Book Read Free

Tyranny of Secrets

Page 4

by John Statton


  “You know that’s our seminar time.”

  “Then I know you are free. Class is canceled. Oh, you’ll need the whole day, and I hope Friday too.”

  ***

  Mariana was met at the front door of NetSecure’s offices and escorted into the cavernous meeting space. A wall-sized video screen dominated the far end of the room with her name and nineteen others down the left side of it. Below the screen, on a raised stage area, a microphone stood ready on its stand. Arranged down the center of the room were two rows of ten tables with workstations and chairs.

  The cream of Berkeley, MIT, Caltech, Stanford, Carnegie Mellon, Harvard, University of Washington, and the nation’s other top computer science programs were nervously circling the coffee and donuts. These twenty-somethings were all feeling a little out of place, each had agreed to come for a computer competition, but none knew anything more than that.

  Mansfield stood at the mike and tapped it a couple of times for quiet.

  “Welcome to NetSecure’s cyber-firing range. We felt it was a great place to hold this session. You are each the best and the brightest of your university’s computer science programs. Congratulations…it got you entry into our game.”

  “The point of this is something we’re deliberately a little murky about. We represent this nation’s national security agencies. Bluntly put, we’re identifying talent. If you reach the level we’re looking for, we will have a further conversation. If not, we are grateful for your willingness to play. Please select one of the workstations. Each has a complete suite of standard software tools and connectivity.”

  After a few minutes of general confusion, each of the twenty found a desk. They settled down and turned their attention back to Mansfield.

  “To win today, you are going to need to be able to handle skilled cryptography and systems penetration at the highest levels. There is a five-hour time limit, but if you finish early feel free to depart, and we will let you know later today if you will be coming back tomorrow. There are no rules. Do what you need to win. The game starts now.”

  Everyone heard the starting chime.

  ***

  Mariana touched the keyboard, and the screen brightened to reveal a photo of the Hindenburg going down in flames and the text, “Find the message”. It took a minute for her to familiarize herself with the Windows workstation and its software. She paused and looked around. On the room’s wall screen a yellow disk appeared next to each name. The game was on.

  The blimp is not an inspirational message, she thought, but it did remind her of an old technique for finding information in an image: digital steganography. Alter the color of every few pixels and get a different picture completely. The trick to working out the code was to know which pixels, and she got busy digging into the problem. The fiery photo eventually yielded its secrets with the words “Nero Claudius” and a line of letters.

  She immediately wondered if this could be a “Caesar cipher”. Rumored to have been invented by Julius Caesar, these were simple substitution codes, hiding their secrets by shifting letters up or down the alphabet by a set number. Since Nero was the fifth emperor, she successfully tried that as the offset.

  It yielded a link to a message board on Reddit, and after clicking on it, she stretched out the stiffness in her arms. Looking around, she noticed on the wall screen, next to her name, there were two green disks and a new yellow one, corresponding to her current task. She was one of three players working on the third cipher already.

  The encryption techniques kept jumping up in difficulty. At one point, she flipped back to reexamine the original image of the Hindenburg, and found previously hidden prime numbers. Multiplied together, these produced an IP address taking her to a website. That revealed a clue in ancient Akkadian, a Semitic language related to modern Hebrew. The clue could only be broken using a Gematria, a Kabbalistic code table used for computing the numerical value of words. At each stage she was among the first to advance, but others were nipping at her heels.

  The last cipher led her to another website displaying the message, “Welcome to NetSecure. If you have a message for the Game Master, please leave it in the inbox.”

  But there was no way in. She thought, Unbelievable to have come so far and to get stuck at this wall. The others had moved through the first few puzzles, but many were getting bogged down in the more complicated later ones. But shortly after she reached the NetSecure website, two others joined her in seeing the message.

  OK, Mariana thought, it’s time for round two, “breaking and entering,” my favorite part. She started her attack run. An hour later she admitted NetSecure was a leading security company for a reason; its system security was the best she’d ever encountered. A glance at the wall screen showed a dozen players had now reached this point in the game. A look at her fellow contestant’s grim faces made it clear none of their traditional intrusion approaches were working to crack this final challenge.

  She gathered her thoughts, and with a sudden flash of inspiration decided to take a different path. She connected to the local power company, breaking into its system using an old hack still in place. In case other players got a similar idea, she carefully shut and locked the door behind her. From there she isolated a smart printer at her current NetSecure street address that, for conservation purposes, was networked to the power company for monitoring its electricity consumption. With a unique hack she built for her dissertation, she used power line networking to take control of the printer and used its LAN connection to gain access to NetSecure’s system. Unorthodox, but effective.

  From inside the NetSecure firewall she assigned herself system access credentials, further opening the company’s networks to her intrusion. After which it was a simple matter to access the company’s email system and leave her message for the Game Master. It was noticeable she had succeeded when, on the wall screen, the yellow disk next to her name turned green. She was the first. As she got up to leave, she wondered how many others would find their way in.

  As she walked out the front of NetSecure, she heard, “Hey, hold up a minute,” coming from behind her. She turned and saw a short angry-looking guy hurrying to catch up.

  “Can I help you?” said Mariana.

  “You were first to finish. I was right behind. What the fuck do you mean closing the backdoor at the power company? It had to be you. That was an exploit a lot of us use, you bitch! You blocked my path on purpose,” he said.

  Mariana was inwardly surprised anyone else could have followed her so quickly, and she stood her ground. “Too bad, shithead. I play to win.” With that, she turned and walked away. In the face of her indifference, all he could do was sputter.

  ***

  Mansfield called them together the next morning. “Day two, people. Thanks for returning. May I also say congratulations on making it this far, you may have noticed a few players are missing.”

  It did not take long for Mariana to count to twelve. She noticed Shithead was unfortunately still around.

  Mansfield continued, “Cyber-weaponry relies on vulnerabilities, a weakness in a network's defenses. You all showed how proficient you are at using software exploits to take advantage of those openings, and enter an otherwise well-guarded system. Well, today you are going to push your capabilities to the extreme.

  “We’re going to divide you into aggressors, the Red Team, and defenders, the Blue Team. The goal is defense, or takeover, of a NATO airbase. Key infrastructure includes air defense, air traffic control, fuel supplies, communications, drone control, power, sanitation, and water systems. Each team will have one hour to familiarize themselves with each of these and devise your strategy. Now, Red Team over here.” He pointed to his right and read off six names. “The rest of you are the Blue Team.” He looked to his left. “Good luck to both teams, but only one of you is going to win.”

  Mariana was a Blue Team defender of the beleaguered airfield. At least Shithead is on the other team, she thought.

  The “Good Guys,�
� as the defenders came to view themselves, pulled up chairs into a circle and introduced themselves to each other. Mariana half-listened while trying to think how they could have some advantage. Defense was always difficult in the face of a determined attack. Suddenly one of her teammate’s names caught her attention.

  She broke in and said, “Scott Chu? Holy smoke, are you…?”

  “Dragonmaster, yeah,” he replied. A legendary Windows operating system hacker, Dragonmaster established most of the popular hacking entry points into that ubiquitous program. The same system they were using in this competition.

  Mariana made a suggestion to the group, “Look, as soon as the timer goes off we’re going to get slammed with everything in their arsenal. It’s going to be hell plugging the leaky dam we’ve been given. Eradicating them from our systems when they get in is going to be tough. Does anyone think we are not going to lose a war of attrition?” She looked at each and got no denials, but she also got no assents. The group was waiting. “Dragonmaster, we need your talents,” she said, “and here is what I think we should do…”

  After an hour, the starting chime sounded throughout the meeting room. Team Red seemed to pause for a moment, and then the attacks began. Instantly, Red prosecuted multiple attack campaigns simultaneously. They were provided with zero-day exploits, vulnerabilities not known to the system’s defenders. Zero days were open backdoors, the fuel of hacking. The Red Team opened a lot of these doors all at once.

  Mariana saw her threat board light up, and she turned to Scott, “Better jam, Scott. Good luck!”

  “You too, Mariana,” came the reply as he turned to his keyboard and monitor. He locked in and started his job.

  Mariana and the rest of the defenders got slammed. Red advanced on half a dozen different fronts. Chaos reigned as diverse systems became infected with malware. Blue was hit with viruses, worms, and logic bombs. As quick as they could fend off one attack, another emerged from a different vector. They were under heavy “live-fire” and were on the thin edge of losing.

  Mariana looked up and saw Shithead grinning at her with a savage joy. Their eyes locked in a challenge.

  “There goes drone control,” said one of her teammates as they watched the simulated command-and-control drone auger into the runway.

  System by system, they were losing the base to Red’s assault. Sanitation and water were also gone, and now power became the aggressors’ focus. The game had been running for hours, and her team was exhausted. Red relentlessly drilled in. Mariana glanced at Scott. He was in the zone with his keyboard and screen, seemingly oblivious to the rising tension and clipped words exchanged around him.

  Mariana got in his face, “Dragonmaster, it’s crumbling around us, what can you do?”

  “Five more minutes, all I need, I swear.”

  “You got it.” She turned to the other team members to make sure they had heard. “Time to double down folks,” she said. “We may not be able to evict this evil scum, but we can keep them from getting any further for the next five. Dig deep defense!”

  It didn’t take that long. Three minutes after Mariana rallied her team everyone’s systems froze, and the chime sounded across the room. Both Red and Blue were uncertain what had just happened. From everyone’s perspective, they stopped at the climax of the battle.

  Mansfield stepped to the front of the room and took the microphone. “All right, thank you Red Team, thank you Blue Team. Wow, an intense fight, people! Well done. But we have a winner. Mr. Chu, would you like to explain who came out on top?

  “It would be Blue Team,” exclaimed Scott with a fist pump, and shouted whoops soon followed from the Blue Team players. “While Red engaged in the full-court press, they forgot to watch their back. I was able to go through their Windows operating system and take control of each workstation. You shut me down before I could have any fun.”

  While Scott talked, it gave Mariana a gratifying feeling to catch Shithead’s eye and flip him off.

  Shortly after this, Mansfield ended the session, giving his thanks for their participation and bidding them goodbye. As Mariana filed out the door she saw Professor Wainwright, who beckoned her into a private side room. After they had a chance to say hello, Mansfield walked in.

  #

  Chapter 5

  The Major Leagues

  May 2002

  “Congratulations, Ms. McAllister. You were the undisputed winner of our game,” Mansfield said. “It's nice to meet you.” He gave her a firm handshake and looked in her eyes.

  She saw someone intelligent looking at her. “I don’t understand. Scott was clearly the one who took down the Red Team.”

  “That’s not what we were measuring; today was all about leadership. You made the proper strategic and tactical assessment, had the idea to divide your team’s forces in the face of an otherwise certain loss, and got your members to subscribe. They’re the qualities we’re looking for. Yesterday was the cut on technical skill, and you outpaced the competition there too.”

  “Our mutual friend,” Mansfield said with a nod at the professor, “tells me you’re uniquely gifted in the field of computer security. I think his words were, ‘This girl can code rings around anyone.’ If you know him as well as I do, it’s exceptional praise. After watching you compete, I may agree.”

  Mariana favored the professor with a quick smile and responded, “I can hold my own, Mr. Pickett, you don't have to butter me up. I'm a big girl and confident in my abilities. Why don't we all sit down and you can tell me about your needs? Do you have a position in mind?”

  Mansfield chuckled and sat back. He turned slightly to face the professor. “Direct and aggressive, just like you said.” Turning back to Mariana, he added, “It’s a combination we value.”

  Mariana relaxed a bit and reached out to pour a glass of water from the carafe on the table. She settled back and smiled at Mansfield.

  He continued, “I’m the CEO of this company, and I’m assembling a team of elite coders. The front of our house handles IT security for businesses around the globe. The back of the house handles work for a limited clientele; customers like the NSA, FBI, and CIA. As many people as the intelligence community has working on cyber issues, they still need bespoke software development and deployment.”

  “What do you mean by development and deployment?”

  “We’re going to do secret things, for some good causes, and we need people who can be both exceptional software designers, and also patriots interested in helping this country.”

  “What kind of projects? Can you give me a clearer picture?”

  “Let’s speculate about helping to map the global digital terrain, to identify vulnerabilities in adversaries' network infrastructure. It may be valuable for US intelligence agencies to have an off-the-books operator who can develop exploits to take advantage of those weaknesses.”

  “Off-the-books conjures up visions of prison in a girl's head, too much like a bad novel where there is a fall guy when things go wrong.”

  “It’s not a worry, since we are under the protection of the Fort.”

  Wainwright roused himself from his quiet observation of the conversation and said, “I'm testimony to No Such Agency’s interest in this new company.”

  Mansfield pressed Mariana a bit, “You know how vulnerable this country is to a cyber-attack.”

  “Yes, the fact most factory controls are still essentially security-free is an area I focused on in my research. We’re just a step away from disaster. Like when hackers crashed that steel mill in Germany, all hell broke loose when the furnaces ruptured and spilled molten steel over the workers and works.”

  Mansfield grimaced and said, “We are in total agreement. In fact, we’re shopping for white-hat hackers of exceptional potential to address this country's vulnerabilities. I'm looking for a few good computer scientists to join our cyber-force.”

  “It's going to take more than a few, and the type of people you want don't take well to military-style discipline.”


  “Yeah, don’t I know it. Wrong choice of words, this is joining a company, not the military. I'm looking for my major teams’ leadership talent, and in return I'll promise the most interesting problems there are, lots of latitude in your work, virtually unlimited resources, a crazy generous salary, and did I mention we have a matching 401(k) and three weeks’ vacation to start? This opportunity is not your fathers’ NSA,” he said with a grin at the professor.

  Wainwright perked up again and exclaimed, “I represent that remark. My NSA pension is not nearly big enough.”

  Mariana leaned in to hear more.

  Mansfield complied, “What we do may not always seem clean. We just implement policy on behalf of our government. It's not all defense. We’re developing and implementing offensive capabilities as well. We’re not going to be concerned with the drive-by attackers who are spraying and praying for network access, or script kiddies, those are other people’s problems. Instead, we’ll go up against the state-sponsored groups, terrorists, and the occasional criminal mob. These are the real threats. Do you want to do things like mapping out Al-Qaeda's electronic connections? Then we’re the team you want to be a part of.”

  Mansfield sensed she was ready to decide. “I need people who understand how endangered America is, just how vulnerable. Who are willing to help honor the sacrifices others have made to help keep us safe. May I ask you to come on board?”

  Like most graduate students, Mariana needed a job, and this promised to be much more engaging than some software engineer gig down in the Valley. She also took some pride in winning an intense competition that had stretched her skills. But it was Mansfield’s last indirect appeal to her honored parents’ memory that pushed her decision-making in his favor. “Yes, I think I would like that. But I’ll need to discuss it with my partner before giving you a final answer.”

 

‹ Prev