Rogue Code (30 page)

Read Rogue Code Online

Authors: Mark Russinovich

BOOK: Rogue Code
5.31Mb size Format: txt, pdf, ePub

“You’ve not seen a doctor?”

“Not since the hospital, no. Frank’s been my primary care physician.” He said the last with a small smile.

Frank shrugged. “What can I say? Emergency field medical management, EFM as we called it for short. The training came back.” He sat on the other bed, creating a conversation triangle for them.

Daryl reached into her purse and withdrew a white packet she handed to Frank. “Fifteen thousand dollars. You didn’t say anything but if you’re going to be fugitives, it’s better not to do it on a credit card. You can pay me back when this mess is over.”

“Thank you. This is very kind. You can never have too much in a situation like this.” Frank placed the packet on the dresser. “What have you found?”

“I have an answer for those numbers. A lot of them track to banks. I think they’re part of the routing protocol for moving the captured money.”

“What banks?” Jeff asked.

“They’re everywhere. Cayman Islands, Latvia, Costa Rica, Belgium, Switzerland. There are a lot more. Many of them right here in the U.S.”

“The U.S.?” Jeff said.

“Just touching points I’d guess,” Frank answered. “And the other numbers?”

“I’m still working on that. At least one of them is in Connecticut. I think it’s all part of the same money distribution and vanishing operation. I don’t know if I can run any of the money trails down to a final source, and if I do, if I’ll be able penetrate the shell corporations that will be set up. My guess is I can’t, not anytime soon, and not without a lot of help.” She paused. “What have you got?”

Frank looked to Jeff who cleared his throat. “As you know, the code is designed to exploit its favored position within the Exchange’s trading platform. It loots money from specifically defined trades from carefully defined entities. You’ve confirmed what we suspected, which is that the money then goes offshore as soon as it’s generated.” Daryl nodded. “We’ve reached the conclusion that there is at least one inside player. There is definitely someone responsible for the core trading system involved.”

“Maybe there is more than one employee involved,” Daryl suggested.

“We don’t rule out the possibility, but the more there are, the greater the security risk,” Frank said. “It seems more likely there is just a single conduit within the Exchange, someone well placed. We aren’t ruling out the existence of an extra hand or two, just think it unlikely.”

Daryl nodded. “Maybe someone penetrated from outside, and there is no insider.”

“We’ve considered that,” Frank said. “But with the single exception of the rootkit the rogue code is too smoothly integrated to the trading functions to be accomplished by outsiders. Someone in the know is doing it. Now, it’s possible it’s a former employee, or perhaps someone who worked on the system as a contractor. We’ve not dismissed the possibility they set up a backdoor they’re accessing. The stock exchange has undergone many changes these last few years with the creation of the super hubs and the merging of various international trading networks. A lot of people have worked on these projects during that time and one, or some of them, could be responsible. That would be a job for the SEC or the Exchange’s security team to undertake. But we think it’s someone still there.

“Now the kernel of the trading platform is very sophisticated, very smooth. The code is altered periodically and the rogue code has to be modified with every update of the trading platform’s operating system. They do that almost seamlessly. It’s difficult to plant anything without attracting the attention of the automatic security audit monitoring. We think that’s what the rootkit was about. Someone got a little sloppy and didn’t want to put in the time to properly integrate the malware within the system. He took the easy way. It’s worked so far with the automated system but it was always vulnerable to being discovered by people like us who’d look for something like that.”

“So there is definitely an outside group involved,” Daryl said.

“Exactly,” Frank agreed. “Someone, somewhere else, is writing the code and keeping it on point.”

“Any hints?” she asked.

“More than a hint. We’ve got a location. The company is called Companhia Cero. It’s located in São Paulo.”

“Brazil? The bank data has two or three Brazilian banks in it.”

“That’s to be expected,” Frank said. “Any international laundering operation is bound to touch Brazil at some point, even land there eventually. It’s tolerant of white-collar criminals so it’s a likely end point for people doing something like this.”

“So you two think that it’s being run out of Brazil?” Daryl asked.

“We don’t know,” Jeff said. “We just know that’s where the New York code is originating. Whether or not it’s the origin point we can’t say, but someone in São Paulo probably knows the answer. The indicators point there.”

“All right. Look, you two have been working with the IT team. You must have met most, even all, of those with the kind of in-house access you suspect is necessary for this operation. Anybody come to mind?”

Frank made a face. “We’ve kicked it around a bit but to be honest we had our noses to the grindstone when we were there. No one was to know about the penetration test, so we made a point not to mingle much. If we’re right, and one or more of them is involved, maybe we spoke to them but it’s more likely we just passed them in the hallway.”

“Any hints? Brazilians?” She grinned at how obvious that would be.

“No,” Jeff said. “You, Frank?”

“No. Not that I know of. There were some Asians, a guy from Italy or Portugal if I got that right, an Aussie. The rest were all native-born Americans from what I could see.”

“Anybody can be a crook.”

“You got that right,” Frank agreed.

“As Frank mentioned,” Jeff said, “they’ve been regularly modifying and updating their code. There’s been a sharp increase since we went on the run. That suggests to us they’re in a hurry to do something, definitely something big.”

“Like what?”

“We don’t know. Perhaps you can figure that out.”

Daryl paused, then said, “Maybe it’s time to go to the SEC with what we have.”

“There’s a warrant out for our arrest,” Frank said. “They’ll be eager to lock us up. It’ll take days to even get access to someone who’ll listen and there’s no guarantee it will do any good.”

Daryl blanched at the news. “You can try the NYPD, FBI, some other agency.” Her voice faltered just a bit.

“We’ve talked about that but it works out the same way unfortunately.”

“How about sending what we’ve detected to the SEC through back channels, maybe find a source who’ll listen.”

“Yeah, that’s a possibility,” Frank said, “but in the end, it comes down to the same thing: two suspects pointing the guilty finger at someone else. It’s the same ol’ same ol’ as far as the SEC’s concerned.”

“This is absurd!” Daryl blurted. “Hasn’t anyone done a background check on you two? If you were crooked, it would have shown up years ago. Frank, you’ve been an operative, for God’s sake. Jeff, just look at all you’ve done for this country these last years. I just can’t believe someone can so easily frame you. It’s just not right!”

“We both appreciate that,” Frank said. “But I really think we need to pin this down ourselves.”

Daryl wiped a wet eye carefully so her mascara wouldn’t run. “What’s that mean?”

“We need to find the source,” Jeff said, “get access to the computers and original code. If we’re lucky, we’ll locate a body and get him to squeal. Is that still the word?” He looked at each of them in turn.

“You mean tell what he or she knows,” Frank said.

“Okay, I can see that,” Daryl said. “But how does that work?”

“We think whoever is doing this in São Paulo is a good starting point,” Jeff said.

“They might be the origin or they might be a conduit,” Frank explained. “We can’t tell, but if someone working there doesn’t know anything, which we think is highly unlikely, they should lead us to someone who does. We find that someone and suddenly we’ve got credibility, then all the rest we’ve come up with falls into place. With a bit of luck we can grab some computers as well. That would ice it.”

“What if this magic person doesn’t want to talk?”

“Daryl, Daryl,” Frank said. “There are ways.”

“What are you talking about?”

“I promise, no marks of any kind, but by the time I’m finished they’ll squeal like a greased pig.” He looked at Jeff. “Squeal I think is the right word.”

“This sounds dangerous,” Daryl said.

“Staying here is dangerous,” Frank said. “The local cops dropped off a flier downstairs earlier today with our photos on it. I was concerned it was them when you knocked. The clerk made a point to show me one. I slipped him a hundred, but that won’t hold him long. We’ve got to move now.”

“How hard was identifying São Paulo?” she asked suspiciously.

“Hard, but not impossible,” Frank said.

“Tell me,” she insisted.

Jeff looked at Frank, who answered. “We received a photograph. They hadn’t stripped the metadata and the GPS coordinates map to a warehouse district in São Paulo. Companhia Cero is the only company listed with offices at that location.”

“What photograph? Who would send you a photo? Of what? What are you talking about?”

“It was just a … gentle warning,” Jeff said.

“A warning? In a photograph? Let me see it.”

“Daryl, really, that’s not necessary,” Frank said quietly.

She was stunned. “You two, you’re going to get killed, you know that?” She reached into her purse, removed tissue, and blew her nose. As she put it away she said, “They go to the trouble of sending you a photograph and just accidentally leave the GPS in it. Someone is baiting you. They just put out the hook and you’re going to bite. You’ve thought of that, right?”

“First idea we had,” Frank said. “But we can’t stay here and São Paulo is the only physical lead we’ve got, tainted or not. And Brazil is perhaps the best place in the world for us to go right now.”

“And how does that work, exactly?” she asked.

Frank looked offended. He pulled open one of the top drawers in the dresser. “Here.” He handed over two Canadian passports.

Daryl fingered them both, then leafed through the pages, scrutinizing the visa stamps. “Are these any good?” she asked. “They look all right to me but will they pass?”

“They’re as good as originals. In fact, they are originals except for the fact the final product wasn’t officially created, though the Canadian computers say they were. And there’s a credit card or two to go with each of them, but we’ll only use them where cash will raise suspicions.”

Daryl looked distraught as she handed the passports back. “So when are you going?”

Frank checked his watch. “We’re leaving here in about an hour. We’re booked out of Newark, changing planes in Miami, then on to São Paulo. We’ll be there midday tomorrow; then we’ll work on finding the location.”

“Frank, please. Do you really know what you’re doing? You could end up in a Brazilian prison the way you’re talking.”

“It’ll be fine. You’ll see. Trust me.” Frank’s smile was dazzling.

 

45

ENFORCEMENT DIVISION

SECURITIES AND EXCHANGE COMMISSION

NEW YORK REGIONAL OFFICE

200 VESSEY STREET

NEW YORK CITY

2:41
P.M.

Susan Flores rose from her desk, stretched her body with exaggeration as her yoga instructor had once taught her, repeated the movement three times, then slowly drew several deep breaths. She held each, then released them slowly.

She acknowledged the others working on her way to the ladies’ room. A computer forensics expert, she’d worked for Robert Alshon for nearly two years. Her specialty was the NYSE Euronext software architecture and specifically the trading system security mechanisms. This particular examination had proved problematic, since she didn’t know that much about malware, which was beyond the scope of her usual tasks. The NYSE IT computer security team did great work in her estimation, and she had always been careful not to step on their toes in the past. She’d made several requests for their resources, asking for data and access to log files and trading records. Though she had a court order, it was better if this was all done cooperatively. There’d be other investigations after all.

She’d been flattered when Alshon selected her as his go-to contact for such work. It was a big step up so early in her career. But the man was more than a little intimidating to work for and not very forgiving of failure. He’d made more than a few enemies even since she’d joined his team, and she didn’t want to go down that path. He demanded nothing less than excellence, and she wasn’t surprised he’d been divorced twice. She didn’t want to think what he must be like to live with.

Susan Flores had been raised in Tucson, Arizona, the oldest child of Mexican immigrants. She’d attended the University of Arizona, majoring in economics and computer science. She’d gone to work at the IT department of Nabisco after graduation and it was there she’d become interested in computer security. Though she’d been uneasy about moving to Manhattan, she loved her job with the SEC. It was a great place to apply her education, training, and experience. The only real downside was Alshon being so difficult to work with. As a result she lived in constant fear of perceived failure and worked under stress she’d not had before her move.

After stopping by the restroom, Flores went for coffee and considered why she felt so uneasy on this assignment. She had it. Alshon was behaving with an excess of passion. She was reluctant to admit it, but it seemed to her the fact that he’d once been with the FBI and that the targets in this case had formerly been CIA had a lot to do with it. She recalled previous disparaging comments he’d made about the CIA. Up to then, his attitude hadn’t seemed to influence his work but now she wasn’t so sure.

Red Zoya wasn’t the only examination on her desk. She’d been doing other important work, but he had her drop everything to work on this. And it wasn’t going as expected.

She poured some kind of artificial creamer into her black coffee and considered again how unhealthy her job was. Proper exercise was challenging. She enjoyed Central Park but so did most of the city on beautiful days. Sure, she could get off on a subway stop farther from the office, but finding time was difficult. She’d given up yoga and saw how quickly she was slipping away from what she’d been taught. It was so easy to turn into one more fat computer nerd. Maintaining fitness had been easier in Tucson, a bit challenging in New Jersey, but in Manhattan it was proving almost impossible.

Other books

The Way Back by Stephanie Doyle
Scones and Sensibility by Lindsay Eland
Showdown by Ted Dekker
Not For Glory by Joel Rosenberg
Working the Lode by Mercury, Karen
Red by Bianca D'Arc
Talk of the Town by Sherrill Bodine