Cyber Attack (16 page)

Read Cyber Attack Online

Authors: Bobby Akart

BOOK: Cyber Attack
10.94Mb size Format: txt, pdf, ePub

“Good morning all!” Lau announced as he saw the sleepy faces of Fakhri, Malvalaha and Walthaus.

“Good morning, Professor,” replied Malvalaha with a slight tone of sarcasm. “Bright eyed and bushy tailed, as they say.”

“I’ve downed half a pot of coffee,” said Fakhri. “It’s starting to give me the shakes.”

“C’mon, you guys,” said Lau. “It’s not that early. This time a year ago you were getting ready for class at this hour. Are you getting soft on me?” Lau noticed Walthaus was quiet and looked disheveled.

“What’s wrong with him?”

“He had a late night,” replied Malvalaha.

“Really, Walthaus?” asked Lau. “I sent you guys home early yesterday to get some rest, not to party.”

“I wasn’t partying,” mumbled Walthaus.

“He has a girlfriend,” interjected Fakhri.

“Shut up!” said Walthaus.

“Her name is Wendy, like the burger girl,” added Malvalaha. “Looks like her too. She has the freckles, red hair and ponytails.” Fakhri and Malvalaha were having a good laugh at Walthaus’ expense, who was now turning fifty shades of embarrassment.

“Shut up, guys, really!”

“Okay. Good for you, Walthaus, but wake up and smell the McMuffins,” said Lau. “We won’t tell
Wendy
you cheated on her with Ronald McDonald!” The room busted with laughter and Lau effectively woke them all up accordingly. It was time to get their game on.

“Quick summary of the project, please, Mr. Malvalaha,” said Lau as he assumed his role of Professor of Hacktivism 101.

“The client would like to affect the outcome of today’s Democratic primaries in New Jersey and Massachusetts,” started Malvalaha. “They have not provided us a stated purpose, but the results will certainly favor candidate Biden.”

“That breaks your heart, I’m sure,” chimed in Walthaus. Malvalaha was a Biden supporter and despised Clinton. Walthaus was a political agnostic, believing neither party represented the best interests of the common guy.

“He speaks!” exclaimed Lau. “If Clinton has this nomination in the bag, as the pundits claim, how will a good showing or win help Biden?”

“We can only speculate, but perhaps Biden’s people are trying to show his strength in order to gain him another VP slot,” said Fakhri. “Or maybe the Republicans are trying to make Hillary look weak.”

“Regardless, he who pays—wins. Right?” asked Lau.

“You betcha,” replied Fakhri, using her best Arabic impersonation of Sarah Palin.

“The client has provided us targeted precincts in both states where vote manipulation will be least likely to draw attention,” said Malvalaha. “A five percent increase for Biden will naturally reduce Clinton’s advantage in a like amount. This will create a Biden win in most cases yet still be within the margin of error of the aggregate of polls.”

“In New Jersey, for example, precincts in the south from AC towards Trenton share a border with Pennsylvania, a Biden stronghold,” added Fakhri. “These voting precincts are our main target. Populated areas around the Newark area are Clinton dominated. The client chose the Pennsylvania contiguous precincts to show Biden’s ability to carry that state if chosen as VP. But that’s our theory.”

“Walthaus, tell us about the hack,” said Lau. After two McMuffins, Walthaus was back to the land of the living.

“There are two options,” replied Walthaus. “A publicized option actually opened the door for our course of action. Many states used the AVS WinVote touch screen voting machine for years. Its state-of-the-art design was a direct result of the 2000 presidential debacle in Florida where lawyers with bad eyesight fought over hanging chads and voter intent.”

Lau recalled visions of attorneys scrutinizing every punched ballot with magnifying glasses. The vote count went well into December and it took the Supreme Court to bring the dispute to a conclusion.

“After an expose` was published showing the ability to enter the encrypted WEP wireless system with the password
ABCDE
, the machines were abandoned,” said Walthaus. “Further, as we have found repeatedly in our
work
, the Windows-based operating system was either out of date or inadequately protected. Any high school kid could sit in the parking lot of the voting booth and insert low-sophistication code to change voting outcomes.”

“Believe it or not, this was still an option available to us,” said Fakhri. “It would require a ZDG army to canvass all of the precincts. That’s too much work.”

“Let’s talk about our plan.” Lau enjoyed the process of walking through the hack and having all of his assistants provide their contribution or opinion. Despite his newfound
profession
, he was an MIT professor and every job was a learning experience for his trusted graduate assistants.

“We are going to play on two typical weaknesses in any government-run operation—complacency and a false sense of security,” replied Walthaus. “Once the WinVote scandal broke, many state governments quickly threw money at the problem and purchased all new voting machine units. Massachusetts and New Jersey were no exception.”

“As luck would have it, New Jersey and Massachusetts, like many of their northeastern neighbors, use a new Direct Recording Electronic voting machine without a paper ballot,” said Fakhri. “We researched the Federal Election Commission website to study the different machines in use by our target precincts. While many states use the new DRE technology, some have not incorporated the VVPAT accompanying hardware.”

“What is VVPAT?” asked Lau.

“VVPAT stands for voter verified paper audit trail printers,” replied Malvalaha. “There are only eight states which utilize this configuration for voting—Jersey and Massachusetts are included.”

“The selling point of the DRE-VVPAT voting system was their accessibility, usability, and efficiency,” said Fakhri. “The machines allow for both the casting and tallying of a vote internally. At the end of the day, the votes are downloaded for tallying. It was a simple solution to the complex problems experienced in both the 2000 and 2004 elections.”

“Companies like AccuVote TSX, Optech Insight, and Populex produced their own versions of the DRE-VVPAT,” said Malvalaha. “But they all have one thing in common—a Windows-based operating system.”

Lau smiled. “Our favorite. Won’t they ever learn? Microsoft Windows is a hacker’s dream.”

“We’ve had great success entering Windows operating systems through the back door in the past,” said Walthaus. “Today is no exception.” Walthaus stood and walked to his desk where his monitors awaited his commands.

“I am ready to enter the Secretary of State website for both states when we are ready to go. I did some research on the hack of the WorkSource Oregon site from last year. Anytime a state agency gives the public a portal to interact with, such as filing an unemployment claim, a window opens for us—pardon the pun.”

Lau admired the great strides this young man had made in his analytical abilities and on a personal level. Walthaus went from a chubby geek with low self-esteem to one of the best in the business—with a girlfriend.

“By accessing the Department of Labor and Workforce Development, we can enter the Secretary of State’s servers,” continued Walthaus. “The Secretary of State department includes the Division of Elections.”

“In the interest of government efficiency, all of the DRE units are interconnected to the Division of Election servers,” said Fakhri. “We will insert the code into the targeted precincts via the Secretary of State’s servers. While the poll watchers concern themselves with a hacker in their parking lot, we’ll be here remotely modifying votes all day—completely undetected.”

“Are you using a worm or a Trojan?” asked Lau.

“Both,” replied Walthaus. “We all agree a Random Access Tool, a RAT, is necessary. We need a method of modifying real-time data and controlling user activity. Fakhri developed the worm for Massachusetts, and Malvalaha created a Trojan horse for the New Jersey voting machines.”

“My focus will be on New Jersey,” said Malvalaha. “Being from Brooklyn, it will be my pleasure to stick it to the New Jerseyites. We will use the njRAT Trojan, which is also known throughout the Middle East as
Bladabindi
.”

“Blah, blah, blah,” interrupted Fakhri. Lau laughed with the trio of hackers both for the humorous interjection and their ability to make jokes during a serious, technical conversation.

“Does
nj
stand for New Jersey?” joked Lau. The term njRAT was ironically coincidental and had nothing to do with the state.

“njRAT was developed using Microsoft .NET framework and, like many RATs, provides us complete control of the infected system,” said Malvalaha. “It will deliver us an array of features that will allow us to manipulate votes by changing them or deleting them altogether. Variety is the spice of life.”

Lau turned to Fakhri. “Tell us about your worm.”

“For Massachusetts, I came up with an H-worm using a visual-based script variant of the njRAT source code,” replied Fakhri. “It provides us similar controls to the njRAT, but it also uses dynamic DNS, allowing us to post requests as well as extract information. I like it because we can monitor vote totals as the day progresses. It is very popular with the Chinese.”

“Why are we using both?” asked Lau. “Why are we using one for each state?”

“The Trojan and the worm use different parameters,” replied Walthaus. “If some state IT guy gets lucky and discovers our intrusion during the course of the day, we can quickly flip the script—run njRAT in Massachusetts and vice versa.”

“An additional benefit is later discovery,” added Fakhri. “Should the manipulation come to light down the road, these particular hacks are peculiar to foreign nations. The Syrians or Iranians will be blamed for New Jersey while the Chinese will be blamed for Massachusetts. It provides us cover.”

“Well done, everybody!” exclaimed Lau. “Polls are opening soon. Shall we get to work?”

“In we go,” replied Walthaus.

Voting is the cornerstone of democracy and every vote counts—in theory.

 

Chapter 27

June 7, 2016

Quabbin Reservoir, Prescott Peninsula

Former town of Prescott, Massachusetts

 

Sarge and Julia leaned against the hood of the Mercedes G-Wagen and watched the festivities. They arrived early in order to avoid the traffic snarl along Highway 202, which runs for two miles from west to east along the entrance to Prescott Peninsula.

The campaign event was confined to the area where Cooleyville Road and Hunt Road intersect—by design. This very public event was orchestrated to insure the privacy of what would be going on farther down on the peninsula.

“It’s beautiful up here,” said Julia. “After we turned off the Mass Turnpike, it was like a different world. I loved the winding drive through the trees after we passed through Belchertown.”

Sarge continued to observe the crowd and marveled at the levels of security. Originally slated as a ribbon-cutting ceremony to boost Abbie’s senatorial campaign, it quickly devolved into a three-ring circus when Clinton’s presidential entourage inserted itself into the festivities.

“Hey, Professor Sargent, are you in there?” asked Julia. She knocked on his head.

“Ouch, yes. It’s a beautiful day,” replied Sarge.

“That’s not what I said,” replied Julia. “What’s on your mind?”

Sarge had a lot of things on his mind lately, including the herculean task of turning this pristine land into a well-fortified bug-out facility for the Boston Brahmin.

“Abbie’s campaign event was supposed to be a lightly attended dog and pony show for the media,” said Sarge. “The idea was to secure the privacy of the surrounding residents and looky-loos.”

“I think the premise is still good, despite the rude interruption of—
this
,” said Julia, gesturing to dozens of media satellite trucks, police vehicles and military Humvees. “How did Hillary become involved?”

“One of the platforms of her campaign is the whole War on Women thing.”

“That’s such a false premise,” said Julia. “How does anyone buy into that?”

“I don’t know, but it must be working for her. When her campaign found out Abbie was instrumental in creating a protected sanctuary for abused mothers and their children, it became a natural campaign stop for her.”

“How does Abbie feel about the encroachment upon her time to shine?” Julia was fishing. Sarge thought Julia would always wonder about any lingering feelings he had for Abbie.
Maybe I’m putting something out there?

“I don’t know, but politically it helps her,” replied Sarge. “She gains the added benefit of sharing the national stage with Hillary while showing her constituents she can swing both ways.”

“Sarge!” Julia punched him—hard.

“What?”

“You can’t say a woman
swings both ways
. One might get the wrong idea!”

“What? No, you know what I mean. Whatever. I think there is a War on Men around here. This place is full of man haters.”

“Zip it, Sarge,” said Julia.

“Look, there’s someone I want you to meet.” He gestured for one of the security men wearing a dark suit to come over to speak with him. As the man approached, he was smiling.

“How do you like the new uniform?” said Drew Jackson, Steven’s Aegis team member with the code name Slash.

“You look like you’re going to a funeral, Drew.” Sarge laughed. “I want you to meet Julia Hawthorne. Julia, this is one of Steven’s associates, Drew Jackson.” Julia and Drew shook hands as he worked his Southern charm.

“Nice to meet you, ma’am,” said Drew.

“It’s nice to meet you as well. Steven’s work is always mysterious, but you don’t look too threatening.”
If she only knew what a deadly operative he was
.

“Sla—I mean Drew has been assigned to Abbie’s security detail for the remainder of the campaign,” said Sarge. “She’ll be in good hands and well protected.”

“Senator Morgan’s safety is my number one priority,” said Drew. “I am glad, however, that she is not a presidential candidate. This whole operation is FUBAR.”

Other books

Memoirs of a Hoyden by Joan Smith
Murder in Mumbai by K. D. Calamur
Saint and Scholar by Holley Trent
Rendezvous with Hymera by De Ross, Melinda
Elephants Can Remember by Agatha Christie
Ladies' Man by Suzanne Brockmann
1989 by Peter Millar
Coal to Diamonds by Li, Augusta