Mark Russinovich - Operation Desolation: A Short Story

Mark Russinovich

Operation Desolation

I was, and thats why Ive asked to see you two. He paused then said, The hack originated from this hotel. Clive and Norm both straightened in their seats. Given that CyberCon is meeting here, I think a logical conclusion is that an attendee has done it.

This is bad, Clive said. Very bad. If or rather, when word of this leaked, it would very likely negatively affect him and his company, as it would CTI.

Jeff now told them about the assault on him the previous night. Clive looked at him with concern. Have you seen a doctor?

Its not necessary. I was just stunned.

You know, Norm said, it may be that the same person who hacked the RegSec site also attacked you.

Jeff nodded in agreement. I think thats likely. But whats important now is what we do. Ive asked to talk to you because I have a plan. If it succeeds, and I think we have a good chance of that, we can turn this into a positive.

You mean, catch the Anonymous hacker? Norm said.

Jeff smiled. Thats exactly what I mean. Catch him red-handed. His attacker had been a man so if the hacker was the same person, then they were searching for a he not a she, unless there was an accomplice.

Jeff watched as a slow smile spread across the agents face. I think Im going to enjoy learning exactly how you intend to do that.

By the time Jeff had finished explaining what he wanted, Norm was beaming.

A few minutes later the men went back downstairs to CyberCon, with Jeff retiring to the prep room. The hotel network CyberCon used employed Dynamic Host Configuration Protocol, or DHCP, in its computers. When attendees connected to the network they received IP addresses. That was key to what Daryl had suggested. Next, he just needed to acquire an open source trivia game Web site plug-in.

The plan was simple. Clive would offer the trivia game to attendees. Daryl thought, and Jeff agreed, that almost everyone would participate, especially as Clive was going to give prizes. Next, Jeff wrote a tool that monitored game log-ins and produced their IP addresses on the hotel Web server. If the Anonymous hacker participated in the game, the same IP address would appear and Jeff would have him.

There were some potential problems, though. For one, the hacker might not take part. Jeff thought that unlikely but he had to acknowledge it as a possibility. He would also be out of luck if the hacker had left the hotel after executing the attack and then returned since he would have a different IP. Still, hed reasoned most attendees were staying at the conference hotel and it was unlikely many had left the premises and then come back. Hed explained the downside to Clive and Norm but in their opinion the plan had a good shot at success. In anticipation of that, Norm had called the local FBI office and summoned assistance.

Jeff called Clive and told him he was ready for him. A few minutes later the man entered the prep room and sat with him. For the next twenty minutes, he and Jeff brainstormed a number of trivia questions such as What was the first PC virus named? Answer: Brain. The process took less than half an hour.

The conference was scheduled to conclude with a keynote speech. This year the speaker was the head of security for the National Security Agency, or NSA, Americas omnibus information protection and communications intercept agency. The theme of his presentation was that cyber-security was the new theater of war and where the first, even final, shots would very likely be fired. It was a theme everyone in attendance was interested in and it would be well if not universally attended.

When the meeting room was nearly full, but a few minutes before the speaker was to begin, Jeff sat in an outside aisle seat in the middle of the room. Clive took to the public address system, and once he had the attendees attention he spoke. This year, he said, as an added event were asking you all to take part in a cyber-security game of trivia before the keynote presentation. I think youll find it very interesting. A few minutes earlier Jeff had uploaded the game to the conference Web site. Now Clive gave the Web address. Attendees were to log in as usual to access the game. The user who submits the most correct answers first, Clive added, wins five hundred dollars and a special printed award certificate. There were smiles all around. Second- and third-place winners will also receive award certificates. So lets get playing. Well announce the winners after the speech.

Jeff watched the players frantically log in using their laptops, tablets, and smartphones. As they began playing he felt a thrill. In his work, he protected companies from cyber-attacks, from those whose faces he never saw. Or he cleaned up after such attacks, fixing the digital mess theyd left behind. It was rare he actually faced the hacker, saw the criminal face-to-face.

The events the year before, when he and Daryl had dampened an Al Qaeda cyber-attack on the Internet in the West, had brought him in personal contact with those whod launched the assault. Hed nearly been killed as a result and those men died. He didnt expect this to have the same extreme outcome, fortunately.

The game was proving to be popular, as hed expected. From where he sat, Jeff accessed the hotel Wi-Fi to sniff about and to see if he could identify the culprit. He monitored the network, searching for traffic using the attackers IP address. Most of the traffic he saw was, as expected, encrypted and so did not reveal any personal information about any of the users.

He concentrated on the mail server accesses and spotted attendees from cnn.com, techmeme.com, and any number of smaller, less well-known companies. Then he saw Combined Technologies International. Sixteen of their attendees there were playing the game, no, twenty-four,no, thirty-seven,now more than forty.

Jeff watched all log-ins closely. Then there it was: the same IP address logging into the CTI e-mail server. The hacker wasnt staying in another hotel and hed not left this one. Jeff straightened and drew a deep breath as he experienced a wave of elation. Then for a fleeting moment, he wondered if it could be Dillon Ritter. The very thought struck him as impossible. There was no stronger opponent of hacktivism in the industry.

Then he thought of Chuck Chacko. He was doing contract work for CTI. Could it be possible?

No, Jeff told himself. It was surely another CTI employee, who had an ax to grind. He didnt know all who were here but realized with a sinking heart hed very likely know, and probably like, the Anonymous hacker. Hed have to wait to see what the Web site log file said.

Jeff looked about and realized the room was buzzing as the attendees submitted their answers and jovially taunted each other. The speech was about to begin and the room grew silent. A few moments later Clive introduced the keynote speaker to a round of applause. The NSA officer took the podium and walked the attendees through a well-crafted PowerPoint presentation. His point was simple enough: the world was at war and almost no one knew it. That had to change.

None of this was news to Jeff, and he suspected it wasnt to nearly all of those here. It always seemed to be upper management or senior government officials who didnt get it. They hid in the forest of the numbers, betting theyd never be targeted or that there was no reason to counterattack.

Hiding from reality had been the case with Reginald Hinton, CEO of RegSec. For all his posturing and bravado hed run a company with no better than average security. During his forensic investigation Jeff had found all the usual failings unpatched vulnerabilities, antivirus software not updated, firewalls turned off.

And RegSec held the most private and sensitive information a customer could give. Its Web site bragged that it employed the most sophisticated digital protections in existence. The company asked the public for its trust and Hinton had betrayed them. Anonymous had not looted any accounts so far that had not been its style but in such a ragtag group it was inevitable. And to Jeffs knowledge no private records had been stolen, but Anonymous had done that in the past.