Zero Day: A Novel (19 page)

Read Zero Day: A Novel Online

Authors: Mark Russinovich,Howard Schmidt

Tags: #Cyberterrorism, #Men's Adventure, #Technological.; Bisacsh, #Thrillers.; Bisacsh, #Suspense, #Technological, #Thrillers, #Suspense Fiction, #Fiction, #Espionage

BOOK: Zero Day: A Novel
13.25Mb size Format: txt, pdf, ePub

28

PARIS, FRANCE

5ÈME ARRONDISSEMENT

GRAPHISME COURAGEUX

MONDAY, AUGUST 21

7:44 P.M.

Michel Dufour stared out the window and wondered once again why he was still in Paris. Every friend of his was either vacationing in the south or traveling abroad. Paris in August was dreadful. Hot, dirty, the streets filled with loud tourists, the waiters surly and sarcastic.

He sighed. What was there to do? The deadline loomed and could not be moved.

Pauvre Michel,
he thought,
poor Michael
. Repeating the phrase his older sister had used to mock him as a child whenever he felt sorry for himself, he swiveled from the window and returned to his monitor.

He typed for several moments, then confirmed he was into the Internet access at a cybercafé he knew, one of a dozen around Paris he used. He wasn’t about to leave any trails leading to the office. Next he opened a send box and typed:

          Date:

Mon, 21 August 19:45 —0700

          To:

RioStud

          From:

Xhugo49

          Subject:   

$$$

 

Money snt. Attached is doomer. Release, not from your home or work, ASAP. Confrm when done. More t cum.

Xhugo

Dufour glanced at his list, considered for an instant if it was worth his time to copy and paste, decided it was not. Instead, he opened another message box.

          Date:

Mon, 21 August 19:47 —0700

          To:

MgEst109

          From:

Xhugo1313

          Subject:   

$$$

 

Money snt. Attached is new doomer. Release but not from home or work. ASAP, then confrm. More t cum.

Xhugo

Dufour stretched, grimaced, opened another send box, then typed:

          Date:

Mon, 21 August 19:49 —0700

          To:

DanteHell

          From:

Xhugo49

          Subject:   

problem

 

Load time still too slow. Must reduce by half. Hurry.

Xhugo

The Finn was full of himself. Always promising work he couldn’t deliver. Thought he was hot stuff with code. That should fix him. Dufour took a long look at his work list, opened another e-mail send box, then typed:

          Date:

Mon, 21 August 19:51 —0700

          To:

Wiseguy

          From:

Xhugo2009

          Subject:   

great!

 

Doomer works very well. Gd job. Kp it up. Will pay 1,000 euro bonus for similar clean work with no existing patch. Want 10 more like last one ASAP. Sugst u open egold account for transfers.

Xhugo

That was almost it for the night. Dufour dug through the papers strewn about his desk but couldn’t find another fresh list. He reminded himself that he had to get better organized.

Then his fingers found a scrap of paper. Oh, yes. One more for the night, then some wine and Yvette. He started to type
xhugo49 @ gmail.com,
then decided he was finished with that e-mail address.

          Date:

Mon, 21 August 19:54 —0700

          To:

Superphreak

          From:

Xhugo1101

          Subject:   

status

 

New product with u code works very well. Have snt money to u egold account. Confrm u recve. We r on schedule.

Xhugo

29

MANHATTAN, NEW YORK

HOTEL LUXOR

EAST THIRTIETH STREET

TUESDAY, AUGUST 22

12:09 A.M.

A package, delivered by courier, was waiting at the front desk for Jeff when he returned to his hotel. Thanking the clerk, he rode the elevator up, all but asleep on his feet.

In his room he tossed the package on the desk, stripped off his clothes, then stepped into the shower, where he scrubbed himself top to bottom. Running the hot water over his body until his fingertips were puckered, he smiled briefly when he glanced at them, recalling how he’d called them “old” fingers when he’d been a child, wondering if his grandparents’ age was catching. He toweled off, then slipped on the hotel bathrobe, feeling if not reborn than at least much better.

Jeff sat at the desk, fingering the package. What he wanted most of all was sleep, but he’d promised Daryl he’d do what he could to help. And, he had to admit to himself, no matter how tired he was, sleep might not easily come when what he was finding on his client’s server was emerging as his worst nightmare. For years he’d complained to anyone who’d listen about the lack of real Internet security. Now it appeared that a cyber-attack might well be upon them. From what Daryl was telling him, the attacks linked to Superphreak were broadly targeted, meaning the cyber-assault was widespread and aggressive.

He had no complaint about his actual client. In other circumstances a man like Joshua Greene would have been ranting at him every day, thanks to the enormous pressure he was under. Instead, Greene seemed satisfied with dropping in on them two or three times during his work hours. “I’ll take care of him,” Sue had said that first day, and apparently she had.

Jeff had spent this entire day in a copy of the firm’s monthly backup, trying to prepare it for Sue’s booting. He’d found more than he had with the daily backup, but had no way of knowing if he’d cleaned out enough.

He’d located two rootkits in the law firm’s computers but still had no idea how many virus variants there were and what triggering devices they were using. He hoped Daryl, with her much greater resources, would come up with something on that.

In the case of his client, Jeff had decided that one of the viruses was designed to destroy financial records stored by SQL Server, one of the more popular databases used by midsize businesses. If this same payload was in the Social Security Administration records, or company pension records, or in the computers that controlled Wall Street, when the trigger kicked in, the damage would be incalculable. His sense of frustration and despair increased with each new discovery.

His work at the firm was about finished, though, one way or another. Sue was going to attempt a boot again later that night. He’d been too exhausted to stay for it. He’d find the results out soon enough.

Something like this had been coming at them for years, and for too long he’d felt like the lone sentry to realize it. Not that long ago a hacker had detected an exploit in the Excel program and had the nerve to offer it on eBay, in essence selling potential access to every computer online with a copy of Excel. How many was that? Ten million? Fifty million? With so many cloned programs and illegal copying, there was no way to know. Each one represented a doorway through which any cracker could send his malware. And the guy who’d discovered it sold the knowledge over the Internet as if he were peddling a used Ford!

Jeff had visited Web sites where anyone could download rootkit and other virus code. The creators were just giving the technology away. Any novice hacker with a rudimentary knowledge of viruses could now cloak his programs or discover a new, nastier virus.

Security firms named variants with letters of the alphabet. Some viruses had so many variants they wrapped around the alphabet three times. One virus alone was known to have two thousand versions.

The Sober worm, one of the most proliferative ever released, actually communicated with its creator. The guy wasn’t a dunce. The worm checked specified URLs on certain days to search for instructions on what destructive act to commit. The thing was, the URLs didn’t exist. The creator knew the ones he’d planted in the virus. When he was ready to give it instructions, he created the URL on the day he wanted to tell it what to do. How did you stop something like that? Jeff thought.

The number of businesses harmed by malware was increasing every month. The public only read about it when ABC, CNN, or the
Financial Times
was struck. Though thousands of new viruses or variants of old ones were released every year, the great harm was coming from the ones seeking financial gain. You could now hire people to write malware to make you a profit, and plenty of unscrupulous people were taking advantage of that.

If it wasn’t this time with Superphreak, Jeff thought, then soon enough such an attack would be mounted and bring the Internet, and a significant number of the computers connected to it, down for the count, requiring that everything be rebuilt from scratch. Billions of dollars’ worth of information would permanently be lost. Businesses and operations necessary to maintain the nation would stop in their tracks. Countless tens of thousands would be thrown out of work; companies would fail. The cost to the nation and to the world’s economy was all but incalculable. It would be what had happened to Fischerman, Platt & Cohen but on a worldwide scale.

Once the system was rebuilt, there could be no certainty the virus, or some variant of it, could not worm its way into the new system. The price to be paid for the current complacency was likely incalculable. Jeff couldn’t contemplate it without bile rising in his throat. But, on his own, what could he do about it? And even when he’d had access to the powers that be, fools such as Carlton hadn’t taken him seriously.

Jeff logged onto his laptop as he tore open the package from Daryl, revealing an external USB hard drive. He unfolded and read her hastily scribbled note:

These are copies of disks we received late yesterday and today. Each has Superphreak and each has a rootkit, as you predicted. They are getting easier to find thanks to you. Each does something different. Three more deaths have been reported. I’m scared.

Jeff grimaced. He was scared himself. His ICQ icon blinked and the laptop chirped. He opened the instant-messaging system.

          D007:      

Did u gt CDs?

          JA33:

Yes. Jst startng.

          D007:

Paswrd is Rubicon. Weve ID’d 3 rootkits. We nw hv 8 diff functns so far 4 the cloaked viruses.

          JA33:

Wht r thy?

          D007:

Cnt tell. Sum seem related to $ recrds, othrs t admin functions, sum t industry contrls. Thy seem intended jst t jam things up.

          JA33:

What am I lookng for?

          D007:

These are t ones we couldn’t identify. See wht u can learn.

          JA33:

I’ll try.

          D007:

Thks

 

Jeff hoped that her confidence in him wasn’t misplaced. If her entire team couldn’t identify what she’d sent, he doubted that he could. For two hours he worked on the disk and made little progress other than to cover familiar ground, though he was getting faster at it. Finally, his attention was drawn to the time stamps on a number of files:
Date modified: 09/11.
The dates were off nearly a month. Odd.

Curious, he ran another forensic tool, then stopped cold as he read the results. That was it. It had to be. The trigger to the viruses was the date!

Jeff stood up and began pacing the room. Had he missed a changed date on the law firm’s computer? How many other infected computers had the wrong date somewhere in the software?

Then there was the date itself. It might be a fluke. Or perhaps Superphreak was using the date as a trigger to make a point.

Which raised still another issue—could all the Superphreak viruses be time-triggered? Was that something they’d missed? Could that be what happened at the hospitals? At the Ford plant? To the airplane?

Jeff’s heart was racing as he called Daryl. After several rings her sleepy voice answered.

“I’ve just come across something unusual on those CDs.” He told her about the modified dates, hearing the apprehension in his own voice.

“The trigger is the date 9/11?”

“I’ll check my client’s computer in the morning. Your team should follow up too.”

“Of course.” Daryl hesitated. “Jeff, what if—”

“I know,” he cut her off. “I’ve already considered the possibility that we’re actually dealing with Arab terrorists. But let’s not get ahead of ourselves. Let’s first see if it really is the trigger.”

No sooner had he disconnected than his cell phone rang.

“The monthly backup crashed and burned,” Sue said, sounding weary. “Just like the other.”

30

FORT DUPONT PARK, WASHINGTON, D.C.

WEDNESDAY, AUGUST 23

6:31 P.M.

George Carlton eased his BMW down the narrow, two-lane road, then pulled into an isolated picnic area. He sat there idling for five full minutes before switching off the ignition. It had been at least a year since he’d last used this drop box, and he was certain no one had followed him.

He’d had no idea how useful working surveillance for the Bureau would be. In fact, he wished he’d paid closer attention to his seasoned partner, because playing the part of the fox instead of the hound was daunting. It
seemed
simple enough to drop off a disk with information, but he knew how easy it was to fall into patterns.

Other books

Into Oblivion (Book 4) by Shawn E. Crapo
Not Quite Nice by Celia Imrie
When Darkness Falls by Grippando, James
The Owl Keeper by Christine Brodien-Jones
The End of the Book by Porter Shreve
Haunted Hearts by Teresa DesJardien
Innocent in Las Vegas by A. R. Winters, Amazon.com (firm)