The Lafayette Deception: Chapter 6: Me Client, You Server

Welcome to the sequel to The Alexandria Project, a cybersecurity thriller.  If you'd like to read the book this series is based on, you can read the first three chapters for free here.

Frank was only a couple hundred yards from his camper, but already he was gasping for breath.  He wanted to blame the 8,000 foot elevation of the North Rim, but suspected he couldn’t pin all of his distress on the thin air.  After all, he hadn’t engaged in anything more strenuous than a fast walk since high school.  And he hadn’t been in great shape then, either.

He lurched to a halt and leaned forward, hands on his knees, gulping in the cold, clear air of the morning.  Surely this was hopeless.  What had he been thinking?   

Well, that part was easy.  The morning after dropping off Josette at Burning Man, he had taken stock of himself in front of the mirror in the camper.  What he had seen wasn’t pretty.  How had he managed to gain so much weight over the years?   Why had gravity taken such a toll?

All the way across Nevada he had tried to psych himself up for the effort that would be required to repair the damage.  Surely he could back in shape.  Alright, get into shape for the first time.

Have you discovered
The Alexandria Project?

Buy at Amazon: click icon at right

Buy at iTunes Store

Buy at Barnes & Noble

He told himself he wasn’t too old to try, and he had the opportunity – so why couldn’t he do it?  All he’d have to do would be to start watching what he ate, lift some weights, do a little running, and stick with it till he was done.  It was all just science, really. Simply burn more calories then he ingested, and the pounds would disappear. Piece of cake.

Before turning south in Utah to intersect the Grand Canyon, Frank had gone shopping in the town of Green River.  New sneakers.  A sweat suit with “Brigham Young” emblazoned across the chest.  A set of weights.  He had spent hours on the WeightWatchers (R) website, too, studying the mysteries of the weight loss game.  Then he criss-crossed the aisles of a supermarket for an hour, piling a shopping cart high with all of the food he figured he’d have to eat in order to lose weight.  Nothing could stop him now.

Except, he gasped, that he might die trying.  Maybe he’d have to build up to the running part a little bit at a time.  Straightening up, he set off at a moderately brisk walk, his chest still heaving.

An hour later, Frank arrived back at his camper, tired, winded and hungry.  He opened the refrigerator and stared at the plate of food he had laid out for himself before setting out: two ounces of boiled chicken and six ounces of blanched broccoli.  Oh joy.

He carried the plate outside, paused, and then reentered the camper.  But after three tries on the scale, he still weighed exactly what he had before his walk.  Maybe this would take awhile.

Frank despondently crunched his broccoli and tried to remember where he had left off the night before in his effort to figure out how the hackers had corrupted the polling data.

Okay. He’d decided to assume that the bad guys hadn’t tampered with the systems before they’d been delivered to the pollsters, because some were quite old. He doubted that the pollsters would be more security conscious than most businesses, which wasn’t saying much.  So it should be safe to assume that the bad guys could have slipped some malware into the system of every major pollster. But assumptions were one thing; he needed to know in fact how hard it would have been to hack the systems the pollsters were actually using.

Frank retrieved his satellite phone from the camper and began dialing. A minute later he was connected to his detailer back at Marvin Gardens.

“Victoria, have they finished running the scan yet on the pollsters’ systems?”

“Sure.  Do you want the detailed reports?”

“Yes, but at the moment all I need is just the bottom line.  Did any of them stand up?”

“Not even close.  Surprised?”

“No, but one more question – did they use a Red Team, or just a commercial outfit?”

“Straight out of the phonebook.” 

Okay, that was useful to know. Running a scan meant that someone who knew what they were doing had made a determined effort to test a pollster’s network for vulnerabilities – in other words, had tried to get past their firewall, the same way that a hacker would.  A Red Team would have been one of the crack forensic squads of the National Security Agency.  There was nobody better than an NSA Red Team, or at least so the government hoped.  Since Marvin had been able to get in using a commercial firm, Frank could safely assume that any self-respecting hacker could, too.

All well and good.  But if the hacker had gotten in, why hadn’t Marvin been able to find the malware?

“So tell me about the server logs.  Were they able to find the attack that got through?”

“Yes and no.  As you’d expect, we did find some successful entries, but they were all pretty predictable, random ‘bots – nothing targeted at the polling data.”

‘Bots – short for robots – were networks of co-opted personal computers that hackers had already taken over.  Office computers, home computers – any kind of computer – that a hacker had been able to access, and then take over with a program that allowed the owner to continue using her platform the same as always, unaware that someone else was using her computer as well; at most, it just seemed to run a bit more slowly than usual.  But that computer was now networked with thousands of other ‘bots, all working together like a super computer, to do the bidding of the hacker that had taken them over.

One thing a network of ‘bots could be used for was to take over more computers, until they might number in the millions, like the system amassed by whoever was in control of the Conficker computer worm.  With that much computing horse power, the hacker could do all sorts of things – overwhelm a website with a “distributed denial of service” attack until it crashed, or run through every conceivable password in a matter of seconds to get past a firewall.

“Any evidence of spear phishing?”

“Not that we’ve been able to tell.”

“Okay, thanks.  Appreciate it.”

Frank went back to the edge of the canyon and stared out, arms folded.  Spear phishing meant masquerading as someone an email recipient assumed was legitimate, say a co-worker. A Spear phishing email would include a link to a website, or would include an attachment that the recipient was asked to open.  In either case, the single user click that would follow would be enough to download the malware on to her system.  And now not only her desktop, but the entire network of her employer would be open to attack, because the first thing the malware would do would be to create a “trapdoor” on a network server that the hacker could open, enter through, and close on command.

So where did that take him?

Since the server logs, which recorded every single external access of a server, hadn’t pointed to any directed attacks, that should mean that spear phishing was still the most likely explanation for the multiple compromises, even if the scanning team hadn’t been able to find a phony email.  It didn’t surprise him that at least one employee at each pollster might have fallen for the gambit.  After all, RSA, one of the biggest security software companies in the nation, had suffered the same fate.  In that exploit, even though RSA’s spam filter had labeled the spear phishing email as “junk,” an employee opened it anyway, and then clicked on the spreadsheet attachment, which allowed a remote control program called Poison Ivy to install itself.  The hacker was able to work his way out from that first foothold, eventually stealing the information he needed to penetrate an as yet unknown number of RSA’s clients, including major defense contractors.

There was just one problem with that theory, though.  According to what Frank had been told, the minions of Marvin had already set up a brand new system and then simulated the data input process, and still the data had been corrupted.  So much for the Moby Dick hypothesis, since there had been no email to open. Still, the guys in the black hats must have gotten in somehow.  He’d just have to run his own tests and hope to notice something that the professional spooks had missed.

Frank turned on his laptop and logged on to the virtual machine that mimicked a pollster’s server.  He opened up the polling package, picked a question template that assessed the popularity of multiple candidates, and filled in Huey, Dewey and Louie as the candidates’ names.  Then he paused, and on a whim deleted them with a smirk.  He wanted this to be as realistic as possible, and that was giving the current field too much credit.  He typed in Moe, Curly and Larry instead.  Then he assigned a few responses, deciding that today would be Curly’s lucky day. 

But when Frank called up the report function, sure enough, Larry had come out on top.  He had exactly the number of votes that Curly was supposed to have, and Curly had his total.

Frank drummed his fingers on the arm of his folding chair and mused.  He hadn’t opened any email, so a spear phisher couldn’t be the culprit in the test he’d just run.  Also, Marvin claimed that the polling software was fresh from the factory, and that the software was identical to the program that used to execute flawlessly before all the fun had started.  He decided that there must be some kind of latent feature that had been there all along, just waiting to be triggered.  That would do it, right?

He called Victoria back.

“Vicky, did anyone try to figure out whether there was some sort of time bomb in the polling software?  There doesn’t seem to be any other possible explanation for what I’m seeing here.”

“Of course.”


“No time bomb.  What do you think we are, stupid?”

In fact, he was still reserving judgment on that question.  But his inability to come up with a half-plausible theory was beginning to make him more charitably inclined.

“Of course not.  Just frustrated.  Thanks.”

Now what?  Maybe if he added some new data and then checked the server logs he’d notice something this time.

But after five minutes of inputting random polling data, his server froze. Frank grumbled to himself and set it to reboot.  Might as well keep working, though, so he called up the local copy of the same software on his laptop and started entering data while his server cycled.  Once the server was back on line, he’d upload the data and resume working off of the serve. 

A minute later, and he was done.  But the server was still cycling.  And cycling.  Annoyed, he ran a local report on his laptop, expecting to see that once again Larry had tucked it to Curly. But to his delight, he found that this time Curly had held on to his lead.

At last he was getting somewhere.

– 0000 – 0001 – 0010 – 0011 – 0100 – 0011 – 0010 – 0001 – 0000 –

If you’re enjoying The Lafayette Deception, please tell your friends!

Read the next chapter here

Read the first chapter here

 You can also follow Frank on