Threat Vector jrj-4 Page 8
The entire operation was also completely self-funded, as the cover firm, Hendley Associates, was a successful but low-profile financial management firm. The company’s success in picking stocks, bonds, and currencies was helped greatly by the gigabytes of raw intelligence data that streamed into the building each day.
Ryan rolled past the sign, parked in the lot, and then entered the lobby with his leather messenger bag over his shoulder. Behind the security desk, a guard with a nameplate on his jacket that read Chambers stood with a smile.
“Morning, Jack. How’s the wife?”
“Morning, Ernie. I’m not married.”
“I’ll check back tomorrow.”
“Right.”
It was a daily joke between the two, although Ryan didn’t really get it.
Jack headed to the elevator.
Jack Ryan, Jr., the eldest child of the President of the United States, had worked here at Hendley Associates for nearly four years. Though he was officially an associate financial manager, the vast majority of his work involved intelligence analysis. He had also expanded his responsibilities to become one of The Campus’s five operations officers.
In his operational role he’d seen action — a lot of action— over the past three years, although since returning from Istanbul the only action he’d seen had been a few training evolutions with Domingo Chavez, Sam Driscoll, and Dominic Caruso.
They’d spent time in dojos working on hand-to-hand skills, at indoor and outdoor firing ranges around Maryland and Virginia keeping their perishable gunfighting skills as sharp as possible, and they’d practiced surveillance and countersurveillance measures by driving up to Baltimore or down to D.C., immersing themselves in the bustle of the crowded cities and then either tailing Campus trainers or attempting to shake trainers who’d been tasked with sticking on their tails.
It was fascinating work, and extremely practical for men who, from time to time, had to put their life on the line in offensive operations around the globe. But it wasn’t real fieldwork, and Jack Junior did not join Hendley Associates’ black side in order to train at a shooting range or in a dojo or to chase or run from some guy who he’d be having a beer with later that afternoon.
No, he wanted fieldwork, the adrenaline-pumping action that he had experienced numerous times over the past few years. It was addictive — to a man in his twenties, anyway — and Ryan was suffering from withdrawal.
But now all the action was on hold, and The Campus’s future was in doubt, all because of something everyone now referred to as the Istanbul Drive.
It was just a few gigabytes of digital images, e-mail traffic, software applications, and other electronic miscellany retrieved from Emad Kartal’s desktop computer the night Jack shot him dead in a flat in the Taksim neighborhood of Istanbul.
The night of the hit Gerry Hendley, the head of The Campus, had ordered his men to cease all offensive operations until they dealt with whoever had them under surveillance. The five operators who had become well accustomed to globetrotting in the company Gulfstream now found themselves all but chained to their desks. Along with the analysts of the organization, they spent their days desperately trying to find out who had been so effectively monitoring their actions during the five assassinations in Turkey.
Somebody had seen them and recorded them in flagrante delicto, any and all evidence relating to the surveillance had been preserved by Ryan’s taking of the drive, and for weeks The Campus had been scrambling to find out just how much trouble they were in.
As Jack dropped down into his desk chair and lit up his computer, he thought back to the night of the hit. When he pulled the drive out of Emad’s desktop, he’d first planned on just returning to The Campus with the device so he could rush it to Gavin Biery, the shop’s director of technology and an expert hacker with a doctorate in mathematics from Harvard and work stints at IBM and NSA.
But Biery nixed that idea immediately. Instead, Gavin met the airplane and the returning operatives at Baltimore Washington Airport, and then rushed them, and their drive, to a nearby hotel. In a two-and-a-half-star suite he disassembled the drive and inspected it for any physical tracking device while the five exhausted operators set up perimeter security, guarding the windows, doors, and parking lot in case a hidden beacon had already alerted an enemy to the drive’s location. After two hours’ work Biery was satisfied that the drive was clean, so he returned to Hendley Associates with the rest of the team and the one potential clue about who had been watching them in Istanbul.
Even though the rest of The Campus was spooked by the compromisation of their actions in Turkey, most still thought Biery was operating with an unreasonable amount of caution, bordering on paranoia. This surprised no one, however, because Gavin’s network security measures around Hendley Associates were legendary. Behind his back he was called the Digital Nazi for demanding weekly security meetings and frequent password-changing schedules in order for employees to “earn” access to his network.
Biery had promised his colleagues many times over the years that no computer virus would ever get into his network, and to keep his promise, he remained ever vigilant, if, at times, a thorn in the side of the rest of the employees in the building.
The Campus’s computer network was his baby, he proclaimed proudly, and he protected it from any potential harm.
When Biery returned with the drive to the technology shop at The Campus, he took the paperback book — size device and placed it in a safe with a combination lock. Ryan and Operations Director Sam Granger, who happened to be standing close by at the time, looked on in bewilderment at this, but Biery explained that he would be the only person in the building with access to the drive. Even though he’d established to his satisfaction that there was no locator on the device, Biery had no idea if there was a virus or other corrupt malware hidden on the drive. He’d rather not have the untested piece of equipment anywhere on the physical property, but barring that, he would personally maintain security of the drive and control all access to it.
Gavin then set up a desktop computer in a second-floor conference room with keycard access. This computer was not part of any network in the building, and it had neither wired nor wireless modem nor Bluetooth capability. It was completely isolated in both the real world and the cyberworld.
Jack Ryan sarcastically asked Biery if he was worried that the drive might grow legs and try to break out of the room. Biery had replied at the time, “No, Jack, but I am worried that one of you guys might be working late one night and try to slip a USB thumb drive into the room or a laptop with a sync cable because you are too rushed or lazy to do things my way.”
At first Biery demanded that he be the only person in the room with the computer while the computer was on, but Rick Bell, director of analysis for The Campus, had immediately protested on the quite reasonable grounds that Biery was not an analyst, and he did not know what to look for or even how to recognize and interpret much in the way of intelligence data.
It was finally agreed to by all that for the first session with the drive, only one analyst, Jack Junior, should be with Biery in the conference room, and Jack would be armed with nothing more than a legal pad and a pen, and a wired phone connection to his coworkers at their desks in case network computing power was needed for research during the investigation.
Before entering the room, Gavin hesitated. He turned to Jack. “Any chance you would voluntarily submit to a patdown?”
“No problem.”
Biery was pleasantly surprised. “Really?”
Jack looked at him. “Of course. And just to be doubly sure, how ’bout I undergo a body-cavity search? You want me to assume the position against the wall here?”
“Okay, Jack. No need to be a smart ass. I need to know that you don’t have a USB drive, a smart phone, anything that might get infected by whatever we find on this drive.”
“I don’t, Gav. I told you that I don’t. Why can’t you just allow for the possibility that there are oth
er people around here who don’t want to screw up our network? You don’t have the corner on the market on operational security. We’ve done everything you requested, but I’m not about to let you pat me down.”
Biery thought it over for a second. “If the network is compromised at all…”
“I get it,” Jack assured him.
Biery and Ryan entered the conference room. Biery removed the Istanbul Drive from its strongbox, then wired it to the PC. He turned the machine back on and waited for it to boot up.
Their first sweep of the drive’s contents showed them that the operating system was the latest version of Windows, and there were quite a few programs, e-mails, documents, and spreadsheets that they would need to go through.
The e-mail program and the documents were password-protected, but Gavin Biery knew this particular encryption program backward and forward, and he finessed his way through in minutes via a back door that he and his team knew about.
Together Biery and Ryan looked through the e-mails first. They were prepared to pull in Arabic- and Turkish-speaking analysts from Rick Bell’s team on the third floor, and they did find dozens of documents in both languages on the drive, but it quickly became apparent that much of the data, and likely the data most relevant to the investigation, was in English.
They found nearly three dozen English e-mails going back about six months from the same address. As they read through them in chronological order, Jack spoke into the phone to the other analysts. “From his e-mails, it looks like our man in Istanbul was working directly with an English speaker. This guy communicated under the code name of Center. Doesn’t ring a bell from any data mining we’ve done on known personality aliases, but that’s no surprise. We’ve been focusing on terrorists, and this is looking like it’s a different animal.”
Jack read through e-mails and relayed what he found. “The Libyan negotiated payment for a retainer-like relationship with Center, was told that he and his cell would be needed for odd jobs around town…” Jack paused while he dug into the next e-mail. “Here they were sent out to rent some warehouse space”—another e-mail opened—“here they were ordered to pick up a package and deliver it to a man on a freighter docked at Istanbul Port. Another e-mail has them picking up a case from a guy at Cengiz Topel Airport. No mention of the contents, but that’s not surprising. They also did some reconnaissance work at the offices of Turkcell, the mobile phone provider.”
Jack summarized after looking through a few more e-mails: “Just low-rent gofer stuff. Nothing too interesting.”
Except, Jack thought to himself, all the pictures of himself and his colleagues.
Further digging into the e-mails revealed another secret. Just eleven days before the Campus hit, Center had stopped all e-mail communications with the Libyan. The last e-mail from Center said, simply, “Switch communication protocol immediately and delete all existing correspondence.”
Jack thought this was interesting. “I wonder what the new communication protocol was.”
Biery answered after looking through the system for a few seconds. “I can answer that. He installed Cryptogram the same day that e-mail came.”
“What’s Cryptogram?”
“It’s like instant messaging for spies and crooks. Center and Kartal could chat back and forth over the Internet and even send each other files, all on an encrypted forum, knowing that no one was looking in at the conversation and all traces of the conversation would be immediately and permanently scrubbed from both machines, and not hosted on any server in between.”
“It’s unbreakable?”
“Nothing is unbreakable. You can be sure that somewhere some hacker is doing his best to pick apart Cryptogram and others like it, trying to find a way to defeat its security. But so far no exploits have been discovered. We use something like it here at The Campus, but Cryptogram is actually a generation improved from what we have. I’ll be switching us soon. CIA has something about four gens older.”
“But…” Jack read back over the brief e-mail. “He ordered Kartal to erase the old e-mails.”
“That’s right.”
“Clearly he didn’t do what he was told.”
“Nope,” Gavin said. “I guess Center didn’t know his man in Turkey didn’t remove them. Or else he didn’t really care.”
Jack answered back: “I think it’s safe to assume he did know and he did care.”
“Why do you say that?”
“Because Center sat there and watched us kill Kartal’s buddies and he did not warn Kartal that his cell was under attack.”
“That’s a good point.”
“Jesus,” muttered Jack, thinking about the implications. “This bastard Center takes his computer security seriously.”
“A man after my own heart,” Gavin Biery said, with no indication of sarcasm.
* * *
After the English-language e-mails had been checked, they went to work with the translators on the other electronic correspondence, but there was nothing of interest save for some communication between the members of the Libyan ex — JSO cell and some back-and-forth chitchat between Kartal and an old colleague in Tripoli.
Next Biery tried to trace the e-mail address from Center, but very quickly it became clear that the mysterious benefactor of the Libyan cell was using a complicated spoofing system that bounced his connection from one proxy server to another around the world. Biery tracked the source of the e-mails back through four locations, finally making his way to a node at the South Valley branch of the Albuquerque/Bernalillo County Library system in New Mexico.
When he announced this fact to Jack, Ryan said, “Nice work. I’ll talk to Granger about sending a couple of operators there to check it out.”
Biery just looked at the younger man for a moment before saying, “Don’t be naive, Ryan. The only thing I have managed to do is rule out Albuquerque’s South Valley branch library as Center’s base of operations. He’s not there. There are probably another dozen relay stations between him and us.”
When that did not pan out as they hoped, Jack and Gavin began going through Kartal’s financial software, tracking the wire transfers Center sent to the Libyans as payment for their footwork in Istanbul. The transfers came from the Abu Dhabi Commercial Bank Ltd. in Dubai, and at first they looked like they would be a solid lead as to the identity of Center. But one of Biery’s computer geeks hacked into the bank’s account-holder data. A trace of the owner of the account revealed that the money had been illegally transferred out — electronically stolen — from a Dubai-based hotel group’s employee payroll fund.
While this was a dead end as far as identifying Center, it did provide a clue. To Biery, the computer network expert, this was evidence that Center was himself a skilled hacker.
Scanning through the systems file folder, Gavin found something interesting. “Well, hello there,” he said as he began clicking open files, moving around windows, and firing his cursor all over areas to highlight lines of text at a speed that Ryan found impossible to track with his eyes.
“What is all that stuff?” Jack asked.
“It’s a pretty nice attack tool kit.”
“What does it do?”
Gavin did not slow his manipulation of the windows and files on the screen. Jack guessed he’d looked at about twenty different files in the past forty-five seconds or so. As he clicked and, Jack assumed, absorbed all the data on the screen in front of him, he answered, “The Libyan could have used this stuff to break into computers and computer networks, steal passwords, get hold of personal information, change data around, clean out bank accounts. You know, the usual bad stuff.”
“So… Kartal was a hacker?”
Gavin closed all the windows and turned around in his chair to face Jack. “Nah. This isn’t real hacking.”
“What do you mean?”
“This is a tool kit for a script kiddie.”
“A what?”
“It’s the term for someone who can’t write malicious c
ode themselves, so instead they use a ready-made package like this, created by someone else. This attack tool kit is like a Swiss Army Knife of cybercrime gadgets. User-friendly hacking materials — malware, viruses, key loggers, password-breaking code, stuff like that. The script kiddie just sends this out to a target computer, and it does all the work for him.”
Biery’s attention returned to the monitor, and he began looking at some more files. “There’s even an instruction manual for him here, and special tips on how to gain access to computers run by network administrators.”
“If he gains access to a single computer run by an administrator, he can see other things on whatever network the computer is part of?”
“Right-o, Jack. Just think of yourself. You come into work, light up your node, put in your password—”
“And then do whatever the hell I want.”
Biery shook his head. “Well, you have user-level access, so you do whatever the hell I let you. I have administrator access. You can see a lot of data on our network, but I have a lot more access and control at my fingertips.”
“So this Libyan had the tools to slip into certain networks as an administrator. What kind of networks? I mean, what type of companies, industries? What could he get into with these scripts?”
“The type of industry doesn’t have anything to do with it. He could target any industry. If he wanted to steal credit card numbers, for example, he might attack restaurants or retail point-of-sale or something like that. But if he wanted to get into a university system, an airline, a government agency, a federal reserve bank, he could do all that just as easily. The tools to break into networks don’t discriminate by industry. The tools will do whatever they can to find a way to root into the network via different attack vectors and vulnerabilities.”
“Like?”
“Like passwords called ‘password’ or ‘admin’ or ‘1234’ or ‘Letmein’ or something else easy to guess, or ports left open that would allow access, or information that is not behind the firewall that might reveal information about who has access to what info, so then the attacker can target those people via social media and the meat space, so that he can make an educated guess about what their password might be. A lot of it is the exact same social-engineering stuff you spies do.”