The Queen pbf-5
Page 31
I wasn’t even sure there was a way to do it, but if there was, Angela Knight at Cybercrime would know how.
I tried her office and was thankful to catch her just as she was about to leave for the day. After a short greeting, she somewhat wearily agreed to a video chat. A quick tap of my mouse brought up the chat window. I hung up my cell and faced my laptop’s camera.
Angela was seated at her workstation, two of Lacey’s monitors to her right. Curly-haired and kindhearted, Angela wore conspicuous glasses and was no longer in the shape she’d been in eight years ago when she first became an agent. She’d been trying to address that issue lately, and instead of her typical can of Diet Coke and stash of Kit Kat bars, she had a bottle of Vitamin Water and a half-finished bowl of miniature carrots positioned prominently on her desk. As she situated herself in front of the camera, she gave me a smile, but it was marked with her typical look of irrepressible concern.
“The DoD sub route analysis didn’t bring up anything,” she began. “That looks like a dead end. Oh, it appears someone using the code name Valkyrie was present in Moscow when Tatiana Chekov was killed. As far as Alexei goes, we’ve learned that the GRU is very interested in finding him.”
“I’m sure they are.”
“The best Lacey could come up with for the ‘Queen 27:21:9’ cipher was Revelation 21:9.”
“How is that Queen 27?”
“Revelation is the twenty-seventh book in the New Testament.”
“But what does it have to do with a queen?”
“I’m not sure, but what troubles me is the reference to the last seven plagues. Here, look.”
She tapped her keyboard, and the verse popped up in a text window at the bottom of my screen. I read: “And there came unto me one of the seven angels which had the seven vials full of the seven last plagues, and talked with me, saying, Come hither, I will shew thee the bride, the Lamb’s wife.”
I’d gone to Sunday school as a kid and knew enough to realize that the Lamb here referred to Jesus Christ.
“The King of kings,” I whispered.
“What?”
“The Lamb is a reference to Christ, but somewhere else he’s referred to as the King of kings, so-”
“The Lamb’s bride would be a queen.”
“Yes.”
“And who is that?” she asked. “Who’s the bride?” I couldn’t tell if she was asking her question rhetorically or not; if she already knew the answer.
“Well, metaphorically, the church, I think, but…” I was no theologian by any stretch of the imagination. “We’ll have to follow up on that.”
Get to the cell phone call. Nail down that location. It’s your best bet at finding Kayla.
“Listen, here’s why I called. Let’s say I wanted to hack into someone’s cell phone, turn on their speaker or camera, and then send that feed back to another computer. What do you know about that?”
“Sure. We do it all the time.” Then she added somewhat hastily, “Whenever we have a warrant.”
“Of course. Well, someone did it with Lien-hua’s phone. I need to back trace the signal, find out where the feed was sent to.”
“A physical location or a device?”
“Physical location, if at all possible.” I relayed Lien-hua’s cell number to Angela, and she tapped it in, then glanced at one of her other computer screens, where a scrolling stream of computer code appeared.
She let her fingers dance across the keys, then gave the screen a fierce look and bit violently through a carrot. “Whoever did this is good. I can locate it, but it’s going to take me some time.”
It didn’t surprise me that Alexei had done a thorough job of covering his tracks. “All right, while you work on that, let me ask you another question. Hypothetically, if I were going to hack into a nuclear submarine, what would I have to do?”
She stopped chewing the carrot, stared directly into her video chat camera at me. “A nuclear submarine?”
“Hypothetically.”
“Whenever someone says ‘hypothetically,’ he’s never talking about something hypothetical.”
“Theoretically, then.”
She looked rebukingly at me over the top of her glasses.
“Same difference, huh?” I said.
“Yes.”
“Can you walk me through it?”
“Which do you want?” She glanced at the screen beside her. “The cell trace or the hacking seminar?”
“Well…”
“Let me guess. Both.”
“And she’s a mind reader too.”
“Mm-hmm.”
She took another carrot, rolled it between her fingers, then crunched into it. “Okay, go to the toolbar, scroll down the View menu, then click on Split Screen/Chalkboard.”
I did as she instructed, and the video chat image on my computer folded in half and fluttered into two windows. The one on the left held Angela’s picture, the one on the right did indeed look like a chalkboard. She picked up a stylus, and as she drew on a data pad beside her, a cloud appeared on the chalkboard window on my screen.
“Here’s the internet.” She added a small arrow pointing to the cloud, then extended a line from it toward the right side of the window and diagramed a series of four boxes separated by short lines. “Here we have external military servers and proxies…” She inserted more lines and boxes to represent additional machines. “And also these are your personal computers, workstations, and so on. At each place where they connect to one of the three Department of Defense intranets, they go through a router that’s supposed to catch malware.”
None of this was new to me, but I let her go on rather than interrupt her train of thought, which I thought might only eat up more time.
“At any point, in any one of these layers, it’s possible to hack in, but it gets harder and harder the closer you move toward the top secret communication channels from the Non-classified Internet Protocol Router Network-”
“NIPRNET.”
“Yes. Then on to the Secret Internet Protocol Router Network, or SIPRNET, and then to JWICS. Especially if…” She swiped her finger across her data pad, erasing the lines that connected the military’s routers and their intranets of computers. “If the military were to find out about a threat, they’d sever the connection between the Cloud and their network.”
“That’s possible? I thought that was one of our biggest vulnerabilities, that our communication infrastructure was too dependent on the web?”
“Well,” she admitted, “it’s not easy, considering the whole purpose of the internet is interconnectivity. The very thing that makes the internet strong-decentralization-is the thing that makes it weak. But USCYBERCOM, the Navy’s 10th Fleet, the Army’s Cyber Command, and the 24th Air Force have been working on ways.”
I already knew that the United States Cyber Command, an attempt within Homeland Security to assess, forestall, and intercept cyber threats to the military and the US infrastructure, was a bureaucratic nightmare and still woefully inefficient, but I wasn’t sure about the military divisions she’d just listed. “Tell me about the 10th Fleet and the 24th.”
“Well, as you know, there are nearly three dozen cyrberwarfare agencies in the US government, but the Air Force’s 24th is probably the best, especially their Computer Emergency Response Team-AFCERT. They’re in another league using algorithms to analyze worldwide trending.”
“Trending?”
“The type and flow of information passing to and from servers worldwide. They work mainly in host-based intrusion prevention systems to locate and block malware or attempts to infiltrate military networks. Then they patch vulnerabilities for pilots and scour all air force networks for forward-facing internet presences.”
That was a mouthful.
“Hackers,” I said.
“Foreign ones. Yes. They also work in space-based comm systems, drones, full-spectrum network defense, and new architectures.”
“So does the 24th track domestic intrusion t
oo?”
“Yes, as does the Navy’s 10th Fleet, USCYBERCOM, but if we’re talking more cybercrime than cyrberwarfare, then it’s me and Lacey. It all depends.”
“On what?”
“Whichever agency happens to stumble onto the threat.”
Her choice of the word stumble was not very reassuring.
“But getting back to your question-even if we cut the connection to the Cloud, we might still be in trouble.”
“How?”
“If the hackers had gotten in before, left malware or back doors that would allow them persistent access. Once you inject the bad code in there, you’re good to go.” She thought for a moment. “Also, it’s possible they could bypass the Cloud altogether and access JWICS physically at one of the computer stations around the world that’s already connected to it. Some sophisticated malware can hop file shares in virtual machines. Or you could’ve implanted a physical transmitting device into the computer, say, before it was shipped out to the military.”
“The more complex a system, the more vulnerable it is.”
“Sure. You can gain access through a Trojan, counter-encrypting, port knocking. Use a covert channel. There are a dozen ways.”
Perhaps what struck me the most was how unfazed she seemed by all this.
She downed some Vitamin Water, then her eyes ghosted toward the screen displaying the cell phone analysis. I could tell she didn’t want to drop that project in the middle, and she must have noticed something pertinent because she silently bowed out of our conversation and went back to work completing the cell trace. Thousands of lines of indecipherable code streamed down the screen beside her. She reminded me of a code reader from one of the Matrix movies.
“Let’s back up for a minute,” I said, “and say we’re trying to hack into that submarine, but that we had no access to the computers to physically plant a device before they were shipped out. Who could hack into JWICS?”
“Well, at least forty countries have military cyrberwarfare units.”
“Forty!”
“In the next three years that number is likely to double.”
“Doesn’t that worry you, Angela? Doesn’t any of this get to you?”
“Pat, this is my job. I deal with it every day. China has more honor students than we have students. Russia has four-year college degree programs on hacking. There are tens of millions of hacking attempts against the Department of Defense each week. It’s the reality of the world we live in, and we just have to work with what we have and stop whatever we can.”
I could see why she looked perpetually under the gun, and I empathized with her. “Sorry. So now, today, any ideas which countries have the technological savvy to get into JWICS?”
“Right now? Russia, Brazil, Israel, China-the US-North Korea. Maybe three or four others. Probably half a dozen citizen hacker groups in China could do it.” She hesitated for a moment, then added, “As well as a handful of individuals who could pull it off.”
I had a feeling she’d been a little uncomfortable noting that individuals could hack into JWICS because she knew I’d been friends with one of those people until last year, when I figured out he was involved in a biotech conspiracy. He’d been ready to kill Lien-hua, and when I stopped him, he was electrocuted and slipped into a coma. Terry had died not long after that, and even though he’d been a traitor and wanted to murder the woman I loved, he’d been my friend for a long time before all that, and his death had really bothered me. Actually, it still did.
“Once you pwn a system,” she said, drawing me out of my thoughts, “you’re home free.”
“Pwn? You mean control it? Compromise it?”
She nodded her approval that I was familiar with the hacker term. “Once you own the source code or the rootkit, you can download or destroy data, overload circuits, transfer funds…” As she typed at her keyboard and eyed the computer code flickering in front of her, she continued rattling off her list: “Turn off air traffic control communication, shut down safety valves at power plants, blow up refineries, reroute trains, take hospitals offline…” Then she added offhandedly, “Basically, take down a country.”
Wow. This was such an encouraging conversation.
Though I knew that Iraqi insurgents had hacked into our drones, the Chinese had gotten into our power grid, and at least one of the fatal airline crashes in the last few years was due to malware in the navigational system, I tried to reassure myself that Angela was almost certainly overstating things. “But aren’t there firewalls in JWICS? Antivirus programs? Encryption software? User authentication, that sort of thing, throughout the network?”
“Forging the response to the DNS server can get you past a firewall. A skilled hacker can crack an LM hash algorithm in seconds, even NTLM hashes can be cracked quickly with pre-computed cryptanalytic tables. Getting past authentication protocols takes a little longer, but we’re talking minutes not hours. Hacking 101: identify the system’s countermeasures, probe for vulnerabilities, access the system, crack the passwords, gain privileged access, hide, exploit, transmit.” She thought for a moment. “A morale computer would be a good attack vector on the sub.”
“No good. Crewmen on a nuclear sub wouldn’t be allowed to communicate with the outside world via the web because it might give away their location.”
“Good point.” She spoke softly as she scrolled through the lines of code on her right-hand screen. “Tell me more about this hypothetical question that isn’t hypothetical.”
“To put it bluntly, I want to know if it’s possible for a hacker to remotely fire a ballistic missile from one of our nuclear submarines.”
I thought she’d be rattled by my question, but she took it completely in stride. “Once you’re at the root level and have administrator access to a weapons system, you’re only one keystroke away from Armageddon.”
“Now you’re just being melodramatic.”
She chose not to reply, and her silence seemed to buttress her point. “So are we talking a domestic or foreign threat?”
“Domestic.” Then I thought of Eco-Tech’s international ties. “But it might be internationally funded.”
“Let me think about that.” She typed quickly for a moment, then said, “I’ve got a GPS location for you.”
“Fantastic.”
She gave me the coordinates, and when I opened another tab on my web browser and punched them in, the Bureau’s satellite mapping program brought up a cabin that lay less than a mile from the Schoenberg Inn. “Give me a sec to call this in, Angela. In the meantime, see if you can come up with a way to remotely fire that missile.”
70
I phoned Tait and gave him the address. “Start there, move out. I think there’s a good chance Kayla might be there.” Then I called Natasha to see if she could go process the site.
“Do you want Jake to come with me?”
“Yes.”
End call.
Good, good, good. A break.
Back to Angela.
“Do you have actionable intel here, Pat?” she asked.
“Not yet. No.”
“But you’re thinking there’s someone who might try this? Try to hack into a nuclear sub? This Eco-Tech group?”
Everything I had so far was circumstantial, a loose network of clues all pointing in one direction, held together merely by assumption and hypothesis rather than conclusive facts: the word of an assassin, speculation about the involvement of an environmental activist group, an uncertain agenda.
“Yes.” I tried to sound more confident than I was. “That’s what I’m thinking.”
“But Eco-Tech is anti-nuke, Pat. Why would they try to detonate a nuclear weapon?”
“I have no idea.”
“Well, even if they wanted to, I just don’t think they have the resources or personnel.”
“They might have a Navy information warfare officer with them.”
She was quiet. “No, I still don’t see it happening.”
“You jus
t told me ‘one keystroke away from Armageddon.’ Right?”
“I was probably overreaching. When you’re talking about firing a nuclear weapon, there are just too many redundant systems. Don’t you need to have, what, two, three people turn keys at the same time?”
“I’d say at least that many.”
“There you go. Plus authentication codes, scripted orders, verification protocols. Even if you were able to somehow get the launch codes, one person can’t set off a nuclear device by himself. You cannot physically be in two places at the same time to turn the keys.”
“But could you bypass those two people and their keys altogether, just like bypassing the Cloud?”
Angela looked at me quizzically.
This was one time I did not want to be playing devil’s advocate. “Turning the keys doesn’t actually fire the weapon, the computer does that. The keys simply tell the computer what to do. What if you could insert the code that would tell it what to do-”
“You mean without the keys turning.”
“Yes. One person can’t be in two places to simultaneously turn two keys from different parts of a room or a sub, but one person could turn them simultaneously-”
“From inside the computer.” Her voice was soft and frangible. “Theoretically, yes, once you pwn the system.”
“You just said theoretically, Angela.”
The look of worry on her face deepened. “I’ll contact USCYBERCOM and the Pentagon. Ask them to raise the DEFCON level on the fleet of nuclear submarines, but they’re going to ask for a threat assessment, and you know how long that can take, especially without actionable intel.”
Unfortunately, I did. “Tell them it has to do with Eco-Tech and the ELF station in Wisconsin. I’ll send you all my notes. I think we should have enough to get their attention, and they can call me if they need anything else.”
“How is this related to ELF?”
For anyone else it might have surprised me that they were familiar with the extremely low frequency technology, but not with Angela. “They’ll know. Just get them the word and keep me up to speed.”
“All right.”