Chapter 28:// Ripples on the Surface

Natalie Philips paced with a laser pointer at the edge of a projection screen. The Mahogany Row conference room was dimly lit, and silhouettes of her audience were arrayed around a sizeable boardroom table. Military badges on the uniforms of some audience members reflected the light from the screen.

Her title presentation slide was up:

Viability of Daemon Construct Over Peer-to-Peer Networks

She was already addressing the group.”…the feasibility of a narrow AI scripting application distributed over a peer-to-peer network architecture to avoid core logic disruption.” She clicked to the next slide. It bore the simple words:

Distributed Daemon Viable

A murmur went through her audience.

“Our unequivocal findings are that a distributed daemon is not merely a potential threat but an inevitable one, given the standards unifying extant networked systems. In fact, we have reason to believe one of these logic constructs is currently loose in the wild.”

Much more murmuring went through the crowd.

She changed her slide again. This one depicted two sets of graphs labeled Incidence of DDOS Attacks-All Sites Compared to Gambling/Pornography Sites.

She looked back at her audience. “A distributed denial of service (or DDOS) attack involves harnessing the power of hundreds, thousands, or even hundreds of thousands of zombie computers to transmit large amounts of packets to a single target Web domain. A zombie computer is one that has been previously compromised by a malicious back door program. This could be John Q. Public’s unsecured computer sitting in the den. An army of these zombie computers is called a botnet,and its collective computing power can be directed to overwhelm a target, making it too busy to respond to legitimate traffic. The potential to harm an online business is obvious.

“Unlike a simple denial of service (or DOS) attack-which is launched from a single machine and thus easily blocked by an IP address-a DDOS attack comes in waves from different IP addresses coordinated to continually incapacitate the target. Likewise, the nature of the traffic can vary wildly, making it difficult to filter out garbage connection requests. In short: it is significantly more serious. Unless the attacker brags about his deeds, tracing the real source of an attack can be next to impossible.”

She wielded the laser pointer to highlight various parts of the screen. “These two charts illustrate a pattern detected four months ago in the occurrence of distributed denial of service attacks on the public Internet-both overall and as experienced separately by commercial gambling and pornography Web sites, both legal and illegal, hereafter referred to as ‘G/P sites.’

“Note the increase of approximately twelve thousand percent in the occurrence of such attacks against G/P sites during the period January through April. Contrast this with the flat-to-declining trend in DDOS attacks versus the overall population of domains.”

She changed slides to a graphical breakdown of the top international gambling and pornography domains, with call-outs indicating the crime gangs operating out of Russia, Thailand, and Belize. The graph was broken down on the x-axis by time and on the y-axis by packets per hour.

“The CIA has associated the following international crime rings with these three G/P enterprises. Their Web interests encompass tens of thousands of loosely affiliated Web sites hosted on hundreds of domains in dozens of countries. Each one of these crime gangs is a vast IT organization, and collectively they generate billions of dollars in revenue each year. Their operating units include product development, security, finance, and infrastructure support elements-they are, in effect, multinational corporations whose product lines include narco-trafficking, sexual slavery, money laundering, and extortion.”

Her graph showed that the Web assets of each individual crime ring had been attacked in a campaign of orchestrated infowar. Philips’s laser pointer cavorted as she hammered her point home. “The Russians were first in line. We estimate that roughly ten million workstations launched a Pearl Harbor-like cyber attack simultaneously from all points on the globe, beginning in mid-January and stretching through to the end of the month. This effectively brought the Russian business to a halt worldwide-making their online gambling and pornography assets unavailable to paying customers for extended periods. These were not simple smurf and fraggle attacks. The Russians appear to have tried everything, from hardware filtering to rate-limiting connections, but it didn’t put a dent in their downtime. They tried to launch new sites and migrate customers to these, but the new sites also were rapidly targeted and brought down.”

She changed to a slide of translated Internet headlines from a passel of third-world sites. They listed dozens of killings in Asia and Russia.

“This appears to have sparked a brief gang war, followed by a purge within the ranks of the gang’s IT staff. The CIA estimates several dozen related killings, but notably, all during this period, the DDOS attacks did not let up and shifted constantly to originate from new locations. The Russian enterprise did not recover until the end of January, when it was suddenly fully operational.”

She looked up at her audience. “The following cell phone conversation was intercepted by ComSat assets over the Republic of Georgia on January twenty-ninth and is a conversation between an unidentified caller and a known Russian mafia figure based in St. Petersburg, herein denoted as Vassili.The transcript is available over Echelon. The abstract number is listed in your presentation binder. This raw intercept comes to us compliments of Group W.” She turned to face the screen as tinny, foreign chatter came in over speakers. An instant translation appeared on the screen in a scrolling fashion as the words were uttered in Russian:

Vassili: We’re driving. Tupo [nearby person], no. Where are you? Where are you now?

Caller: Belize City.

Vassili: They are online there?

Caller: Yes, yes. They’re running perfect.

Vassili: Perfect? Since when?

Caller: Perfect, like before perfect.

Vassili: Before the attacks?

Caller: Yes, yes.

Vassili: Do they know the extent of it there?

Caller: No. Nobody knows.

Vassili: They’re angry about Tupolov, yes?

Caller: Yes. But they have their money now.

Vassili: You paid the dead American?

Caller: Yes.

Vassili: And now we’re online again?

Caller: Yes.

Vassili: [unintelligible]. They’ll be next, and we must regain market share while they are down. You know what to do?

Caller: Yes. Sobol told us.

The screen cleared and the lights came up as animated discussions filled the room. Philips called to be heard over the din. “There are additional intercepts of a similar nature, but I think this is a representative sample. The waves of attacks continued until a couple of months ago, hitting each organization in turn-and growing in ferocity-at which point they disappeared suddenly and entirely.”

One of the DOD brass spoke up, “What’s your read on all this, Doctor?”

“I think the crime gangs running online gambling and pornography have been forced to pay protection money to someone or something.”

“You conclude that from one intercept?”

“This is one of dozens of intercepts, the transcripts of which you will find in your presentation binders.”

“How much money are we talking about here?”

Philips placed the laser pointer on the nearby podium. “We have an e-mail intercept from a Thai gang that mentions a ten percent gross payment.”

“Ten percent of gross?”

“All online transactions. The CIA estimates worldwide revenue from online gambling and pornography at approximately seventeen billion U.S. dollars per year. In truth, no one really knows. But if we use this as a baseline and extrapolate, assuming that the Daemon has-“

“You’re talking about a couple billion dollars a year.”

“There is anecdotal evidence that these payments represent an outsourcing of the IT security function of these criminal gangs to some unknown entity.” She paused, either for effect or to gather her courage-even she wasn’t sure which. “We suspect that the entity is not a living person but a massively parallel logical construct. I believe it’s Sobol’s Daemon.”

The room erupted in talk for several moments until someone in the back shouted over the din, “How do you know it’s not just another gang?”

The noise died down to hear her response.

Philips nodded. “Because that was the first thing the Russians thought. Quite a few hackers died at their hands in an effort to identify those responsible. At some point the Russians were presented with evidence that convinced them no living person was behind this attack. We don’t know yet what that evidence was-but we have operatives attempting to get their hands on it.”

The division chief just looked at her. “This is reckless conjecture. We’ve got Detective Sebeck convicted and on death row, Cheryl Lanthrop dead, and Jon Ross on the run. This situation is under control.”

The most senior NSA suit spoke. “I disagree. Right now the media is stoking a panic on cyber crime. A public discovery that Sobol’s Daemon was preying on Internet business could spook the financial markets.”

A visiting analyst from the FBI Cyber Division shook his head. “The facts don’t support the media panic, sir. Overall reported incidents of computer break-ins this year are down slightly-not up. In fact, we could spin the demise of gambling and pornography sites as a positive.”

Philips regarded the FBI agent, then turned to the room in general. “Anyone have anything on the media’s current fascination with cyber security? Does anyone know what’s driving it?”

“Sebeck’s trial?”

The FBI analyst began to hold court on the topic. “The government has few real controls over either the Internet or private data networks. This manufactured panic is addressing an actual deficiency in the cyber infrastructure. It’s the invisible hand of the market in action.”

Philips looked impassively at him. “Unless it’s already too late.”

The NSA section chief raised an eyebrow. “Is your copycat Daemon up to something more than demanding tribute from pornographers, Dr. Philips?”

She revealed no emotion. “For one, I believe it isSobol’s Daemon.”

“Highly unlikely.” The FBI analyst looked ready to disprove anything. He just needed fresh grist for his logic mill.

Philips continued. “Gentlemen, there are loose ends all over the Sobol case. There’s the poisoning death of Lionel Crawly-the voice-over artist for Sobol’s game Over the Rhine. What dialogue did he record that we have no knowledge of? The introduction of a strange edifice in Sobol’s online game The Gateat almost the instant of his death. And then there are the back doors in his games-“

“There are no back doors in his games.” The FBI analyst scanned the faces in the room. “It’s a fact.”

The NSA chief kept his eyes on Philips. “Your Internet traffic analysis was interesting, Doctor, but if you have evidence linking Sobol’s Daemon with the Daemon attacking G/P sites, then where is it?”

“In Sobol’s game maps.”

“Steganography? Didn’t you explore that last year?”

“Fleetingly-before Sebeck’s arrest. But let’s not forget that Sobol was an extraordinarily intelligent man. He was able to envision multiple axes simultaneously.”

“Is that a polysyllabic way to say he thinks outside the box?”

A senior cryptanalyst nearby removed his glasses and started cleaning them. “No offense, Dr. Philips, but if Sobol’s games contained steganographic content, you should have readily detected it by plotting the magnitude of a two-dimensional Fast Fourier Transform of the bit-stream. This would show telltale discontinuities at a rate roughly above ten percent.”

Philips aimed an anti-smile in his direction. “Thank you, Doctor. Had I not spent the last six years expanding the frontiers of your discipline, I’m sure I would find your input invaluable.”

The division chief cleared his throat. “The point is still valid, Doctor. How could Sobol hide a back door in a program using steganography, of all things? Doesn’t that just hide data? You can’t execute steganographic code.”

The FBI analyst couldn’t hold back. “Even if he was storing encrypted code within art asset files, he’d still need code to extract the encrypted elements-and we would have found the extraction routines in the source.”

Philips turned to him thoughtfully. “Yes, but the back door isn’t in the code. It’s in the program — but it’s not in the code.”

Her audience looked confused.

The division chief shrugged. “You lost me there, Doctor.”

The senior cryptanalyst offered, “You mean the relationship of things within the program?”

“Ah, now you’re seeing it.”

The division chief cut in. “What brought you back to the stego angle? The DDOS attacks on G/P sites?”

“No.” She paused again. “Jon Ross brought me back to it.” She turned back to face them. “For the last several weeks I have been exchanging e-mail communications with the man known as Jon Ross.”

The impact of this revelation left her audience stunned briefly. Then there was frantic movement; previously untouched presentation binders were grabbed and thumbed through hastily.

“Why weren’t we informed of this?”

The NSA chief interjected, “The Advisory Panel was informed.”

“What evidence do you have that these e-mails are authentic?”

Philips was calm. “The first e-mail made reference to a conversation Ross and I had in person at Sobol’s funeral.”

The FBI analyst nodded slowly. “No doubt he claims innocence and that the Daemon really exists.”

“He’s doing more than that. He’s pursuing the Daemon, and imploring us to do the same. Which leads us once again to the back door in Sobol’s software. Because it was Jon Ross who helped me find it.”

“That’s convenient for him.”

“I thought so, too. That’s why I asked for a face-to-face meeting.”

The NSA chief nodded in apparent recollection.

The FBI analyst looked surprised. “And he agreed?”

“After a fashion.” Philips nodded to the back of the room, and the lights dimmed again.

The screen filled with an animated 3-D environment. It was a narrow, medieval-looking city street, with buildings leaning over it in irregular rows. Few in attendance recognized it because none of them had the time or inclination to play online computer games. A title in plain Arial font briefly appeared superimposed over the image:

Session #489: Elianburg, Duchy of Prendall

Philips narrated. “What you’re looking at is Sobol’s game The Gate.This is an online role-playing game-meaning that tens of thousands of users access game maps from central servers. The game covers a large area of virtual space. Jon Ross requested a meeting at this specific location; at the corner of Queensland Boulevard and Hovarth Alley in Elianburg.”

“A meeting in an online game?”

“Yes. But since it’s difficult to arrest an avatar, I decided to go into God Mode.”

“Meaning what?”

“Meaning I cheated; I enlisted the aid of the CyberStorm system administrators to place the intersection under surveillance with virtual cameras.”

“You set up a stake-out in fantasyland?”

A chuckle swept through the room.

Philips nodded. “Something like that. The goal was to monitor every character that entered this intersection up to the appointed meeting time. It’s a busy intersection-in the middle of the market where players purchase equipment-and I wanted the maximum amount of time to trace Ross.”

One of the uniformed military officers spoke up. “Like tracing a phone call?”

“Similar, yes. Each player has a screen name hovering over their character’s head that must be unique for that server cluster. We wrote a script that scanned for suspicious player names on the servers. It autoharvested IP addresses for likely suspects and traced them back to their ISP for follow-up. We also established a manual system where we could select any player name, and the CyberStorm techs would look up that player’s originating IP address.”

“Why bother with IP address? Doesn’t CyberStorm have a record of each player’s billing information?”

“Yes, but it seemed likely that Ross would steal or borrow an account. By using his IP address to locate the Internet Service Provider, and then contacting the ISP for the physical address of the connection, we were more likely to actually find him.” She looked around the room for emphasis. “We scrambled airborne strike teams in several U.S. cities in preparation for this meeting in the hopes that Ross would be hiding in a major metropolitan area.”

The FBI analyst couldn’t resist. “I gather from the fact that Ross is still at large that this plan did not succeed.”

A voice in the darkness: “Can we continue, please?”

Philips nodded.

The screen suddenly came to life. Animated 3-D people moved through the scene. It was eerie how realistically the people moved-although only half of them had glowing names floating over their heads.

“The characters moving around without names are NPCs, non-player characters-they are computer controlled. Only human players have names.”

The perspective of the screen changed. It was a first-person view from Philips’s character as she moved through the crowd.

“We conducted this session from our offices in Crypto. The game permits players with VOIP capability to speak directly to nearby players over a voice channel. Ross requested that we have such a hookup. I am controlling this character in the game, and it is my voice you will hear talking with him. I had a MUTE button on my headset, and you will also hear me issuing instructions to my team. Ross did not tell me in advance the name of his character, but he said I would be able to pick him out of the crowd. Which is why we put the auto-trace script in place. But Ross took a page out of Sobol’s playbook.”

The screen view changed as Philips’s character turned this way and that, checking out the shoppers in the market. Then the POV moved toward a Nubian female 3-D character wearing a black leather corset with a plunging neckline. Something resembling a French-cut steel thong wrapped her shapely hips. She was a hentai cover girl. As the frame moved closer, the Nubian woman turned, revealing what was unmistakably a computer-generated version of Philips’s face.

Mild amusement spread through the audience in the meeting room. Philips ignored it.

On- screen the glowing name over the Nubian avatar read: Cipher. Philips’s recorded voice came in over the speakers:

Philips: Get me an IP for the screen name “Cipher.” That’s spelled c-i-p-h-e-r.

NSA Tech: Got it, Doctor. Looking up ISP…

The screen perspective moved right up to Cipher, and stopped. The scantily clad warrior princess faced the screen. A male voice came in over the speakers:

Ross: Good evening, Doctor.

Philips: Mr. Ross. Apparently you can’t resist identity theft. How did you upload my likeness to this game?

Ross: I didn’t upload anything. Players can edit the geometry of their avatars. I sculpted this one to resemble you.

Philips: I didn’t realize you studied my appearance so closely.

Ross: How could I forget you? Besides, I knew you’d try to identify my account in advance of this meeting, but your automated forensics tools don’t know what you look like, Doctor. Your physical appearance is a graphical encryption that the human mind is uniquely qualified to decode.

Philips: That doesn’t make it any less unsettling to have a conversation with myself as a transsexual lingerie model.

Ross: I find it just as uncomfortable being seen with you.

Philips: How’s that?

Ross: Well, you’ve got the default skin of a generic warrior, and nobody keeps the default skin. You are the fantasy world equivalent of a Fed. I recognized you a mile away.

Philips: Jon, why did you call me here?

Ross: To prove to you that I’m innocent.

Philips: And how do you intend to do that?

Ross: By showing you one of the back doors in this game.

Philips: We’ve been through every line of the source code, Jon. There are no back doors.

Ross: None here, true.

Ross’s female warrior gestured dramatically, as if performing a spell. In a moment a magical portal appeared in the street. A wandering player character tried to walk into it but bounced off. After a few tries, he got bored and walked off.

Philips: What’s this?

Ross: A Type II gate. It will only permit those I choose to enter, and I just typed your character’s name in. What does «FANX» mean, anyway?

Philips: I’ll let you puzzle it out.

Ross: Please step through the portal.

NSA Tech: Doctor, we’ve got a physical address, but it’s in Helsingborg, Sweden.

Philips: [MUTE ON] Notify local authorities and Interpol. [MUTE OFF] Where’s this lead to?

Ross: What does it matter? Look, I hope efforts to trace my physical location are not distracting you. I’m running several layers of proxies, Dr. Philips. By the time you track them all down, this will be long over. Just pay attention, please. This is important.

Philips: Jon, I’m not-

Ross: It’s okay, Doctor. That’s your job. Just step through the gate, please.

The perspective of the screen changed as Philips moved her character through the gate. It was a swirling vortex of blue lines, and then suddenly the view changed to a darkened masonry tunnel filled to a depth of a couple feet with black water. The area was lit by the swirling lights of the nearby magical portal. Rats scurried away along ledges, and the water’s surface rippled with the dazzling lights.

Someone in the dark muttered. “Nice algorithm…”

The NSA chief craned his neck. “Shhh!”

On- screen, Ross’s hentai warrior princess waded out into the water and stood in front of Philips’s character.

Philips: What is this place?

Ross: It’s a sewer beneath the Temple District. Not accessible without a magical portal.

Philips: What did you want to show me, Jon?

Ross: Look straight ahead. What do you see? You may need to move side to side to notice it.

The view on-screen changed as Philips focused straight ahead. There in the semidarkness of the slime-covered wall was the outline of an oxidized bronze door-nearly the same color as the surrounding stones.

Philips: A door.

Ross: Not just any door. A back door.

Philips: It’s a literal door?

Ross: You were expecting a code snippet? Maybe something that accepted anonymous connections at a certain port address or carried out actions on the user’s computer with their rights? But you didn’t find that. You didn’t find it because you shouldn’t have been looking for a back door leading IN. You should have been looking for a back door leading OUT.

Philips: But how would that permit Sobol to control a user’s machine?

Ross: It isn’t their machine he’s trying to control.

Philips: You’re saying he was trying to control the user?

Ross: Why don’t you step through the portal and find out?

Philips: Wait a minute. We still should have found this in the code.

Ross: Why? Were you looking for a graphic of a door that when used as an object in the game environment loads a game map? Do you know how many times that innocuous function call appears in the source code? The code itself is benign-it’s the map it loads that isn’t. Because the map in question is not on the CyberStorm servers, and I’ll bet you didn’t look farther than the IP addresses of the map links.

Philips: [a sigh of disgust] You mean he’s using a redirect.

Ross: It will look local in the map database, but when you try to load it, it redirects to an external IP address-which logs the user off the current game and establishes a new connection on an alien server. In short: this portal leads to a darknet.

Philips: A darknet. An encrypted virtual network.

Ross: Correct. Except that this is a graphical darknet.

Philips: How do you know all this?

Ross: Like I said-step through the portal. However, I will leave you now. Your colleagues are quite skilled and have probably located my zombie in Sweden, maybe even my zombie in Germany-and I really must be going. Please remember that I am innocent, Natalie-if I may call you Natalie. I’d really like to tell you the whole story over dinner sometime.

Philips: I don’t date felons, Jon-especially cross-dressing felons.

Ross: Till we meet again, Doctor…

At that, Ross’s avatar disappeared-as did his magical gate-leaving her in relative darkness. There was just the faint glow emanating from the door.

NSA Tech: He’s off-line, Doctor.

Philips: We’re still recording?

NSA Tech: Affirmative.

On- screen, Philips approached the door and activated it. It creaked open, the noise echoing down the sewer tunnel. Animated cobwebs stretched. A dialog box appeared reading “Loading Map…”

NSA Tech: Connection severed to CyberStorm server. We’re establishing a connection to an IP address assigned to a domain in…South Korea.

Philips: Are the packets really routing there?

NSA Tech: Stand by.

Philips: Get us a fix as soon as possible.

In a few moments the map was loaded. Philips’s character moved out into a medieval hall, with a gallery on either side above and pennants hanging down bearing heraldic symbols. Set into the wall straight ahead was a statue of a man, disquietingly similar to Sobol, in flowing robes, hands outstretched. Virtual water glimmered like a fountain as it rolled down each cheek from his eyes. Mineral stains marked the path. A perpetual fountain of tears.

A black- robed figure stood before the statue like a sentinel blocking her way. Its face was lost in shadow.

NSA Tech: It’s fingering us, Doctor. I didn’t spoof our IP address.

Philips: It’s okay, Chris, I didn’t ask you to.

The hooded figure snapped alert suddenly, then raised a finger and pointed at her.

Guardian: You don’t belong here!

Lightning arced from that finger in her general direction, and the Blue Screen of Death filled their view.

Then everything went black.

NSA Tech: We are down! Down, down, down!

Contents

Обращение к пользователям