• Choose a category
• All
• Classic-Fiction

By Root 317 0

in the last five years with the emergence of ‘off-the-shelf’ malware. Many criminal hackers now make their money not by compromising credit cards, bank accounts or similar cunning scams, but simply by selling trojans, viruses and worms that they have developed. They are user-friendly programs that do not require specialist knowledge to deploy them. The most common form is the botnet. Hackers will hire out botnets to be used in DDoS attacks for purposes such as extortion or revenge for a day or two, or maybe for a week or a month. Naturally, hackers selling a botnet or virus have the technical ability to control the length of hire because they can simply programme in its obsolescence, about which their clients – presumably petty jobbing criminals – can do nothing.

Yet the emergence of a secondary market on the Net for ‘off-the-shelf’ malware will not alter the fundamental truth that behind any cyber attack – whether it is criminal, corporate espionage or warfare – lies a gifted hacker. Mounting cyber attacks that are genuinely damaging, rather than merely inconvenient, invariably requires highly specialised and technical skills. This means that even if a hacker is working on behalf of a boss (be it a capo, a CEO or a Commander), he will still need to know a great deal about the intended target if he is to design the right product. Whichever team of hackers designed Stuxnet, for example, had to know not just about the Iranian nuclear facilities that were the presumed targets; they also needed to understand the Siemens PLC network that ran it and the very specific compressor designed by Vachon, a Finnish company (although manufactured in China), as well as the Taiwanese company whose RealTek digital certificate was spoofed to fool the Iranian system’s anti-virus program. Anyone smart enough to work on Stuxnet would have been smart enough to work out its intended victim.

In this respect, hackers are the key to cyber security as they hold the solution to the conundrum. Find the hackers and you will have made serious strides towards uncovering the truth.

The overwhelming percentage of funds that governments are now channelling into cyber security are devoted to ‘digital solutions’ – they are fighting the power of gadgets with gadgets. The money going into understanding hackers, their culture, their minds, their intentions and their vulnerabilities is negligible. But how do you find a hacker? And, on the Internet, how do you know if your new-found friend is a hacker, a police spy, an intelligence agent, an Air Force investigator, a prankster, a terrorist or an alien?

Everything revolves around trust. And building trust means being patient and nurturing relationships. Yet time is at a premium in the world of cyber security. Nowhere did the difficulties relating to trust and time become clearer to me than when DarkMarket’s locus shifted away from its origins in Britain, Germany and the United States towards a country whose economic and geo-strategic importance is growing at a rate of knots – Turkey.

BOOK TWO

Part I

26

BILAL IN PITTSBURGH

Pittsburgh, Pennsylvania, February 2008

One crisp winter morning in 2008, Inspector Bilal Sen of the Turkish Police stared out of his office window at Pittsburgh’s Hot Metal Bridge. Straddling the Monongahela River a tad east from where it joins the Allegheny to form the majestic Ohio, the bridge used to transport molten metal from the great Eliza furnace on the north side to the rolling mills on the south.

But today he had no time to reflect on Pittsburgh’s snow-clad post-industrial aesthetic. He had just read something disturbing on the DarkMarket boards. According to apparently reliable information coming out of Istanbul, Cha0, the cyber criminal under investigation by Inspector Sen, was ‘one of the big boys, rich and powerful’. For a Turk, the phrase was easy to decode: the target had friends in high places, a Turkish copper’s worst nightmare.

Inspector Sen had been working at the National Cyber Forensics Training Alliance for almost three months. On his first day