Marvelous as computers were, though, he was still forced to deal with error-prone people. There was no getting away from it. He’d seen it time and again. Carefully designed systems stumbled because some idiot wrote sloppy code.
Just then, an aide entered quietly, waiting to be acknowledged. “Yes?” Bandeira asked, turning from the window.
“Your son wishes to speak with you. He says it is urgent.”
Casas de Férias, Vacation Homes, the operation managed by Pedro, had been slow developing and had been fully operational for only the last year. But careful planning and Ramos’s hard work had paid off. It was Bandeira’s special pride, and he had high expectations for its long-term success. He’d invested a bundle to make it happen.
The rewards flowed over the wires, bounced around the world, sometimes even into his own bank. This particular cyberoperation was about to turn into a cash cow, one he saw no reason he couldn’t keep milking for decades. The only negative he could see was that the millions they were making were small time. Billions of dollars were out there for the taking, it was just up to Ramos to figure out how. Someone, somewhere, was going to manage to steal from the NYSE without detection, why not NL?
“Padre,” Pedro said. “I’m sorry to report we have a serious problem. It’s just come up.”
“Tell me.”
Pedro laid out what was taking place in New York. He was worked up and Bandeira cautioned him to slow down twice, but he got it all out in the end. “So we’ve been detected?” Bandeira asked.
“That is what I’m told, though they don’t yet seem to know precisely what we are doing.”
“Tell me again about the killing.”
“This American was instructed to fix the problem he’d caused with sloppy code. His response was to kill the IT manager who stumbled on it.”
“That’s amazing. He did this on his own?”
“Yes. I’m shocked. I never thought things would go this far. This is a cyberoperation.”
Bandeira paused to consider the implications. “Has the body been found?”
“This happened in Chicago. Many killings happen there every week. The manager hasn’t been reported missing as yet.”
Bandeira suppressed his anger. There was no doubt what he’d do with the American if the man lived in Brazil. To kill without authorization unless in self-defense was absolutely forbidden in his organization. Even now, Bandeira considered dispatching César or one of his special operatives to take care of this. “How crucial is this man in New York?” he asked.
“Vital. He has access to functions we would not have otherwise. As part of his responsibility he is one of those who places code directly into the trading engines.”
A weak link Bandeira realized. Could anything have been done about it before now? Shouldn’t he have known this man was capable of such independence? And that he was a killer? Ramos should have known.
“Is this the same man who used a stealth program to hide key code?”
“Yes, the same.”
“He’s reckless and not just with computers. I made it very clear this was to be a cautious, low-key operation. I have planned to run it, or variations of it, for years. That’s why I’ve committed so many resources to it.”
“I understand. But … I didn’t recruit the man. That was Abílio.”
“Can he be controlled?”
“I … I really don’t know. I don’t know if any of us could have anticipated something like this. It is all so unexpected.”
“All right. I understand. What should we do?” This was not the first time Bandeira had asked his son directly for advice. Whenever possible, he followed it or some version of it. He knew he must build up the young man’s confidence and confirm his judgment.
“I’m concerned. I think we’re running out of time. We’ve taken ninety-four million so far, but we were expecting much more. “
“You see no chance this can be kept quiet?”
“I talked with my team here before calling you. As you know the code this man planted is concealed but the fact that it is concealed has been discovered. Abílio doesn’t know for certain, but suspects they are tracing our program.”
“Merda.” Bandeira closed his eyes. Right now, he wanted to have his hands around someone’s throat. He’d talk to César. This fool in New York was a dead man. He didn’t care how long it took. He drew a deep breath, then released it slowly. “What else do I need to know?”
“That is all I can tell you. Maybe we need to shut down and revisit our options.”
Out of the question, Bandeira thought. “I mentioned upping the take on Carnaval next week. You had reservations and so I did not proceed but everything has now changed.” He paused to think, and then, as always happened in the face of adversity, a solution came to him. “Pedro, here’s what I want you to do. You must trust me in this.”
19
TRADING PLATFORMS IT SECURITY
WALL STREET
NEW YORK CITY
5:09 P.M.
This was a rush job, but Marc Campos reminded himself not to be careless because of that. He had enough time to do it right. If he botched this, he’d make the situation worse than it was, and that was the last thing he wanted. Iyers had already made one major coding error, and Campos didn’t want to repeat it.
Recruiting him, Campos realized, had been a mistake. He’d thought Iyers a gifted code writer disenchanted with Wall Street, and he was right. The cynicism in his manner and voice when Iyers agreed to join him had been honest indicators of how he truly felt. But obviously there was much more to him than that. The man was louco.
In English, he was crazy, psycho. All of them fit. Traveling to Chicago and murdering an IT manager was so out of bounds, so extreme, Campos was still stunned that he’d done it. He’d not even wanted to tell Pedro but knew he had to. So far no one had asked him how such a thing could happen, but he knew he had to have an answer.
Iyers might be nuts—now, there was another word—but when he put his mind to it, he knew how to write code. The remarkable success of Vacation Homes was testament to Iyers’s aptitude. He was skilled in the use of the paths through to the deployment server so that their malware blended in, gluing the Brazilian code into the trading engine.
Once Iyers had agreed to work for him, Campos sent to Rio the trading engine source code and software architecture design documents he’d provided. From Rio, Campos received code drops and after reviewing them transferred them to Iyers for insertion.
Campos wondered if something was going on with the man that he should know about, but then dismissed the thought from his mind. Of necessity this project would all be over soon and the damage was done.
Now he’d been instructed to immediately launch Carnaval, in consideration for months. He would set Iyers loose on it; he had to. There was a great deal to do and not much time. Now, more than before, he needed Carnaval to be a great success. His instructions were to make it a hit and for that he required Iyers.
What really angered Campos was the need to bring Vacation Homes, his pet project, to an abrupt close. Yes, the potential payoff from Carnaval was substantial, but he had devoted nearly five years to Vacation Homes, and while it was true that even in the relative short year it was operational, he’d become a rich man, the project had barely scraped its potential. He was convinced they could skim a billion dollars without being detected, and in fact had honestly believed they could take ten times that given enough time, and without Carnaval.
Now this American fool had brought it all to an end. Campos had no doubt what would happen to Iyers once his access and skill were no longer needed. The man had figured out that Campos had a boss. What he didn’t imagine was how ruthless the chefe was prepared to be. His boss had put great stock in Vacation Homes, and in Carnaval, and would not be happy that a preventable coding error had ended it all before its time. Iyers had been cautioned about how code was to be revised. He’d understood but instead took a shortcut.
And that
hadn’t been Iyers’s only misstep. When they’d first set up accounts to funnel the money out he’d carelessly stolen an identity that too closely resembled his own. He argued that it had been necessary as it was increasingly difficult to set up financial accounts with false identities. Campos had put a stop to his involvement in managing target accounts and now had it all done out of Rio.
As if all that weren’t enough, Campos didn’t like his hand being forced this way. When Pedro had first suggested Carnaval, it was Campos who’d opposed it. It was too risky he’d argued. It was crafted to exploit an IPO, and they could be very unpredictable. Such a launch might prove too chaotic. Now, on receiving instructions to initiate it immediately, he was convinced more than ever that Carnaval was a step too far. Putting it into place in a rush, aiming for so much, would doom it to failure, he believed. If it unraveled in the worst possible way, he might be caught before he left the country.
Looking up, Campos could see through one of the open office doors around the perimeter to the windows. The nearby taller buildings gleamed in the sunlight, catching rays like a mirror. He’d enjoyed these years in New York City. He regretted he’d not had time to see more of America. Well, he could always come back if he really wanted. But it would be good to be home again.
His mind turned to what he needed to do in the next week. He didn’t want to risk staying here much longer. Once Vacation Homes was shut down and especially after Carnaval was finished there’d be hell. Investigators would be swarming everywhere. They could look all they wanted. Marco Campos would vanish. The money would be gone as well.
From his work computer, Campos accessed the Internet using a server and student identity from New York State University, one of a group from the thousands of log-ins that the NL botnets had harvested to which he’d been given access for just these occasions. Students were always hacking each other’s identities as pranks or to get back at people for perceived social networking slights. He’d found in the past that a major university was an effective mask for what he was about to do.
He spent a few minutes in research, found two sites that looked right, and was satisfied when he visited the second, which he knew was the most popular. Data Retriever Solutions, or DRS, could have been anywhere from what Campos observed on their Web page. Likely it was physically located somewhere in the United States but its site was set up offshore, and when Campos checked, he saw it was registered to a corporation in Panama—about what he expected.
He’d already established a PayPal account and placed money into it from a throwaway prepaid credit card. Now he entered onto DRS as much information as he had on Jeff Aiken, including his business and residence address. Within seconds, he had his social security number, names of his parents and grandparents, schools he’d attended, his date of birth, which gave him his zodiac sign, even the name of two pets he’d had as a child.
Interesting, Campos thought, wondering where DRS had come by that information. Once he’d written it down, he returned to the first site and did it all again, this time using more of the information he’d just obtained. Nothing new there. Now he went back to DRS and repeated the process for Red Zoya.
A few minutes later, satisfied, he logged out. He walked down the hallway to the elevators, punched the button for the ground floor, then fingered the disposable cell phone he’d picked up for cash earlier that day. Sometimes, he thought, stepping into the elevator as he smiled at a coworker, technology just made all this too easy.
In the warming sunlight of the fall day Campos sat on a cement bench as he placed the call. Once he had a human voice at the other end, he fumbled the sheets of paper out.
“Yes, I’d like to set up a brokerage account.”
20
TRADING PLATFORMS IT SECURITY
WALL STREET
NEW YORK CITY
5:16 P.M.
Jeff had now turned his full attention to reverse engineering the hidden file. He and Frank had discussed this the night before, and though they accomplished what they’d been hired to do and could write their report, neither was satisfied with not knowing what this file did. Successfully reverse engineering it would tell them that. The downside was that not every reverse engineering effort went smoothly or quickly. So while Frank worked on the report and summary of findings, which included their recommendations for enhancing the cybersecurity for NYSE Euronext, Jeff worked on the mysterious software.
Reverse engineering meant taking a bit of software apart starting with the finished product and working backwards. This entailed going from implementation to the development cycle of the code, that is, to the time when it was first written. It was much like disassembling a toaster to see what made it work, except that in the software world, it was a process of examination only and did not involve modifying any of the code. The process wasn’t always successful, though with Jeff, it usually was.
Because the file was concealed by a rootkit, he suspected whoever created it didn’t want it to be reverse engineered, so he expected obstacles. It might take more time than he could reasonably justify to Stenton, which was one reason he’d hesitated, but he just couldn’t resist at least making the effort.
Jeff used a debugger to watch the file execute step by step. Whoever had written the code had, as he suspected, employed anti-debugging mechanisms, common in malware, which were intended to slow down and potentially discourage anyone from reverse engineering the file. Jeff was familiar with nearly all the known ones used, so though it slowed his work, it did not stop him. A software environment was simply too easily manipulated for code obfuscation to serve as a lasting barrier.
After several hours, Frank asked, “How’s it going?”
“I don’t know yet. I’m pretty sure it’s malware and has got something to do with trading. If so, it’s extremely sophisticated. But I still can’t clearly see what it’s meant to do, so I’m not positive.”
“You’ll figure it out, you always do.”
“Not always. I did find a string of numbers inside, but they aren’t related to anything, and they don’t fit any obvious pattern, at least not to me.”
“You sure they aren’t money figures?”
“I’m not sure of anything, but my guess is they’re identifying something.”
“Enjoy.”
“You know, the Exchange is lucky they hired us for this pentest. We’ve uncovered more than they feared was going on. We’re giving them more value for this test than they could ever have imagined.”
“I’m sure Stenton will be grateful when it comes time to pay up,” Frank said with a sly smile.
21
TRADING PLATFORMS IT SECURITY
WALL STREET
NEW YORK CITY
5:35 P.M.
Marc Campos was back in his cubicle and had accessed his computer but that was for show. He had no intention of taking the next step from his own workstation. That’s why this part had to be done now, as the place was winding down. A number of workers were taking a break before returning to finish projects due the next day. During the lunch hour and at times such as this, when workers often left their station, planning to return shortly, they didn’t always lock their screen. Idle computers required users to log back in after fifteen minutes. He didn’t have much time.
Still, this was risky, and he hated its necessity. So far he’d never taken such a significant risk. No, he thought bitterly, Iyers had done that for him.
Standing in his cubicle, Campos scanned the floor. Almost everyone was away from their desk. He rose, then slowly strolled down the hallway until he found an empty cubicle with no one occupying either side. He checked but the screen was locked.
He resumed his stroll and soon popped into another empty cubicle. The computer was unlocked. He sat down.
“Can I help you?”
Campos looked up. “Oh, hi, Rose.”
Rose Aquilar was a bit short and growing stout, originally from the Philippines, she already worked at the Exchange when Campos came on board
. “Are you lost?”
Campos stood up. “I’m sorry. I was on my way out and realized I’d forgotten to check on something. I saw you were still logged in. I hope you don’t mind.”
Rose stared at Campos, as if considering her response. “I guess not but I don’t like sharing my computer. Your station’s not that far away.”
Campos stepped into the hallway. “I’m really sorry. My mind was somewhere else. I apologize. It won’t happen again.”
“All right, then.” Rose sat, logged off, stood pointedly, then said, “I’ll see you tomorrow.”
Campos went into the men’s room to give her time to leave the office. He stepped into one of the stalls, his hands shaking violently. That was close. What if she said something? Then he thought a second. Of course she’d say something. She was the office gossip. He should never have risked her station.
After five minutes, he went back out. Rose was nowhere in sight. He walked about the large space, ignoring the stations, confirming that Rose was really gone. He couldn’t risk her catching him at someone else’s computer but this couldn’t wait. Once he’d satisfied himself, he selected a station in the far corner. The user was still logged in but the timer was about to expire.
Campos rapidly downloaded a file from an internal site containing a collection of UTP diagnostic tools, this one with a backdoor he’d embedded that enabled it to execute commands from his own system—in essence, it was a disguised bot. Now he had access to this and other accounts on the network with no trace to his own location or computer. Campos programmed the backdoor so he could monitor the user’s connection to the jump server.
That done, Campos left the cubicle and waited for others to leave. He found four computers logged off for the day but located two other connected computers and did the same thing. The sooner someone accessed the secure zone through the jump server, the sooner he’d be finished.
Rogue Code Page 12
