Counting from Zero
Page 8
Could generate a paper or two, and some interesting presentations… not to mention the satisfaction of solving a good puzzle.
He was now viewing the LeydenTech spambot and the ‘Carbon is Poison’ zero day as related. He had also made contact, albeit anonymously, with two other system administrators who had also been targeted in a similar way to LeydenTech on an anonymous IRC (Internet Relay Chat) channel or chatroom for Security Administrators. They had exchanged some of the spam emails that their servers had been sending out. Mick added them to the messages he had logged on his own server, and the messages sent by the LeydenTech server.
With these messages, he was starting to build a decent data set. Today he planned to combine the packet flows from these four compromises into a single database for searching and number crunching. First he looked for traffic patterns between the servers. He wrote a script, a mini computer program, to search and analyze the messages exchanged overnight, and left for the day.
Mick stayed up late that night, coding to relax. He still felt off balance, as if he were recovering from a particularly nasty illness. It reminded him of how he felt as a kid after being in a schoolyard fight.
Wednesday morning found Mick engaged in his weekly password change ritual at the keyboard. He typed:
Eh,quid_facis,doc?
He read that it just kept on raining on Lars in Helsinki. Kateryna was looking forward to visiting a new Thai restaurant in the evening, although she didn't say with whom. Gunter was suffering writer’s block as he approached a deadline for a whitepaper. Mick sent some encouraging comments to Gunter as he knew what it was like, and how good it felt when one finally reached that desired word count.
Back at LeydenTech, he almost choked on his espresso as he looked over the results of the script. His script had found a number of communication exchanges, known as flows, and had created a chronology of communication in a 2D graphical representation. He was amazed to see a pattern of communication emerge out of the seemingly random spam sent between the four computers. The information flow looked familiar to him but he couldn't quite put his finger on it. His script had organized the information in a so-called ‘ladder diagram’ where each computer was represented as a column and the messages between them arranged like rungs on a ladder. With a flash of insight that made the hair on his neck stand up, he rearranged the four servers as nodes on a line and redrew the messages as semi-circular arcs. Now, it was clear to him: the servers were definitely running some kind of peer-to-peer protocol. He sat back in his chair, realizing the botnet used P2P routing protocols... a staggering implication for combating the botnet.
Mick found himself staring into space as he contemplated the consequences of this discovery. P2P networks were extremely difficult to shut down. And an obfuscated P2P network that hid behind volumes of spam would be difficult even to detect, let alone shut down. This was some sophisticated programming, not your usual malware composed of scripts and borrowed code. He forced his mind to focus again with the thought that he still hadn't found the communication messages that he conjectured were being distributed using P2P technology. Until he found and deciphered them, he didn't have a complete picture. He set about analyzing the suspicious packets between the servers.
But by the end of the day, Mick felt more confused than ever. Every message he examined was, in fact, just spam. He had expected to find some encrypted payload or messages that he then could analyze to try to determine the kind of encryption algorithm used, and get one of his crypto friends to break them. Instead, he found only spam email messages. He stared at one particular message about a one million pound lottery the recipient had apparently won. Did people really enter so many lotteries that they honestly could not remember which ones they had entered, and hence could fall for this kind of spam? He was left with that most puzzling fact about spam: some people actually read spam, some actually call or click on it, and some, amazing as it sounds, hand money over to the spammers. If they didn't, if spam ads didn't generate revenue for someone, it would end overnight, and the industry would collapse.
Mick was about to head home for the day when Vince called him over. He sat down in Vince’s office, looking around the room. Vince opened his desk and passed him something. Mick turned it over in his hand and examined it. It was about the size and shape of a small bookmark: thin, but astoundingly heavy for its size, as if it were made of something much more dense than lead. Seeing two small wire terminals on one side, Mick figured it out.
“Is it –” he asked.
“Yes, this is what we make,” Vince interrupted him. “Would you believe 2Ø Amp-hours at 48 Volts?” he said, giving the storage capacity of the device.
“But that's much more energy than the battery in my motorcycle!” Mick exclaimed.
“Very true.”
“It is so thin!” Mick commented.
“Actually, this one is quite thick. The capacity of this device is not about the volume, it is about the surface area. It can be much thinner without the protective coverings.”
“Wow!” Mick replied.
“Yes, wow!” Vince echoed. “So, let’s get this break-in resolved so we can concentrate on developing these babies.”
“Understood,” Mick responded, handing it back to Vince, but Vince stopped him.
“Keep this one – just don’t go flashing it around, OK?” He placed it in Mick’s hand.
“Really? No way! This would make an awesome battery for a computer. I’ll just need to build a charger.”
“No problems – I’ll send you the specs. I really like the work you’re doing for us. Just get to the bottom of it, Mick.”
“Will do!”
Mick remembered he had planned a video call with Kateryna for the evening. She said she had some information she didn't want to share over mail. He finished up a little earlier, took the direct route back to the inn, making a quick dinner of ramen and various vegetables and tofu he had picked up earlier in the week. For this call, he got out his best high definition camera and actually used headphones instead of his implant. The high quality of the sound was his favorite aspect of HD video calls; it made you feel as if you were there with the other person.
“Good evening, Mick,” Kateryna began, pronouncing Mick’s name in her signature way as her smiling face filled the screen. She was still in her office, he guessed. However, the room seemed to have good lighting: no overhead fluorescent lights that made some video calls look so awful. She was wearing a light blue blazer and a white blouse with some jewelry a geologist would likely find fascinating.
“Hey Kat. Thanks for doing this for me – it means a lot. I'll definitely owe you one,” he replied, glancing at his own sent image to make sure he looked good. He had put on a fresh black T-shirt for the call.
“No problems. Actually, I think I've made some new friends in our anti-spam group. They really enjoyed going through the code you sent. You did have permission from your client to share, right?”
“Of course, but I can't say who they are or disclose it publicly.”
“Sure, I understand,” she said, the corner of her mouth moving as if to start a dazzling smile. Sometimes he had a hard time concentrating when he was talking to her. “So, here's what they have found: multiple layers of encryption and some clever tricks to avoid reverse engineering or monitoring of the code. The guys say they haven't seen anything as good as this since they first looked at that peer-to-peer communication stuff a few years back.”
“Funny you should say that...” he began.
“Don't tell me, P2P communication patterns, too?” she asked, her eyes getting wide.
“Yes, definitely. Or, at least I'm pretty sure.”
“Which is it?”
“Well, I'm pretty sure there is communication, but I haven't found the actual messages yet. They are well hidden somehow. I feel as if they are staring me in the face...” Mick paused and stared out into space as the answer came to him – steganography – the hiding of information in plain si
ght. He got himself together and tried to concentrate on Kateryna who was looking on somewhat bemused. Mick wasn’t sure how much time had passed.
“Did you just remember you left a motorcycle running back at your garage?” she asked.
“No, no, I just realized something. Anyway, what else did they find?”
“Just that it is some of the most sophisticated spamware they've ever seen. Also, another interesting thing: this code must do more than just send spam.”
“What do you mean?”
“Well, the size of the code is much too big to just be a spambot. It must have other functions. Any idea what those might be?”
“I'm beginning to... yes.”
“Are all of your consulting jobs like this?” she asked, perhaps a tinge of envy in her voice.
“No, most just involve inventing cold fusion, finding Higgs-bosons, and solving world hunger. This one is actually less difficult than most,” he replied, and was rewarded with a glare.
“So have you been enjoying the riding and the scenery?” she asked.
“For sure – it is so spectacular. I'm told I need to come back in the early spring and also in the summer to see all the different moods of the desert. Los Alamos is amazing, although it is pretty isolated.”
They chatted for a few more minutes until Kateryna appeared to be interrupted by a phone call.
“Oh, one last thing. Buried in the code they found the name of this software: Zed dot Kicker. You know these attack writers – they love to name their creations. Gotta run, Mick. Take care.”
“OK, thanks a bunch, Kat. Talk to you again soon,” he replied as she signed off.
The next few days, he made good progress at LeydenTech, giving regular updates to Vince. Vince had agreed to ship him a hardware encryption device so he could do the rest of his work remotely. As a result, he decided not the stay for the weekend, and had made arrangements to fly back to New York on the next morning, Saturday. He also had a response published in ISW disavowing the email and setting the record straight. After a terrible start to the week, things were looking up.
Walking out of the LeydenTech offices, Mick pulled on his helmet and gloves and started the Ducati. Second kick, as always. For some reason, Mick enjoyed kick starting his motorcycles. When he had a choice of kick start or electric start, he always used the kick starter.
He pressed down with his left toe to select first gear, slipped the clutch and took off. He waved with his left hand to the guard at the gate who pressed the button to open it and he turned right onto the road, shifting into second. As he accelerated, he noted a car in his outside mirror; a glance to his inside mirror confirmed it. He was sure there were no cars on the road when he pulled out – very strange. Going up through the gears, he reached his cruising speed, feeling the engine revs rather than looking at the tiny gauges mounted in front of the handlebars on the bike. As he approached the first intersection, he had his first decision: most direct route or most fun?
As if it were a choice...
There were few other cars to be seen on the road in the early evening light, so he didn't even have to slow down as he cornered to the right at the intersection by pushing on the right side of his handlebars. A common misconception about high speed motorcycle cornering is that you turn the handlebars to initiate the turn. Actually, the best technique is to counter steer – to push on the handlebars in the opposite direction of the turn. The gyroscopic effect causes the bike to lean the other way, and hence initiates the turn. The harder you push, the more the bike leans, and the harder you turn. This was one of the hardest things that Mick had to learn when he first started riding motorcycles on the street after riding dirt bikes as a kid.
He completed the turn with plenty of road left, a slight smile forming on his face. Then, he noticed the same car from LeydenTech also making the turn. Mick noted the suspension roll, or lean, on the sedan as it exited the corner, suggesting that it had taken the corner without slowing down. This wiped the smile off his face as he started to ponder the possibilities.
His route took him around the outskirts of Los Alamos. Off the beaten track, but still roads that people drove. He decided to add a few more kilometers to his ride and answer the question building in his mind. A small dirt road approached on the left, and he took it, braking slightly on the pavement, and leaning less on the turn until he knew how loose the gravel was on the road. He straightened up and accelerated with the setting sun behind him. A moment later, the sedan made the same turn. Mick's pulse increased and he felt adrenaline surge through him.
That car is following me…
He decided to turn the tables on his pursuers.
At the next slight rise in the road, Mick waited until he was over the crest and hit the brakes hard with his right foot, locking the rear wheel while modulating the front break with his right hand, keeping on the edge of adhesion. He pulled behind some strategically placed scrub that hid him from view. He down shifted to first gear but didn't have long to wait for the car to come over the crest of the hill.
As the car roared past, he had a good look at the two occupants, men in their twenties or thirties, dark haired with sharp features. The passenger turned and spotted him as they roared by, but it was too late. Mick slipped the clutch at the same instant and gave the Scrambler full throttle. His rear wheel moved around but he kept it under him as he rapidly caught up. He saw the driver touch the brakes in surprise, but then take his foot off, and instead stepped on the other pedal. Mick was eating a lot of dust, and from the sound of it losing some paint on his bike, but he twisted his wrist and accelerated, keeping up with the car.
As the road started getting a little bumpier, he rose up off his seat, making his legs part of the suspension of his bike, and keeping his weight on his foot pegs, providing better control. He bent his elbows slightly, pointing them outwards, making his body a fulcrum as the bike pounded over the bumps, motocross style. The car in front of him was having a harder time, almost getting airborne on some bumps. The passenger kept turning around to glare at him. Mick's tinted full-face helmet prevented them from seeing the concentration on his face. With the cloud of dust kicked up by the car, he wasn't getting a very good view of the road.
Mick had only a fraction of a second to react to the glowing red brake lights and the resulting shower of dust and stones. He jumped on his brakes hard, locking his rear and applying his front brake as hard as he dared without washing out. The car was coming to a complete halt, and with its four wide tires, it was stopping faster than Mick's two wheels. The car slid sideways, nearly blocking the road, forcing Mick to choose between running into it or heading off the road. He chose the latter, nearly laying the bike over on its right side as he released his brakes to gain traction. The edge of the road made a jump and Mick went airborne. He would have stuck the landing if it weren't for the erosion rut that claimed his front wheel. He couldn't steer or do anything except go over on his side. Mick parted company with his bike, rolling to a stop a few meters away.
As his head cleared, he sat up and pulled off his helmet. The engine of the Scrambler was still running, the back wheel spinning in the air. He crawled over and hit the kill switch to stop the engine. He then realized he was not alone, as the two men stood over him.
“O'Malley! You should mind your own business,” one of them said, kicking the dirt with his boot. This guy was not from New Mexico, or even from North America, judging from his accent. Mick said nothing, glaring at them. “If I were you, I'd forget about Zed dot Kicker if you know what's good for you...” The man paused and then both turned around and began walking back to the car. “Oh, and O'Malley, you should be more careful with your things, like your private keys.”
Mick tried to stand up but a sharp pain in his leg made him hesitate. He tried to shout but his throat was bone dry. He watched as they climbed back in the car. Mick unzipped a sleeve pouch on his jacket, retrieved something small, and flung it towards the car.
Mick watched helplessly
as the car left him behind in a gradually receding cloud of dust. He caught his breath, his heart rate returning to normal. He took a drink of water, then pulled out his mobile, firing up an application.
Bull's eye!
He smiled looking at the map of the New Mexico desert with two dots: one was his location, the other was the location of the car speeding away. His uncle’s invention, a magnetic GPS tracker, had attached to the car body and was working perfectly.
He dusted himself off, righted his bike and set off following them. Fortunately nothing mechanically was broken on the bike, although the forks were slightly skewed from the handlebars. As darkness fell, he left the corrugated road and was back on the pavement again, heading south. He adjusted his speed so he stayed about five minutes behind. Mick did a quick fuel economy calculation in his head and determined that he could make it to Albuquerque, but not much further. Fortunately, they took the turnoff towards the airport and he closed on them. He could not follow them into the car rental return area, but instead parked near the terminal and waited. He positioned himself in the middle of the terminal so he could see the check-in counters. In the meantime, he made note of the rental car company, based on where the car was parked.
Mick spotted the men checking in. He ducked inside a souvenir store and purchased a baseball hat and a bulky sweatshirt that had some joke about cow tipping printed on it. He put them both on, pulling the cap over his eyes. He positioned himself near where they would walk to get to the security checkpoint. The two men walked away from the counter with their boarding passes in hand and their bags slung over their shoulder. He made for the taller of the two, keeping his eyes on the ground. As he bumped shoulders, he made sure he knocked the papers from the man’s grip.
“Blin!” the man shouted.
“So sorry, y’all!” Mick mumbled in an awful southern accent, picking up the papers. The man ripped them out of his hands and caught up with his friend. When Mick looked up a moment later he had a grin on his face, and a name to go with a face.