Cyber Attack (20 page)

Read Cyber Attack Online

Authors: Bobby Akart

BOOK: Cyber Attack
9.55Mb size Format: txt, pdf, ePub

“Put Sarge in charge! Sarge for President,” hollered Steven, raising his glass to toast.

“Fuckin’ forget it! I’ve got enough trouble.” Sarge had enough on his plate, including a salad that Julia just served to her guests. He poured on the chipotle dressing.

“But I will say this. Like we discussed the other day, when the shit hits the fan, we will need allies—true patriots who will work with us to put this humpty dumpty of a country back together again. As I travel, I have established a network of folks who will help us when the time comes. They are oathkeepers, three percenters, NRA members, tea party supporters and average joes from all walks of life who believe in a better America.”

“He sounds like a politician to me.” Steven laughed, just before a cherry tomato bounced off his forehead.

 

PART THREE

 

Chapter 32

July 4, 2016

The Hack House

Binney Street

East Cambridge, Massachusetts

 

“How can you call yourself a hacker and not be a student of Greek mythology?” asked Walthaus.

“C’mon, man, I’m a computer geek, not a philosopher,” replied Malvalaha. “When I grew up, the only thing I associated with Trojans was that pack of rubbers my father gave me when we had
the talk
.”

“That’s gross, Leo,” chimed in Fakhri.

“What’s gross about it? It’s a guy thing.”

“Seriously, the Trojan horse was a game changer,” said Walthaus. “It put an end to a war that completely caught the enemy off guard.”

Lau listened in amusement from his office as the Zero Day Gamers killed time waiting for tonight’s fireworks. As always, their project and its implementation was thoroughly researched. Walthaus always took it a step further.

“The Greeks and the Trojans fought a bloody war for a decade. After one particular epic battle, the Greeks appeared to be in retreat. Achilles, the great Greek warrior, was dead. So was his contemporary, Hector, leader of the Trojans. This left the two sides evenly matched.”

Lau entered the room to join the conversation.

Walthaus continued. “Eventually, the Greek ships were seen leaving Troy, although they hid just out of sight. Before they sailed, the Greeks delivered a giant wooden object made to look like a horse. The Trojans, believing victory to be in hand, thought the wooden horse was a parting gift from their enemy—a present to the gods.”

“Odysseus designed it,” added Lau. The three soldiers of the Zero Day Gamers turned their heads toward Lau in amazement. “He was not a warrior, but Odysseus was very clever. He proved wars could be won using brains instead of brawn.”

“You know this stuff, boss?” asked Fakhri.

“Like Walthaus, I like to know the why—as well as the how. Continue, please.”

“The Trojans celebrated their victory and contemplated burning the wooden horse as a tribute. However, their celebration lasted late into the night and the drunken party took its toll. While they slept, the Greeks climbed down from the belly of the Trojan horse, opened the city gates and ushered in the rest of the Greek army. They pillaged and burned Troy.”

“The moral of the story is
beware of Greeks bearing gifts
,” added Lau.

“If you put this into the context of what we do, it makes perfect sense,” said Malvalaha. “Viruses and Trojan horses are both destructive programs that masquerade as a seemingly benign application. Both programs enter the network by
invitation
. Unlike viruses, after a Trojan horse enters the network, it does not replicate. It waits. It is triggered by an event or instructions or the passage of time.”

“My freshmen commonly misuse the terminology,” said Lau. “The most common mistake people make when discussing computer viruses is to refer to a worm or Trojan horse as a virus. The terms are used interchangeably, which is a mistake. Right, Walthaus?”

“Yes, sir. A virus attaches itself to a program or file, enabling it to spread from one computer to another, leaving infections as it travels. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot cause damage until it is activated by a malicious program.”

“I prefer worms,” said Malvalaha.

“Of course you do,” replied Fakhri. Lau watched the interaction between the two and wondered if they’d stepped up their relationship.

“No, really. Worms do all the work and have the ability to replicate themselves on the system. A worm can send out thousands of copies of itself. For example, a worm delivers a copy to everyone in someone’s email address book. Then, the worm replicates and sends itself out to everyone listed in each of the receivers’ address books, and the process continues down the line. It’s exponential.”

“Then there’s Vegas,” said Walthaus.

In February, the Zero Day Gamers executed an incredible hack of the Las Vegas power grid. Hired by the local unions, their task was to create a power outage on the famed Las Vegas Strip, giving the unions cover for a massive work stoppage. The stoppage enabled the unions to gain the upper hand in some contentious contract negotiations with the casinos. The implementation was complex, but flawless. Within the hacking community, the Gamers became legendary. To everyone else, they were quickly becoming public enemy number one.

“Vegas was epic,” said Malvalaha. “The GIF-and-INF cocktail was the perfect blended threat. Very sophisticated. As far as I know, no one has publicly disclosed the details of how we pulled this off.”

“Blended threats are considered to be the worst risk to security since the introduction of the virus,” said Fakhri. “Rather than a predetermined attack on a specific EXE file, the blended threats will do multiple malicious acts like modifying EXE files, HTML files and registry keys at the same time.”

“They wreak havoc, which brings us to tonight’s fireworks,” said Lau. “It’s time to play.”

Lau approached the wall adjoining his office and opened two curtains to reveal a large-screen television. Using the remote, he changed the monitor’s input until it reached hdmi. He brought up the NASA live stream for the International Space Station on uStream.

“It’s Independence Day, but only by coincidence,” started Lau. “We chose this day because it is a new moon, which reduces the amount of ambient sunlight reflecting off the Moon. It creates ideal conditions for viewing from the ISS. We will get to watch the fireworks right here.” Lau pointed to the monitor.

“The ISS will fly over the facility for five minutes this evening,” said Walthaus. “They will have a bird’s-eye view, as will we.”

When Lau was contacted by Greenpeace via HackersList, he took a moment to consider the consequences of their request. When Greenpeace was founded, the group actively opposed nuclear power. Their position softened under the suggestion of Canadian ecologist Patrick Moore. Nuclear power was considered as the lesser of two evils, causing some leaders of the group to recognize nuclear energy as a viable alternative to fossil fuels and greenhouse gases. Moore was forced out, and the group was again on an antinuclear rampage. They were looking for an opportunity to raise awareness about the dangers of nuclear power, and they found one.

The Callaway Nuclear Power Plant is located near the state capital of Missouri, Jefferson City, and services almost the entire state. Greenpeace monitored the facility for over a year and successfully shut it down twice due to nonemergency leaks in a reaction control system. Now, Callaway faced a new issue. After a recent transformer fire, thousands of gallons of oil leaked into the surrounding monitoring wells. Residents called in the Environmental Protection Agency to investigate and Callaway promptly contained the spill and cleaned up the transformer fluid. Greenpeace demanded additional testing of the wells, and radioactive tritium was found.

Tests of the exterior monitoring wells were normally run on a quarterly basis. The Nuclear Regulatory Commission, at the insistence of the EPA, ordered Ameren Missouri, the utility that operates Callaway, to conduct the tests on a monthly basis.

The additional testing was insufficient to satisfy Greenpeace, so they contacted the Zero Day Gamers. Initially, they wanted Lau to create a breach, resulting in the permanent shutdown of the facility. After Lau discussed the project with the rest of the Gamers, they concluded a risk of nuclear meltdown along the lines of Fukushima was too great. Lau provided Greenpeace an alternative to raise awareness of the vulnerability without causing potential harm to innocent residents in Missouri or wherever the prevailing winds may take the fallout.

The importance of cyber security for nuclear plants had been addressed for years. The goal of Greenpeace was to successfully attack the facility, which would undermine the confidence in the ability of the utility to operate Callaway in a safe and secure manner.

Contemporary nuclear power plants relied extensively on a large and diverse array of computers for a host of tasks. Some computers might play a role in monitoring or controlling the operation of the reactor itself, as well as ancillary systems. Operating and technical support staff commonly used a computer network within the facility to perform these tasks.

Following the terrorist attacks of 9/11, the Nuclear Regulatory Commission mandated that all nuclear plants become closed networks in order to protect them from potential intrusions via the Internet. Callaway, which came online in 1984, complied with this requirement by 2005.

“Let’s walk through the sequence,” said Lau. Wearing his signature Boston Red Sox jersey and cap, Lau paced from one side of the loft to the other. He was nervous about this operation because a mistake in their calculations could kill tens of thousands of innocent people.

“Greenpeace provided lots of intelligence and we supplemented their information with our own research,” said Fakhri. “The Callaway facility is operated by Ameren Missouri. As part of their normal operations, they contract with GZA GeoEnvironmental to conduct the tests upon the monitoring wells. The details of the NRC monitoring mandate, Commission Order CLI-16-15, were obtained from the NRC website.” Fakhri held up several pages of the NRC order.

“The order required testing of the outside monitoring wells and internal temperatures, particulates, and water quality,” said Malvalaha. “All of the testing must be performed between the first and fourth day of the month.”

Fakhri continued. “GZA assigned the project to its subsidiary in Oak Brook, Illinois—Huff & Huff. The environmental engineers at Huff & Huff will act as our Trojan horse.”

“Every utility which operates a nuclear power plant must submit a Cyber Security Plan to the NRC,” said Malvalaha. “We found the detailed plan in pdf format on the NRC.gov website. It was submitted by AmerenUE for the Callaway facility four months ago. The plan prohibits the entry of flash drives, cell phones, etc. into certain parts of the facility. Because their network is closed to outside Internet connections, their primary concern was the introduction of a malicious program via an employee’s handheld device.”

“The argument for a closed network is that isolation of a utility’s network from any external communication makes it secure,” said Lau. “But we all know it is very difficult to
air gap
a system by keeping it electronically isolated. An air gap makes a system subject to physical access or electronic compromise.”

An air gap was a network security measure employed within a computer network to physically isolate it from unsecured networks such as the Internet. Typical uses included government servers containing
high-side
classified information and life-critical systems such as nuclear power plants. The Gamers learned the Hoover Dam utilized air-gapping to insulate its internal servers from intrusions. One option to circumvent this protocol was to use cellphone-based malware to remotely access any data stored in the targeted system. The Ameren cybersecurity plan prohibited the use of cell phones in the Callaway facility.

The Gamers were provided with another option courtesy of the EPA.

“The security dynamic changed when the EPA insisted upon this extraordinary monitoring regiment,” said Walthaus. “By requiring both external monitoring of the water quality as well as internal comparisons of particulates, the EPA inadvertently created an opportunity for us—an air gap.”

“The EPA’s good intentions have resulted in unintended consequences for the cyber security of the Callaway facility,” added Fakhri.

The television screen flashed darkness—momentarily catching everyone’s attention. In unison, the Gamers looked at their watches.
Too early
.

“Must have been a solar flare.” Lau laughed. “This program better hurry up before a CME beats us to the punch.”

“A solar flare would be ironic,” said Walthaus. “Anyway, this is our most sophisticated project to date because it involves all of the aspects of the blended threat we discussed earlier. Tonight, our weapon of choice is the Aurora vulnerability.”

“Ironic indeed.” Lau laughed. “How did we exploit the opportunity so graciously provided by the EPA?”

“Recently, Huff & Huff received an award from the American Council of Engineering Companies at a conference in Chicago,” said Malvalaha. “We were there, sort of.”

“One of Huff’s biological engineers was asked to give a PowerPoint presentation on some type of environmental waste project,” said Fakhri. “He used the Wi-Fi system at the McCormick Place convention center—the conference venue. We infected their network by burying a keylogger Trojan in a rootkit on his laptop the moment his presentation began.”

“Very stealthy,” said Lau.

“Yes. Once he returned to the company’s office in Oak Brook, we monitored his keystroke activities and easily gained the information necessary to access the Huff & Huff servers,” said Malvalaha.

“What was the next step?”

“We did not know for certain which of the Huff & Huff personnel would be conducting the Callaway testing, so Malvalaha created one of his beloved worms to infect all of the Huff computers with a Trojan carrying the Aurora code,” replied Fakhri. “Every laptop in the company became our Trojan horse.”

Other books

The First Betrayal by A. M. Clarke
The Lasko Tangent by Richard North Patterson
Bullets Over Bedlam by Peter Brandvold
Cowboy for Keeps by Cathy McDavid
Adam and Evil by Gillian Roberts
Spell For Sophia by Ariella Moon
A Sad Affair by Wolfgang Koeppen