Hacking with Malware
It all depends whether you are a White Hat or Black Hat when it comes to a national intelligence agency’s anticipated outcome in a hacking scheme. Are you the good guy or bad guy in the hacking game? The hacker or hackee? Most would agree it’s best to be the hacker controlling the exchange.
In my novels the CIA, MI6, Mossad ,and DGSE (France’s Directorate-General for External Security) are White Hats employing malware to spy on their adversaries and to compromise the enemy. They also need to make sure no Black Hat spying is being directed back at them. It’s a zero sum game played with big stakes banking on the outcome.
Malware has become very sophisticated. The object of these specialized bugs is to provide a leg up in anticipating the enemy’s actions and reactions in clandestine or terrorist missions, not to destroy or disable their computer network.
Malware is ingenious, capable of destroying entire command and control computers, as illustrated in my second novel, Killing Time, where a Stuxnet virus did just that in Iran’s nuclear facility at Natanz. Other viruses are tailored to infiltrate command centers computers to feed a steady stream of useful information, “intelligence,” in agency jargon, back to the interested parties.
The infiltration of malware requires carefully planned and executed schemes. In my third novel, Retribution, the CIA has recruited six young Green Party , university educated dissidents in Tehran, code-named the “cousins.” Their mission? To penetrate the Revolutionary Guards’ Tehran command center with the Flame and Gauss virus.
See the excerpt below and you’ll get the idea how this “hacking game” can be very productive for an intelligence agency.
THE FRUIT VENDOR
TEHRAN – Same day
Nasir Abdul wheeled his large fruit stand down the ramp of his truck onto the curbside edge of the sidewalk. He arranged his street vendor permit in clear view in case the ubiquitous police sauntered by to harass him. Sharia and civic laws were oppressive. Even trivial matters were regulated, creating an aggravating atmosphere to conduct daily business. Tehran’s secret police were enough to piss off the Good Humor man. Best to avoid confrontations you had no chance of winning, he pragmatically thought. Fascist bastards.
Nasir put up his colorful awning to shade him from the predictable hot afternoon sun. It also signaled he was open for business. In minutes he was good to go. He had the routine down pat. He knew he wouldn’t wait long for customers in this upscale neighborhood with the big office building on the corner.
The sign on the large cart clearly read in large Persian script, “Fresh Pomegranate Juice –The Best in Tehran.”
Many agreed that it was indeed superior to juice peddled by other vendors in the many bazaars scattered throughout the bustling Iranian city of 8.5 million people. Not an idle boast. Patrons flocked to his stand. The cool morning spring air greeted his daily ritual of the past two years. Business had been surprisingly good. He displayed photos taken with his iPhone of his loyal customers who frequented his stand daily, supposedly flattering them, but it was nothing more than a deception. Nasir harbored ulterior motives.
Many customers were Revolutionary Guards whose IRGC/Quds headquarters occupied the corner high-rise building only about thirty feet away. Formerly, it was the US Embassy before the 1979 Islamic Revolution overthrow of Shah Pahlavi, initiating a nasty hostage situation and diplomatic break lasting to the present escalation of hostilities with America.
Nasir knew the history of the Quds Force, led by General Qassem Soleimani. Quds constituted an elite paramilitary division of the IRGC dedicated to international terrorism, sponsoring Hamas and Hezbollah, and supplying IEDs to America’s enemies in Iraq and Afghanistan. Quds maintained twenty training camps scattered across Iran. Soleimani answered to General Muhammed Ali Jafari, commander of the IRGC Army of one quarter million, who answered to the Mullahs.
Nasir was familiar with the hierarchy. He had good reason to memorize the command structure. He was a spy.
Nasir had a good working relationship with the IRGC personnel. He joked with them, an action most vendors would avoid. They tolerated the gregarious, good-natured, industrious peddler. And his pomegranate juice lived up to his boast—simply the best. They patronized his stand daily, morning to evening.
“Good morning, Nasir. We’ll take two juices for the office. We’re on the run,” two officers requested.
“Interested in fresh-baked Nan-e-Gandhi?” referring to a sweet bread–like taftoon, a breakfast favorite in Tehran.
“Good idea, Nasir. You’re quite the salesman.”
Nasir laughed, bagging the two Revolutionary Guards’ order with a smile.
“That’ll be two hundred rials or twenty tomen for the bread, and fifty rials each for the juice, three hundred total.”
Normally there would be a few dinars change, but because of inflation following international sanctions, no one bothered subdividing a rial into 100 dinars anymore. Simply not worth the bother, dinars were done, practically worthless.
Nasir was no ordinary street vendor in yet another way. Unknown to his customers, he had earned a degree in computer engineering, graduating with honors from the university. If they had known, they would have naturally questioned the thirty-year-old merchant about why he squandered his education to become a common street vendor, hawking juice. And, rightly so.
If he revealed the true reason, or it was somehow discovered why he had chosen this mundane occupation, it would have cost him his life.
Nasir secretly led his district’s Green Party underground movement on the other side of Tehran where he lived, basically promoting insurrection against Iran’s tyranny.
The Mullahs’ theocratic rule, Revolutionary Guard oppression, and the dreaded secret police, VEVAK, conspired to stifle free expression, socially suffocating the well-educated, secular-leaning younger set of under-thirty-year-olds who constituted two-thirds of Iran’s 75 million population.
They sought freedoms associated with modern, democratic western societies. They abhorred tyranny. They hoped to achieve democratic reform, possibly a pipedream, but worth the commitment to the Green Party.
Information technology allowed worldwide communication over the Internet. That changed the social equation. There were millions of them rebelling, longing for the right to free expression, a modern mode of life. They cried out for social equality.
They were wired into all the social media and news outlets on Internet. They knew what was going on elsewhere and resented their repression, boldly expressing their dissatisfaction with Persian Spring, and held demonstrations and organized protests in the streets. They were repressed by the government with little or no support from the western world, other than news headlines. Foreign politicians offered lip service, but no sustaining assistance to a popular uprising that may well have toppled the oppressive government.
A Green Party colleague, Leila Hatami, a member of a covert, seditious group of five accomplished hackers nicknamed “the Cousins,” recruited Nasir to spy on the IRGC headquarters—but doing much more than taking their photos and chatting them up, subtly noting their name, rank, and job description, piecing together the building’s hierarchy, noting casual slips of potentially useful classified information.
Leila gave him a crash course in hacking and provided cutting-edge spy malware. She trained Nasir to monitor classified information emanating from inside the IRGC headquarters with a sophisticated array of electronic eavesdropping espionage equipment well-concealed inside his fruit cart behind cans of pomegranate juice ingredients, utensils, and plastic glasses. A perfect ruse.
The fruit stand represented nothing more than a shrewd subterfuge underwritten by the CIA. It introduced a new era of undercover espionage developed by joint research of allied intelligence agencies, put skillfully into use by the Cousins.
The Cousins managed the cyber theft and relayed the information daily by encrypted satellite transmission to their handler, Rokman Behrouz, an Iranian relative operating out of Langley’s NSA communication center.
The small group’s hacking expertise had undermined Revolutionary Guard operations over the past two years by tipping off the CIA in advance, facilitating evasive action or thwarting counter-terrorism plots. The CIA shared this clandestine information with Mossad and MI6 on a regular basis, enhancing their relationship.
The Revolutionary Guards couldn’t figure out how their enemies were able to interfere with their plans, especially foiling their highly classified Underwater-Devils Tower operation with the Cubans last year in the Gulf of Mexico.
Unbeknownst to the IRGC, the Cousins had secretly penetrated their computers with brilliant advanced persistent threats, known as APT’s. They infiltrated the Flame virus early on and more recently introducing the Gauss virus through an unpatched payroll system vulnerability.
Hybrid offshoots, both new viruses exploited many of the same vulnerabilities as the ingenious Stuxnet worm that had sabotaged the Natanz nuclear facility by taking over the command and control systems, destroying nearly a thousand uranium enrichment centrifuges. Stuxnet had set the Iranian program back a year or two with its crippling affect. Now the Cousins had undertaken a new mission.
The Cousins had established a reliable, conventional Trojan horse backdoor into Revolutionary Guard classified communications. And now, Nasir’s fruit stand took it to the next level of proficiency.
The Flame virus rivaled Stuxnet as a complex, sophisticated malware program, without 0-day exploits. Essentially, it acted as a desktop spy, orchestrating a number of functions. The program monitored keystrokes, stole passwords and even recorded conversations occurring in the infected computer’s vicinity. It surreptitiously took screen shots as well.
The virus relayed all information to command and control servers for streaming, real-time software updates. These servers were concealed in the Cousins’ ringleader’s penthouse apartment across town.
Their leader, Jafar Panahi, coordinated the group’s activities from there, relaying the stolen data daily to NSA for analysis via encoded satellite transmissions.
Some people are smart, some are well-educated, and some possess both attributes. The Cousins fell into the both category. Actually, they were brilliant.
The Flame virus was programmed to communicate with mobile wireless devices via Bluetooth signals, a rare capability for a malware app. The fruit stand arrived in the morning, monitored the IRGC during working hours, and returned home at night with Nadir. It was a perfect setup.
Even if all the target’s communication and control systems were cut off, the programmed mobile device hidden inside the cart gathered information out in the street to relay continuously to Jafar’s servers across town. Snooping at its most talented and elegant level occurred all day long at the fruit juice stand.
The Cousins had recently infiltrated the Gauss virus into IRGC, again unsuspected. This enhanced their spying capability with a specially encrypted warhead to steal and monitor data. Along with Flame it could monitor real-time conversations taking place near a bugged computer.
“Someone” was always listening into IRGC chatter. Once the Cousins hacked in, it was almost impossible to get them out. They were that good and they addressed their new mission with vigor. No one surpassed their dedication or finesse.
Rokman Behrouz of the NSA had instructed that they search diligently for information leading to the identification of the IRGC agent who managed the assassination of the wife of a senior, high-ranking CIA officer, Biff Roberts. He was a person well-known to the Cousins because of his successful role in the rescue of Leila Hatami last year, whisking her away to Azerbaijan with the adept assistance of Mossad. They owed him one.
VEVAK had discovered Leila’s covert, subversive role, but the secret police remained in the dark regarding her relationship with the Cousins. VEVAK had not the slightest clue that the Cousins even existed, much less that they were allied with and supported by the CIA.
The Cousins had every intention of honoring the recent NSA instructions with due diligence. They considered it an obligation and they owed the CIA field operative a great debt. Someone inside that IRGC building had set up Biff Roberts’s wife for assassination, most likely the Quds division. They intended to discover who was responsible.
It was just a matter of time.