Book Read Free

Cyber Warfare

Page 14

by Bobby Akart


  Chapter 2

  May 8, 2016

  3:07 p.m.

  The Hack House

  Binney Street

  East Cambridge, Massachusetts

  Andrew Lau stared intently at the iMac monitor array as Leonid Malvalaha deftly navigated the mouse. Malvalaha and Lau’s other longtime graduate assistant, Anna Fakhri, had continued in their new endeavor, despite the potential risk of criminal prosecution.

  Through the process of pen testing, Lau identified zero-day vulnerabilities in a computer network and took advantage of the security holes before the network’s IT department could find a solution. Once the vulnerability window was identified, the zero-day attack inserted malware into the system. The Game, as Lau called it, required the attacked entity to pay a ransom in exchange for a patch to their security. Prior to today, their hacks didn’t directly risk lives, though their February hack on behalf of the Las Vegas service employees union resulted in many unforeseen deaths. They were more selective in their project after Las Vegas, until now.

  “Malvalaha, run us through the hack,” said Lau, patting his trusted associate on the shoulder as he walked by.

  Lau’s core group consisted of Malvalaha, Fakhri and newcomer Herm Walthaus, who had proven himself by creating a cascading blackout of the Las Vegas power grid—no small feat. In a way, this was a team of misfits—although talented ones. They came from diverse backgrounds but shared a common goal of advancing their personal wealth.

  “We’re monitoring American Airlines Flight 129, which departed Dallas around forty-five minutes ago,” stated Malvalaha.

  His desk resembled the cockpit of a sophisticated aircraft, with six flat-panel monitors at his disposal. He pointed to the screen that displayed FlightAware, an online tool providing up-to-the-second statistics on any airline flight.

  “Flight 129 is currently over St. Louis and has adjusted its flight path directly to Washington Dulles airport. The aircraft is a Boeing 757-200, flying at approximately four hundred eighty knots, or five hundred and fifty miles per hour. Altitude thirty-three thousand feet.”

  “Tell us what your research has shown,” said Lau.

  Fakhri addressed her former professor, now hacking partner. “Since 9/11, there have been conspiracy theories surrounding the commandeering of the four aircraft by the terrorists,” said Fakhri. “One such theory is the aircraft was part of a false-flag attack initiated by the government. As the argument goes, based upon 2001 technology, NORAD—the North American Aerospace Defense Command—took control of the planes and purposefully crashed them into the World Trade Center and the Pentagon. The most prevalent reason cited for the false-flag operation is that the government wanted to justify initiating a war in the Middle East.”

  “For our purposes, we’re not interested in the false-flag theories,” said Malvalaha. “We focused on the concept of the remote takeover of a commercial aircraft. The technology exists, and it has, in fact, been used by the military in the past. Today, we will hack the aircraft via the flight management system, and make ourselves known.”

  “My father is a pilot for the 757-200 airframe,” said Walthaus. “We always had sophisticated flight simulators in our home growing up, and naturally they provided more entertainment for me than a PlayStation. I’ve never physically flown an aircraft, but I am an expert on the flight sim.”

  “I thought the FAA disproved the theories surrounding remote access of the onboard computers,” said Lau.

  “True to an extent,” said Fakhri. “A security consultant from Germany claimed to have hacked an aircraft using an Android telephone application. Later, one of his peers accessed the aircraft’s network by connecting through the in-flight entertainment system. He then used a modified version of Vortex software to compromise the cockpit’s system.”

  “When pressed for a response, the FAA was selective in its choice of words,” said Malvalaha. “They equivocated using the phrases described technique and using the technology the consultant has claimed.”

  Lau laughed after this statement.

  “The government has a lot of experience with misdirection,” said Lau. “Our most sophisticated operations were panned as impossible by the experts and their friends in the media—even after we successfully accomplished them!”

  “When researching this online, we discovered that American Airlines and Boeing launched a Bug Bounty program, offering a million free air-miles to the good guys—the white-hat hackers,” said Walthaus. “These ethical and conscientious hackers shared their findings online. We took their findings as a starting point and found the vulnerability window we were looking for.”

  “Continue,” said Lau.

  If Lau could publish his work, he would surely win the Carnegie Foundation award as Professor of the Year. Then again, he might be teaching second-grade math to his fellow inmates.

  “We’re going to use the government’s safeguard technology against them in two steps,” said Malvalaha.

  Lau turned his Red Sox cap backward—an unconscious signal that it was time to go to work.

  “First, we access the Boeing Uninterruptible Autopilot system,” said Fakhri. “The patent for the system was granted to Boeing in 2006, as a method of taking control of a commercial aircraft away from the pilot or flight crew in the event of a hijacking. The uninterruptible autopilot can be initiated by the pilots via onboard sensors or remotely through government satellite links.”

  “As far as the public knows, no Boeing aircraft has been retrofitted to include this technology, although rumors abound to the contrary,” said Walthaus. “After the disappearance of Malaysia Flight 370, the Prime Minister of Malaysia claimed Boeing or individual government agencies utilized the uninterruptible autopilot to down the aircraft. I’m sure he alluded to the CIA.”

  “An online search supported his theory,” said Fakhri. “We researched the rules issued by the FAA on the Federal Register website and found a Special Condition granted to Boeing for the Model 777 aircraft, allowing the installation of the uninterruptible autopilot software.”

  “But we’re tracking a 757,” said Lau.

  “Yes, we are,” said Walthaus. “The FAA, in its action, authorized Boeing to conduct tests of the new system in six of its 757 aircraft, plus the system was initially designed for the 757. We researched all of the top contractors who work under Boeing’s Defense division. Typically, new technology ends up in the hands of our Defense Department.”

  “We found the company hired to install the system—Alion Science and Technology,” said Fakhri. “Their technology solutions sector manager, Robert Hurt, gave a presentation at a Raytheon trade show last year, which was published online. After some digging, we have the details on the six 757 aircraft participating in the program.”

  “American Airlines Flight 129 is one of them,” said Malvalaha.

  Chapter 3

  May 8, 2016

  3:12 p.m.

  American Airlines Flight 129

  33,000 Feet

  Near Evansville, Indiana

  Gray exhaled deeply when the green light on the keypad illuminated. He and Bird quickly entered the cockpit and slammed the door shut.

  “What the hell is going on, Bill!” exclaimed Gray as he climbed into his seat and strapped in. Bird positioned himself in the jump seat. Gray quickly examined the onboard computer monitor and activated the Fasten Seat Belt sign.

  “Talk to me, Billy!”

  “The controls are unresponsive,” muttered Applegate. “We are in a rapid descent, and the controls will not respond to any of my commands.”

  “You have to call a Mayday, Randy,” said Bird.

  Gray looked at the altitude control indicator. They were in a descent, but not an insurmountable one—yet. The altimeter read twenty-four thousand feet.

  “Billy, are you with me?” asked Gray.

  Applegate barely muttered a response.

  “Billy, why don’t you trade seats with Captain Bird,” said Gray. “You need a break, a
nd Stacy is an experienced captain. Come on now, let Stacy swap with you.”

  Applegate slowly removed his seat harness and traded seats with Bird, who immediately leaned across the center console.

  “Should I escort him off the flight deck?” asked Bird.

  “He’s just shook up,” said Gray. “Call in the Mayday, and let me figure this out.”

  Bird’s attempt to access the onboard computer proved fruitless. The keyboard was unresponsive.

  “We’re one hundred miles east of St. Louis,” said Gray. “Try SDF. Wait, not Louisville. We’ll need Indianapolis Center.”

  “Mayday, Mayday, Mayday, Indianapolis Center. American Airlines one-two-niner heavy declaring an emergency,” said Bird. “I say again. Mayday, Mayday, Mayday, Indianapolis ZID. American Airlines one-two-niner heavy declaring an emergency.”

  “American one-two-niner, this is Indianapolis Center. We copy your Mayday,” said a representative of the Indianapolis Air Route Traffic Control Center. The primary responsibility of Indianapolis Center was to monitor and separate flights within the seventy-three thousand square miles it covered in the Midwest. Today, a new task presented itself. “What is the nature of your emergency?”

  “Indianapolis Center, onboard controls are unresponsive. We are under power and in a steady descent now passing twenty-two thousand feet,” said Bird. “All other flight deck functions appear normal.”

  “Roger, American one-two-niner. All stations. All stations. Indianapolis Center. Mayday situation in progress. Stop transmitting. Repeat. Mayday situation in progress. Stop all transmissions.”

  Gray sat back in the pilot’s seat and looked around the Orbiter flight deck, searching for clues—and answers. Nothing made sense. The entire console appeared normal. The monitors functioned properly, displaying their current flight parameters; however, the keyboard for the onboard computer continued to be unresponsive.

  “We’re leveling off,” said Bird, pointing at the altitude control indicator. “Son of a bitch, we’re holding steady at twenty K. I’ve never seen anything like this.”

  Neither had Gray.

  “American one-two-niner, this is Indianapolis Center. Boeing technical team is en route, and Homeland Security has been notified.”

  “Roger, Indianapolis Center,” said Bird. “Be advised, altitude has leveled off at twenty thousand feet. Steady on original course.”

  “American one-two-niner. Indianapolis Center. Roger.”

  “Homeland Security?” asked Bird.

  Gray understood the gravity of their situation. If he couldn’t demonstrate positive control of the aircraft, it would not be allowed to reach Washington.

  Chapter 4

  May 8, 2016

  3:13 p.m.

  The Hack House

  Binney Street

  East Cambridge, Massachusetts

  “Now that we’ve entered the plane’s Wi-Fi system, it’s necessary to hack through the firewall of the aircraft communications addressing and reporting system, or ACARS,” said Malvalaha. “This will give us access to the plane’s onboard computer system and the uploaded flight management system data.”

  Lau watched intently as his protégé navigated through the plane’s servers.

  “You’re in!” exclaimed Walthaus. “My turn, Leo.”

  Malvalaha relinquished his chair to Walthaus, whose only experience with an airplane was playing on his father’s computer as a teen.

  “The aircraft is flying on autopilot,” said Fakhri. “That’s good. Right about now, the pilots are relaxed and completely unaware of our presence.”

  “First, I will initiate the uninterruptible autopilot system, which will prevent the flight crew from interfering with us,” said Walthaus. “These controls are considered fly-by-wire, which have replaced the conventional manual controls of the aircraft with an electronic interface. The yokes that control the aircraft may provide certain inputs into a flight-control system, but with the uninterruptible autopilot system initiated, the crew can flail around all they want, and their actions will not be recognized.

  “First, we’ll adjust the altitude to twenty-six thousand feet—just to let them know we’re flying their plane,” he continued. “Watch here.”

  Walthaus pointed to FlightAware, and Lau turned his attention to the screen. When Walthaus refreshed the screen, the airspeed had declined, along with the aircraft’s altitude.

  “Whoa!” exclaimed Walthaus. “Sorry about that! It’s hard to adjust the controls using a mouse and its cursor. I just took the plane into a dive and probably scared the shit out of everybody on board. Let me level this off at twenty thousand feet.”

  “Is that too low?” asked Lau.

  “No, eighteen thousand feet is considered the upper end of an air traffic’s transitional level, where the most activity takes place,” said Walthaus. “We’ll maintain this altitude and course for a few minutes, to give everyone on board an opportunity to catch their breath. Then we’ll climb back to thirty-three thousand feet.”

  Ordinarily, the Zero Day Gamers had a profit motive. The hijack by hacking of the American Airlines flight was a test. Today, they would determine whether the hack could be achieved, in addition to gauging the government’s response.

  “At this point, the pilots have probably reported a Mayday to the nearest air traffic control tower—either St. Louis or Louisville,” said Malvalaha. “Their flight training would dictate a simple procedure of turning off the autopilot and resuming control of the aircraft manually. Unfortunately for them, the Boeing Uninterruptible Autopilot system has built-in safeguards that prevent the pilots from overriding our controls.”

  “What prevents NORAD or the FAA from taking over the operation of the plane via its satellite controls?” asked Lau.

  “We’ve installed a version of the TeslaCrypt Ransomware onto the plane’s servers,” said Malvalaha. “This malware blocks access to the aircraft’s onboard computers by everybody until released by us. In the future, we’ll provide them a message with a monetary demand. Today, we’re just sending a message.”

  Chapter 5

  May 8, 2016

  3:17 p.m.

  NORAD—Air Defense Operations Center

  Cheyenne Mountain Air Force Station, Colorado

  “Sir, Wright-Patterson has been notified of the situation,” said the technical sergeant who was manning the console tracking American Airlines Flight 129. “I have Lieutenant Colonel Darren Reynolds on the line, sir.”

  Colonel Arnold pressed the remote transmit button for his headset. “Colonel Reynolds, this is Colonel James Arnold. Please stay on the line as we assess the situation.”

  “Colonel Arnold, we have scrambled two F-16s. Time is running out. Once ADOC was notified, we ceased communications with the Indianapolis Air Traffic Control Center and turned comms over to you.”

  “Thank you, Colonel,” said Arnold. “Sergeant, contact the aircraft.”

  “American Airlines one-two-niner, United States Air Force Air Defense Operations Center. Over,” said the airman.

  After a moment, the response came through the overhead speakers.

  “Air Defense, this is Captain Randy Gray.”

  “Captain Gray, this is Colonel Arnold. What steps have you taken to gain control of your aircraft?” asked Colonel Arnold.

  “The most logical step is to turn off the plane’s autopilot,” said Gray. “But the autopilot is unresponsive. In fact, all of our controls are unresponsive. We’ve had no flight control for nearly seventeen minutes now.”

  “Stand by, Captain Gray,” said Colonel Arnold.

  He pointed to the sergeant to mute the conversation, waiting several seconds before addressing his team.

  “If this 757 is outfitted with Boeing’s new autopilot system, why haven’t we simply taken control of the aircraft?”

  “Malware has been inserted into the aircraft’s onboard server network, preventing any type of outside access,” said another airman. “Boeing technical support is
working on a solution, but so far they have been unsuccessful.”

  “Colonel Reynolds, what is the ETA on your F-16s?” asked Colonel Arnold.

  Arnold took a deep breath during the pause and studied the global positioning of Flight 129. The plane would be over a desolate area of Eastern Kentucky in roughly ten minutes. He had to escalate this to USNorthCom. He was not going to sentence 237 passengers and crew to their death without further orders.

  Chapter 6

  May 8, 2016

  3:23 p.m.

  F-16 “Fighting Falcons”

  180th Fighter Wing

  24,000 Feet

  Near Lexington, Kentucky

  “Roger, Giant Killer, awaiting orders,” said Smash Seven, the lead F-16 pilot dispatched to intercept Flight 129. “We will maintain two four thousand at the four o’clock and eight o’clock positions.”

  “Copy, Smash Seven,” said Smash Eleven, maintaining his position above the left rear of the 757 aircraft. “Smash Seven, switch to alternate frequency Charlie. Repeat, switch to alternate frequency Charlie.”

  “Go ahead, Smash Eleven.”

  “Are we going to shoot down a commercial airliner?” asked Smash Eleven.

  “Certainly not what I had in mind when I woke up this morning,” said Smash Seven. “It must be hijacked.

  “Look, they’re climbing. Return to primary frequency.”

  “Switching,” said Smash Eleven.

  “Giant Killer, Smash Seven. Aircraft appears to be in ascent. Repeat, aircraft is ascending. Now climbing to two four thousand,” said Smash Seven. “Now two eight thousand. Please advise.”

  “Roger that, Smash Seven,” said Giant Killer. “Maintain present heading and adjust altitude to three six thousand.”

  The F-16s rose in altitude to maintain a height advantage over the 757.

 

‹ Prev