Natalie Philips paced with a laser pointer at the edge of a projection screen. The Mahogany Row conference room was dimly lit, and silhouettes of her audience were arrayed around a sizeable boardroom table. Military badges on the uniforms of some audience members reflected the light from the screen.
Her title presentation slide was up:
She was already addressing the group.”…the feasibility of a narrow AI scripting application distributed over a peer-to-peer network architecture to avoid core logic disruption.” She clicked to the next slide. It bore the simple words:
A murmur went through her audience.
“Our unequivocal findings are that a distributed daemon is not merely a potential threat but an inevitable one, given the standards unifying extant networked systems. In fact, we have reason to believe one of these logic constructs is currently loose in the wild.”
Much more murmuring went through the crowd.
She changed her slide again. This one depicted two sets of graphs labeled
She looked back at her audience. “A distributed denial of service (or DDOS) attack involves harnessing the power of hundreds, thousands, or even hundreds of thousands of zombie computers to transmit large amounts of packets to a single target Web domain. A zombie computer is one that has been previously compromised by a malicious back door program. This could be John Q. Public’s unsecured computer sitting in the den. An army of these zombie computers is called a
“Unlike a simple denial of service (or DOS) attack-which is launched from a single machine and thus easily blocked by an IP address-a DDOS attack comes in waves from different IP addresses coordinated to continually incapacitate the target. Likewise, the nature of the traffic can vary wildly, making it difficult to filter out garbage connection requests. In short: it is significantly more serious. Unless the attacker brags about his deeds, tracing the real source of an attack can be next to impossible.”
She wielded the laser pointer to highlight various parts of the screen. “These two charts illustrate a pattern detected four months ago in the occurrence of distributed denial of service attacks on the public Internet-both overall and as experienced separately by commercial gambling and pornography Web sites, both legal and illegal, hereafter referred to as ‘G/P sites.’
“Note the increase of approximately twelve thousand percent in the occurrence of such attacks against G/P sites during the period January through April. Contrast this with the flat-to-declining trend in DDOS attacks versus the overall population of domains.”
She changed slides to a graphical breakdown of the top international gambling and pornography domains, with call-outs indicating the crime gangs operating out of Russia, Thailand, and Belize. The graph was broken down on the x-axis by time and on the y-axis by packets per hour.
“The CIA has associated the following international crime rings with these three G/P enterprises. Their Web interests encompass tens of thousands of loosely affiliated Web sites hosted on hundreds of domains in dozens of countries. Each one of these crime gangs is a vast IT organization, and collectively they generate billions of dollars in revenue each year. Their operating units include product development, security, finance, and infrastructure support elements-they are, in effect, multinational corporations whose product lines include narco-trafficking, sexual slavery, money laundering, and extortion.”
Her graph showed that the Web assets of each individual crime ring had been attacked in a campaign of orchestrated infowar. Philips’s laser pointer cavorted as she hammered her point home. “The Russians were first in line. We estimate that roughly ten million workstations launched a Pearl Harbor-like cyber attack simultaneously from all points on the globe, beginning in mid-January and stretching through to the end of the month. This effectively brought the Russian business to a halt worldwide-making their online gambling and pornography assets unavailable to paying customers for extended periods. These were not simple smurf and fraggle attacks. The Russians appear to have tried everything, from hardware filtering to rate-limiting connections, but it didn’t put a dent in their downtime. They tried to launch new sites and migrate customers to these, but the new sites also were rapidly targeted and brought down.”
She changed to a slide of translated Internet headlines from a passel of third-world sites. They listed dozens of killings in Asia and Russia.
“This appears to have sparked a brief gang war, followed by a purge within the ranks of the gang’s IT staff. The CIA estimates several dozen related killings, but notably, all during this period, the DDOS attacks did not let up and shifted constantly to originate from new locations. The Russian enterprise did not recover until the end of January, when it was suddenly fully operational.”
She looked up at her audience. “The following cell phone conversation was intercepted by ComSat assets over the Republic of Georgia on January twenty-ninth and is a conversation between an unidentified caller and a known Russian mafia figure based in St. Petersburg, herein denoted as
The screen cleared and the lights came up as animated discussions filled the room. Philips called to be heard over the din. “There are additional intercepts of a similar nature, but I think this is a representative sample. The waves of attacks continued until a couple of months ago, hitting each organization in turn-and growing in ferocity-at which point they disappeared suddenly and entirely.”
One of the DOD brass spoke up, “What’s your read on all this, Doctor?”
“I think the crime gangs running online gambling and pornography have been forced to pay protection money to someone or something.”
“You conclude that from one intercept?”
“This is one of dozens of intercepts, the transcripts of which you will find in your presentation binders.”
“How much money are we talking about here?”
Philips placed the laser pointer on the nearby podium. “We have an e-mail intercept from a Thai gang that mentions a ten percent gross payment.”
“Ten percent of
“All online transactions. The CIA estimates worldwide revenue from online gambling and pornography at approximately seventeen billion U.S. dollars per year. In truth, no one really knows. But if we use this as a baseline and extrapolate, assuming that the Daemon has-“
“You’re talking about a couple
“There is anecdotal evidence that these payments represent an outsourcing of the IT security function of these criminal gangs to some unknown entity.” She paused, either for effect or to gather her courage-even she wasn’t sure which. “We suspect that the entity is not a living person but a massively parallel logical construct. I believe it’s Sobol’s Daemon.”
The room erupted in talk for several moments until someone in the back shouted over the din, “How do you know it’s not just another gang?”
The noise died down to hear her response.
Philips nodded. “Because that was the first thing the Russians thought. Quite a few hackers died at their hands in an effort to identify those responsible. At some point the Russians were presented with evidence that convinced them no living person was behind this attack. We don’t know yet what that evidence was-but we have operatives attempting to get their hands on it.”
The division chief just looked at her. “This is reckless conjecture. We’ve got Detective Sebeck convicted and on death row, Cheryl Lanthrop dead, and Jon Ross on the run. This situation is under control.”
The most senior NSA suit spoke. “I disagree. Right now the media is stoking a panic on cyber crime. A public discovery that Sobol’s Daemon was preying on Internet business could spook the financial markets.”
A visiting analyst from the FBI Cyber Division shook his head. “The facts don’t support the media panic, sir. Overall reported incidents of computer break-ins this year are down slightly-not up. In fact, we could spin the demise of gambling and pornography sites as a positive.”
Philips regarded the FBI agent, then turned to the room in general. “Anyone have anything on the media’s current fascination with cyber security? Does anyone know what’s driving it?”
The FBI analyst began to hold court on the topic. “The government has few real controls over either the Internet or private data networks. This manufactured panic is addressing an actual deficiency in the cyber infrastructure. It’s the invisible hand of the market in action.”
Philips looked impassively at him. “Unless it’s already too late.”
The NSA section chief raised an eyebrow. “Is your copycat Daemon up to something more than demanding tribute from pornographers, Dr. Philips?”
She revealed no emotion. “For one, I believe it
“Highly unlikely.” The FBI analyst looked ready to disprove anything. He just needed fresh grist for his logic mill.
Philips continued. “Gentlemen, there are loose ends all over the Sobol case. There’s the poisoning death of Lionel Crawly-the voice-over artist for Sobol’s game
The NSA chief kept his eyes on Philips. “Your Internet traffic analysis was interesting, Doctor, but if you have evidence linking Sobol’s Daemon with the Daemon attacking G/P sites, then where is it?”
“In Sobol’s game maps.”
“Steganography? Didn’t you explore that last year?”
“Fleetingly-before Sebeck’s arrest. But let’s not forget that Sobol was an extraordinarily intelligent man. He was able to envision multiple axes simultaneously.”
“Is that a polysyllabic way to say he thinks outside the box?”
A senior cryptanalyst nearby removed his glasses and started cleaning them. “No offense, Dr. Philips, but if Sobol’s games contained steganographic content, you should have readily detected it by plotting the magnitude of a two-dimensional Fast Fourier Transform of the bit-stream. This would show telltale discontinuities at a rate roughly above ten percent.”
Philips aimed an anti-smile in his direction. “Thank you, Doctor. Had I not spent the last six years expanding the frontiers of your discipline, I’m sure I would find your input invaluable.”
The division chief cleared his throat. “The point is still valid, Doctor. How could Sobol hide a back door in a program using steganography, of all things? Doesn’t that just hide data? You can’t execute steganographic code.”
The FBI analyst couldn’t hold back. “Even if he was storing encrypted code within art asset files, he’d still need code to extract the encrypted elements-and we would have found the extraction routines in the source.”
Philips turned to him thoughtfully. “Yes, but the back door isn’t in the code. It’s in the
Her audience looked confused.
The division chief shrugged. “You lost me there, Doctor.”
The senior cryptanalyst offered, “You mean the relationship of things
“Ah, now you’re seeing it.”
The division chief cut in. “What brought you back to the stego angle? The DDOS attacks on G/P sites?”
“No.” She paused again. “Jon Ross brought me back to it.” She turned back to face them. “For the last several weeks I have been exchanging e-mail communications with the man known as Jon Ross.”
The impact of this revelation left her audience stunned briefly. Then there was frantic movement; previously untouched presentation binders were grabbed and thumbed through hastily.
“Why weren’t we informed of this?”
The NSA chief interjected, “The Advisory Panel was informed.”
“What evidence do you have that these e-mails are authentic?”
Philips was calm. “The first e-mail made reference to a conversation Ross and I had in person at Sobol’s funeral.”
The FBI analyst nodded slowly. “No doubt he claims innocence and that the Daemon really exists.”
“He’s doing more than that. He’s pursuing the Daemon, and imploring us to do the same. Which leads us once again to the back door in Sobol’s software. Because it was Jon Ross who helped me find it.”
“That’s convenient for him.”
“I thought so, too. That’s why I asked for a face-to-face meeting.”
The NSA chief nodded in apparent recollection.
The FBI analyst looked surprised. “And he agreed?”
“After a fashion.” Philips nodded to the back of the room, and the lights dimmed again.
The screen filled with an animated 3-D environment. It was a narrow, medieval-looking city street, with buildings leaning over it in irregular rows. Few in attendance recognized it because none of them had the time or inclination to play online computer games. A title in plain Arial font briefly appeared superimposed over the image:
Philips narrated. “What you’re looking at is Sobol’s game
“A meeting in an online game?”
“Yes. But since it’s difficult to arrest an avatar, I decided to go into God Mode.”
“Meaning I cheated; I enlisted the aid of the CyberStorm system administrators to place the intersection under surveillance with virtual cameras.”
“You set up a stake-out in fantasyland?”
A chuckle swept through the room.
Philips nodded. “Something like that. The goal was to monitor every character that entered this intersection up to the appointed meeting time. It’s a busy intersection-in the middle of the market where players purchase equipment-and I wanted the maximum amount of time to trace Ross.”
One of the uniformed military officers spoke up. “Like tracing a phone call?”
“Similar, yes. Each player has a screen name hovering over their character’s head that must be unique for that server cluster. We wrote a script that scanned for suspicious player names on the servers. It autoharvested IP addresses for likely suspects and traced them back to their ISP for follow-up. We also established a manual system where we could select any player name, and the CyberStorm techs would look up that player’s originating IP address.”
“Why bother with IP address? Doesn’t CyberStorm have a record of each player’s billing information?”
“Yes, but it seemed likely that Ross would steal or borrow an account. By using his IP address to locate the Internet Service Provider, and then contacting the ISP for the physical address of the connection, we were more likely to actually find him.” She looked around the room for emphasis. “We scrambled airborne strike teams in several U.S. cities in preparation for this meeting in the hopes that Ross would be hiding in a major metropolitan area.”
The FBI analyst couldn’t resist. “I gather from the fact that Ross is still at large that this plan did not succeed.”
A voice in the darkness: “Can we continue, please?”
The screen suddenly came to life. Animated 3-D people moved through the scene. It was eerie how realistically the people moved-although only half of them had glowing names floating over their heads.
“The characters moving around without names are NPCs, non-player characters-they are computer controlled. Only human players have names.”
The perspective of the screen changed. It was a first-person view from Philips’s character as she moved through the crowd.
“We conducted this session from our offices in Crypto. The game permits players with VOIP capability to speak directly to nearby players over a voice channel. Ross requested that we have such a hookup. I am controlling this character in the game, and it is my voice you will hear talking with him. I had a MUTE button on my headset, and you will also hear me issuing instructions to my team. Ross did not tell me in advance the name of his character, but he said I would be able to pick him out of the crowd. Which is why we put the auto-trace script in place. But Ross took a page out of Sobol’s playbook.”
The screen view changed as Philips’s character turned this way and that, checking out the shoppers in the market. Then the POV moved toward a Nubian female 3-D character wearing a black leather corset with a plunging neckline. Something resembling a French-cut steel thong wrapped her shapely hips. She was a hentai cover girl. As the frame moved closer, the Nubian woman turned, revealing what was unmistakably a computer-generated version of Philips’s face.
Mild amusement spread through the audience in the meeting room. Philips ignored it.
On- screen the glowing name over the Nubian avatar read:
The screen perspective moved right up to
Ross’s female warrior gestured dramatically, as if performing a spell. In a moment a magical portal appeared in the street. A wandering player character tried to walk into it but bounced off. After a few tries, he got bored and walked off.
The perspective of the screen changed as Philips moved her character through the gate. It was a swirling vortex of blue lines, and then suddenly the view changed to a darkened masonry tunnel filled to a depth of a couple feet with black water. The area was lit by the swirling lights of the nearby magical portal. Rats scurried away along ledges, and the water’s surface rippled with the dazzling lights.
Someone in the dark muttered. “Nice algorithm…”
The NSA chief craned his neck. “Shhh!”
On- screen, Ross’s hentai warrior princess waded out into the water and stood in front of Philips’s character.
The view on-screen changed as Philips focused straight ahead. There in the semidarkness of the slime-covered wall was the outline of an oxidized bronze door-nearly the same color as the surrounding stones.
At that, Ross’s avatar disappeared-as did his magical gate-leaving her in relative darkness. There was just the faint glow emanating from the door.
On- screen, Philips approached the door and activated it. It creaked open, the noise echoing down the sewer tunnel. Animated cobwebs stretched. A dialog box appeared reading “Loading Map…”
In a few moments the map was loaded. Philips’s character moved out into a medieval hall, with a gallery on either side above and pennants hanging down bearing heraldic symbols. Set into the wall straight ahead was a statue of a man, disquietingly similar to Sobol, in flowing robes, hands outstretched. Virtual water glimmered like a fountain as it rolled down each cheek from his eyes. Mineral stains marked the path. A perpetual fountain of tears.
A black- robed figure stood before the statue like a sentinel blocking her way. Its face was lost in shadow.
The hooded figure snapped alert suddenly, then raised a finger and pointed at her.
Lightning arced from that finger in her general direction, and the Blue Screen of Death filled their view.
Then everything went black.