Authors: Mark Russinovich,Howard Schmidt
Tags: #Cyberterrorism, #Men's Adventure, #Technological.; Bisacsh, #Thrillers.; Bisacsh, #Suspense, #Technological, #Thrillers, #Suspense Fiction, #Fiction, #Espionage
“They didn’t work.” She paused. “There were eight deaths. They managed to pull out of the dive that followed the stall, but the plane shot up to over fifty thousand feet before nosing down again. The autopilot was handling the roller-coaster ride, but still … No one in back was prepared, and most were unbuckled. Passengers were knocked around like pieces of cordwood. Five of the deaths were small children. They were thrown around like missiles. The adult deaths were from broken necks and internal injuries. One passenger is paralyzed. Many others were seriously injured.”
“Welcome to the twenty-first century.” Jeff ran his hand through his hair, then picked up his coffee. Cold.
Daryl nodded. “So … tell me what you’ve found.”
Jeff filled her in on what he knew so far. US-CERT worked cooperatively with the Cyber Security Industry Alliance, formed by Symantec and McAfee among others, as well as with the Internet-security departments of every major corporation, and computer and software giants such as IBM’s Internet Security Systems and Microsoft. It was in everyone’s interest to cooperate. That was one reason she’d been willing to meet him when he told her he’d run across something unusual. As he spoke, she nodded, taking an occasional sip of water. When he told her about the words to the song “Super Freak,” though, she put her water bottle down.
“I just ran into that same name this morning at Mercy Hospital,” she said when he stopped. “It was spelled S-U-P-E-R-P-H-R-E-A-K.”
It was as if a piece of an especially difficult puzzle had fallen into place. “I haven’t seen the name under any spelling, just the disguised words from the song ‘Super Freak.’”
“I was at Mercy when when you called,” she said, talking more rapidly. “But they didn’t lose some billing or litigation records. Like I told you, four patients were killed. The program modified their medicine records and instruction. Jeff, I think we’re investigating the same virus. Did you hear about the death at a Ford assembly plant?”
He shook his head.
“I can’t be certain, but it appears the plant’s robot software picked up a virus that sat there, waiting. The virus took over without warning, causing the robots to perform in nonscripted ways. We think that’s when the worker was knocked onto the assembly-line railing. In response, the company powered down, then unplugged the robots. Their server was fried. They installed a replacement and are reloading the software. It looks like they’d be all right except for the death, of course, and the loss of about two weeks’ production. The financial cost to them will be in the tens of millions.”
Jeff was puzzled. “I thought industry networks were off-line for security purposes.”
“They mostly are and this one was. I talked to the IT manager again this morning. They traced the original virus to a software engineer’s laptop. He was in the habit of downloading whatever he was working on, then taking it home with him. He picked up the virus there when he used the same laptop to access the Internet. When he hooked it up at work, the worm latched onto the company’s software, planting the virus.”
Jeff thought a moment, then said, “Back to the 787 incident. Is it possible what we’re dealing with could be crafted for avionics software?”
“I don’t know,” she said, looking surprised at the thought. “It seems unlikely, but it highlights one of the problems we’re having. We don’t know what the virus is doing and what it isn’t doing. For that matter there could very well be any number of incidents about which we know nothing. The world is so computer-dependent you can’t always make the connection to one of the viruses when something happens.”
“So what’s Superphreak? Do you have any idea?”
“Not yet. I’ve got my team working on it. It could be almost anything. It could be a word left by a script kitty. It could even be the cracker’s name.” Daryl pushed away her water bottle and started drumming her fingers on the table. “It looks to me as if whoever wrote this used old code, copied and pasted to create this one. I don’t think he realized the word was there. I found parts of
Superphreak
in three places.”
“I think he’s Russian,” Jeff speculated. “I can’t put my finger on it, but the way some of the code is written just has that look. And, given their track record, this could well be an economic attack of some kind by Russians.”
Daryl stared at Jeff, impressed. “Good guess, Mr. Holmes. I found the word
Moscow
written in Cyrillic in the code not long before I ran into
Superphreak
.”
“So that’s it then.” Jeff experienced a moment of elation. Russians. Just as he’d thought. It felt good to have been right. “Do you have any idea how widespread this is?” He wasn’t in a position to know, but Daryl was.
“When I left for the office Monday, we had seven reports that looked suspicious. We’ve picked up more than fifty since then.”
Jeff was astounded. “It’s spreading pretty fast. Who’s working on detection and a fix?”
“I think I can safely say
none
of the private security companies are at this point, though they’ve been alerted and we’ve given them all the code we have. They report a higher-than-usual flood of former viruses and variants that require their attention. Superphreak hasn’t appeared in any of their honeypots and we can’t prove a connection, so they think we’re overreacting. It’s very frustrating. We’re assuming we won’t be able to figure out the vulnerabilities these things use to spread right away, or get the software companies responsible for them to release fixes anytime soon. So we were hoping to get them onto the problem immediately, but no luck.” Daryl shrugged. “But even if they did respond, the problem is, as you know, that it would take weeks to come up with signatures and patches. And that’s the best case. How long it takes for users to download and install them is another matter altogether.”
“You should push the process,” Jeff said. “You can’t just leave it to agency inertia.” He could have bit his tongue. He knew Daryl was doing everything she could.
“I’m trying.” She looked annoyed.
“Why so pessimistic?”
Daryl glanced around the room, then leaned forward. When she spoke, her voice was subdued but firm. “Because so far we’ve spotted at least ten variations of the code and we aren’t talking knockoffs. These were written with entirely different code, as if by a different cracker, but in the end they all do something very destructive. I have no idea how many variations there are. And not knowing gives me the willies.”
Jeff thought of the airliner falling out of the sky, the hospital deaths, the man killed on the assembly line. Were these just the tip of the iceberg? Mentally, he ran through a list of other dangers: nuclear-power stations, traffic-control systems, defense networks, Wall Street. The list was limitless and suddenly he felt overwhelmed. “What else?”
“It seems to be composed of three functions. The first is the exploit code that gets the virus into the system without detection. The second is the trigger. The third is the payload itself, which causes all the damage. We’ve got three variants of the exploit, five of the virus, and we’ve just started. I have no idea how many others there are.” She sighed. “Two hospitals outside of New York report their medicine distribution systems were also jumbled. We know of eleven deaths nationally so far. A small power station in Connecticut had its sluice gate turned wide open and it couldn’t be closed. By the time they figured out the problem was the computer they use to control their water release and the electricity they produce, they’d lost a significant amount of reserve capacity. It will take them two years to restore it. They didn’t have backup software and are running manually now. It’s almost laughable, but they had to recall a retired worker to show them how the system works without a computer. A nuclear power plant in Iowa had to do a mechanical shutdown to prevent a meltdown. This next one’s been kept out of the news so far, but Tucson International Airport lost its air traffic control system. Fortunately, it was during a slow period and there were no incidents. More and more is coming in every hour, but you can see why I’m not sleeping well.”
Until now, Jeff realized, he’d been focused on his client’s narrow problem. He’d not seen it as part of an expanding, and dangerous, reality. Daryl was scaring the hell out of him, and he experienced a surge of anxiety and fear he’d not felt since those last days before 9/11. “What’s the potential?”
She paused, then said, “Anything’s possible. It looks as if we’re just seeing the surface. Here’s what’s frightening me.” Jeff felt another chill shoot through his body. If Daryl was frightened, then this was even bigger than he feared. “First, we can’t detect the virus coming in, and that’s going to be a tough egg to crack. We’ve got to get the signatures written, the patches prepared, then out there, and I don’t think there’s enough time. Second, a single signature isn’t going to work. The variants are too different.”
Jeff nodded, took a sip of coffee, then explained what he’d learned, and what he didn’t yet know. When he finished Daryl groaned. “This Superphreak, if that’s the cracker’s cyber handle, could be a Chechen. Or he could be a gun for hire and working for almost anyone. The Russian mob, to name just one.” Neither of them said anything for several minutes as they absorbed what they had learned. “I’ve got more,” she finally said. “There are other propagation methods besides, or in addition to, the worms. My team is reporting they’ve found three of the variants that spread through the address book of each computer they touched, and several of the ones we’ve looked at are polymorphic or metamorphic, so they look different each time they replicate. That’s what I was getting at before.”
“One I found wanted to replicate,” Jeff confirmed. “The system went down so fast I doubt any of it got out, but that was its intention.”
“What if every variant is self-replicating?”
Jeff sat back in his chair. “I hate to bring up more bad news, but have you considered this? Whoever is spreading this virus might be still at it. They could be sending new variants out every day. I’m sorry to add to your misery, but you need to get CERT and DHS serious about this.”
Daryl threw up her hands. “I’m only one person with a small team. We’ve had six directors heading up DHS cyber-security since it was created. Almost none of them have lasted so much as a year, most only a few months. They have no clout in DHS, and if they’re in the driver’s seat when the attack comes, it could end their career.”
“This is all very familiar, isn’t it?” Jeff asked. He’d worked long enough in the government system to know what she was up against.
“I’m afraid so.” Daryl’s beautiful face was creased with worry. “We’re trying to get the industry interested. But we’re way behind the curve on this. We have no idea how many variants there are, or how many others are coming out. I lay awake last night imagining the harm that will come if we’re only seeing a small portion of the Superphreak viruses.”
“Take it easy. We’re probably overevaluating, and it’s not as bad as we fear.”
Daryl wasn’t buying it. “Look at the body count already! Superphreak, if that’s what’s causing this, is already the most deadly virus ever unleashed, and
it’s just starting
. That’s why I’m in Manhattan. There are dead people here because of this thing. We have no idea of the long-term harm Superphreak can cause.” She paused, then leaned across the table, her blond hair falling forward. “Let me tell you what I think. What we need to do is to stop this at the source.”
“How?” Despite himself, Jeff knew she was right. He’d had the same thought late the night before, but hadn’t wanted to admit it until she’d said it aloud.
“Find the cracker in his home, get distribution stopped at the wellspring, then learn from him or his computers exactly how many variants there are. If we had
that
information, I could rush through the fix and the antivirus changes, and we could stop this thing in its tracks.”
Jeff smiled. “You have a black-ops team that does that?”
“Hell, no,” Daryl said grimly, “but we sure as hell need one.”
13
LOWER MANHATTAN, NYC
WORLD TRADE CENTER SITE
TUESDAY, AUGUST 15
11:47 A.M.
Exhausted as he was, Jeff wanted nothing so much as to go straight to his hotel room, but there was no denying this. It had to be done.
Two blocks to the west he located a subway, bought a MetroCard, then rode the train downtown. The car was clean, cleaner than he recalled from his summer of weekend trips here that ill-fated year.
For two years, Jeff had been in a serious relationship with Cynthia Wheel. They’d lived in the same complex just outside Richmond, Virginia, and had met at the gym they shared. Petite with raven hair, she’d been a vivacious and bright young woman. It had been easy to settle into the life of an old married couple with her, without ever actually “doing the deed,” as she was fond of saying, especially when naked and about to suggest another bout of sexual play.
Jeff felt a real sense of loss when, in May of 2001, Cynthia’s company, ARM—Account Resources Management—of Richmond, Virginia, had transferred her to Manhattan. Jeff helped her pack, then drove her to her new apartment. “We won’t let this be the end of us,” she assured him just as he prepared to leave. “I promise.” She’d kissed him sweetly on the mouth, stepped back, flashed her winning smile, and said, “Wish me luck.”
In the months that followed, his routine was consistent. He began recording the long hours he normally gave the CIA gratis and left the office at 1:00 p.m. every Friday, to take the shuttle flight to New York City. After spending the weekend with Cynthia, he’d return home late Sunday. In August, she’d flown to see him twice, complaining of the sweltering heat in Manhattan, but by September she was thrilled as the days turned cooler with the prospect of autumn.
That August Jeff had received a disk originally seized from the ruling Taliban by one of the rival Afghan groups. He’d cracked into the disk within minutes of receiving it and saw at once that, despite its provenance, it was not Taliban. It had been prepared by a group called Al Qaeda, “the base.”