Out Of The Dark – Snippet 14
A human hacker would have called it a “man-in-the-middle” attack. Base Commander Shairez’s carefully built remote was deposited on the roof of a coffee house in downtown Tehran. Despite the Iranian rÃ©gime’s paranoia and perpetual state of heightened military alert, slipping the remote through its airspace defenses was child’s play for the Shongairi. Concealing it once it was down wasn’t a lot more difficult, either, since it was little larger than a baseball. The heavily stealthed, unmanned platform which deposited it found a convenient location, hidden in the shadow of an air-conditioning compressor, then departed through the moonless night air as swiftly and unobtrusively as it had arrived.
The location had been selected in advance after a previous platform’s incursion had “driven around” at high altitude listening for a suitable portal through which to enter the local WiFi system. The 802.11 standard wireless connection of the coffeeshop which had been chosen offered broad frequency wireless connections to interact with potential victims. Even better, it was completely unprotected, without even the standard WAP’s 64- hexadecimal key. It wouldn’t have mattered very much if it had been protected — despite the remote’s small size, its processing power would have sufficed to break even a substantially more challenging key with a brute force approach — but it was convenient.
Now the remote inserted itself into the coffeeshop’s network and attempted to access the router. In this case, it was a common retail Linksys SOHO, and the coffeeshop’s owner had never bothered to replace the default password. The remote got in easily and looked around, checking carefully for intrusion detection systems. There was no sign of one, and it quickly established access and began modifying settings.
The first thing it did was to change the password and wipe out any logs which might have been recorded on the router. Then it modified the gateway — making the router send the traffic of any coffeeshop users through itself. Once it was able to view all the unencrypted traffic of all users of the coffeeshop’s connections, it began monitoring and recording. For two days, that was all it did — listen, record, and compress, then retransmit daily dumps of all communications in and out of the coffee shop to the stealthed Shongair ship which had deployed it.
His name was Rasul Teymourtash, and he was a taxi driver. In a nation where political activism had become a dangerous, high-stakes game, Rasul was about as apolitical as a man could get. He went to mosque on Friday, accepted the five principles of the Usul al-Din, performed the ten duties of the Furu al- Din, and concentrated on keeping himself and his family fed. One of his brothers had been arrested, savagely beaten, and sentenced to fifteen years in prison last year for alleged activity in the outlawed Green Movement. Another had simply disappeared some months before that, which might have been one of the reasons for Rasul’s tendency to emulate an ostrich where politics were concerned.
He was also, however, a patron of the coffee house Shairez had chosen as her entry point into the Internet. On this particular day, Rasul dropped by the coffee house and connected his laptop to its router… by way of the Shongair remote. He browsed, he checked his e-mail, and then he decided to download an MP3 music file.
The authorities would not have approved of his choice of music, since Lady Gaga was not high on the list of acceptable musicians. She was, admittedly, rather longer in the tooth than once she had been, and she’d undoubtedly mellowed somewhat over the years, but no one could have mellowed enough — not from her original starting point! — to satisfy Iran’s leaders. Rasul was well aware of that, of course, yet he also knew he was scarcely alone in pushing that particular set of limits.
What he was unaware of, however, was that the Shongair cyber techs aboard Shairez’s starship had made good use of all the data their remote had transmitted to them. Which was why, along with his music video, Rasul had installed and run a Trojan Horse.
The virus turned his laptop into a slaved “bot” — the first of many — which began searching for computers to attack in the United States. Another Trojan, in a second laptop, launched a similar search against computers in the Russian Federation. Another began spying on China, and others reached out to Europe, Israel, and India.
By the end of the day, over six hundred Iranian bots were obediently working the problem of the United States, alone, and as they reached out to still more computers, their numbers continued to grow. They made no move (yet) against their primary targets. Instead, they started with e-commerce sites, looking for vulnerabilities they could exploit in order to worm their way up to the systems in which they were truly interested. They concentrated on the people who used the machines rather than the machines themselves, searching for weak passwords — capitalizing on the fact that human beings may have many online needs but tend to use the limited number of passwords their merely organic memories can keep track of. They were particularly interested in members of the United States military, and with so many industrious little bots looking, they were bound to find something.
The first opening was an Air Force E-6, a technical sergeant stationed at Nellis Air Force Base in Nevada. Technical Sergeant James was an Airsoft enthusiast who had decided to order a GR25 SPR — a BB-firing electric version of the M25 sniper rifle.
He placed his order online, through a Website using a 1024 bit SSL/TLS key, a secure socket layer impossible for current human technology to defeat. In fact, even Shongair technology would have found it a challenge, but the bots had never been looking at breaking its encryption in the first place. They’d been looking for human mistakes, vulnerabilities, and they’d found one in the form of a default script left in place when the system was set up. Once through that open door, they were able to access the site’s data, looking specifically for military users like Technical Sergeant James. And in that data, they found James’ e-mail address and the password he’d used in placing his order… which, unfortunately, was also the password he used when accessing the Air Force’s logistical tracking system. Which, in turn, offered access to even more data and even more sensitive systems.
It took time, of course. Sergeant James was only one of many gaps the steadily growing army of automated intruders managed to turn up. But computers are patient. They don’t care how long an assignment takes, and they don’t get bored. They simply keep grinding steadily away at the problem… and they also don’t care who they are grinding away for.
And so, just under a week after Rasul had downloaded Lady Gaga, Ground Base Commander Shairez found the access points she needed.