Threat Vector Read online

  As dogs barked in the neighborhood and lights flipped on up and down East Quail Avenue and South Hedgeford Court, Crane and Snipe walked calmly but quickly down the driveway. They used a pedestrian gate by the main drive gate and then walked out onto the street.

  The front door of a home across the street opened, a woman in a bathrobe stood backlighted by the overhead fixture in her entryway, and Snipe drew his pistol and fired twice at her, sending her back inside, crawling frantically to safety.

  In seconds a gray panel truck pulled up and the two men climbed into the van. It rolled north, heading to I-15. While Grouse drove and the other men sat silently, Crane pulled out his phone and pressed a few buttons. After a long wait for a connection and an answer, he said, “All objectives achieved.”

  TWENTY-TWO

  Sitting alone in front of a bank of glowing computer monitors in a glass office that overlooked a massive floor of open cubicle workspaces, a forty-eight-year-old Chinese man in a rumpled white shirt and a loose necktie nodded in satisfaction at Crane’s news.

  “Begin uploading data as soon as you can.”

  “Yes, sir,” said Crane.

  “Shi-shi”—thank you—the man in the office replied.

  Dr. Tong Kwok Kwan, code name Center, tapped the secure voice-over Internet earpiece in his right ear to disconnect the call. He looked out past his monitors toward the open office floor and considered his next play. He decided to make the quick walk across the operations floor to the workspace of his best coder to let him know DarkGod’s data would be coming in shortly from America.

  Normally he would simply touch a button on his desk and talk to the young man via videoconference, but he knew a personal visit would encourage the coder to take this matter seriously.

  Tong looked around his spotlessly clean office. Though there were no pictures of family or other personal items in view, a small, unframed cardstock sign hung from the glass door to the hallway.

  It was written in flowing Chinese calligraphy, the characters one above the other in a single vertical row. Taken from the Book of Qi, a history of China from AD 479 to 502, the line was one of the thirty-six stratagems, an essay about deception for politics, war, and human interaction.

  Tong read the words aloud: “Jie dao sha ren.” Kill with a borrowed knife.

  Although his unit of operatives in the United States had just killed on his behalf, Tong knew he himself was the borrowed knife.

  Not much gave him pleasure, his brain had been virtually programmed by the state so that it did not respond to such banal stimuli as pleasure, but his operation was on track, and this satisfied Dr. Tong.

  He stood and left his dark office.

  —

  Tong Kwok Kwan was from Beijing originally, the only child of a union between two Soviet-trained mathematicians who worked in China’s then-fledgling ballistic missile program.

  Kwok Kwan had no Princeling pedigree, but his brilliant parents pushed academics upon him relentlessly, focusing his attention and his studies on mathematics. He consumed workbooks and textbooks as a child, but he reached adolescence in the early days of the personal computer, and his family saw immediately that his future lay in the near limitless power of the incredible machines.

  Because of his good grades, the state sent him to the best schools, and then to the best universities. He went to the United States to heighten his abilities in computer programming, to MIT in 1984, and then to Caltech for his master’s in 1988.

  After Caltech, Tong came home and taught programming for a few years at China’s University of Science and Technology, before beginning a doctoral program in computer science at the prestigious Peking University in Beijing.

  By now the concentration of his studies was the Internet and the new World Wide Web—specifically, their vulnerabilities and the ramifications of these vulnerabilities in any future conflict with the West.

  In 1995, while a thirty-year-old doctoral candidate, he wrote a paper titled “World War Under Conditions of Informationization.” Almost immediately the paper made its way from the world of Chinese academia to the People’s Liberation Army and the Ministry of State Security. The Chinese government classified the document top-secret, and immediately MSS operatives fanned out into any institutions of higher learning where the paper had been distributed, picking up hard copies, retrieving floppy disks containing the work, and giving long, intense, and intimidating talks with any professor or student who had come into contact with it.

  Tong was immediately brought to Beijing, and within weeks he was lecturing the military and intelligence communities on how to leverage cyberoperations against China’s enemies.

  The generals, colonels, and spymasters were in over their heads in Tong’s lectures, since the arcane terminology used by the brilliant young man was difficult for them to follow, but they realized they had, in Tong, a valuable resource. He was handed his doctorate and placed in charge of a small but powerful cyberwarfare testing, training, and development group within the MSS, and he was also given responsibility over PLA and MSS computer defensive operations.

  But Tong was not content to run teams of government computer network operators. He saw more potential for power in the harnessing of the individual and independent Chinese computer hacker. He formed an organization of independent Chinese hackers in 1997 called the Green Army Alliance. Under his direction they targeted websites and networks of China’s enemies, achieving intrusions and registering some damage. Although their impact was relatively minor, it showed that his academic paper could, in fact, be implemented in the real world, and it only increased his cachet even more.

  Later he started the Information Warfare Militia, a collection of civilians in the technology industry and academia who worked independently but under the direction of PLA’s Third Department (Signals Intelligence).

  In addition to this unit, Tong formed the Red Hacker Alliance. By courting or threatening hundreds of China’s most accomplished amateur computer coders via online bulletin boards frequented by the hackers, and then organizing them into a purpose-driven force, he used the men and women to penetrate industry and government networks around the globe to steal secrets for China.

  But Tong and his army developed the means to do more than steal digital data. During a public dispute between China’s state-owned petroleum organization and an American oil company over a pipeline contract in Brazil, Tong came before the leadership of the MSS and asked them, quite simply, if they would like his Red Hacker Alliance to destroy the oil company.

  He was asked by the ministers if he intended to destroy the American oil company’s dominance in the marketplace.

  “That is not what I mean. I mean, physically ruin them.”

  “Shut their computers down?”

  Tong’s impassive face did not let on what he thought of these foolish ministers. “Of course not. We need their computers. We have obtained command-level control of their pipelines and oil-drilling capacity. We have kinetic capabilities at their locations. We can cause actual real-world destruction.”

  “Breaking things?”

  “Breaking things, blowing things up.”

  “And they can’t stop you?”

  “There are manual overrides for everything at the site, at the physical location. I am just assuming this, of course. Some human being can get in the way and close a pump or cut power to a control station. But I can do so much, so quickly, that there is no way their humans can stop me.”

  No physical action was taken on the oil company. The Chinese government recognized, instead, the importance of Tong and his capabilities. He was not just a valuable resource, he was a potent weapon, and they would not waste this capability on ruining a single firm.

  Instead he and his team hacked into the oil company’s website and read sensitive internal communications between the oil company’s e
xecutives about the acquisition attempt of the Brazil pipeline. Tong passed this on to China’s state-owned National Petroleum Corporation, which used the information to underbid the Americans and win the contract.

  Later, when K. K. Tong was tasked with stealing the plans for the U.S. Navy’s quiet electric drive for its submarines, Tong and his hackers had the plans, representing five billion dollars in research by the U.S. Navy, in less than six weeks.

  Dr. Tong next personally extracted more than twenty terabytes of data from the Department of Defense’s unclassified database, handing over to the PLA the names of all American Special Forces operators and their home addresses, the refueling schedules for every ship in the Pacific, and the training and leave rotations of virtually all military units.

  He and his men also stole the plans for America’s next-generation fighter, the F-35.

  Shortly before the end of the decade, Tong, along with the heads of the PLA’s Third Department (Signals Intelligence) and Fourth Department (Electronic Counter Measures and Radar), developed the computer network operations component to the PLA policy of INEW, Integrated Network Electronic Warfare, the formal name of China’s entire electronic warfare strategy. INEW would rely on electronic warfare to jam, deceive, and suppress America’s ability to receive, process, and distribute information, and it was clear to all in the PLA by now that K. K. Tong and his civilian hacker army would be critical to INEW’s success.

  He and his minions infected millions of computers around the world, creating a robot army, a botnet, that could then be directed to attack a website or a network, overloading it with requests and denying service to anyone who attempted to log on. He directed his botnets to attack China’s adversaries with devastating results, and the owners of the nodes on the robot army never knew their hardware was working for the PRC.

  Unlike the rest of China, Tong operated in a constant state of war against the United States. Via espionage or harassing actions, he and his force of men and women, most of whom worked from home or their “day job” workstations, endeavored to compromise American computer network operations at every turn and build a massive target portfolio in case a shooting war broke out.

  There was only one problem with Tong and his endeavors, as far as the Chinese were concerned. He was too successful. He’d been given nearly free rein to go seek out access to U.S. networks, and eventually, the Americans began to notice. The U.S. government realized someone was, in effect, attaching a vacuum cleaner to their data and sucking it out.

  They called the persistent attacks into their government and industrial networks at first Titan Rain, and a second series of attacks they called Shady Rat, and the Americans tasked hundreds of investigators with finding out who was behind them. China was suspected from the beginning, and as Tong’s operation grew in scope and importance, the MSS and the Politburo insiders who knew of the cyberprogram grew worried that some of the more high-profile attacks could be positively attributed to China.

  The United States made a series of arrests of hackers involved in the operation, and some of them were ethnic Chinese. This worried the Chinese greatly, and pressure was put on the PLA and MSS to do a better job covering their tracks in the future.

  When the full scope of Tong’s vulnerability became apparent to the PLA and the MSS, the decision was made that he needed to be protected at all costs, and his organization needed to be completely sequestered and distanced from the Chinese government. Deniable computer network operations were critical in this time of declared peace, and to remain deniable there could be no comebacks to China itself.

  But Tong had become known in the United States as a key civilian computer operations official working for the PLA. The investigators in the FBI and NSA looking into China cyberoperations referred to his influence over cyberstrategy as the Tong Dynasty, and when the Chinese realized Tong had been outed to such a degree, they knew they had to act.

  After much discussion, the decision was made by the head of the Ministry of State Security that K. K. Tong, whose official title of director of technological training for the Chengdu Military Region First Technical Reconnaissance Bureau belied his field-marshal level of influence on one of war fighting’s five domains, would be arrested on false charges of corruption, and then he would “escape” from custody.

  Then Tong would relocate to Hong Kong and go under the protection of the 14K Triads. “Triad” was something of a catchall title referring to an organization with many unaffiliated branches, but the 14K was the largest and most powerful branch in Hong Kong. The MSS and the 14K had no operational relationship with each other. Triad activity had long been a thorn in the side of the Chinese government, but Tong would “sell” himself and his army of hackers to the Triads, and then repay them for their protection with money from any of the dozens of financial schemes his men and women ran around the globe.

  The 14K would, of course, know only that Tong had escaped prison on the mainland and now was working in computer-related embezzlement and blackmail operations—black-hat computer crime.

  The Triads would have no idea that ninety percent of the Tong organization’s productivity involved cyberespionage and cyberwarfare, all on behalf of the Communist Party of China, the enemy of the Triads.

  Tong was “arrested,” and a short notice of his charges was printed in the People’s Daily, a newspaper in China that served as a mouthpiece for the government. He was charged with computer crimes, and the article described an effort by Tong to embezzle electronically from ICBC, the state-owned Industrial and Commercial Bank of China.

  The article was written to show the West that the mysterious Dr. Tong was out of favor with Beijing, and it was written to show the Triads in Hong Kong that this mysterious Dr. Tong had skills that could make them a great deal of money.

  Tong was sentenced to the firing squad, but on the day of his scheduled execution, rumors came out of the prison that he had escaped with inside help. To enhance the ruse, prison officials ordered several guards shot the next day for their “collaboration.”

  The 14K Triads, the largest and most powerful underworld organization in Hong Kong, and the largest Triad in the world, took K. K. Tong in weeks later. He rebooted the army of civilian hackers that he had cultivated, and he reacquired his botnet army, and within months he was generating money for the Triads by using tens of thousands of nodes from his botnet to swindle credit card numbers with phishing e-mails.

  Tong then started a new endeavor. With the 14K’s blessing, though without any understanding of what he was really up to, Tong purchased hundreds of computers and recruited top-level hackers from the mainland and Hong Kong to operate them, bringing them slowly into Hong Kong and into the fold of his new operation.

  K. K. Tong adopted the handle “Center” and called the physical hub for his new worldwide operation, his nerve center, the Ghost Ship. It was housed on the eleventh through the sixteenth floors of a Triad-owned office building in Mong Kok, a gritty high-density and lower-income portion of Kowloon, well to the north of Hong Kong’s lights and glamour. Here the Triads watched over Tong and his people night and day, although they remained oblivious of his true mission.

  Tong employed dozens of the best coders he could find, mostly men and women from his earlier hacker “armies.” The rest of his employees he called controllers—these were his intelligence officers, and they all used the handle “Center” when dealing with their assets. They operated from workstations on the operations floor of the Ghost Ship, and they communicated via Cryptogram instant messaging with the hackers and physical assets who unknowingly worked for them around the world.

  The controllers used cash payments, coercion, and false flag trickery to co-opt thousands of individual hackers, script kiddies, criminal gangs, intelligence operatives, government employees, and key tech-industry personnel into a massive intelligence organization the size and scope of which the world had never see
n.

  Tong and his top lieutenants patrolled the hundreds of Internet forums used by Chinese hackers, and from here they found their army. One man and one woman at a time were discovered, vetted, approached, and employed.

  The Ghost Ship now had nearly three hundred employees working in the building itself, and thousands more working on its behalf around the world. Where language was a problem they posted in English or used high-quality language-translation software. Tong recruited foreign hackers into his network, not as Ghost Ship operators but as proxy agents, none knowing they were working for the Chinese government but many certainly recognizing that their new employers came from Asia.

  The physical agents came last. Underworld organizations were recruited to work on “meat space” ad hoc projects. The best of these received regular assignments from Center.

  The Libyan organization in Istanbul was an example of this, although their controller saw almost immediately that natural selection would work against the fools, especially their communications officer Emad Kartal, a man who did not follow his own security protocols.

  The controller overseeing the cell in Istanbul had discovered that a group of Americans who worked for the company Hendley Associates was conducting surveillance on the Libyans. With Dr. Tong’s blessing the controller allowed the assassination of the entire five-man cell, all for the objective of planting a virus on the closed network of Hendley Associates so that the Ghost Ship could learn more about them. The plan had failed when the masked Hendley Associates gunman took the entire computer with him instead of doing what the controller had hoped, pulling media off the machine and returning to the States to place it on his own network.

  Still, Tong’s controllers had already been working other avenues to learn about the true nature of the curious organization Hendley Associates.