Trojan Horse (15 page)

He finished his cigarette and set off casually, shifting his backpack to his other shoulder as he once again scanned a narrow alley. Still nothing. He walked briskly to a small mall and went directly to a kiosk where he bought a phone and supply of minutes, paying in cash. Afterward, he made his way to Letna Park with its famous beer garden. Here he could sit alone on the grass well away from any pathway and observe the expanse all about him. A couple was taking in the spring sunshine but they were folding up their blanket when he sat down. Once they were gone he punched in the number.

Whoever he’d reached answered at once. It was a one-way conversation. Ahmed listened closely, locking the information into his memory, thinking he could detect Hamid’s voice at the other end but wasn’t certain. The man was a chameleon. The caller disconnected without pleasantries.

Ahmed rose and walked out of the park. Along the way he removed the SIM card, then took the extra precaution of dismantling the phone itself. He discarded the bits and pieces at various trash receptacles. As he crossed the bridge, he dropped the SIM card into the slow-moving waters of the Vltava River.

He made his way across town, stopping twice, once for a soft drink, but primarily to check his trail. Nothing.

He found the apartment building in an alleyway, one used by pedestrians. He’d told Karim to rent a place where he could blend in and the man had done a good job. There wasn’t a native Czech in sight. On the third floor, Ahmed used the key he’d been given, then entered the tiny room. Karim was out. No surprise. He didn’t get off work until five. Ahmed sat to wait patiently for the man to return, slowly working his way through his pack of cigarettes.

LANGLEY, VIRGINIA

CIA HEADQUARTERS

EASTERN MEDITERRANEAN BUREAU

3:56 P.M. EST

I
want to advise you,” Frank Renkin said, “that we’ve got a very effective word-processing-based Trojan and as it potentially involves your area you should know about it.” As assistant director of Counter Cyber Research, he was responsible for informing the appropriate chiefs whenever anything came across his desk that might be of concern to their area.

Agnes Edinfield was chief of the Eastern Mediterranean Bureau in the Company. She was in her forties, fit if perhaps a bit overweight with short dark hair and dressed in a well-tailored dark pinstriped business suit. Though she had strong features she was a handsome woman.

“Which country?” she asked.

“Likely Iran—one way or another.” Frank gave her a brief summary of what he knew, the gist of which was that it appeared that the UNOG report they’d been anticipating on the Iranian nuclear weapons program had been doctored by means of the Trojan.

Everyone involved knew the significance of the report. After stalling for more than a decade the United Nations had finally indicated it was prepared to move. Frank understood that a source had, for its own reasons, elected to leak critical documents directly to the United Nations Office for Disarmament Affairs in Geneva. The information detailed the groundwork for concerted military action against the mullahs had already been anticipated.

“What changes?” she asked.

“We understand this was to be the final draft. The report is scheduled for release tomorrow. Now we learn that it has been altered to say there is no prospect of an imminent nuclear test.”

Edinfield grimaced. “Altered, you say?” Frank nodded slowly. “I take this as confirmation,” she continued, “if any was needed, that UNOG’s source had it right.”

Iran already possessed a midrange missile delivery system and was not that far from a long-range system that would extend their nuclear threat into Western Europe. The mere existence of such a system would profoundly alter the European Union’s position toward Iran and Israel. The immediacy of an actual nuclear test was the most vital problem either of them faced. Frank was not free to disclose it to her but the first test was reportedly in just two weeks. The Iranians had made remarkable progress since bringing their new computers online and establishing an air gap to protect them from Stuxnet. If nothing was done, all indications were that they’d be a nuclear power before the end of the month.

“We’ve not seen anything previously resembling this Trojan,” Frank continued. “It’s not like the infected PDF files we encountered before. In its own way, it’s as sophisticated as Stuxnet. When you open an infected OW file, the Trojan enters the computer. There it uses an entirely new method to conceal itself. Very clever.” He omitted the details. Edinfield would have no interest in them. “We’ve known this technique was coming for some time; now it’s here. It’s going to make our work much more difficult.”

“I’m sorry to hear that. Where’s it originate from?”

“We can’t confirm a source at this point. But its creator seems to be using it to try to influence events as the time comes for the release of this important report on the Iranian nuclear program. This is very clean stuff, Agnes, unlike almost everything we’ve seen and my people tell me that in their opinion it’s beyond the ability of the Iranian government. All of their computer expertise is dedicated to the nuclear weapons program and to combating the Stuxnet variants that continue to significantly hinder them.”

“How did this come to your attention?”

Frank brightened. “As I said, according to the author of the final draft of the UNOG report, his document was altered.”

Edinfield thought for a moment. “Can you do that?”

“Not without leaving tracks. In this case there are none.”

“I suppose he could be lying.”

“We’ll know soon enough. I’ve printed you copies of the original report, as the author says he sent it, and the one with the changes he denies making.” He laid them on her desk and Edinfield pulled them to her. “I had the changes analyzed. They systematically water down the report and finally give it a different conclusion altogether. They aren’t alterations you can dash off in a minute. It took talent and real effort, as well as a very sophisticated Trojan, though we’ve still not cracked the core of what it does. We’re just working around the fringes. I don’t know how events will play out at UNOG. So far this is tightly held information but that won’t last long.”

“Good job. Let me know what you learn when you can. By the way, where did you get the info?” Edinfield asked. The source of such information often told her a great deal and was always something useful to know.

“Daryl Haugen alerted us. We got lucky. The virus had a bug that caused OfficeWorks to crash, which alerted the IT staff and prompted their investigation. If that hadn’t happened, the altered document would be changing the course of events.”

Edinfield paused as she searched her memory. “Dr. Haugen? The one who worked for the National Security Agency?”

“That’s her.”

Edinfield thought a moment. She’d been involved in blunting, nearly stopping, the Al Qaeda cyber-attack on the West not that long ago. A great job all around, one the Company should have done, not an outsider. Then more of the story returned. “Didn’t she leave the NSA and go to work with Jeff Aiken?”

“They have a company, yes. The British Foreign Office brought Jeff in to troubleshoot this and they turned up the Trojan. Daryl has been working with him remotely and gave me a heads-up, passing along the code once it was identified.”

“I’ll have my people check into this from our side. Maybe there’s been some chatter that will be useful to you. Thanks for coming.”

Frank rose and went back to his office, feeling utterly exhausted. His team was getting to the heart of the Trojan, he was certain, but he still had a long night ahead of him. At his office, he instructed his assistant there were to be no interruptions for an hour. Inside, he stretched out on his couch, wondering briefly when he’d next go home.

April 13 10:30 A.M.

Palo Alto
—The digital penetration of an adversary’s computers is now a reality. Every major country uses computer malware for espionage. It allows them to gather intelligence more easily, quickly and cheaply than do traditional methods. But the line between digital espionage and cyber warfare has become blurred as nations have come to understand that such malware can be repurposed for interference, disruption and attack.

The continuing success of the Stuxnet virus against the Iranian nuclear weapons program has introduced a new age in warfare according to experts. “Stuxnet is a game changer,” says Reginald Bradshaw, a London cyber warfare simulation specialist. “From the date of its introduction the modern world has never been the same. It’s the digital equivalent of the machine gun or artillery.” A better comparison might be the nuclear bomb because a concentrated Stuxnet-style attack has the potential to destroy a nation’s industrial capacity, according to a yet to be released UK Whitehall report.

Until now viruses, Trojans and worms attacked the data within computers. These assaults have been designed to learn what the owners wanted kept private. In many cases financial information is obtained to allow the looting of bank accounts. But now highly sophisticated malware commands industrial machinery to self-destruct, in effect to commit suicide. The consequences can be catastrophic especially if the machinery is part of a nation’s infrastructure or national defense network.

In response to this heightened threat every major country now commits resources to counter measures. The United States has the US Cyber Command, or USCYBERCOM, a part of the US Strategic Command. It is the umbrella organization for all existing U.S. military cyber warfare operations. Significantly, it has both a defensive and offensive capability. “The Americans are no longer strictly playing defense,” Bradshaw says. “They’ve moved into offensive operations. These will be the most secretive in history as deniability is the hallmark of such attacks.”

It is not too far-fetched, Bradshaw muses, to see a day when one nation will attack another through the Internet and in so doing deliver a knockout blow. “I anticipate seeing that within my lifetime,” the forty-three year-old cyber expert says.

For more information, visit Leslie
Washington-Tone.com
.

MANNHEIM, GERMANY

FROHE ARBEIT 20

2:19 A.M. CET

A
hmed eased the Volkswagen Jetta down the street as Karim examined the passing houses carefully, searching for the address in the darkness. Ahmed was concerned that their actions go smoothly, especially at this hour. If they were forced to drive too often up and down this deserted street, someone would surely call the police.

“There,” Karim said. “That’s it.”

Ahmed drove to the side and came to a stop. “Don’t take long,” he cautioned. “I’ll drive once around the block. Be here when I return.”

Karim eased out of the car, tossed his cigarette into the gutter, closed the door quietly behind him, and set off across the yard to the side of the house where Ali lived. Ahmed put the car back in gear and drove away as slowly as he dared, and made a succession of right turns down equally deserted streets before returning to the same spot.

No one.

He sat with the engine idling, wondering if he should make another circuit. He lit a cigarette to buy time. Hamid had drummed it into his head repeatedly that operations and agents were undone by just such stupid incidents. It was situations like this that drew the attention of the authorities. As he pondered what to do, knowing he had to make a decision at once, two figures emerged from the shadows.

Karim slipped into the front seat.
“Salam,”
Ali said, taking a place in the rear, placing a small overnight bag next to him. A wave of cold air swept in with them.

“Salam,”
Ahmed answered. He then drove off with a sense of relief, turning the heater up slightly. Karim opened a fresh packet of cigarettes, turning to hand one to Ali.

Since meeting Karim, it had been a busy six hours. They’d left his apartment and walked to the car lockup around the corner where the gray Volkswagen Jetta was kept for such occasions. Every few months, the vehicle was replaced. One of Karim’s responsibilities was to see to that and keep the car serviced and gassed. Once a week, he ran the engine for half an hour and checked the tire pressure.

The car had started at once and Ahmed had been pleased to see a full tank of petrol. He drove cautiously out of Prague, initially confused as usual by the heavy traffic, the lights, and complicated cross streets. Once on the E50, however, the traffic thinned, the drivers became more predictable. Thereafter the trip went smoothly.

On the way to Mannheim, Karim briefed Ahmed on his recent activities. He maintained a ring of agents in northern Germany. He supervised recruitment from various sympathetic mosques, arranging training and for providing the cash so essential to such networks.