The Standards Blog

Alexandria Proj. Chap 17: May the Force be with You

Alexandria Project (a Cyber Thriller)

New to The Alexandria Project?  Find a plot synopsis and guide to the characters here, find the earlier chapters here, and follow the Further Adventures of Frank on Twitter

Just as Bart Thatcher promised, Frank saw nothing but forever when he looked to the west – simply wave after wave of mountains and valleys extending effortlessly into the haze of the horizon. From high above, where the branches of ponderosa pines laced together, the squawks of scrub jays filtered down, along with the dappling light of the afternoon sun. And next to him rested a laptop connected to the outside world via the formidable telecommunications resources of Frank’s improbable, but undeniably useful, Solar Avenger.   Frank was already oblivious to the stunning view ahead of him, now that he was focusing non-stop on cracking the secrets of the Alexandria Project. His goals in that pursuit were clear: figure out how those behind the Project penetrated their targets; devise technical defenses capable of stopping them; and figure out who they were and where they were striking from. Unfortunately, it wasn’t going well.   

The first task hadn’t taken long to complete. Sadly, any target big enough to be interesting invariably had plenty of weaknesses that any determined hacker could discover. Frank concluded that that the Projecteers had employed a variety of fairly standard methods to exploit flaws in the defenses of each of their victims to date.

That realization made the second challenge much more intimidating – particularly since he had no idea what the ultimate goal of the Project might be. If the bad guys were really only trying to demonstrate the vulnerability of essential systems, well, there wasn’t going to be much he could do about that. There were simply too many available targets of opportunity to protect. But if all of the attacks so far were intended as camouflage for a much more targeted and nefarious objective, how could he stop that attack unless he knew what the target was?
 
That meant he had no choice but to abandon defense as a strategy and go on the offense, by tracking down the Alexandria Project back to its source. But how? Not only could the individuals behind it be anywhere, but it was all too easy for them to work through servers all over the world. And indeed, it seemed as if they had attacked from a different starting point every time.
 
So it was that a very frustrated Frank was sitting in a folding chair in the outback of Nevada, poking around the dark corners of the Internet in hopes of picking up the trail of his quarry in the places where those versed in the ways and wiles of hacking hung out. During the first day he nosed around the sites where millions of pieces of valuable personal financial information traded hands on a regular basis like so many hog futures. But he couldn't find a single hint anywhere that the Project might have a financial motive.
 
For several days after that, he scoured the Web for any buzz connecting the Chinese, the Russians, the North Koreans – any nation at all – to the Alexandria Project. Once again he came up dry – there was nary a rumor to be found that seemed credible enough to follow up.
 
Today he was trying something riskier, and had already spent hours visiting sites that might be linked to terrorists. Frank knew he had to assume that the CIA would be monitoring these same sites very closely. Some of the sites were doubtless even decoys set up by the agency itself to identify people who might be susceptible to recruitment by the real bad guys. 
 
Anyone might browse into a single one of these sites and swiftly move on without attracting too much attention. But if Frank followed a link from any of these sites to another of the same breed, he’d be sticking his nose up high enough to attract the wrong sort of attention. To prevent that, he'd loaded software on his laptop that would establish a new IP address for his laptop each time he switched to a new site.  That way, he would look like a different visitor every time.
 
But by late afternoon he was frustrated. After spending four days perched in his mountain aerie probing the Web, he had little to show for it. As the sun set, he finally admitted to himself that he had no choice but to play his last card. 
 
He would have to consult Yoda.  
 

- 0000 - 0001 - 0010 - 0011 - 0100 - 0011 - 0010 - 0001 - 0000 –

 

 
Frank had first encountered Yoda many years ago, back when he was still living off his MacArthur grant. In those days, only serious computer users, and not many of them at that, with academic, scientific or government connections could get on line. There were no graphical user interfaces, either. All you saw were ghostly white letters marching across small monochrome computer monitors as members of user groups posed questions, received answers, and held discussions. 
 
Out of the ether of one such anonymous discussion a curious, recursive voice had responded once to a question Frank posted after he had run out of solutions for a thorny problem. After describing his quandary at a UNIX list, he watched as the following message appeared:
 
>Maybe the answer you know already.
 
What the hell was that supposed to mean, Frank wondered? Not very imaginatively (or tactfully) he responded:
 
What the hell is that supposed to mean?
 
A response immediately followed:
 
>Maybe in the way is your nose. If your nose you move, the answer you may see right before you.  Yoda
 
That was all there was to the message. Puzzled, Frank went back to read his original question. Suddenly he saw something that should have been clear to him from the beginning. He typed a response to Yoda’s message:
 
Thanks – you’re right. I should have seen that myself. I really appreciate it.
 
But there was no reply.
 
Not often, but ever since, Frank had returned to the same ancient discussion group, still hosted on a UNIX server somewhere. For years now it had been rarely used for any purpose other than his rare exchanges with whoever it was that had adopted the name, and the inverted prose style, of the famous movie character. 
 
No matter how long it had been, whenever Frank did return, Yoda was always there, as enigmatic, omniscient – and frustrating - as ever. Frank had long ago given up trying to draw him out, which was impossible. Yoda only answered direct security related questions, and then using what seemed like a curiously limited phrasebook. Frank invariably felt like he was consulting a Magic Eight Ball or Ouija Board - only it was much less fun. 
 
Yoda was so gnomic that Frank sometimes wondered whether a developer was using him as a guinea pig to help debug a program intended to pass the Turing Test. If so, it was a damn good program, because somehow Yoda’s infuriatingly obscure responses always helped Frank find a way through whatever snarl he was trying to unravel.
 
So it was with as much weariness as hope that Frank logged in to the ancient user group, keeping his mental fingers crossed that no one from Washington was monitoring it.
 
          Yoda, I have a problem - Frank
 
          > Long has it been, Frank. What is your problem?
 
It’s a tough one. If you are following the news, you must know about the Alexandria Project.
 
> Follow the news I do not. But know of the Alexandria Project I do.
 
Frank’s heart skipped a beat.
 
          You do? Do you know who they are?
 
> A strange question is that you ask. Who am I? Who are you? Who is anyone? What is “who?”
 
Frank took a deep breath and reminded himself to slo down. Then he began to type a long explanation of what he knew, and what it was he was trying to accomplish. Finally, he ended with another question.
 
So you see I need help figuring out two things: how do I protect sites from the Alexandria Project, and how do I find out who is behind the Project itself.
 
Frank realized he had typed several pages of text, and wondered whether Yoda knew any of it already, if indeed he was already paying attention to the Alexandria Project. But nothing appeared on Frank’s screen for a long time. He drummed his fingers on his knee as he waited impatiently, oblivious to the spectacular sunset that was unfolding before him.
 
At last, white letters began scrolling across his screen.
 
> Two questions you ask not one. Explore the second I will first, because solve the second problem first you must.
 
OK – thanks. So how do I find those behind the Alexandria Project?
 
> Consider the lobster.
 
What? This was a pretty odd answer, even considering the source. Frank took a deep breath and tried to assume a Zen-like frame of mind in an effort to better coax Yoda into sharing whatever insights he might have. Then he began typing once again. 
 
There is much to consider about the lobster. What about the lobster should I consider? His senses? How he tastes? His exoskeleton?
 
> Before a lobster you can consider, a lobster you must have.
 
You mean I must find a lobster?
 
> The fisherman lobster does not the lobster find; the lobster finds the fisherman.
 
That was true, Frank thought. A lobsterman sets traps, and then the lobsters walk into them. Yoda must be suggesting that Frank must set a trap that would attract the Alexandria Project to him. He hadn’t considered setting up a fake site imitating the type of target the Project hacker was exploiting because he had already witnessed the attacks the Project had made on the Library of Congress.
 
        You mean I should set up a honeypot?
 
        > Decide that you must for yourself.
 
Let’s say I do. And let’s say those behind the Alexandria Project take the bait. What then?
 
> Consider the spy.
 
Spy vs. SpyFrank mulled that over for awhile. The Alexandria Project intruders were at least a lot more like spies than lobsters, so this felt like progress. But he couldn’t make out where Yoda was going. He’d have to try to nudge Yoda into giving him more clues to figure out where he was headed.
 
OK. I don’t know what they are really up to, but they are certainly acting as spies along the way. 
 
Frank waited but got no response. Exasperated, he added:
 
And, like spies, we don’t want them there.
 
>Never?
 
Frank let out an audible “Huh!” That was an interesting reply. When might a spy be welcome? 
 
He leaned back and stared into the distance awhile as he pondered that one. Well, if you could turn a spy against its master, he could become your servant instead of your enemy. And even without turning a spy, you might be able to feed disinformation to a spy, and mislead his master. Maybe he could get somewhere with that.
 
I guess you mean you turn a spy or feed him false information. Is that what you mean?
 
> What does “mean” mean?
 
Frank sighed and tried another tack.
 
Let’s say I’m following what you have in mind. If I am, how could turning or misleading the intruder help me in this situation?
 
>For yourself, decide that you must.
 
Frank knew he was not likely to get more out of Yoda on this question, so he set the laptop down and stood up and began walking around his clearing, lost in thought. The lobster part was clear; if he could fake a complex IT environment and bait it with the right type of information, he could watch the intruders in action. Perhaps he could even mislead them. But the people – whoever they were – at the Alexandria Project didn’t have to send spies to do their work. They were able to penetrate sites from afar. So how could he turn an intruder against itself?
 
Well, maybe he wouldn’t have to turn the intruders themselves. He knew that they were planting malware at the sites they attacked. He should be able to find that software and alter it. If he did, he might be able to make it return false information – or even plant software of his own on the Project’s own network. Perhaps he could “turn the spy” after all, with the Alexandria Project being none the wiser.
 
Frank sat down and began typing again.
 
If I can lure the Project into my honeypot, I can watch what they do until I can imitate them. Then I can remove whatever robots or other malware they plant and respond just as that software would respond – except nothing malicious would be happening. Is that what you have in mind?
 
>”In mind” have I nothing. A collection of synapses is a mind, or so they say. If right they are, that is all have I “in mind.”
 
Frank could afford to simply smile this time at Yoda’s coy reply. Now he had the beginnings of a plan. But he was still only half way home, so he started typing again.
 
I think I’m OK on that part now - thanks. But I’m not sure how this will help me find the Alexandria Project itself.
 
> Follow the iBalls you must.
 
Frank stared at his computer in astonishment. Why in the world was Yoda bringing up iBalls? Did he somehow know that Frank was behind them? If so, how in the world had he made the connection? Cautiously, Frank typed:
 
iBalls?
 
> iBalls I say, and iBalls I mean. Follow the iBalls you must
 
Frank was taken aback, and simply typed:
 
How?
 
>Your force will be with you if your crowd you let lead you to the source
 
Enigmatic as it was, Frank appreciated that this was as direct as Yoda had ever been with him. But the meaning of Yoda’s advice still evaded him. Tantalized, he tried one more time.
 
I hear you Yoda, but I don’t yet understand you. How will I find the Alexandria Project?
 
But Yoda’s patience had reached an end. Yoda signed off with this final cryptic line:
 
> Get by you will - if an island you are not.

Carl can't follow Frank on the run, but you can, on Follow
Adversego
on Twitter

          Email this chapter to a friend

Email the first chapter to a friend

Read the next chapter

Read the `last chapter

       Read the first chapter

 

Comments

Permalink

Hi Andy,

Enjoying immensely ... but, I think you will find that the URL (as described by Wikipedia) is the location/locator of the site being visited by Frank, whereas the 'IP Address' is the identifier of the source of an enquiry to a site by Frank's laptop, i.e. the current address assigned by, in your and my world, one's ISP (Internet Service Provider).  I don't know how Frank is accessing the Web, but I presume by satellite, and then linking via a 'proxy server' that hides the 'source' or originator's IP address.  Maybe, 'cos he knows everything, Frank is using multiple proxy servers or he is controlling it by the software, that you mentioned,  to assign a new IP address for the proxy server each time he accesses a new website and/or URL of his target.  Any further advice on this subject is above my pay grade, and I am retired!  May the force be with you!

Minrich/Tor,

 

Thank you both for the advice - it looks like the source of information that I was using when it occurred to me to throw in this detail is out of date.  At the time, assuming the source was reliable, the FBI and CIA were supposed to be using someone's linking to identify them as possible sources of concern.

 

So two questions, if you have a moment: 

 

-  is there enough validity left to this technique to preserve the thought?

 

-  if so, what should I say that Frank is doing to avoid being highlighted by his browsing history?

 

As always, thanks for the advice.

 

  -  Andy

Permalink

I wrote:

"An obvious way to "subvert" such tracing is to spoof your MAC address. However, if the investigators can find the land-line or Wifi station where the request originated, you mostly are not much better off. You do not want to have to convince the people knocking on your door that it really was not you who did it. If they go inspect your computer bit by bit, they might very well find something incriminating. And they WILL find traces of everything you did if you used Windows."

 

Rereading it, I think it is a little confusing. I am convoluting a lot of cases.

 

My basic points are: If you operate from home, your IP address will be linked to your street address. What you do with your MAC address is irrelevant.

 

When you log in at work or school, break into another persons Wifi, or access any public network, you can temperarely change your MAC address. Then MAC spoofing is a line of defense that might work out.

 

However, you have to be close by to get into a LAN or attach to a Wifi network. So you were there. And knowing a place and time where you were around is a great way to start finding you. So this might work as a last line of defense, say, when you access your network of proxies from an internet cafe.

 

But doing odd stuff in a public place has its own risks. And there are cameras everywhere.

 

Winter