ABOUT THE AUTHOR
Mark Russinovich works at Microsoft as a Technical Fellow, Microsofts senior-most technical position. He joined the company when Microsoft acquired Winternals software, which he co-founded in 1996. He is also author of the popular Sysinternals tools. He is co-author of the Windows Internals book series, a contributing editor for TechNet Magazine, and a senior contributing editor for Windows IT Pro Magazine. He lives in Washington State. Zero Day is also published by Corsair.
ACKNOWLEDGMENTS
Id like to thank John Lambert, David Cross, Frank Simorjay, and Scott Field colleagues of mine at Microsoft for reviewing drafts of Trojan Horse and providing valuable input based on their real-world experiences with cyber espionage. Ron Watkins provided me great input on the plot and character development and made helpful reviews of numerous drafts.
Im grateful to Kevin Mitnick for endorsing the book with his foreword and to Mikko Hypponen for his blurb. Ive learned a lot from both of them and am honored to have their names associated with Trojan Horse.
My thanks also go to my agent, Ann Collette, from the Helen Rees Literary Agency, who helped usher the book through the publication process. I owe thanks to Peter Joseph, my editor at Thomas Dunne Books, for believing in a sequel, for the insightful feedback he gave in his reviews, and making sure everything was covered for the successful publication and launch for Trojan Horse.
Finally, I want to again thank my wife, the real-life Daryl, for her continued support of my indulgence as a fiction author.
FOREWORD
It is Mark Russinovichs in-depth knowledge of Windows and how data traverses over the digital landscape that creates the chilling realism in the backdrop of Trojan Horse, the highly anticipated follow-up to his first novel, Zero Day. Ive long said that people are the weakest link in the security chain (and, in the past, frequently taken advantage of this myself). In his thrilling tale, Mark shows us that malware remains a significant threat as the sophistication of malicious programs continues to grow. The bad actors still use the age-old technique of social engineering the method of manipulating people into performing an action in order to leverage the help of the victim to exploit a security flaw in the application software that resides on their computer. When used together, these two attack methods can lead to devastating outcomes as they leapfrog over even the most resilient network defenses. No one is immune to social engineering, and even the most technically competent can easily fall victim to this method.
In todays world, it is rare that such an attack will merely affect one network. Once again, Mark makes us aware of how interconnected our systems are, and how their dependencies can be used to create havoc in our world. Geographic boundaries are no longer an obstacle for those wishing to cause harm. Our future wars may employ people on the battlefield as a last resort. The initial efforts will likely be fought digitally over the vast technology infrastructure that the Internet has created. It is now possible to have a virus weaponized in China, employed in Berlin on behalf of Afghanistan, and have the payload delivered in Sydney or the United States masking origination, and making detection and accountability almost impossible.
Mark has created well-defined characters in Jeff Aiken and Daryl Haugen, whose challenges will absorb the reader. His attention to detail in both the technical and backdrop settings are realistic because they are closely related to real events exposed by the media. Even the nontechie will have no trouble understanding the well-explained technical details. The story line keeps the reader immersed, anticipating what will happen next, and the only difficulty comes in trying to put the book down.
Trojan Horse is a work of fiction, but it makes you think about the possibilities in the future as the sophistication of our adversaries continues to grow in response to narrowing gaps in security posture. I am both honored and privileged to have the opportunity of an advance read of Marks latest work, and look forward to sequels in the future. However, after reading his book, even I am left wondering how prudent the decision was to open an e-mailed copy of the manuscript called Trojan Horse.doc.
KEVIN MITNICK,
SPEAKER, CONSULTANT, AND AUTHOR OF
THE NEW YORK TIMES BESTSELLER GHOST IN THE WIRES
MEMORANDUM
INTERNAL DISTRIBUTION ONLY
SECRET
MEMORANDUM
DATE: June 24
FROM: Rhonda MacMillan-Jones Deputy Director, Cyber Security National Security Agency
TO: Admiral Braxton L. R. Compton Chairman, Joint Chiefs of Staff Pentagon
RE: Confirmation
This is a follow-up to our conversation earlier today in which I confirmed the discovery of extraneous software embedded within the U.S. Pacific Fleet Command computer structure. This malware has access to the database that manages fleet deployments. It is highly sophisticated, unlike any we have previously encountered. At this time we do not know how it penetrated COMPACFLT computer defenses, how long it has been embedded, or the extent of the infection. It constitutes the most serious penetration to date by malignant software embedded from an unknown source within a highly classified U.S. military command computer system.
We share your suspicions that this malware was responsible for the ten-hour blackout experienced by COMPACFLT during fleet maneuvers off Taiwan nineteen days ago. Be assured that we are working with your staff and will do all within our ability to locate and remove every vestige of this Trojan from your system and that we will learn how it managed to insinuate itself into such critical software.
I wish to repeat that we do not yet know the scope of the penetration or the capacity of the malware to disrupt, or direct, fleet operations. We urge great caution in the interim. Though we cannot know its origin with certainty, the level of sophistication and the nature of its disruption indicates a nation-state with national security interests toward the United States.
cc: CoS, POTUS, NSA, White House
INTERNAL DISTRIBUTION ONLY
SECRET
DAY ONE
THURSDAY, APRIL 9
CYBER PENETRATIONS REACH
ALL-TIME HIGH
By Arnie Willoughby
April 9
Sophisticated computer penetration is at record levels according to Cyril Lester, executive director of the Internet Security Alliance. In a speech delivered at the associations annual meeting in Las Vegas, Nevada, Lester said, Despite an increase in awareness by individuals and companies, malware, particularly in the form of Trojans, continues to find its way into computers at an alarming rate.
Though hackers still release what Lester described as junk malware, advanced and highly sophisticated viruses are an ever-greater cause for concern. Most target financial records and a number have been highly successful in looting personal and bank accounts.
A new version of the Zeus Trojan, for one, recently penetrated bank security then silently stole more than one million dollars from an estimated three thousand accounts, according to Lester. Authorities have been unable to trace the ultimate destination of the funds, he said.
The Zeus Trojan infected Windows machines through various exploits in Internet Explorer and Adobe Reader. It then lay dormant until the user entered his bank account. Through a technique known as keystroke logging it captured log-on information later used to access the account. If it was determined to hold at least $1,250 dollars the money was stolen.