not feel like being helpful.
Before the officer at the window said anything he looked past Yao to the passenger seat of the Mercedes, where the camera with the two-hundred-millimeter zoom lens sat next to a directional microphone with a set of headphones, a set of high-quality binoculars, a tiny notebook computer, a small backpack, and a legal pad full of handwritten notes.
He looked up at Adam now with suspicion. “Step out.”
Adam did as he was told.
“Is there a problem?”
“Identification,” the officer demanded.
Adam reached carefully into his pants and pulled out his wallet. The cop a few meters back watched him closely as he did so.