Cyber Attack
Page 12
“Good morning, people! We have a busy week on tap for this team of journalists and miscreants,” said Joe Sciacca, editor of the Boston Herald. “I am sure The Gray Lady’s Younger Sister with an Inferiority Complex is busy trying to spin a yarn or two.” The editorial board of the Herald laughed at Sciacca’s reference to the Boston Globe, their decidedly liberal counterpart.
“Tomorrow is primary day. Hillary is in town for a campaign event. The Bilderbergs invade our fair city. And last but not least, the Bronx Bombers visit Fenway at the end of the week. What more could one ask for?”
“Madonna is playing the TD Garden Thursday night,” said an intern from the back of the room.
“Well, we are the center of the universe, aren’t we?” asked Sciacca sarcastically. “Politics leads the way this week. Julia, you’re up. Let’s start with the primary.”
“Thanks, Joe,” started Julia. “As we all know, Massachusetts primary day is tomorrow, which is new for the state. For years, over many election cycles, state legislatures have attempted to consolidate the state’s primaries to the first Monday in June. Previously, we have been part of an early March cycle. Tomorrow is being billed as Decision Tuesday. In past presidential primary years, the nominations have been sewn up by now. Several key states could sway the process. Besides Massachusetts, California and New Jersey hold primaries. New Mexico, although small electorally, has been determinative of the Republican nominee over ninety percent of the time.”
“Doesn’t Hillary have the nomination secured?” asked Sciacca.
“Not completely,” replied Julia. “California should swing in her favor, but Biden is polling strong in New Jersey and here. Upset wins in these two states could make the numbers close. It explains why both camps are making appearances in the Bay State.”
“Let’s talk about that,” said Sciacca. “Biden is campaigning in Boston today if I understand correctly.”
“That’s correct. He has strong union support here. His plans include a speech to MBTA workers in South Boston followed by a symbolic visit to the site of the Pumpsie Jones murder.”
“What about Hillary?”
“She has a campaign event tomorrow at Quabbin Reservoir,” replied Julia. She decided not to elaborate. There was no sense in creating additional interest in an important cog in the Loyal Nine’s wheel.
“Okay, moving on,” said Sciacca. “I understand there was a police-involved shooting overnight in Roxbury?”
“Yes, it happened at a Black Lives Matter event at Malcolm X Park following a ‘get out the vote’ rally held by civil rights leader and current congressman John Lewis,” said Rene Petit, metro editor for the Herald. “The presentations were peaceful, but the trouble began after the congressman completed his remarks.”
“What happened?” asked Sciacca.
“After Congressman Lewis closed his remarks, the crowd became raucous while shouting Black Lives Matter repeatedly. Police are still investigating, but reports indicate several plainclothes detectives identified a potential gunman in the crowd. As they moved in on the suspect, he fled on foot down Martin Luther King Boulevard. Turning south on Walnut, he was met by an unmarked van filled with Boston PD who were assisting with crowd control. A gunfight ensued and the young man was killed. The suspect has been identified as nineteen-year-old Tyrone Rockwell of Roxbury.”
“Thank you, Rene, keep us up to date on this,” said Sciacca.
Petit interrupted. “Wait, there is more. The deceased is the brother of Jarvis Rockwell.”
“Why does that name ring a bell?” asked Sciacca.
“At Copley Square during the Boston Marathon, Rockwell’s pregnant girlfriend lost their baby during a melee with police near the finish line. This escalated tensions between the black community and Boston PD. This will only exacerbate the strained relationship. In addition, my sources tell me the black gangs of Roxbury, Mattapan and Dorchester are consolidating their power under the leadership of Rockwell—street name J-Rock. My friend in the Boston PD gang unit tells me this is a precursor for increased gang violence.”
“Does the presence of Congressman Lewis elevate this to a national story?” asked Sciacca.
“I think it does, depending on the angle we choose,” said Petit.
“What do you mean?”
“Well, I have a theory, from a purely amateur sociologist’s point of view, of course,” said Petit. “It will be controversial and not necessarily PC.”
“Go ahead, Rene, you’re among friends.”
“Julia might want to chime in here, from a political perspective. But here are my thoughts. The civil rights leaders of today are different than the era in which Congressman Lewis fought. Lewis was the son of sharecroppers who organized sit-ins at segregated lunch counters and businesses. In the era of the sixties, there was outward, blatant racism for which Congressman Lewis paid a price. He was beaten by police for his activism and lived with constant threats upon his life. He took up a cause that was personal to him and the result was the Voting Rights Act.”
Julia looked around the room and gauged the reaction of her peers. Julia knew where Petit was going with this and she was anxious to hear the comments. Petit continued.
“Today, by all legal standards, blacks have the same rights as whites. Those barriers were taken down in the sixties. Today’s civil rights leaders appear to stoke the flames of racism for the purpose of controlling their constituents. When bomb throwers like Louis Farrakhan and Al Sharpton stir up the black community with anti-white rants, the people who pay the price are the members of the black community. After they have fired up their followers, they leave for the comfort of their hotel suites in limousines, ignoring the bedlam they leave behind.”
“Do you have examples?” asked Sciacca.
“Consider the two incidents discussed today—Copley Square and Malcolm X Park,” replied Petit. “The Copley Square event was organized by Reverend Sharpton, using black gang leaders from the inner city to lead the procession of Black Lives Matter protesters. The protest was designed to create a confrontation with police, who are always mindful of a potential terrorist attack associated with the Boston Marathon. Where was Sharpton? He left town earlier that morning.
“Yesterday’s event was slightly different because Congressman Lewis is an icon and a symbol of peaceful protest. But the day before, Farrakhan issued a rant that called for a race war. I believe these leaders are having a profound effect on young black men in particular by stirring passions to a fever pitch. The result is an unnecessary death like last night.”
“Why would you say unnecessary? The reports say the deceased initiated a gunfight with police,” said Sciacca.
“He did, and paid the ultimate price,” said Petit. “However, there was no indication he intended to use the gun during the Lewis speech. He was followed out of Malcolm X Park by police and then sandwiched by an oncoming police van. My guess is he felt trapped.
“My point is this. Today’s black leaders are creating a climate of anger and fear within black Americans that necessarily results in senseless tragedies like last night. Perhaps a series could be developed around this story, which would then bring the Boston tragedies to national prominence.”
“Or, the Herald could be labeled racist for its approach,” said Sciacca. “As editors, it is our job to provide opinion in addition to delivering the news. Ordinarily, I could see a series such as this generating a Pulitzer nomination, but not in today’s liberal media environment. The subject of race relations in this country is taboo unless you are on the enlightened side of the discussion. While I may agree with your premise, writing a series of articles pointing out the unintended consequences of black protests would get hammered in the industry. We’ll need to think this through very carefully.”
Sciacca was right. Freedom of Speech is dead in America.
“Thank you, Rene. Sandra, what do we have on the economic front?” asked Sciacca.
“The story of the week is part political and part economic,” rep
lied Sandra Gottlieb, business editor of the Herald. “The Bilderbergs are coming to town.”
Chapter 26
June 7, 2016
The Hack House
Binney Street
East Cambridge, Massachusetts
Lau left the world of reality and entered hackerspace with a sack full of Egg McMuffins for the Zero Day Gamers. It was going to be an interesting day for the Gamers. Lau was contacted two days ago via HackersList by an unknown client, as was typical. They were more selective after cashing in on several lucrative paydays. Lau laughed to himself as he realized they now had standards to follow. One of the things he enjoyed most about this enterprise was the diversity in its projects. Today could be trailblazing if the results were successful.
“Good morning all!” Lau announced as he saw the sleepy faces of Fakhri, Malvalaha and Walthaus.
“Good morning, Professor,” replied Malvalaha with a slight tone of sarcasm. “Bright eyed and bushy tailed, as they say.”
“I’ve downed half a pot of coffee,” said Fakhri. “It’s starting to give me the shakes.”
“C’mon, you guys,” said Lau. “It’s not that early. This time a year ago you were getting ready for class at this hour. Are you getting soft on me?” Lau noticed Walthaus was quiet and looked disheveled.
“What’s wrong with him?”
“He had a late night,” replied Malvalaha.
“Really, Walthaus?” asked Lau. “I sent you guys home early yesterday to get some rest, not to party.”
“I wasn’t partying,” mumbled Walthaus.
“He has a girlfriend,” interjected Fakhri.
“Shut up!” said Walthaus.
“Her name is Wendy, like the burger girl,” added Malvalaha. “Looks like her too. She has the freckles, red hair and ponytails.” Fakhri and Malvalaha were having a good laugh at Walthaus’ expense, who was now turning fifty shades of embarrassment.
“Shut up, guys, really!”
“Okay. Good for you, Walthaus, but wake up and smell the McMuffins,” said Lau. “We won’t tell Wendy you cheated on her with Ronald McDonald!” The room busted with laughter and Lau effectively woke them all up accordingly. It was time to get their game on.
“Quick summary of the project, please, Mr. Malvalaha,” said Lau as he assumed his role of Professor of Hacktivism 101.
“The client would like to affect the outcome of today’s Democratic primaries in New Jersey and Massachusetts,” started Malvalaha. “They have not provided us a stated purpose, but the results will certainly favor candidate Biden.”
“That breaks your heart, I’m sure,” chimed in Walthaus. Malvalaha was a Biden supporter and despised Clinton. Walthaus was a political agnostic, believing neither party represented the best interests of the common guy.
“He speaks!” exclaimed Lau. “If Clinton has this nomination in the bag, as the pundits claim, how will a good showing or win help Biden?”
“We can only speculate, but perhaps Biden’s people are trying to show his strength in order to gain him another VP slot,” said Fakhri. “Or maybe the Republicans are trying to make Hillary look weak.”
“Regardless, he who pays—wins. Right?” asked Lau.
“You betcha,” replied Fakhri, using her best Arabic impersonation of Sarah Palin.
“The client has provided us targeted precincts in both states where vote manipulation will be least likely to draw attention,” said Malvalaha. “A five percent increase for Biden will naturally reduce Clinton’s advantage in a like amount. This will create a Biden win in most cases yet still be within the margin of error of the aggregate of polls.”
“In New Jersey, for example, precincts in the south from AC towards Trenton share a border with Pennsylvania, a Biden stronghold,” added Fakhri. “These voting precincts are our main target. Populated areas around the Newark area are Clinton dominated. The client chose the Pennsylvania contiguous precincts to show Biden’s ability to carry that state if chosen as VP. But that’s our theory.”
“Walthaus, tell us about the hack,” said Lau. After two McMuffins, Walthaus was back to the land of the living.
“There are two options,” replied Walthaus. “A publicized option actually opened the door for our course of action. Many states used the AVS WinVote touch screen voting machine for years. Its state-of-the-art design was a direct result of the 2000 presidential debacle in Florida where lawyers with bad eyesight fought over hanging chads and voter intent.”
Lau recalled visions of attorneys scrutinizing every punched ballot with magnifying glasses. The vote count went well into December and it took the Supreme Court to bring the dispute to a conclusion.
“After an expose` was published showing the ability to enter the encrypted WEP wireless system with the password ABCDE, the machines were abandoned,” said Walthaus. “Further, as we have found repeatedly in our work, the Windows-based operating system was either out of date or inadequately protected. Any high school kid could sit in the parking lot of the voting booth and insert low-sophistication code to change voting outcomes.”
“Believe it or not, this was still an option available to us,” said Fakhri. “It would require a ZDG army to canvass all of the precincts. That’s too much work.”
“Let’s talk about our plan.” Lau enjoyed the process of walking through the hack and having all of his assistants provide their contribution or opinion. Despite his newfound profession, he was an MIT professor and every job was a learning experience for his trusted graduate assistants.
“We are going to play on two typical weaknesses in any government-run operation—complacency and a false sense of security,” replied Walthaus. “Once the WinVote scandal broke, many state governments quickly threw money at the problem and purchased all new voting machine units. Massachusetts and New Jersey were no exception.”
“As luck would have it, New Jersey and Massachusetts, like many of their northeastern neighbors, use a new Direct Recording Electronic voting machine without a paper ballot,” said Fakhri. “We researched the Federal Election Commission website to study the different machines in use by our target precincts. While many states use the new DRE technology, some have not incorporated the VVPAT accompanying hardware.”
“What is VVPAT?” asked Lau.
“VVPAT stands for voter verified paper audit trail printers,” replied Malvalaha. “There are only eight states which utilize this configuration for voting—Jersey and Massachusetts are included.”
“The selling point of the DRE-VVPAT voting system was their accessibility, usability, and efficiency,” said Fakhri. “The machines allow for both the casting and tallying of a vote internally. At the end of the day, the votes are downloaded for tallying. It was a simple solution to the complex problems experienced in both the 2000 and 2004 elections.”
“Companies like AccuVote TSX, Optech Insight, and Populex produced their own versions of the DRE-VVPAT,” said Malvalaha. “But they all have one thing in common—a Windows-based operating system.”
Lau smiled. “Our favorite. Won’t they ever learn? Microsoft Windows is a hacker’s dream.”
“We’ve had great success entering Windows operating systems through the back door in the past,” said Walthaus. “Today is no exception.” Walthaus stood and walked to his desk where his monitors awaited his commands.
“I am ready to enter the Secretary of State website for both states when we are ready to go. I did some research on the hack of the WorkSource Oregon site from last year. Anytime a state agency gives the public a portal to interact with, such as filing an unemployment claim, a window opens for us—pardon the pun.”
Lau admired the great strides this young man had made in his analytical abilities and on a personal level. Walthaus went from a chubby geek with low self-esteem to one of the best in the business—with a girlfriend.
“By accessing the Department of Labor and Workforce Development, we can enter the Secretary of State’s servers,” continued Walthaus. “The Secretary of St
ate department includes the Division of Elections.”
“In the interest of government efficiency, all of the DRE units are interconnected to the Division of Election servers,” said Fakhri. “We will insert the code into the targeted precincts via the Secretary of State’s servers. While the poll watchers concern themselves with a hacker in their parking lot, we’ll be here remotely modifying votes all day—completely undetected.”
“Are you using a worm or a Trojan?” asked Lau.
“Both,” replied Walthaus. “We all agree a Random Access Tool, a RAT, is necessary. We need a method of modifying real-time data and controlling user activity. Fakhri developed the worm for Massachusetts, and Malvalaha created a Trojan horse for the New Jersey voting machines.”
“My focus will be on New Jersey,” said Malvalaha. “Being from Brooklyn, it will be my pleasure to stick it to the New Jerseyites. We will use the njRAT Trojan, which is also known throughout the Middle East as Bladabindi.”
“Blah, blah, blah,” interrupted Fakhri. Lau laughed with the trio of hackers both for the humorous interjection and their ability to make jokes during a serious, technical conversation.
“Does nj stand for New Jersey?” joked Lau. The term njRAT was ironically coincidental and had nothing to do with the state.
“njRAT was developed using Microsoft .NET framework and, like many RATs, provides us complete control of the infected system,” said Malvalaha. “It will deliver us an array of features that will allow us to manipulate votes by changing them or deleting them altogether. Variety is the spice of life.”
Lau turned to Fakhri. “Tell us about your worm.”
“For Massachusetts, I came up with an H-worm using a visual-based script variant of the njRAT source code,” replied Fakhri. “It provides us similar controls to the njRAT, but it also uses dynamic DNS, allowing us to post requests as well as extract information. I like it because we can monitor vote totals as the day progresses. It is very popular with the Chinese.”
“Why are we using both?” asked Lau. “Why are we using one for each state?”