His name is not Opsec, but I will call him that to guard his privacy. Inwebspace he is called a grand master of the dark art of hacking. He isone of a small elite—maybe 100, maybe fewer—all of whom aresecretive and smitten by safety. They do not talk about their workwith their households. They commonly do not check with the click.
Nonetheless, through pals of chums, Opsec agreed to speak and tointroduce me to his views. In “meatspace,” as he and otherslike him call the real world, Opsec lives in a metropolitan area in alittle wooden house by a railroad track. He is in his mid 30s,physically implementing, and not a geek. He hangs out in a native bar, wherethe regulars know vaguely that he works with computer systems. He is a fast talker when he’s onto a subject. His mind seems to racemost of the time.
Currently he is designing an self reliant system fordetecting network assaults and taking action in response. The system isbased on device learning and artificial intelligence. In a typicalburst of words, he said, “But the automation itself may be hacked. Isthe A. I. being gamed?Are you educating the laptop, or is it learningon its own?If it’s studying by itself, it may be gamed.
If you areteaching it, then how clean is your data set?Are you pulling it off anetwork that has already been compromised?Because if I’m an attackerand I’m coming in in opposition t an A. I. defended system, if I can get into thebaseline and insert attacker traffic into the studying phase, then thecomputer begins to think that those things are normal and approved. I’mteaching a robot that ‘It’s O. K.
!I’m probably not an attacker, eventhough I’m carrying an AK 47 and firing on the troops. ’ And what happenswhen a equipment becomes so smart it makes a decision to betray you and switchsides?”Opsec lives in a hall of mirrors. He knows that webspace andmeatspace, though connected, remain in large part numerous. Given sufficientmotivation and time, Opsec can break into almost any secure networkwithout atmosphere off alarms. Breaking in used to delight him, because onceinside he could roam as he liked, but good fortune comes too easily now: withsuch an attack, he has in finding only a single way in. By distinction,defense presents the challenge of out considering every aggressor.
Thisappeals to him, and he works now on the protecting side. Usually thismeans covering company networks from crook assaults, or reacting toattacks after damage has been done. Opsec doesn’t do the movements stuff. He is the man for the severe cases. He has seen some big ones. But evenhe was bowled over when, late last year, he stumbled upon a hack—asliver of alien application on American shores—which advised thatpreparations were being made for a cyber attack of unheard of scale.
He first intervened six years ago, after a data center have been hackedas Opsec puts it in a fucking major way. The intruders had gone afterkey tactics, including the central price processor and the C. E. O. ’scomputer, and had stolen credit card and monetary data in addition to theCompany’s proprietary source code—the name of the game formulation upon which thebusiness is built. Opsec worked for almost six months to clean up themess.
By backtracking he discovered that the hackers were a groupassociated with the Chinese army. They operated out of a specificbuilding near Shanghai, which he was able to locate, and specialised intargeting amusement companies. Eventually he was in a position to identifysome of the people involved, and even to acquire photos of them. Nominally, that was the tip of it. Opsec told me that as a result of agovernment was concerned, and legal recourse in China was unrealistic, nofurther action was taken. After the fashioned breach by the Chinese, Opsec had urged the company’smanagement to set up a lively information security program, whichit did by constructing three NASA like handle rooms scattered in datacenters around the globe.
Collectively, they are staffed around theclock. The sole goal is to catch intruders, and to catch them asquickly as feasible. The common industry delay in detecting a malicioushack is 188 days. For the Company, Opsec hoped to minimize the delayto mins and even seconds. But late last year, when the operationsmanager called him at home and urgently requested his presence at theCompany’s high tech campus, about 20 miles away, he knew that thosedefenses had failed. Almost as disturbing, the alarm were raised notby the safety team but by an ordinary technician, a systemadministrator doing the drudgery of a activities review.
When Opsec got to the campus, the particulars filled in. The systemadministrator—a friend of his—have been facing event logs ofthe past week. Event logs are lines on a screen appearing summaries ofeach new task given to a computer community, with a time stamp and a greenor red dot indicating success or failure. Seeing a red dot, theadministrator had zoomed in for additional information. The failed task turnedout to be an effort from in the Company to deploy a bit ofsoftware companywide.
Deployment of program throughout the entirenetwork did every so often occur—for instance, to set up updates—but itwas rare, and sufficiently crucial that the sender did not often makea mistake. In this situation, the sender had omitted a single letter in thedomain name to which the job was addressed—hence the failure. Theassociated application package was unlike anything the system administratorhad seen before. He alerted the operations manager. Opsec knew immediately that the package was suspicious.
In lieu of acoherent naming scheme—as an example, a numbered update—there wererandom characters, followed by “. exe,” for an executable program. Heran the content material via a piece of reverse engineering program, calleda disassembler, and easily proven that his client had been hit witha malicious hack. Within an hour he understood that the purpose had beento permeate the Company’s networks, steal and encrypt all of its data,and insist price for the information’s return. The numbers for an overseasbank account were blanketed in the program.
Opsec does not tell me wherethat checking account was, or how much were demanded. He said only thatit was an aggressive piece of ransomware, and that often in such casesthe data is never returned. Ransom attacks are becoming an epidemic onthe Internet. Most are widely dispersed. They lock down a victim’scomputers and ask for fairly small amounts, payable in hard to traceBitcoins, in alternate for returning the victim’s life to normal. Thebiggest assaults—towards companies—have netted hundreds of thousands ofdollars.
Little is known about them because the sufferers aretight mouthed. The massive hack of Sony Pictures in 2014 was a ransomattack, though by whom continues to be in question. Presumably Sony did notpay, because its internal e mails and other files were releasedonto the Internet. Last February, hackers seized clinical data fromthe Hollywood Presbyterian Medical Center, in Los Angeles. The hospitalpaid to get the records back.
Now, via sheer luck—a missingletter—the try to extort Opsec’s client had failed. But bigconcerns remained: the Company’s community was basically compromised. Here was the condition Opsec faced. The kit now not mattered, butthe hack most certainly did. Someone had emerged from the Internet,slithered into the Company’s heart, after which disappeared. The specificvulnerability the attacker had exploited was still unknown, and waslikely to be used again: he had established a back door, a way in.
Someback doors are everlasting, but most are short lived. Possibly this onewas already on the market on the black markets that exist for suchinformation in difficult to understand recesses of the Internet. Until Opsec could findand lock it, the back door constituted a serious threat. Opsec reviewedthe basics with the Company’s managers. He said, Look, we’re in theInternet company. We know we’re going to get hacked.
We have to assume,always, that our community is already owned. It is essential to go slowlyand stay calm. We will soon understand how and when to lock the door. We willhave to make a decision later if we should always do more. Definitions. A vulnerability is a weak spot in a network’s defenses.
Anexploit is a bit of software that takes benefit of a vulnerability. A zero day make the most is a bit of software that takes advantage of avulnerability that is known to a small group of aggressors and generallynot to the defenders. “Back door” is another name for much an identical. There are diversifications. Infinite invention is at play. Welcome to the DarkNet, a desert where wars are fought and hackers roam.
Moredefinitions. The Dark Net exists within the deep web, which lies beneaththe floor net, which is acquainted to all and sundry. The surface net can beroughly defined as “the rest that you can find via Google” or that isotherwise publicly indexed for all to see. The deep web is deep becauseit cannot be accessed via usual se’s. Its size isuncertain, but it is assumed to be larger than the surface net aboveit.
And it is generally legitimate. It consists of everything from I. R. S. andSocial Security data to the inner communications of Sony and thecontent administration system at The New York Times.
It consists of HillaryClinton’s e mails and text messages, together with everyone else’s. Almostall of it is completely mundane. The Dark Net occupies the basement. Its users employ anonymizingsoftware and encryption to hide themselves as they move around. Suchtools offer a measure of privacy.
Whistle blowers and politicaldissidents have good reason to resort to them. Criminals do, too. Whitefades effortlessly via gray after which to black in the Dark Net. Furtivesites there offer all manner of contraband on the market—narcotics,automatic guns, agreement killings, child pornography. The most famousof these sites was Silk Road—the brainchild of Ross Ulbricht, alibertarian entrepreneur who was arrested by the F.
B. I. in San Franciscoin 2013 and sentenced last year to life in prison without parole. Newand even larger marketplaces have opened, including the present leader,AlphaBay, which is owned by a man who has been quoted as saying heresides in an “off shore country where I am safe,” gives interviews tothe press, and openly defies makes an attempt by the gurus to close himdown. There are twists: unlawful narcotics sold over the Dark Net tend tobe purer, and for this reason safer, than those sold in the street—thisbecause of the significance to the dealers of online buyer scores.
Bycomparison, it is tough to see the intense side of missile launchers orchild pornography. However noxious the illicit Web sites may be, they’re merely thee commerce types of conventional black markets that exist inmeatspace. The real action on the Dark Net is in the trade ofinformation. Stolen credit cards and identities, industrial secrets,army secrets, and especially the fuel of the hacking trade: the zerodays and back doors that give access to closed networks. A short livedback door to the iPhone operating system may sell for 1,000,000 dollars. In 2015 a black market site called TheRealDeal, the 1st one tospecialize exclusively in cyber weaponry, opened for company.
Severalothers have followed. There is something strangely round about allthis—the Dark Net chasing its tail through the Dark Net—but thestakes have turned out to be high. And the trade is new. So new that once Opsec looks back on recenthistory he can sound like an old man remembering the onset of World WarII. He was born to a middle class family in the orbit of Washington,D. C.
, and by the point he was in kindergarten it was obvious that he wasa bright if cussed child. This was toward the tip of the 1980s, in thepre dawn before the Internet as we realize it. His mother owned an earlypersonal pc—a big box with a keyboard, a black screen, and whiteletters. It had a dial up modem for point to point connections to othercomputers. When Opsec was six, he found out that he could play games onit.
The first was a Japanese action game called Thexder, through which hecould seriously change a robot into an airplane and bomb things on the ground. This was so pleasing that on weekends he would awaken his mother atfive A. M. and get her to go through the essential keyboard instructions toaccess it. She grew so weary of this that she wrote out the commands forhim to use.
He then discovered how to write an easy program toautomate the log in. That was the start of the path he remains on today. By the age of sevenhe had become a regular on digital bulletin boards where gamersexchanged information and posted downloadable games. The bulletin boardswere precursors of the Dark Net: you could not search for them on acomputer; you had to have a particular phone number and reach itpoint to indicate with a dial up modem. After you found the first one, youwere in and could find others. The users had pseudonyms and remainedlargely nameless.
Age and site didn’t matter. Social awkwardnessdid not matter. Some of the information the bulletin boards containedincluded pirated property and advice on how to break the law. When he was 12, Opsec started to attend the local chapter conferences of anotorious hackers’ group, named 2600 for the 2600 hertz tone that gaveaccess to the analog phone methods of the time. The meetings were heldin the food court of the Pentagon City shopping mall.
He had a pal, alike minded Persian kid who attended the meetings with him and wasextraordinarily able but a bit malicious: he later published paperson how to wreck hard disks remotely and how to cause computers tocatch on fire by shutting down their fans. Although also an anarchist atheart, Opsec was more drawn to expanding his skills than inwreaking havoc. Opsec took what he realized and acted on it. In most cases, success wasdefined as access to the executive console of an operating system. That position is occasionally referred to as a root shell. For Opsec it was theholy grail, because from within the root shell, as an illicitadministrator, he could do as he glad, adding using one computerto attack another, and from there yet another, in daisy chains thatspanned the globe.
This was tricky stuff, and likewise risky, as a result of muchof Opsec’s hacking was in violation of increasingly more full of life federallaw, and the F. B. I. was cracking down. The most famous case at the timewas that of Kevin Mitnick, a tender Californian who have been repeatedlyjailed for hacking.
After violating the terms of a supervised unencumber,Mitnick went on the run for a number of years, incomes a place on theF. B. I. ’s most wanted list before being caught in 1995 and hauled off toprison for 5 years. With a couple of of his friends in detention, Opsecgrew frightened about being diagnosed. It was 1996.
The advertisement Internet had barely arrived. Opsec was ascrawny adolescent. He was still using dial up modems to breakpoint to indicate at once into mainframes, particularly those that werepart of the worldwide telecommunications infrastructure. From an illicitbulletin board he bought a master list of the default passwords usedfor lots of the manufacturers, then went on a sprig and pray huntthrough the phone system, looking for vulnerable desktops. To do thishe wrote a program that might call every 1–800 number possible, for atotal of roughly 7.
9 million combinations. He chose 1–800 numbersbecause the calls were free. If desktops replied, the program woulddistinguish between them, respond with manufacturing unit default passwords, andregister the a hit penetrations. Once the program had mapped thevulnerabilities, and Opsec had taken ownership of some computers, heintended to use them to go after other desktops, to be able to hide histraces as he approached the ultimate goals. The issue was how to makemillions of automated phone calls, because even a 14 year old has limitson his time.
Late one night, operating alone, he threw a rubber mat over a barbed wirefence protecting a phone company yard, and climbed up and over. Onceinside he broke into two vans and stole every little thing he could: technicalmanuals, linemen’s handsets, utility belts, uniforms, helmets, pay phonekeys, and, most essential, a master key to neighborhood trunkboxes—the junctions via which a whole lot of phone lines run. Withparts from a RadioShack he built a small device that allowed him toseize every one of those lines concurrently. He attached the deviceto a small laptop that he had stolen from a Staples, and started working. Dressed in an oversize lineman’s uniform and hard hat, with a utilitybelt dangling equipment from his waist, he slipped far from his houseand every night for several weeks probed the 1–800 network withthousands of computerized calls. On the ultimate night of the activity, attwo A.
M. , he had opened a trunk box established on front lawn of achurch, when an old woman—a member of the congregation—noticed himfrom her window and, noticing that his uniform didn’t seem to fit him,called the police. Opsec still wonders what she was doing up so late. When he was arrested, the police had so little idea of what he was doingthat they lower back the laptop personal computer to his father without having itexamined. The local prosecutors charged him with illicit wiretapping, asif he had been eavesdropping.
His folks hired an expensive lawyer. Opsec copped a plea to a misdemeanor to circumvent having to clarify himself,and was sentenced to a couple of weeks in a juvenile prison, to befollowed by years of probation. Then came the Internet, which for hackers was a dream come true. Suddenly they had access to thousands and thousands of desktops that until then theyhad needed to address one by one. Opsec invested in a high speed DSLmodem and set up a enterprise in his Persian friend’s basement, rentingout the relationship to other hackers, who sent their computers to himbecause of the access he provided for pretty rapid downloads, oftenof stolen content, and the short execution of complex attacks.
He learneda lot by servicing those clients. As he gained experience he graduatedfrom indiscriminate hunts for low placing fruit to more focused assaults,referred to as deep dives, in opposition t well defended networks. The dives requiredcareful making plans. Opsec said, “You start with recon, studying thetarget network, but also doing analysis on personnel, buildingpsychological profiles, seeking to assess the tradition of security, andlooking for the ‘social engineering’ probabilities—are you able to tricksomeone into divulging a password?You create a map of all of the possibleavenues that you may use to get in. ”Opsec got into the Colombian executive’s networks without setting offalarms, and spent six months there, undetected, moving around.
Then hedived into Chinese government sites and military networks, and into thedomain of specific Chinese hacking teams. He was 16 now. In yet anotherlapse of understanding his folks allowed him to take a job in anelectronics store, where his main aim was to steal more “burner”laptops to discard after use, to bypass detection. A constant customerthere realized of his atypical knowledge of Chinese networks and offeredhim some work on the side: the man handed him a list of about 20 Chineseservers and asked Opsec to investigate them. This changed into a regularthing.
The man sent a bank move to him each month. Opsec guessedthat he worked for the N. S. A. or the C. I.
A. Opsec’s fogeys, in the meantime, kept transport their son from one school toanother, in the vain hope of having him to return to conventionalstudies. They sent him off to an army school with the idea that bootcamp might bring him to heel. He hacked into the college’s network,encrypted the data on a classmate’s very own personal computer, and taunted himwith the loss. The school discovered and gave Opsec the choice of helpingto shore up its defenses or being expelled.
He chose to be expelled. When he called his mother to offer her the excellent news, she was livid. Shesaid, “How did you be capable of get kicked out of a bad kid school?” Sheexiled him to live with his uncle in a far flung place. He kept hacking. Opsec describes the public’s awareness of the Dark Net as a slowawakening. It began at the dawn of the new millennium, across the year2000.
With Internet connections proliferating, e trade increasing, andthe dot com boom fully under way, the surface Web looked much as itlooks today aside from this: assaults were not pervasive and computersecurity was not a big fear. The problem with safety is that itslows operations down, and the hot and bold Internet entrepreneurswere locked into competitive races that allowed no room forinterference. The interference came anyway. In February 2000 a15 year old French Canadian who went by the name Mafiaboy introduced aseries of denial of carrier assaults that took down a progression ofimportant Web sites, beginning with the then dominant search engine,Yahoo, and moving on to Amazon, eBay, Dell, and CNN, among others. Suchdenial of service attacks, which overwhelm Web sites by hitting themwith huge site visitors, are the most primitive variety of hack. They requireonly the hijacking of undefended computer systems, not the penetration of thetarget networks, and that they do not bring about the loss of knowledge.
In Opsec’sview, Mafiaboy was a talentless “script kiddie” who used off the shelfcomponents written by others, and needed little experience to pull offhis stunt. He was so naïve that he bragged about his exploits inInternet chat rooms. He was arrested, and sentenced as a juvenile toeight months of house arrest and a year of probation. But Mafiaboy’sattacks amazed the industry, caused losses predicted at greater than abillion dollars, and made world news. Internet companiesrealized that they were going to must enhance their resiliency.
Themagnitude of the cited losses also got the interest of the underground. Anarchists were attracted by the opportunities to cause disruption. Others were attracted by the opportunities to earn cash. Organizedcrime soon got concerned. Identity theft, credit card fraud, andelectronic extortion multiplied abruptly. The public remained largelyunaware, but with monetization the evolution of the Dark Net suddenlyaccelerated.
In america alone, nearly every company largerthan small is getting hit on a standard basis, typically from abroad. ThePentagon has said it fends off a few million attempts atcyber intrusion day after day. Opsec had just turned 18 when Mafiaboy struck. Nominally he was a seniorin high school. As an adult now, he arranged to have authority over hisprobation transferred from where he lived together with his uncle back to theWashington area, and he returned from his exile soon afterward. Thatspring he fell in love with a beautiful Asian girl who was all aboutdrugs and sex, and he moved in with her.
During his next visit to hisnew probation officer, he reported the change of tackle, and she or he bustedhim for it as a result of he was supposed to have knowledgeable her ahead. Hewas sent to jail for a couple of months to contemplate the mistake. In prisonhe found a mentor who was a physician convicted of marketing the identitiesof dead babies on the Dark Net to be used in providing criminals with newidentities. Opsec was launched in 2000, changing into a free man withoutrestrictions for the first time in four years. He swore off hacking, and went to work at an coffee bar on the groundfloor of an office building. Through a chance encounter with a customerthere, he found himself with a computer job upstairs.
The agency was inthe data transmission company, largely via fiber optic cables laidlong distance along 19th century railroad rights of way. Opsec wasassigned to the agency’s control center to provide general guidance tocustomers, who were mainly Internet carrier providers. Given histalents, he soon gravitated to the security side. To his shock, Opsecfound himself back in the underground from which he had just emerged. Opsec moved on to a sequence of small jobs, then landed a place at anetwork security company.
That agency was a floor reflection of theDark Net. One department was simple: it mined the Dark Net forknown vulnerabilities and compiled them into an encyclopedia for itsclients. Another division was grayer in personality. It provided bespokeintelligence amassing, often under cover of the Dark Net. Opsec oncestumbled across one of its items—behind a door that should havebeen locked, in a huge room, on a circular table 20 feet across onwhich al Qaeda’s electronic connections were bodily mapped out.
Andthen there was the third division, a part of the agency that was rarelymentioned. It was the moneymaker, an take advantage of broker for the U. S. government—much like folks that exist for criminals on the blackmarket—that did long-established zero day analysis and sold the hackingopportunities to NATO allies. We are now drawing near the mid 2000s.
Most of the attackers were notskilled hackers; they were incapable of analyzing application or a securednetwork and discovering vulnerabilities. They knew only how to acquiretools on the Dark Net and put them to use. Opsec was different, one ofthe few who can have made a living as a researcher whether by sellingzero days to the objective businesses who after years of reluctance hadwised up and begun paying bounties for them, by peddling them tobrokers, or by offering them on the market on the black market. But he didnone of that. He went to work for a pc safety company as a“penetration tester,” and for a better five years traveledextensively, performing safety audits and hacking into corporatenetworks to explore their weaknesses.
Some of Opsec’s consumers wereserious about security. But many were just going throughout the motions. All too often Opsec would hack into a community, submit a reportrecommending fixes, and are available back a better year only to find thatnothing have been done. He said, “Mostly it was just check box safety. And a large number of the penetration testers are really bad.
They don’t have thebackground or mind set. They don’t have the abilities. They have a scannerwith a database of all the different vulnerabilities, and it checks thenetwork for those things. There’s no artistic manner there. They’re notlooking for things that aren’t in the knowledge base.
They push somebutton, then come again and say, ‘You’re clean!’ ”In 2007 he quit the job and set himself up as a hired gun, determined tobe selective about which consumers to accept. The first requirement wasthat they needed to be focused on network security. The secondrequirement was that they needed to be on the side of “right. ” Thisturned out to be tricky, as the expertise he offers and the systemshe puts in place are basic dual use guns that can be utilized to roband oppress just as easily as to defend people’s lives and assets. Furthermore, Opsec was politically naïve: he assumed that U.
S. agenciesand overseas allies were inherently on the side of right. He no longersuffers from the illusion. To me he said, “If you kick over enoughrocks, you’re going to find shit, and if you piss off themilitary industrial complex . .
. ” He hesitated. He said, “Thereare certain things they simply don’t want you to grasp. And they killpeople. They’ll kill you. ” I asked him if paranoia is a professionalhazard.
He said it is, but if only for peace of mind he steers clear ofthose kinds of consumers today. As a gun for hire he made some mistakes early on. He would not describethem to me. He did say that he spent a month in Pakistan withU. S. government approval, consulting with the Pakistanis on how toestablish cyber war capabilities.
Clearly that was not his proudestmoment. Several years later he made an analogous mistake by subcontractingto an American team in an oppressive Gulf kingdom and ally of the UnitedStates. He assumed that the project was known to the U. S. government andonly later found that it was not. Opsec moved to the kingdom fornine months.
The job was to set up a national community securityoperations center, an emergency reaction group, and a hacking school toteach offensive and defensive cyber battle strategies. The school wasequipped with cyber conflict “firing ranges”—rooms of computers wheresimulated attacks could be run—and had a curriculum that includedintelligence gathering and the writing of malware. Additionally the teamran penetration tests and found vulnerabilities in the nation’sradar and missile defense tactics in addition to in its internationaltelecommunications. But Opsec found out that under the table the teamwas promoting cellular phone interception and monitoring equipment to theauthorities for all the wrong motives. The features he was providingfor countrywide protection would in apply be turned in opposition t the citizenry.
He left the project and again to the USA. He settled downwith a few good clients, the better of which was the Company, 20 milesfrom home. The ransomware attack on the Company late last year was not only anincident. It was a severe breach. Opsec urged stealth in response.
Theattacker would have known that he had did not steal the Company’sdata; there could have been a range of motives for that. It was importantto keep him pondering no matter if the hack itself had been discovered. Theransomware was a generic off the shelf module of no great curiosity orcomplexity. It had arrived only two or three days before beingidentified. The question was how it had arrived. To his shock, Opsecsoon desperate that it had are available by piggybacking on a majorintrusion, in the past unknown, that had happened fully a year before.
This was the hack that actually mattered. The extent of it was stillunclear, but the Company’s network had been secretly “owned” eversince. There was more. Embedded in the system was strong facts thatthe attackers were an identical Chinese government team that had hit theCompany four years in advance. And the Chinese team’s features hadvastly greater. Here is what happened.
The Chinese first went into a subcontractor, aglobal offshore price processor that handled credit card transactions,and then, having gained possession of that community, quietly entered theCompany via a legitimate back door that were set up on theCompany’s network to administer consumer bills. The preliminary breachwas a murals. The Chinese wrote a bit of customized softwarepurely for that job. It was a one of a kind “callback dropper,” aTrojan horse that may be loaded with any of many malware modules, butotherwise stood empty, and frequently checked in with its masters to askfor directions. Once inside the community, the Chinese were able to movelaterally as the Company, for the sake of operational effectivity,had not compartmentalized its community, regardless of Opsec’s advice to take action.
They knew exactly where they were going. First, using “bounce points”in the community to added obscure their presence, they went afterthe central domain controller, where they acquired their ownadministrative account, effectively compromising 100 million user namesand passwords and gaining the means to push application packagesthroughout the community. Second, and more vital, the Chinese headedinto the network’s “build” system, a part of the community wheresoftware changes are compiled after which uploaded to acontent distribution community for the downloading of updates tocustomers. In that position they acquired the means to bundle theirown program packages and insert them into the constant flow, potentiallyreaching 70 million personal desktops or more. But, for the moment,they did none of that. Instead they mounted three empty callbackTrojans on three separate community desktops and left them standing thereto await future instructions.
Opsec and his team concluded that thepurpose was to lay the basis for the rapid development of a giantbotnet. The “bot” in “botnet” is derived from “robot. ” Botnets are illicitnetworks of infected computers, referred to as zombies or nodes, that appearto functionality perpetually but are secretly managed by hackers and might beused in aggregate to produce gigantic computing power. The largest ofthem have consisted of a number of million computers. They were aroundfor a long time.
No one knows what number of are active, however the numbers arelarge. A few are self propagating, but most require active ifunintentional downloading. Either way, they are the force multipliersof the Dark Net. Some of them are advertisement, and offer amenities on theblack market. Others are privately held.
On the most basic level,hackers use them to mount denial of provider assaults, overwhelming Websites with the sheer volume of traffic. Beyond that, their applications arealmost unlimited—identity theft, bank card fraud, bank fraud,intelligence collecting, high speed code cracking, company espionage,commercial sabotage, and attacks on national infrastructure, includingindustrial handle networks, phone tactics, and the Internet itself. Cyber assaults that cause physical damage are extremely rare—Iraniancentrifuges destroyed by Stuxnet in 2010; a steel mill hit in Germany in2014; blackouts brought on by a hack of the power grid in Ukraine in2015—but no matter what damage a single laptop can do, a botnet can do itbetter. Botnets are so successful—and probably so short lived—thattheir creators perpetually rush to use them once they are built. Thatwas the odd part about the attack on the Company. The Chinese had goneto the entire effort to insert their Trojan, yet had stopped with out takingfurther action.
Why?The botnet it could have created would have been huge. If the Chinesehad breached other large Internet companies via an identical fee centerroute—and it seemed likely that they had—the mixed effect would havebeen the introduction of by far the largest botnet ever seen, an Internetrobot consisting of most likely 200 million desktops, all controlled by onesmall Chinese hacking team. Opsec had stumbled onto a very big thing. And its lack of use was the key. The only feasible intention, Opsecconcluded, was that of a sleeper cell, lying in wait as a pre positionedasset for use as a last resort, like a nuclear weapon, in the eventof an all out cyber war. The world certainly seems to be moving in thatdirection.
Already cyber attacks constitute an active component ofnearly every traditional army battle. They are used by the U. S. inconjunction with the air and ground war against ISIS. Some say that aglobal cyber war is already under way, as a result of everyone is gettinghacked. But many states—China, Russia, Germany, France, Pakistan,Israel, and the USA—are actively preparing for somethingmuch larger to come back.
How Opsec himself responds is another matter. He is not the U. S. executive. He once told me he is his own mini N.
S. A. Referring to afriend of equal acceptance, he said, “We write highly invasivesoftware. ” As a made of the Dark Net, he has the facility to invadeChina, and has done so before. I asked him what an invasion would looklike. He said, “We’d find their command and manage structure, thecontrol brain for the malware they use.
Ultimately, what you’d like todo is be able to hack into their C2 servers and a figure out whatinformation they acquired from you, and b insert a command into theirinfrastructure that tells all of the malware available to delete itself. Abotnet takedown, that’s what I’d like to see. We’re at least cripplingtheir network. ” And maybe, he went on, as a present, that you can givethem the identification of the guy whose ransomware brought the hack down.