Threat Vector
Page 26
No, he couldn’t very well sit on that information.
Yao knew his cable to Langley was going to be a tough sell. His supposition, that a young Chinese hacker who had stolen UAV software code two years earlier might somehow be involved in this week’s computer attack and hijacking of several American drones, was not based on any hard evidence.
On the contrary, there seemed to be some evidence that Zha Shu Hai was not working on anything as high-level as drone hijackings. Yao did not mention the Triads in his cable, but hacking drones and killing American soldiers in Afghanistan hardly seemed like the modus operandi of the 14K. No, hacking banking software or other forms of computer embezzlement seemed like it would be the more likely aim of Zha if he was, in fact, employed by 14K.
But Adam needed to be sure, and he had asked only for some additional resources to help him dig deeper into whatever was going on above the Mong Kok Computer Centre.
But Langley had declined his request, explaining that all assets in Asia were tied up at the moment and assets at Langley were similarly otherwise engaged.
The response Adam received had been reasonable, he had to admit, even if it pissed him off. The reply from Langley had explained simply that, in the unlikely case that China was involved with the UAV incidents, it would come from inside China. All intelligence out of China indicated that offensive computer network operations of a military nature on the scale of a UAV attack would originate from the PLA’s General Staff Department, Fourth Department. These were China’s elite cyberwarriors.
A well-coordinated attack on the United States would originate with them, not with a hacker or group of hackers in Hong Kong.
The cable went on to explain to Adam Yao, in what he saw as a patronizing tone, that Zha working in Hong Kong in an office building was not a threat to the Department of Defense’s secure computer network.
After all, Hong Kong was not China.
“No shit,” Adam responded to the message on his monitor. He knew the situation he described in his cable was highly unusual, but his evidence, his on-the-ground intelligence collection, though circumstantial, surely warranted a closer look.
But his superiors, the CIA’s analysts, did not agree.
So Adam did not get his assets, but that was not the worst news in the cable from Langley. His superiors in the National Clandestine Service indicated that they would pass on the helpful information about the location of Zha Shu Hai to the U.S. Marshals Service.
That meant, Adam was certain, that within a few days a couple of four-doors would show up in Mong Kok and a team of deputy marshals would climb out. They would be identified as a threat by the Triads, the Triads would get FastByte22 out of town, and that would be the last Yao saw of Zha.
Adam logged off the secure e-mail system and leaned back in his chair. “Shit!” he shouted to the small empty room.
—
Zha Shu Hai had never been in Center’s office before. Few of the employees of the Ghost Ship, even the important ones like Zha, had personally been inside the surprisingly cramped and spartan work area of their leader.
Zha stood with his hands at his sides and his knees locked, an affected military stance because Center had not asked him to sit down. The rock-hard gel in his spiked hair shone and sparkled in the light from the flat-screen displays on Center’s desk. Center himself was in his chair in front of his monitors, his ever-present VOIP earpiece in his ear and his rumpled demeanor on display here just as it always was on the operations floor.
He said, “Three American drones were downed before the Americans ceased all flights.”
Zha just stood there at semi-attention. Was that a question?
Center cleared up the confusion. “Why just three?”
“They were quick to land their other UAVs. We managed to break into one more in Afghanistan within minutes of the crash of the first one, but it had landed before our pilot achieved input control and the weapons had been offloaded. As soon as I realized that, I took the Global Hawk off the coast of Africa. That is a very valuable and technologically advanced machine. It will show the Americans that the capacity is there for great harm to them.
“The Global Hawk crashed into the ocean.” Center said it in a way that Zha could not read.
“Yes. It is a Northrop Grumman product, and my software was optimized for the Reaper and Predator platforms from General Atomics. I had hoped that the pilot could have crashed it into a ship, but he lost control soon after I passed responsibility to him.
“The third vehicle I took was on the American mainland, for the obvious effect of causing them great concern.”
Zha was proud of himself for all three hacks. He wanted more appreciation from Center than he was getting.
“We should have had more pilots,” Center said.
“Sir. I felt it necessary to be personally involved with each hijack. I could have captured the signal and given control to different pilots, but there were many technical nuances with each operation. The pilot was not trained to maintain the signal.”
Tong looked over a report Zha had sent him with details of each operation. He looked like he was going to comment further, but instead he laid the paper down.
“I am satisfied.”
Zha breathed a long inward sigh. He knew that was Center’s highest compliment.
The older man then said, “I’d hoped for five, or even more, but the three UAVs you took were well chosen for maximum impact.”
“Thank you, Center.”
“And the Trojan in their network?”
“It remains. I have provided them with the false trail, they will find this within the week, but the actual Trojan is ready to go to war again as soon as they fly their drones.”
“The false trail should focus their attention on Iran?”
“Yes, Center.”
“Good. The PLA has hopes the Americans will attack Iran over this. That is their ultimate goal. I, however, think they are underestimating the abilities of the NSA to recognize the misdirection. Still, every day Washington’s understanding of China’s involvement in Earth Shadow remains unclear is another day closer our forces are to achieving their goals.”
“Yes, Center.”
“Very well,” said Center, and Zha bowed, then turned to leave the office.
“There is one other item.”
The young man snapped back to attention, facing Dr. Tong. “Sir?”
The older man picked another sheet of paper up off his desk and looked it over for a moment. “It seems, Zha, that you have been under surveillance by the Central Intelligence Agency. There is a spy from their organization here in Hong Kong, and he is watching you. No, don’t worry. You aren’t in trouble. Even with your disguise we knew it was possible that someday you would be recognized. He has your name, and he has your computer handle. Do not use the name FastByte Twenty-two again.”
Zha said, “Yes, Center.”
“But the local CIA man does not seem to have any other concrete details about our operation. CIA leadership has told him you are not a concern of theirs at the moment, although they may notify police to try and bring you back to America.”
The young man with the spiked black hair did not speak now.
After a moment Center waved a hand in the air. “This is something I will bring up with our hosts. They should be taking better care of us. They are making a lot of money from our banking operations, after all.”
“Yes, Center.”
“You should limit your activities around town, and I will insist your guard is doubled.”
Now Zha asked, “What will we do about the Americans?”
It was clear Center had already given this consideration. “For now? Nothing other than warn Fourteen-K to be on the lookout. This is a critical time in Operation Earth Shadow; we can’t do anyth
ing overly”—he searched for the word—“kinetic to this operative without receiving too much scrutiny from the Americans.”
Zha nodded.
“We will wait for now. Later, when there is no longer any reason for us to remain in the shadows, we will leave Hong Kong and we will have our friends here take care of Mr. Adam Yao of the CIA.”
THIRTY-ONE
Jack Ryan, Jr., dropped into the chair in his cubicle at eight-thirty a.m., as he did each workday.
He had fallen into a predictable morning routine. Up at five-fifteen, coffee with Melanie, a jog or a workout, a kiss good-bye, and the fifteen-minute drive to work.
Once in the office, normally he would start his day by picking through overnight traffic sent from the CIA down in Langley up to NSA in Fort Meade. But that had changed since the cyberhijacking of three American drones. Now he spent more time watching traffic flow in the opposite direction. The cybersleuths at NSA were delivering daily updates to CIA about their investigation into the attack.
Jack read the information from NSA each morning, hoping the folks over there would get to the bottom of the affair quickly, but the drone hijackings were not something The Campus was working on officially. No, Jack and the other analysts were still digging into the investigation of the Istanbul Drive, but he read every bit of data he could understand from NSA to see where they were with the investigation.
He’d even had a long conversation with his girlfriend about the events. He’d become something of an expert on keeping his tone light and only semi-interested when he discussed Melanie’s work, although in truth he wanted to pick her brain like the highly skilled intelligence analyst he was. She was working on the matter for Mary Pat Foley, but at this point the computer forensic people at NSA were running lead in the investigation.
There was a new development this morning. Hard evidence, as far as Ryan could tell from the data, that Iran was involved in the UAV attack.
“Damn,” said Ryan as he took notes down on a legal pad for his morning meeting. “Dad is going to have a coronary.” Jack’s father had fought it out with the United Islamic Republic several years ago, kicked Tehran’s ass and assassinated its leader. Even though Iraq and Iran were once again two separate nations, Ryan wasn’t surprised to see that the Iranians were still causing trouble.
Ryan figured his dad would take this news out of NSA and start preparing his retaliation.
Jack spent much of the morning reading NSA-to-CIA traffic, but when he’d finished going through all the new data from Fort Meade he quickly thumbed through CIA internal communication. He did not see much here regarding the UAV matter, but he noticed that one of his data-mining targets had received a flag.
Jack clicked on the program to launch it.
Ryan used data-mining software to hunt through CIA traffic for key terms, and daily he got anywhere from ten to one hundred hits on terms such as “Libya JSO operatives,” “computer hacking,” and “assassination,” and as he waited to see what flagged term had just appeared in CIA traffic, he hoped it was something that would help him get the operational stand-down lifted on The Campus.
When the software launched, he blinked his eyes several times in surprise.
The flagged term was “FastByte22.”
“I’ll be damned,” Jack said. The hacker of the Istanbul Drive had shown up in a CIA cable.
Quickly Ryan read the cable. A CIA nonofficial cover operative named Adam Yao, based in Hong Kong, had found an American computer hacker of Chinese descent named Zha Shu Hai living and working in a Hong Kong neighborhood. Zha, Yao explained, may also be using the computer handle FastByte22 in cyberspace, and he is definitely a fugitive from American justice.
Yao pointed out in his cable that the hacker had been a penetration tester for defense contractor General Atomics, and had been imprisoned for offering to sell secrets about drone hacking and classified network penetration to the Chinese.
Jack said it again: “I’ll be damned.”
Adam Yao suggested that CIA send a team to Hong Kong to follow Zha to learn more about his actions, associations, and affiliations in HK to determine if he may have been involved in the recent computer penetration of the Department of Defense’s secure information network.
Jack Ryan, Jr., had read thousands—no, tens of thousands—of CIA cables in his four years working at Hendley Associates. This particular correspondence seemed to him to be very thin on details about how Yao found Zha, how Yao linked Zha to the name FastByte22, and what sort of activities Zha was now engaged in. This Adam Yao fellow seemed to be offering up just a small piece of the puzzle to Langley.
Langley declined Adam Yao’s request for support in surveillance of Zha Shu Hai.
Jack reached into CIA records to look into this NOC Adam Yao. While they were accessing he looked down at his watch; the morning meeting would be starting in just a few minutes.
—
Twenty minutes later Jack was on the ninth floor, addressing the rest of the operatives, Gerry Hendley, Sam Granger, and Rick Bell. “NSA says they have a long way to go, but they have found a Trojan on their secure network at Creech Air Force Base in Nevada. One of the lines of code steals the software for flying the drones, and then orders the software to be sent to a server on the Internet.”
Bell said, “If the DoD network isn’t attached to the Internet, then how can the software get exfiltrated to an Internet server?”
Ryan explained, “Anytime somebody uses a remote hard drive, which they have to do to update software or to put new data on the network, the Trojan sneaks pilfered data onto hidden portions of the drive automatically, without the user knowing. Then, when this drive is later plugged into a computer with Internet access, the data immediately is snuck out to a command server controlled by the bad guys. If the malware is any good, then it all happens on the down low.”
Domingo Chavez said, “The old way to defend your position was called ‘the Three G’s.’ Gates, guns, and guys. That method doesn’t slow these guys down a bit.”
Sam Granger asked, “Where was the data sent?”
“The data was sent to a network server, a physical computer, at Qom University of Technology.”
“Qom?” Caruso did not recognize the name.
Ding Chavez blew out a sigh. “Iran.”
“Those sons of bitches,” muttered Sam Driscoll.
Sam Granger said, “Looks like CIA’s suspicions are confirmed.”
Jack said, “That’s not exactly true, Sam. This virus wasn’t controlling the drone; this virus is a Trojan that recorded every bit of the control software and exfiltrated it back out. The Trojan points to a university in Iran, but in order to fly the Reaper they would have had to spoof the signal. They would need a ton of equipment and some expertise, but that doesn’t mean they couldn’t do it.”
“So, was it Iran?”
“I don’t know. The more I think about it, the more I am suspicious. This line of code makes it so obvious, it looks to me like whoever set this whole operation up wants Iran to be implicated.
“I’d like to bring Gavin into the meeting to get his take on it,” Jack said. “This is pretty much all that Gavin Biery thinks about.”
Rick Bell balked. “True though that might be, he is not an analyst.”
“No, not at all. He doesn’t have the training, nor does he have the patience or temperament to deal with voices that disagree with his own, which is something any analyst worth a damn needs to possess. But still, I say we look at Biery like a source.”
“A source?”
“Yeah. We give him everything the NSA knows about the attack. Starting with this information about the exfiltration server.”
Rick Bell looked to Gerry Hendley to make the call.
Gerry said, “Gavin knows his stuff. Let’s bring him in and ask for his take on this.
Jack, why don’t you go down and talk to him when we’re finished here?”
“Sure. And there is more news from CIA this morning. I would have told Gavin this already because it relates to him, but I had to get up here first.”
Granger said, “What is it?”
“There is a NOC in Hong Kong who says FastByte Twenty-two, the guy who is involved with the Istanbul Drive, is living there in Hong Kong. He says he’s been watching him for several days.”
“What is he doing?” asked Hendley.
“That isn’t really explained in the cable. The NOC is trying to get some resources to expand surveillance because, he says, the hacker worked on the software for some of the UAV drones that were attacked. He thinks he might be involved with what’s going on.”
“What does Langley say about that?”
“They said, ‘Thanks, but no thanks.’ My guess is CIA is looking at Iran too hard to put much stock in this lead in Hong Kong. They made some good points refuting his argument.”
Hendley said, “But we’re sure it’s the same FastByte Twenty-two?”
“It’s the only one that has turned up anywhere. Open source, classified intel, LexisNexis. I think he’s our guy.”
Sam Granger saw a look on Ryan’s face. “What’s on your mind, Jack?”
“I was thinking, Gerry, that maybe we could go over and help this Adam Yao out.”
Sam Granger shook his head. “Jack, you know The Campus is in operational stand-down.”
“The Campus is, but Hendley Associates is not.”
Chavez said, “What are you talking about, Jack?”
“This NOC, Adam Yao, runs a front company over there that is a business investigation firm. I was thinking we could go over there as representatives of Hendley and say this FastByte character has been trying to break into our network. Just play dumb like we don’t know Adam Yao is already tailing the guy in his clandestine duties for the CIA.”
It was quiet in the conference room for a good fifteen seconds.
Finally Gerry Hendley said, “I like it.”
“That’s a great idea, kid,” admitted Chavez.