His next order of business was to have the conversation with Vince about releasing the details of the attack.
He suspected the conversation would not go well, and he was right.
“Mick, you know I can’t do that.
You agreed when we started that none of the data or results could be shared or publicized,” Vince began after Mick made his request.
“I know, but you must understand.
Your attack is not an isolated incident.
In fact, I don’t even think it was directed at you in particular.
I think that this attack and the other attacks are some kind of trial run: a series of tests to see how well it works and see what kind of responses the security community will generate.
Something really big is happening out there.”
Mick could tell he was not making any progress with Vince, and decided to play all his cards.
“There’s more.
I didn’t tell you, but while I was in New Mexico, I was followed and threatened by a couple of guys.
I’m fairly sure they were involved in organized crime.
They linked your spambot compromise with last month’s web server compromise.
They are from the same place, the same source.”
Mick could tell he made an impact with this.
“Why didn’t you tell me?
Did you report this to the authorities?
We need to increase security on our premises.”
“Well, you should do what you think best, but I think the threats were directed against me, personally, rather than at LeydenTech.
I’ve been involved in investigating and fighting these attacks – all of them, one way or another.
I might be the only person who can put all the pieces together.
And –” he continued but Vince interrupted.
“You need to talk to someone in the government.
I have a friend in Homeland Security.
We were at Harvard together.
You should talk to him, and maybe he can do something.”
“Can I mention your attack?”
“Yes, if I can be on the call,” Vince replied.
“And you need to give me all the details of your encounter.”
“Sure, I’ll mail you all I know.”
Talking to the Department of Homeland Security didn’t make Mick feel comfortable, but it felt like the right thing to do, to tell someone in the government.
Surely the National Cyber Security Division would be interested in hearing about the attack?
Vince agreed to set up the call and get back to him.
Mick caught up with Lars that afternoon on a secure voice call.
He filled him in on the latest on the botnet, but decided to leave out the part involving Homeland Security.
At the end of the call, Lars went back to his second favorite topic.
“Hey Mick, I read a great article in the Times about the use of Helvetica in the New York subway system!
It is such a great font!
I wish we used it in Helsinki,” commented Lars.
“What font do they use there?” Mick asked,
then
realized his mistake.
“No, don’t tell me.
Save it for next time we are together.
I should run now.”
He signed off a few minutes later.
The next day, Mick was on the Acela Express train halfway between Boston and Washington, D.C. With the Shinkansen experience fresh in his mind, this was hardly
high speed
rail, but it wasn’t bad by American standards.
It had been decided that a face-to-face meeting with Homeland Security was more appropriate than a call, even a secure one.
Whom he was meeting was a bit vague… he was supposed to wait at a street corner near the Lincoln Memorial.
Mick joked to Jocelyn that he was going to meet ‘Deep Throat.’
He planned to be back in Boston the next day for one more day before flying home to New York.
Mick alighted the train at Union station and set off walking towards the Mall, enjoying the cool November air.
He checked into his hotel after making a brief stop at another hotel.
He had plenty of time, so he wandered around a little, enjoying the sights.
He idly recalled having been here for inaugurations, festivals, and demonstrations.
Mick waited, standing at the specified corner.
He passed the time people watching.
Mick was always amazed at how much he could deduce with a little observation.
Besides the ubiquitous Korean and other tourists, there were lots of Americans from all over the country, judging by their accents.
Despite the cold, the crowds were pretty big.
A black van pulled to a stop in front of Mick.
The front window went down and a voice called out to him by name.
Mick walked towards the van; the side door opened.
He leaned over to look, and he was pulled inside, the door closing behind him.
Before his eyes could adjust to the gloom, he felt his hands being restrained and a hood pulled over his head.
“Don’t be alarmed, we are taking you to our office.”
A loud hissing noise filled his ears, and he realized they had turned on a white noise source to cover any road noises.
He gave up struggling and instead tried to keep his senses sharp.
Serves me right for getting into bed with the government…
Chapter 15.
Mick O'Malley
– “
Distrust and caution are the parents of security”
–
Ben Franklin
.
(13 comments)
After an indeterminate amount of time, the van stopped and the noise ceased.
Mick was lifted to his feet, and he moved his legs, trying to get out the pins and needles.
He was frog-marched down a corridor then pushed down onto a chair, and the hood was removed.
He blinked in the light, looking around.
A man removed the plastic restraints from Mick’s wrists, and he rubbed them.
“My apologies for the ‘cloak and dagger’, Mr. O’Malley, or should I say, Mr. Robertson?” began a tall, thin man sitting across the table.
When Mick made no reply, he continued.
“We appreciate your cooperation in this matter.
You have some information about the recent zero
day
attacks that we need.
First of all, tell us how you became involved in this.”
“I came to D.C. to share what I know with Homeland Security, but I didn’t expect this treatment.
However, I will answer your questions anyway.
May I know your name?”
Mick paused but received no reply.
“Can I have a glass of water?”
After another pause, a bottle of water appeared on the table.
Mick took a sip,
then
began telling his story.
He explained how he had foiled the web server zero
day
in Hiroshima and had monitored the mail server zero day.
He described the results of the LeydenTech investigation, and the threat from Pavel Michalovic and company.
He explained his hypothesis of the Zed.Kicker botnet using spambots to hide P2P control messages.
“And tell me about your personal server compromises.”
“Well, my personal web server was compromised by the ‘Carbon’ attack, but my mail server was not hit as I suspect that the attack –”
“I don’t mean those.
I mean your Zed dot Kicker compromise.”
“I’m afraid I don’t know what you are talking about.”
On the long ride, Mick had thought hard what information he was willing to reveal and what he was not willing to reveal.
He had decided to not discuss his personal server compromise, as he was unwilling to share these logs with the government.
His server logs contained all kinds of information about the location, type, and software running on his servers.
Also, there was still the matter of the unexplained private key theft.
“You know exactly what I’m talking about.
I understand one of your personal servers was compromised and your private keys stolen.
We already have all the logs from LeydenTech, but we need your logs as well.”
There was a long pause.
“Sorry, I’ve told you everything I know.
If you have all the LeydenTech info, then you know as much as I do.
You really need to get on top of this botnet… I think it is the biggest and most powerful by a few orders of magnitude.
The new codebase is extremely sophisticated and who knows what they might target next.
Don’t you have your own server logs to examine?” he asked, knowing the answer already.
“As you are no doubt aware, all our information technology has been outsourced to UBK.
They have shared their logs, but they aren’t as useful as they could be, as their servers were hit hard and most logs were erased.”
“Why don’t you just ask for their source code?
You could then do your own analysis.”
There was a pause before the answer.
“We have.
They have refused, citing the confidentiality clauses in our contract.”
Mick couldn’t suppress a smile.
“Oh that’s right, closed source… intellectual property…
Bad luck about that.
You really should only do business with companies that implement security best practices.”
“This is now a matter of national security.
An inter-department task force has been set up.
I have been authorized to offer you a role in this investigation.
Here are the terms and conditions.”
He paused and passed a thick sheaf of paper across the table.
Mick didn’t look down.
“Sorry, I don’t do government work.
I would like to go now, unless I am under arrest?”
“I don’t think you understand the seriousness of this situation… or of your own situation –” Mick let his anger show.
“
I
don’t understand?
I
don’t understand?
Industry and government alike have been ignoring the threat to the Internet from botnets for years now!
Even small botnets can cause big disruptions.
This botnet… this one is not like any I’ve ever seen.
It is made up of perhaps millions of zombie computers, all over the world: ordinary computers on people’s desks, in their living rooms, perhaps even in your office!
Have you kept up to date with your software updates?
From what I can tell, this botnet is just warming up; we have not yet seen its full power, but I am certain we soon will!
And as for my ‘own situation’, I am just a private citizen doing my job.
What right do you have to drag me here to Ft. Meade and treat me like a criminal?
May I remind you that this is America, and I have rights.
”
The man stood up and walked out of the room.
For the first time, Mick saw another person seated in the back of the room.
The man wore a military uniform.
“Who are
you
?” Mick asked, but had no time for a reaction or reply when the hood was put back over his head, and he was bundled away.
The General got up and walked to a nearby conference room to discuss the interview he had witnessed with a team.
“Since he won’t cooperate, go through his intercepts,” demanded the General.
“I want to see transcripts of all his calls, mails, and messages.
Also –” The other man interrupted him.
“Sir, he uses ZRTP encryption for all his calls, and strong encryption on all his messaging.
We know who he communicates with, but we haven’t been able to break any yet…
”
He looked at the General who appeared to be thinking hard.
“What about his computers – his servers?”
“He was only carrying a mobile, which had no data on it.”
“He wasn’t carrying a computer?
That is strange,” the General commented.
“We think he keeps most of his data on offshore servers.
We’ve located some, but they are well protected and in countries where we have little intelligence cooperation.”
“Damn!
Well, he doesn’t have everything offshore, does he?
I want some leverage on this guy!
I want 24-hour surveillance on him.
I am authorizing non-traditional means to get around this guy’s paranoia.
Dismissed!”