The Dark Web_The stunning new thriller from the author of The Angolan Clan
Page 5
Jo Greenwell’s magazine business was Jenny’s fourth investment, and it had not been an easy road to success. Jo was a highly successful model who, at twenty-five, had called time out on that phase of her life to launch her own fashion/social women’s magazine. She had been dedicated full-time to the project for two years when Jenny met her, with very little success. Sadly, she had also just lost her mother to cancer and was close to calling it a day.
Jenny had taken an immediate liking to the young woman. She was beautiful, clever and devoted to her business, and all she needed was some help and direction to turn it around. Her other participations in BPE had given Jenny a crash course in Internet marketing and social media techniques, both essential to developing new businesses. Thinking Woman Magazine, she reasoned, was perfectly suited to this approach, and she was right. Her first investment provided money for the company to steal a media expert from the competition. Then her funds were ploughed into targeted marketing campaigns, supported by celebrity endorsements, blogging sites, et cetera. Jo was still a stunningly beautiful young woman, and she encouraged her to appear in a limited number of modelling shoots to represent the face of the magazine. Another of Jenny’s ideas was to ask her sister Emma Stewart, a successful novelist, to write a monthly blog on creative writing, a sure-fire winner with women who had ambitions to write. Slowly but surely, they saw a steady rise in advertising space, media recognition and above all, circulation and revenues.
She and Jo went to celebrate that evening at Club Gaston, a popular French restaurant near Smithfield Market, and toasted their success with a glass of Moët & Chandon. They didn’t order a whole bottle. Jenny was very careful with her money.
At that time of night, the taxi to Heathrow took only forty minutes. Jenny had booked into the Marriott on Bath Road, just off the airport property. Her BA economy flight to Malaga was at nine the next morning. Travelling with only a carry-on bag, she should be at her house in Marbella in time for lunch. Sitting back in the darkened cab, she reviewed her new-found status with satisfaction. She had investments in five successful businesses and a new man in her life. Patrice and Leticia had been right: Jenny was smart, and she was enjoying her new vocation.
SIX
San Diego, California, USA
April 2017
Leo Stewart was sitting in the Pacific Ballroom of the Hilton Garden Inn, Mission Valley, San Diego, with one hundred and thirty other attendees. The ballroom had been organised as a conference room, and the title on the screen in front of them read:
SECURITY THREATS IN INTERNET AND
CLOUD COMPUTING.
The room was full of senior executives and high-ranking technicians from telecoms and Internet providers, or equipment and microcircuit manufacturers and software design companies. The man standing by the screen, Four-Star General William R. ‘Billy’ Chillicott, an ex-US Air Force officer and NATO ambassador, was now a low-profile senior officer with the US Homeland Security Agency. He was dressed in casual clothes, a large, barrel-chested man with an abrasive voice and manner. He was also the acting chairman of the UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, or GGE Cyber Security by its snappier abbreviation.
There was a smaller TV screen on the platform, which showed a portly, bespectacled man in a Savile Row pinstriped suit sitting waiting. Chillicott had introduced him as, ‘Dr Hugh Middleton, Director of Research at the Institute for Global Internet Security in London, who’s joining us on our video link. We’ve been collaborating with them for a couple of years now. They’re pretty savvy folk.’
Chillicott’s first admonition was to keep all questions for a two-way session at the end, ‘’Cos answering questions during the presentation defeats its own object. No one can remember where the hell they were up to. Second, please switch off your cell phones, and I mean completely off, no cheating. And lastly, I’m well aware that most of what I have to say you already know, but I want you to listen anyways, because knowing about something and fully understanding its potential consequences are two quite different matters.’ He looked around, waiting for an argument. No one dared speak. ‘Right, let’s get started.’ He tapped the screen to bring up the first slide.
‘First off, I want you to look at a few statistics on the increase in Internet crime:
‘Global cyber-attacks – For six years, Red October collected billions of pieces of information from governments, research firms, military installations, energy providers, nuclear and critical infrastructures around the world. And they did it through Microsoft Internet programmes.
‘Intellectual Property – There’s a trillion dollars-worth stolen every year.
‘Websites – More than 30,000 are infected by viruses or malware every day.
‘Businesses – 90% suffered computer hacks in 2016, costing over a billion dollars, mainly using “ransomware” where they block the systems until a ransom is paid.
‘Identity Theft – 10 million Americans had their identities stolen last year.
‘Personnel Data Theft – over 70 million records stolen from US healthcare providers this year.
‘Consumer Fraud – $16 billion was stolen from 15.4 million US consumers in 2016.
‘Espionage – At NATO, we neutralise over 2,000 cyber-attacks each year and it costs a fortune of money.
‘Fake News – This is the latest fashion. Announcing on social media or specialised Internet groups news, events that never happened, or happened in a different way to what’s presented. We’ll talk about that later.
‘Major Heists – I’ll mention only one. Last year, the Bangladesh central bank’s account at the Fed was hit by a series of transfer instructions totalling $951 million. Almost a billion dollars! Talk is, it was Pyongyang trying to accumulate dollars for arms purchases. In the end, $81 million was stolen in that one Internet hacking event. That’s almost as much as some of you guys make in a year.’
He paused for the inevitable nervous laughter, then brought up another slide with a chart showing a hockey-stick rise in value. ‘Here’s my last item:
‘Crypto-currencies – These crypto-currencies, like Bitcoin, Ethereum and Blackcoin, let you buy anything you want in total anonymity: drugs, weapons, trafficked prostitutes, you name it. Sites like AlphaBay and Hansa, operating on the Tor network, a filthy corruption of the Internet, turn over millions of dollars a day in their immoral dealings. And over the last year, the Bitcoin has almost tripled in value from $375 to $1,055, so you get a double whammy: anonymous crime with a fictitious currency that looks set to outdo any of the old-fashioned kind. Talk about tulips from Amsterdam,’ he added, wondering if anyone present would understand the allusion.
Chillicott looked round at the young executives; women in T-shirts and short skirts, crew-cut men, in short-sleeved shirts and blue jeans. The Digital Generation, he thought to himself. They’ve never known anything else. How can we expect them to understand?
He stood tall, commanding their attention. ‘That’s just a few examples of the millions of Internet crimes occurring just about every day and it brings me to the reason for this conference. In the considered opinion of Dr Middleton and myself, in addition to all this crap we already have to deal with, the world is facing two new threats with grave potential consequences that deserve our immediate attention.’
He tapped the screen. ‘Here’s the first.’ A Financial Times headline came up, entitled ‘The Internet of Dangerous Things’. The sub-heading was ‘Cyber Security Breaches Threaten Global Infrastructures’.
‘It’s this new phenomenon, IoT, The Internet of Things. Or Connected Living, as some people call it. You all are involved in it and know more about it than I do, but our guest will show you some real scary parts we think are being neglected.’ He turned to the second screen, ‘OK, Hugh, can you take over for a while?’
Middleton stood up and addressed the camera. ‘Good morning, ladies and gentlemen. Our purpose today is
not to try to convince anybody that the Internet isn’t a valuable and efficient tool for twenty-first-century communications. It’s to highlight the existing and potential dangers of this technology, and to create awareness of the need for better and new management, security and control. The truth is that despite its obvious advantages, the Internet is already a minefield of potential disasters, and this new technology will make it more and more dangerous. So, let’s get straight to the point.’
He tapped his laptop and a map of the US filled the main screen, showing a single large edifice in the centre with no doors or windows. ‘This building looks like an impenetrable fortress, you can get neither in nor out, impossible to find out what’s inside. Now I’ll put in one IoT application, an automated meter reading system.’
He gave a tap and a green door opened in the front of the building and a green skylight in the roof. Two more buildings appeared on the screen, each with a green door wide open. A dotted red line appeared, connecting the green doors and the skylight together.
‘The green doors and window are the vulnerable entry points created when an application is implemented. The red line is the Internet. It connects the meter reader to the energy company, and the billing system to the customer’s bank for the direct debit payments. With that one application, you’ve just opened up two entry points into the customer’s confidential online information, and an entry point into the bank and the energy company.
‘Now let’s list a cross section of businesses, service providers and government departments that the average person is likely to deal with.’
A number of services appeared across the bottom of the screen, each enclosed in a black box with the lid shut:
Energy
Banking
Telecommunications
Information & Television
Tax/Pension Departments
Defence & Military
Air, Rail & Road Transport
Hospitals & Health Services.
‘I’m going to put in another application, a credit card or direct debit instruction to a bank to settle the charges for any of these services.’
Immediately he hit the Enter key, green doors and windows opened in every box and the screen was filled with buildings, all with multiple green entry points. A spaghetti-like mass of dotted red lines connected them all together and led into each of the open boxes. The US map was almost obliterated by the Internet red line, showing how ultimately any application became interlinked to the customer, the banks and the industries involved.
Middleton paused for a moment, letting his audience take in the implications of his slide. ‘And nowadays, more and more data is stored in what we call the Cloud, which is a global network of remote physical equipment whose information is stored and managed in a virtual fashion on the Internet. Let’s imagine that it actually looks like a cloud sitting over the US.’ A silver network appeared, floating over the map.
‘Now, let’s see those applications being connected to virtual networks in the Cloud.’ The screen was now entirely covered by the buildings and boxes with green doors and windows, all linked by red spaghetti lines in each direction and going up and down to the menacing shape of the silver network, hovering above the US map like a spider’s web.
‘If a hacker breaks into any of the hundreds of green entry points on this map – and frankly, it’s not that difficult – he opens up access to the global Internet Banking Network and to most government, industrial and business entities all over the country. And, of course, what applies to the US, applies to the whole world, because the Internet links all global information networks. And the IoT is multiplying these entry points at an exponential speed, every single minute of every day. The truth is that any clever hacker with a malicious intent, or even just looking for a thrill, can penetrate the information system through these entry points. And once inside the system, that person can cause untold damage, and especially damage to our essential services all over the world: power, water, communications, banking, defence, hospitals, food distribution. You name it, it’s vulnerable.’
Middleton waited a moment, then said, ‘I’ve just showed you two applications. There are millions more.’
SEVEN
San Diego, California, USA
April 2017
Leo looked around the room. It seemed that everyone started speaking at the same time. Looks like he got their attention, he thought to himself.
Chillicott went back to the screen and brought up another headline:
WHAT’S BEHIND THE DARK WEB?
‘When we talk about the Dark Web, we’re usually referring to the most sickening and terrifying perversions of the Internet: violence, pornography, children and people exploitation and trafficking, aiding and abetting terrorism and other despicable activities that hide in that impenetrable space in the ether. Those areas are already getting attention, because they’re real and specific. That forces us to prepare and execute a plan of counter-action in a targeted, focused way. But today, our objective is to get you to think about the non-specific threats and dangers, the vast areas of Internet activity we just take for granted. All the stuff we do every day that we wouldn’t be able to do without the Internet. Let’s look at a few current statistics.’ He brought up another slide and read off the items:
‘GLOBAL INTERNET ACTIVITY – 2016
‘Data across Internet (Global IP Traffic) – 1.2 Zettabytes/Year = 1.2 Trillion Gigabytes
‘Number of Internet Users – 3.8 Billion – 50% of World Population
‘Number of IP Connected Devices – 17 Billion – 2.4 x World Population
‘Number of IoT Connected Devices – 6 Billion. Projected 2025 – 75 Billion.
‘Number of Digital Payments – 480 Billion. Increase over 2015 – 10%.
‘Value of E-Commerce Sales – $1.9 Trillion. Increase over 2015 – 20%.
‘Number of Apps Available (Business & Consumer) – Over 5 Million.
‘Number of Facebook Users, 2017 – 2 Billion – 25% of World Population.
‘I guess I don’t need to show these statistics, you should know them off by heart. But something that most people never think about is this: whether we like it or not, unless you’re in the middle of the Amazonian jungle, everything that you and the businesses and folks around you do, gets done courtesy of the Internet. There’s hardly a single activity that doesn’t involve transmission of data between two points, and that means via the Internet. So, the corollary is kinda self-evident. If you cut off the Internet, you cut off the world’s activities.
‘Dr Middleton has just shown you some of the vulnerable points created by a couple of common applications. But you development experts know that the constant increase in Internet users and applications flooding out every year are making it more and more vulnerable and impossible to control. To put it another way: nowadays, we don’t govern the Internet, it governs us! And it’s way past the danger point.’
He paused and took a sip of water. ‘The fact is, the Internet is already out of hand, and you guys have to remember that in your development work. What’s more, in our opinion, you have a responsibility to help us take action to create and enforce security controls around this world-changing phenomenon. We’re gonna explain why and how you can do that.’
He looked at the TV screen. ‘Your turn again, Hugh.’
The slide of the US map covered by the buildings and boxes, all linked by red spaghetti lines in each direction and up and down to the silver network – the Cloud – was now entitled:
INTERNET AND CLOUD. A VICIOUS CYCLE.
Middleton said, ‘The threat to our modern world doesn’t come from credit card payments or automated meter reading, or any other application, existing or yet to be invented. Nor does it come from illicit activities, radical preaching or horrific violence shown online. It comes from all of them, because they all travel the same path and end up in the same place. Today’s threat is the matrix that brings together all of our essential services, every part of
modern transactions, especially mobile transactions, and all the perverse corruption and abundance of hate available for the radicalisation of ordinary citizens, into that single place. It is the Internet itself, the greatest threat facing the world today. We can obtain or provide online just about any information we choose, truth or lies, for good or for evil. And behind the Internet is the Dark Web; a corrupt, impenetrable hiding place for sickening perverts and insanely dangerous fanatics hidden beneath shadow sites. But we don’t know who uses these sites, nor what they use them for, and there is no way we can find this out.
‘The Internet fills the ever-expanding Cloud with data, but again we have no idea how much data or information it contains. Like the Internet, the Cloud is vulnerable, from the users who send and store their data there, and from all of the “accidental” points of entry and hidden portals we talked about earlier. As the number of computer users and applications expand exponentially, we no longer know what is real and what is virtual. But we do know that the amount of data they produce and store is filling up this Cloud with valuable and potentially dangerous information, and that the Internet is the key to the Cloud.’
On the screen the silver network over the Earth broke apart and a large key, labelled ‘Internet’, appeared in the centre.
‘At the institute, we spend all our time worrying about the security of the Internet. It’s the one common connecting point into every aspect of our lives and businesses, and it’s the entry and communicating point for those who would like to hurt us. And it’s going to get worse, because there is nothing we can do about it, since we have no control whatsoever.
‘What’s more, we know from our experience of hacking attacks that the attackers are much cleverer than the defenders. And in a strange way they are more motivated to succeed. They are often young people who sit in their bedrooms with a PC or laptop, either because they have been left to their own devices, or they prefer remote relationships to real-life contacts. They become insulated from reality, addicted to the technology, and they relate to like-minded youngsters, in a digital way, online, people they have never physically met.