A World War IV soldier talks about his battlefield heroics
I know not with what weapons World War III will be fought,
but World War IV will be fought with sticks and stones.
I remember that quote well; I’m one of the reasons the great Einstein was proved wrong. But then, even Einstein couldn’t have imagined how fast technology would invade our lives.
The quote was very popular during the Cold War, and even aided government-funded propaganda. Those were the days when most of us lived in fear, with images of mushroom clouds in our nightmares. The rich and paranoid built underground bunkers and stocked them with a year’s supply of food. The rest of us would dart furtive glimpses at the sky at even the hint of a siren. When the Cold War finally ended, World War III began…
The third instalment is actually the only real World War. The soldiers are called “terrorists,” and the battlefield is your backyard. It continues today; though governments have fought back and tried to minimise such events, you probably still read about the odd incident halfway across the globe, if not right in your city. To be honest, I cannot complain much about it, because WWIII is what forced countries to go high-tech, get connected and start depending on technology—it’s what lets me afford my luxurious life.
Who Am I?
I can’t tell you my name for obvious reasons, but I can tell you that World War IV has begun, and I’m just one of thousands of soldiers fighting it. I’ve never held a real gun in my life, though I’ve fragged my fair share of enemies in my favourite FPS game. I’m certainly no James Bond either, and I have a fast-developing pot-belly—the kind beer-drinking couch potatoes proudly sport. I have a regular day job, which involves nothing more than sitting in front of a PC while I administer a small company’s servers, so obviously, I bore easily. What I do have, however, is something my government is willing to pay a premium for, and it’s the reason I have my moolah locked safely away in a Swiss bank vault. I drive a Maruti, but I can afford better. I live in an apartment—a true bachelor’s pad—but no women ever visit. I guess they don’t like the smell of rotting pizza, or my décor—if you can consider eight LCDs, four PCs and spaghetti tangles of wires “décor.”
I’m a geek of the highest order, and yes, I will inherit the Earth. I trudge through my work day, itching to get home and start the real fun. At night, I sit awake at my PCs, probing computers across the world looking for backdoors. Currently, I have a little over two million drones in my botnet, but still I can’t seem to make it to the Top 50 Hackers list. I’m hoping that will change soon.
I have a meeting today, so I rush home, kick off my shoes and log on. I find my way to my IRC chat room and I see my contact is already there. He’s been waiting impatiently playing the trivia game on the room’s bot. I know this because a millisecond after I log in, he messages me and tells me. It’s straight to business; he informs me that the Chinese have been attacking government sites with DDoS attacks and are generally being a pain. He’s willing to pay me to return the favour. It’s not really big money, but hey, it’s still some fun… The icing on the cake is that I know I’m not going to be caught. A license to kill—people’s inboxes, PCs and Net pipes, that is.
I give him my PayPal account details and just as I’m about to leave, he says, “Hang on. I just got new authorisation.” I can smell the money, so I wait patiently. In 95 seconds he’s back, telling me his “company” has authorised him to pay a significantly higher amount for information or a backdoor into the Chinese government servers. For a considerably lower bounty, I can hack their Web sites and redirect them to, well, pretty much anywhere I want. “Nice,” I mutter to myself, “I’ve been eyeing the iPod Pico for some time now.”
There are signs that intelligence agencies around the world are constantly probing other governments’ networks looking for strengths and weaknesses and developing new ways to gather intelligence”
Peter Sommers, London School of Economics
Now big government hacks may pay a lot, but I can’t stop my bread-and-butter business. I pop open a console window, create a batch file and send it over the botnet. Over two million PCs worldwide are connecting to popular sites in China, slowing them down and preventing legitimate access. I’m earning $50 per hour per site, and I can easily keep these sites down for six hours before they ban most of my botnet’s IPs. Of course, I’m not going to stop there. In another IRC room, the list of connected users reads like an FBI’s Most Wanted list. I announce that I have a paying job, and in under 10 minutes I’ve recruited 14 soldiers like myself. With a collective botnet strength of over 20 million, I can keep the attack on for days—though I’m sharing the spoils, I still get the lion’s share.
January 1, 2013, Beijing
A hacker group that calls itself the Thirteen Ghosts broke into Government sites this morning. Six of the big cities had flights grounded for over six hours; rail systems are still not back online and traffic lights went haywire, causing a few hundred fender benders. The worst hit was the National Bank, which was first DDoSed, then hacked into. As a result, millions of dollars were donated to charities across the globe and detailed information about thousands of credit cards was stolen. This is the worst cyber-attack the world has ever witnessed, and a Government spokesperson puts the estimated damage at a little over $1 billion US. Luckily, no human casualties have yet been reported due to the mayhem that continues even now.
The smell of money wafts into the air as I remember the other offer. I know just where to find the right people for the job. Unfortunately, these guys are way better than me, and expect a lot more money. Still, 10 per cent of a lot is way better than 100 per cent of a little. It will take a few days to co-ordinate the whole thing, but we have the luxury of time.
To begin with, one of my “friends” reports that the Chinese government site is easily hackable: it seems to have little or no security. It will be easy to deface the site, but it will be just as easy for the site admin to get it back to normal—unappealing. A few days later, another friend, who specialises in Trojans and backdoors for Linux server machines, happily announces that he has found his way through the first hack into the Web server, and can now connect to the Chinese railway system. A little more probing by our team reveals that it’s quite possible to get into some major airports too.
News spreads fast in our little online world, especially when there’s money involved. My specialty has always been the networking. No, not the WiMAX/LAN type; I’m talking (anti?) social networking—I just bring like-minded people together and unite them in a cause. I will help test the backdoors, but after a few days, because we can’t risk waking the sleepy admins whose systems we’re penetrating.
I report to my “company” contact and give him all the details we have—14 popular sites can be defaced, including China’s most popular directory listing site and four government sites. Apart from that we can gain access to some A-grade city grids—air, rail and road services can be tampered with. “Excellent,” he types, “give me a day to report this.” He’s back in less than 12 hours with his orders. Full-frontal assault, take no prisoners!
D-day approaches. It’s close to the Chinese New Year, which means loads of tourists and a strain on the infrastructure—perfect! By now my little army has grown to 13 people from four countries. We sit around nervously in our IRC chatroom and joke about what to call ourselves. “Thirteen Ghosts,” someone suggests. It sticks—we like the idea of being able to get in and out like ghosts.
The attack begins the next day. While the geniuses start by gaining root access to the Web servers, I run a script to start a DDoS attack. I’m attacking some other government sites on the same IP masks as the compromised server. I’m just a smoke-screen, toying with useless servers to keep any alert admins busy. These admins should be able to thwart my “attack” in a little under two hours if they’re efficient; six, even if they’re not—ample time for us to plant our little e-bombs.
My measly 100 Mbps connection is hardly strained while DDoS-ing the four government sites, my friends have already gained access to the railway servers. In under 45 minutes, they have access to four major airports, and no-one’s the wiser. We’re won’t crash any planes… we probably could, though.
My IRC chat client goes berserk. I get 40 messages in under three seconds, causing my speakers to spit out the “bing” alert multiple times in a quite confused manner. “Hallelujah, Eureka, wheeeeeeeeee,” screams a friend. “What?” I ask. “Jackpot, baby, jackpot. We’ve hit the mother lode!” he types back in all caps—quite intentionally. Not only do the Thirteen Ghosts have access to the Rail Services and Airports, he’s also managed to penetrate the traffic system, while his sister—who, incidentally, is amongst the top 50 hackers in the world—thinks she can get into the payment gateway of the country’s largest government bank in about two hours. Oh well, if bank admins are dumb enough to use keyboard combinations for their passwords (azsxdc, 1p2o3i, etc.) they deserve to be robbed. She gained access with a simple brute-force password cracker, putting to full use the power of her Intel 80-core rig.
|Chinese tried to hack Australian Government PCs too|
The Chinese allegedly tried to hack into highly classified government computer networks in Australia
and New Zealand as part of a broader international operation
to glean military secrets from Western nations.
September 12, 2007
Hacked: Email inboxes of Indian missions in US and China; NDA, DRDO officials too
Taking a dig at cyber security preparedness levels, a hacker, who claims to be based in Sweden, posted online this evening the passwords of 100 email accounts of embassies and government offices across the world, including 13 Indian accounts, containing classified information and correspondence... Indian Ambassadors to China, US, Sweden, Germany, Italy, Oman, Finland besides officials of the National Defence Academy (NDA) and Defence Research and Development Organisation (DRDO).
The Indian Express,
August 31, 2007
World on the brink of global cyber warfare?
The latest annual security report from McAfee has singled out China as a particularly virulent source of international cyber espionage, with a number of Western nations said to have experienced significant episodes in the past year. However, there is evidence to suggest that a far more sinister online threat could be around the corner from nations other than China—state sponsored cyber attacks on vital infrastructure.
December 2, 2007
We have no doubt that the country’s hackers will attempt to hit back at us or our countries. We’re waiting. All of us have had substantial jumps in our personal Net worth; vive la PayPal!
A few days later, my contact returns. His superiors are thrilled. Besides our payments, he’s also offering to send me an iPod Pico for a job well done. “No thanks,” I type out, “I’d rather you not know where to send it.” A few lols later, he leaves. Oh well, playtime’s over. It’s back to work...