|
"Ladies and Gentlemen, this is your captain speaking. We've reached our cruising altitude of 34,000 feet. There's a line of storm activity passing through the St. Louis area right now, but we shouldn't encounter any difficulty skirting around the turbulent cells. I'm going to turn off the seat belt sign for now, so you're free to move about the cabin. It may become necessary to turn it back on if we run into any rough weather. In this event, please return to your seats as soon as possible. You may now use any approved portable electronic devices."
"Oh, did I mention that your seat cushion can be used as a personal flotation device? Just in case we happen to need to make an emergency landing in water - and we can find any water big enough. Thanks for flying with us today, and best of luck to everyone."
Ian relaxed on his personal flotation device and stared at the bulky cell phone attached to the back of the seat in front of him. He had saved all year to attend this hackers' convention, and now that it was over he felt a strong desire to make use of his new-found store of knowledge. Unfortunately, he had forgotten to recharge his laptop after the last "Unreal Tournament" session, so he couldn't do much except read the boring airline magazine over and over.
That phone kept grabbing his attention.
Ian decided to try a little experiment. He got up as though to go to the bathroom and dropped into one of the empty rows near the rear of the plane. He waited until no one was looking and lifted the phone deftly from its cradle. There was a recording about inserting a credit card. He pressed a few buttons, trying to elicit some effect. He thought about dialling 911, just to see who would pick up on the other end, but realized that it would be difficult to remain anonymous in his current situation. He suddenly looked up and saw a flight attendant staring sternly at him from the aisle. He plopped the phone back in place, then smiled weakly at the attendant as he squeezed past her and fled to the bathroom.
Bob stared out his office window at the rain slanting down from a heavy grey sky and drummed his fingers absently on an Acme Ailerons mousepad. He was waiting for a return phone call from a security consulting firm, whom he had contacted for the purpose of hiring someone to help get his InfoSec program off to a running start. The phone rang obligingly after a few minutes. He picked it up and put on his best phone voice.
"Acme Ailerons Information Technology. This is Bob," he piped brightly into the plastic receiver moulded in the likeness of a well-known cartoon character. His face fell immediately.
"Oh, hello Doris," he said, mentally cringing, "What can I do for you?"
"No, I didn't get your forwarded e-mail. What was it about?" Bob sighed and leaned back as far as he could in the chair without actually tipping over backward.
"A baby picture? I didn't know you had a new baby." He fumbled with a loose thread coming out of his shirt pocket. "Oh, it's not your baby. Whose baby is it?" He took a big sip of coffee. "Well, if you don't know whose baby it is, why are you asking me about it in the first place?" He was beginning to get a little impatient with this game.
"Because it sent itself to everyone in your email address book?"
He sat up abruptly.
"Okay, don't send or open any more mail. Pull the network cord out of the back of your computer and sit tight. I'm on it."
He slammed the phone down. "That woman," he said through his teeth to no one in particular, "should be the poster child for Grecian Formula 16."
He punched a button on his phone. "Jake, take this morning's anti-virus signatures disk over to Accounting and run it though every system. Yep, every system with an e-mail client. Sounds like the entire department is infected with that babypic worm. Then do a general survey and see who else needs disinfecting. Top priority." Click.
Bob sighed and leaned back in his chair again. This security thing was getting to be a real pain in the neck. How could he get his FY 2002 budget projections done and prepare for the company-wide software audit with the security bogey man leaping up out of every shadowy crevice and making rude faces at him?
He swivelled his chair around so that he faced the wall with the calendar on it, and started counting backward from one of the dates circled in red. Suddenly the phone, which was now only a few inches from his left ear, annihilated the silence of his office with its piercing warble. Bob snapped out of his reverie with a start and pushed his already precarious center of gravity a little too far to stern. There was a confusing crash of furniture and flailing limbs, followed closely by a heavy, vaguely comical, thud.
From this angle Bob could see something under the credenza. It looked almost like a coffee cup...
It was a small, dark room with heavy wooden shutters over both the windows - the sort of room where you would expect dark and devious dealings to transpire. Four shadowy figures sat in this room, huddled over a small, dark table. They were studying some sort of technical drawing. They had to squint because, as should have been made clear by now, there wasn't much illumination in the room. They sat without speaking for some minutes, peering intently at the schematic. Finally one of them broke the almost palpable silence.
"Why is somebody not turning on the damn lights?"
Somebody found the switch and turned on the lights. The first figure growled again, this time more softly, "Now maybe we can see what is going on."
The plan spread out on the table before them was rather complex. It had a lot of lines crisscrossing it, lines that connected various geometric shapes with other geometric shapes. Some of the writing was scribbled clearly in English, some of it was scribbled in a seemingly illegible scrawl . The figures studying it were a little easier to discern, now that the lights were on. Three of them were tall and well dressed with neatly trimmed beards, one was clean shaven and sported a baseball cap. The one with the baseball cap jabbed a fat little finger at the paper.
"What does this say?" He asked, pointing to an indiscernable notation.
One of the well dressed replied stiffly, "It reads 'Viral Payload Vector'."
The baseball cap nodded and grunted to itself.
"And this?"
"Ah, that reads 'IPN Gateway'."
Baseball cap traced his finger along a line and stopped at another scrawled caption.
"How about this? What does this say?"
One of the other gentlemen decided to answer: "That is a number."
"Yeah?" replied baseball cap, "What is it, an IP address? A packet sequence number?"
The well-dressed man looked at him in mild surprise. "No," he said without intonation, "It is the telephone number of our favorite Chinese takeout restaurant."
Baseball cap looked up at his companions. "No kidding?" He sat back in his uncomfortable wooden chair and stuck an ivory toothpick in his mouth. "I don't know who that General Tsao guy was, but he sure had a hell of a lot of chickens."
The well-dressed men looked at each other gravely, and then at him. He leaned forward. "It was a joke. A joke. Ha ha ha."
Baseball cap rolled his eyes and muttered, under his breath, "Tough room." He stood up and assumed his best Steve McGarrett pose, fingertips on the table.
"Never mind. Get this thing drawn up a little neater and fire it off to our agent in America toute suite."
One of the suits frowned at him and opened his mouth to speak.
"Oh jeez," snapped baseball cap, "It means ASAP. Really soon. As fast as you can."
The light of understanding dawned in the tall man's dark, sombre eyes. "Ah yes. PDQ."
Baseball cap chuckled, "Whatever floats your boat."
Jake fumbled around in a cluttered desk drawer in search of some headache pills. It had taken him six and a half hours to track down and pulverize the last copy of W32.Mybabypic.Worm. He had no idea yet how much collateral damage had been done by the malicious code running amok on the intranet. He put his head down on his desk and sighed. At least as far as he could tell the Trojan hadn't spread to Engineering, where its tendency to erase (among others) all files with the extensions .vbs, .js, .cpp, .h, and .c would have wreaked untold havoc. Thank God for small favours, he thought.
On Jake's desk, underneath his right cheek to be more precise, was a brochure for a dedicated virus scanner, one that sat at the firewall and checked every piece of incoming/outgoing SMTP traffic for nasty surprises. He had been on the verge of writing it off as a good idea he could never justify to management. Now, though...
Jake felt his second wind kick in. He sat up and started typing out a purchase requisition - might as well strike while the iron was hot.
A man in running clothes sat alone on a park bench, breathing heavily. He had just jogged two miles, and was appreciating the cool day and the convenient bench in a way that only exhausted middle-aged people would truly understand. The idea of posing as a jogger, which had seemed so brilliant the night before, was beginning to look less brilliant as he sat there trying not to throw up. He glanced at his watch and sighed. Time to get on with it.
With a grunt of effort, he pulled himself to his feet and half strode, half hobbled down the gravel path. After about 50 yards he stopped by a tree and leaned against it, as though resting. He surveyed the park carefully, trying to look like a jogger simply stretching his neck muscles and not at all like a paranoid amateur spy. He saw not another living creature, except for a very chilled-looking titmouse fluffed up into a grayish ball on a limb. He walked nonchalantly toward a squat evergreen bush and, as he passed, reached down and swooped up a small flat package wrapped in paper camouflaged amongst the litter underneath the bush. He slipped the little parcel in his fanny pack and broke once more into a labored jogging gait. "This," he gasped as he struggled for breath, "is a job for a much younger man."
Douglas dimmed the lights in the conference room with a little switch on his lectern. He clicked an icon on his laptop display and watched as the first slide in his presentation appeared on the wall-sized screen to his right. It read "Project Bellatrix: Design and Technical Briefing." Below that was a U.S. Department of Defense logo and the words "Top Secret" in large red letters. Douglas shook his head briefly, to clear it of the curious notion that he was merely acting out a part in some spy novel. The sea of grave faces belonging to assorted military and government officials spread out before him in the darkened room urged him to believe otherwise.
As he watched the parade of slides and listened to himself elaborate on them to the assembled crowd, it seemed painfully clear to Douglas that this entire project was in many ways too rooted in science fiction to be serious. Yet the government had given him and his team a budget of over 100 million dollars to forge some sort of reality out of it. One hundred million dollars! It smacked of a fever dream, and he half expected to waken from it any moment with a craving for chicken soup.
As he approached the end of his presentation, Douglas winced. He didn't like this part, because the final piece of technology that was necessary to make the project function had been withheld from him for security reasons. He was an engineer, and engineers don't like guessing games, especially when it comes to engineering. He had been waiting for weeks to find out how this thing was supposed to function the way the proposal said it would, and now the time had finally come. Douglas sat down and listened in rapt attention to the Air Force captain who took the podium after him. It took the officer only a few minutes to get to the crucial technology. It was remarkably simple, yet monstrously complex at the same time.
It was also clearly insane.
To be continued...
To read Episode Six: The Gathering Storm, click here.
Robert G. Ferrell, CISSP, is the Information Systems Security Officer for the National Business Center of the U.S. Dept. of the Interior. He is also active as a Perl Monger, an Internet Technologist, and a member of the Netwits. He has been involved with (primarily Unix) systems programming, administration, and security on and off since 1977.
|