Out of the Dark
Page 8
Although it’s certainly possible they really are judging by some of their other actions . . . or inactions, he reflected, thinking about what could have been accomplished by simply bombarding their adversaries’ positions with sufficient concentrations of a suitable neurotoxin.
“Another point, and one which relates to my concerns over their possible contingency planning,” Shairez continued, “is their computer networks’ resistance to our penetration.” She wrinkled her muzzle. “Their cyber technology, especially in their ‘First World’ nations, is even further advanced than other aspects of their technology. Gaining access to their ‘Internet’ is absurdly easy, and it’s difficult for me to believe, even now, how little thought they appear to have given to genuine security measures. Or, rather, I find it hard to understand how they could have failed to recognize the necessity of restricting certain types of information, rather than making it generally available.
“It’s become apparent to me and to my teams, however, that it really is blindness to the importance of securing information, not the absence of the ability to secure their systems. Indeed, despite the foolish manner in which they make so much vital information public, they also maintain a large number of truly secure databases, both government and private. Apparently, there’s a lively, ongoing background level of cyber war, as well. Some of those involved are clearly competing nation-states, trying to compromise one another’s secure systems. Other participants appear to be financial entities, attempting to ferret out one another’s secrets or, in some cases, to penetrate the nation-states’ systems in order to obtain what they call ‘inside information’ on financial regulatory decisions and processes. Still others appear to be groups of individuals unaffiliated with any nation-state or financial entity. Indeed, some of them—possibly even the majority of them—appear to be single individuals bent on penetrating various systems for reasons of their own.”
“And the reason you mention this is—?” Thikair asked when she paused.
“My teams believe they can penetrate virtually all of the cyber defenses we’ve so far identified, Fleet Commander, but they’re limited by their instructions to remain covert. Those defenses and intrusion detection systems are much more capable than we’d originally hoped—presumably as a direct result of the humans’ own ongoing cyber warfare—and it’s unlikely we could break into their systems without being detected.”
“How likely would they be to realize the attack was coming from someone other than another human group?”
“That’s impossible to say, Sir. Obviously, their security people are well versed in other human techniques, and if we were to attack them directly using our own technology, I think it’s quite possible they’d realize they were looking at something entirely new. On the other hand, they don’t know about us and we’ve gained quite a lot of familiarity with their own technology. We could probably disguise any penetration of their secure systems by using their own techniques, and in that case the natural reaction for them would be to assume it was, in fact, one of those other human groups rather than leap to the conclusion that ‘aliens’ were trying to invade their systems.”
Thikair flexed his ears slowly, grooming his tail more thoughtfully as he considered what she’d just said. She was right that they needed to discover anything they could about “contingency plans.” It was unlikely that anything the humans might have come up with could constitute a serious threat to his own operations, but even primitive nuclear weapons could inflict stinging casualties if he got careless. And while he himself was inclined to discount the possibility that anyone as manifestly stupid as humans would realize they were under cyber attack by “aliens,” it wasn’t outright impossible.
Of course, even if they realized the truth there was precious little they’d be able to do about it, unless Shairez’s teams discovered something truly startling.
Stop right there, Thikair, he told himself. Remember, however stupid these creatures are and however crude their technology may be, they aren’t weed-eaters, and you’re talking about a planet with billions of them crawling around on its surface. And the last time anyone in the entire Hegemony actually fought anyone much more sophisticated than these humans were when the Barthoni first visited them was—what? Close to a standard millennium ago—over two thousand of KU-197-20’s local years. In fact, it was us, fighting each other before we ever encountered the Dainthar-damned Hegemony. So even though Shairez probably is being overly cautious, a little excess caution in a situation like this is unlikely to hurt anything, whereas too blithe an assumption of superiority might well get hundreds of your warriors killed. So you do need to find out what their “contingency plans” are, and you need to do it in a way which will let you spend a few days considering what you discover before you have to attack. But how to do that?
He thought about it for several moments, then looked back across the briefing-room table at Shairez.
“I strongly suspect, Ground Base Commander, that you’ve already considered possible solutions to your problem.” His ears rose in a half smile. “You’re not the sort to simply tell a superior you can’t do something.”
“I try not to be, at any rate, Sir,” she acknowledged with a smile of her own.
“So, tell me, would your solution to this one happen to be launching your attack through one of their own groups?”
“Yes, Sir. It would.”
“And which of their groups did you have in mind?”
“I’ve been considering the nation-state called ‘Iran,’ Sir. Its relations with most of the First World nation-states are extremely tense and strained. In fact, according to what I’ve been able to discover, those relations have become progressively much worse over the last few local years. Apparently, internal unrest has been a problem for the current régime, and its opponents haven’t approved of the techniques it’s used to control that unrest.” Her ears twitched derisively. “These creatures’ insistence on forms and proper procedures is ridiculous, yet even allowing for that it seems apparent the régime has singularly failed to identify the true leaders of the unrest. Either that or, despite its opponents’ condemnation of its ‘extremism,’ it’s failed for some reason known only to itself to act effectively against those leaders and compel their submission.
“In the meantime, however, the hostility existing between it—and especially between it and the United States—could well be made to serve our purposes. Iran’s technical capabilities are generally much inferior to those of the United States, but there are specific areas in which those capabilities are rather more sophisticated. Given its relations with the United States and the ‘West’ in general, a cyber attack coming out of Iran would surprise very few of the human governments. The sophistication of the attack might well surprise them, but I believe they would automatically assign responsibility for it to Iran and simply order investigations into how Iran might have acquired the capability to launch it. And given the régime’s apparent propensity for routinely misrepresenting inconvenient truths, no one is likely to believe any denial it might issue in the wake of our attack.”
“I see.”
Thikair thought about it briefly, then flipped his ears in agreement.
“I think all of your points are well taken, Ground Base Commander,” he said approvingly. “And I quite agree that it would be well to discover everything we can about any ‘contingency plans’ the humans might have in place. For that matter, it’s probable that there’s quite a bit of generally useful information in those secure systems of theirs, and it would be wise of us to acquire as much as possible of it while the computers in which it’s housed still exist. One never knows when that sort of data might become useful.
“As for the possibility of using this ‘Iran’ as a mask, I approve entirely. Meet with your team leaders and come up with a plan to implement your suggestion as soon as possible.”
. VIII .
A human hacker would have called it a “man-in-the-middle” attack.
Gr
ound Base Commander Shairez’s carefully built remote was deposited on the roof of a coffeehouse in downtown Tehran. Despite the Iranian régime’s paranoia and perpetual state of heightened military alert, slipping the remote through its airspace defenses was child’s play for the Shongairi. Concealing it once it was down wasn’t a lot more difficult, either, since it was little larger than a baseball. The heavily stealthed, unmanned platform which deposited it found a convenient location, hidden in the shadow of an air-conditioning compressor, then departed through the moonless night air as swiftly and unobtrusively as it had arrived.
The location had been selected in advance after a previous platform’s incursion had “driven around” at high altitude listening for a suitable portal through which to enter the local WiFi system. The 802.11 standard wireless connection of the coffeeshop which had been chosen offered broad frequency wireless connections to interact with potential victims. Even better, it was completely unprotected, without even the standard WAP’s 64-hexadecimal key. It wouldn’t have mattered very much if it had been protected—despite the remote’s small size, its processing power would have sufficed to break even a substantially more challenging key with a brute-force approach—but it was convenient.
Now the remote inserted itself into the coffeeshop’s network and attempted to access the router. In this case, it was a common retail Linksys SOHO, and the coffeeshop’s owner had never bothered to replace the default password. The remote got in easily and looked around, checking carefully for intrusion detection systems. There was no sign of one, and it quickly established access and began modifying settings.
The first thing it did was to change the password and wipe out any logs which might have been recorded on the router. Then it modified the gateway—making the router send the traffic of any coffeeshop users through itself. Once it was able to view all the unencrypted traffic of all users of the coffeeshop’s connections, it began monitoring and recording. For two days, that was all it did—listen, record, and compress, then retransmit daily dumps of all communications in and out of the coffeeshop to the stealthed Shongair ship which had deployed it.
• • • • •
His name was Rasul Teymourtash, and he was a taxi driver. In a nation where political activism had become a dangerous, high-stakes game, Rasul was about as apolitical as a man could get. He went to mosque on Friday, accepted the five principles of the Usl al-Dn, performed the ten duties of the Fur al-Dn, and concentrated on keeping himself and his family fed. One of his brothers had been arrested, savagely beaten, and sentenced to fifteen years in prison last year for alleged activity in the outlawed Green Movement. Another had simply disappeared some months before that, which might have been one of the reasons for Rasul’s tendency to emulate an ostrich where politics were concerned.
He was also, however, a patron of the coffeehouse Shairez had chosen as her entry point into the Internet. On this particular day, Rasul dropped by the coffeehouse and connected his laptop to its router . . . by way of the Shongair remote. He browsed, he checked his e-mail, and then he decided to download an MP3 music file.
The authorities would not have approved of his choice of music, since Lady Gaga was not high on the list of acceptable musicians. She was, admittedly, rather longer in the tooth than once she had been, and she’d undoubtedly mellowed somewhat over the years, but no one could have mellowed enough—not from her original starting point!—to satisfy Iran’s leaders. Rasul was well aware of that, of course, yet he also knew he was scarcely alone in pushing that particular set of limits.
What he was unaware of, however, was that the Shongair cyber techs aboard Shairez’s starship had made good use of all the data their remote had transmitted to them. Which was why, along with his music video, Rasul had installed and run a Trojan Horse.
The virus turned his laptop into a slaved “bot”—the first of many—which began searching for computers to attack in the United States. Another Trojan, in a second laptop, launched a similar search against computers in the Russian Federation. Another began spying on China, and others reached out to Europe, Israel, and India.
By the end of the day, over six hundred Iranian bots were obediently working the problem of the United States, alone, and as they reached out to still more computers, their numbers continued to grow. They made no move (yet) against their primary targets. Instead, they started with e-commerce sites, looking for vulnerabilities they could exploit in order to worm their way up to the systems in which they were truly interested. They concentrated on the people who used the machines rather than the machines themselves, searching for weak passwords—capitalizing on the fact that human beings may have many online needs but tend to use the limited number of passwords of which their merely organic memories can keep track. They were particularly interested in members of the United States military, and with so many industrious little bots looking, they were bound to find something.
They did.
The first opening was an Air Force E-6, a technical sergeant stationed at Nellis Air Force Base in Nevada. Technical Sergeant James was an Airsoft enthusiast who had decided to order a GR25 SPR—a BB-firing electric version of the M25 sniper rifle.
He placed his order online, through a Website using a 1024 bit SSL/TLS key, a secure socket layer impossible for current human technology to defeat. In fact, even Shongair technology would have found it a challenge, but the bots had never been looking at breaking its encryption in the first place. They’d been looking for human mistakes, vulnerabilities, and they’d found one in the form of a default script left in place when the system was set up. Once through that open door, they were able to access the site’s data, looking specifically for military users like Technical Sergeant James. And in that data, they found James’ e-mail address and the password he’d used in placing his order . . . which, unfortunately, was also the password he used when accessing the Air Force’s logistical tracking system. Which, in turn, offered access to even more data and even more sensitive systems.
It took time, of course. Sergeant James was only one of many gaps the steadily growing army of automated intruders managed to turn up. But computers are patient. They don’t care how long an assignment takes, and they don’t get bored. They simply keep grinding steadily away at the problem . . . and they also don’t care who they are grinding away for.
And so, just under a week after Rasul had downloaded Lady Gaga, Ground Base Commander Shairez found the access points she needed.
. IX .
“Excuse me, Sir, but I think you’d better see this.”
General Thomas Sutcliffe, Commanding Officer, United States Strategic Command, looked up with a quizzical expression as Major General Yolanda O’Higgins stepped into his office. O’Higgins was a Marine, and under normal circumstances, she took the Marines’ institutional fetish for sharpness of personal appearance to unparalleled heights. It helped in that regard that she was a naturally precise, organized person—the sort who seldom had to scramble dealing with problems because she usually saw them coming well in advance. It also helped that she was probably one of the three or four smartest people Sutcliffe (who held multiple doctorates of his own) had ever met. She’d established her bona fides in Marine aviation when that wasn’t the sort of duty women normally drew, and played a major role in formulating the Corps’ input into the F-35 joint strike fighter, but her true strength lay in an incisive intellect and a pronounced ability to think “outside the box.” She was also widely acknowledged as one of the US military’s foremost experts on cybernetics and information warfare, which was why she currently headed the Joint Functional Component Command-Network Warfare.
JFCC-NW, one of four joint functional component commands over which USSTRATCOM exercised command authority, was responsible for “facilitating cooperative engagement with other national entities” in computer network defense and offensive information warfare. Sutcliffe, despite his own impressive technical education, recognized that he wasn’t in O’Higgins’ stratospheric league
when it came to issues of cyber warfare. In fact, he tended to think of her as the übergeek of übergeeks, and he accorded her all the respect to which an inscrutable wizard was entitled.
Despite which, he was surprised to see her in his office this morning. She was normally punctilious about scheduling meetings, and even if that hadn’t been the case, getting past Major Jeff Bradley, Sutcliffe’s aide, unannounced wasn’t exactly the easiest thing to do.
“And good morning to you, Yolanda,” he said mildly. “Excuse me, but did Jeff forget to tell me we had a meeting scheduled for today?”
“No, Sir, I’m afraid he didn’t.”
“I didn’t think so.” Sutcliffe cocked his head to one side. “On the other hand, you’re not exactly the sort to come bursting in unannounced on a whim. So what does bring you here this morning?”
“Sir, we got hit—hard—about twenty-seven minutes ago,” O’Higgins said flatly.
“Hit?” Sutcliffe’s chair came fully upright as he leaned forward over his desk. “You mean a cyber attack?”
“Sir, I mean a fucking cyber massacre,” O’Higgins said even more flatly, and Sutcliffe’s eyes narrowed. The major general’s mahogany complexion wasn’t exactly suited to paling, but Yolanda O’Higgins very, very seldom used that kind of language.
“How bad?” he asked tersely.
“We’re really only starting to sort out the details, Sir. It’ll be a while before we know how deep they actually got, but they blew right through our perimeter firewalls without even slowing down. And it was across the board. DIA, Homeland Security, CIA, FBI—they hit all of us simultaneously, Sir.”
O’Higgins might not be equipped to blanch, but Sutcliffe felt the color draining out of his own face. He stared at her for a long, frozen moment, then reached for the phone.
• • • • •