Anvil dan (67) myron (1) rich (61) shiloh (4) :: Contact
Anvil

Wed, 28 Feb 2007

Owned

William Fredrick Pfaff was VP of operations at HD networks. His office was a small room with whitewashed brick walls and no window. The one door, normally closed, connected it to the machine space. Originally, the room was part of an outside alley way between the old tire warehouse and office building. During renovations that alley was roofed, floored, and segmented into tiny cubes. Freddie had the rough walls decorated with several motivational posters, a few dusty awards, and a large "Year at a Glance" calendar.

"Shut that door!" was the gruff command. Alan stepped in and closed the door behind himself, attenuating the din of the machines to a level where loud conversation became possible. Freddie Pfaff was a wrinkled looking 50-something businessman. He had a round, wrinkled face topped by a valiant gray comb-over. He wore a wrinkled dress shirt with the sleeves rolled up, and wrinkled red tie. He had a small LCD and keyboard on his small, gray steel desk. It reminded Alan of Sam's office in the film Brazil. There was barely room for Alan to stand. Not for the first time Alan wondered how much Pfaff was paid that he was willing to work every day in this prison cell.

"There may be a problem, Mr Pfaff," began Alan.

"May be?" Pfaff replied, not bothering to look up from his work. "We have more 'certain-be' problems than I can list. Why should I care about your may-be problem?"

"I think the routers are compromised, sir," said Alan directly.

Pfaff's eyes swung up to peer at Alan. "What did you say?" he asked.

"The routers. I think somebody's in them – somebody that shouldn't be."

"Routers don't get compromised Campbell. They sit there, day after day and route. That's why Cisco makes eight billion a year," said Pfaff. "They run IOS, fer chrissake, not Microsoft Windows!"

"Sir, I wish you'd take a look at the MRTG graphs from the holiday weekend," Alan calmly replied. "Look at the delay graphs for the core routers. Average over all our lines."

Pfaff sighed and in a few seconds had an array of squiggly lined plotted on his LCD monitor. "Yeah, so what? They look like delay graphs."

"Click on the median filter," said Alan. Pfaff made a few mouse clicks. "Yes, that's it, sir. Now look at midnight UTC. Do you see the step up?"

"I do, Campbell. That's fascinating. 5 milliseconds. Now, do you have anything else? I'm kinda' busy figuring out how we can earn enough money from our cheapskate customers so we can pay the likes of you next pay period."

"We have no explanation for that extra delay, sir. We did no software upgrades. There were no routing changes. No reconfiguration. Nothing happened that day. It was Christmas," said Alan.

"Maybe you plugged in a longer Ethernet cable someplace. I know Nate is always moving cables around. Doesn't he have a thing about color coding them? Roy G Bif, or some such nonsense?"

"Five milliseconds is huge, sir. You'd need a cable a 1000 miles long to make that delay," Alan argued. "No, Mr Pfaff, I really think there must be some sort of virus or compromise that has interposed itself in the network. All our data is flowing through it. That's where the delay is. That's my best guess, anyway."

"OK, fine. The router is compromised. Why should we care? Is it costing us any money – other than the money we are wasting having this conversation?"

"Who knows what it may be up to? It may be scanning packets, stealing credit card numbers or identities. There could be liability. We can't just ignore it," said Alan.

"We won't ignore it, Campbell. We'll use our process and set the priority appropriately. Fill out a trouble ticket, set the priority to 1, or 2 if you must, but no higher. Then go back to what you are supposed to be doing."

"But sir, I really think we should reload IOS on the core router, we could do it tonight, and also file a report with CERT. Maybe with the FBI too."

"Reload IOS!" screamed Pfaff. "Are you insane!? That would take us off the net. Maybe you don't realize, but we have customers – customers that pay your salary. Customers that pay us because the net stays up. Lots of these customers have agreements that say they don't have to pay us if the net goes down, even for so much as one minute in a month."

"But it may be a real..."

"But nothing, Campbell. So what if it's real? Who cares? Every week there's a new virus, a new rootkit, a new botnet. People here panic too much about these things, if you ask me. Listen. Did you ever, ever hear a customer complain about botnet activity, rootkits, or any of that?"

"No sir, customers don't see what we see."

"And they don't care to see it, either. Until somebody complains about this – somebody other than you – you will log it and move on. Am I clear?"

"Yes sir," said Alan glumly, turning to leave. "Very clear."


"So what did our leerless feeder have to say about your theory?" asked Nate.

"He told me to log it and go back to work."

"Ah, Fredrick the greatly oblivious," said Nate. "Slave to the bottom line. Serve our customers and all that hogwash. Serve them with fava beans and a nice Chianti, I say."

"The thing is, Nate, I know I'm right," said Alan. "Somebody's in those routers. I don't know how. I don't know why. But they're in."

"Owned is the word, Dude," said Nate. "You may not believe this, but while you were pissing away precious heartbeats of your finite life arguing with Mr Ostrich in his little brick cube, I was actually doing some sleuth work. Research on your theory."

Alan gave him an incredulous squint.

"Don't look so amazed, Dude. I've been known to work when I get really bored."

"You found something?" asked Alan.

"Not exactly," said Nate, "It was more like what I didn't find."

"I don't understand."

"Do you understand command line recall?"

"Sure, like when you hit up-arrow to get a previous command?"

"You are one smart dude, Alan. Did you ever consider a career in computers? Anyway, there command recall history on the core router has gaps."

"Gaps? How do you know?"

"Well," said Nate, leaning his immense frame back in his chair, lacing his fingers behind his head, and fixing his characteristic nobody-fucks-off-better-than-me-and-I-can-prove-it leer on his face. "A few weeks ago I was logged into the core router putting in a routine update – see, I do work. Anyway, after the update, I was still logged in after doing my quota of work for the day, so I started trying to get the router to say cute things. Like, I was typing

  # find god
and it would say
  god does not exist
Or I would type
  "How would you rate the president's incompetence? 
and it would say
  Unmatched ".
And other shit like that. I'm sure this was amusing to the router."

"What does this have to do with the router compromise?" puzzled Alan. "Are you somehow claiming that these infantile jokes have slowed it down by five milliseconds? Why? Because it's laughing at them?"

"Ha! Good one," Nate chuckled. "No dude. My point is that I don't see any of my commands in the command history. In fact, I don't see anything in there back past Christmas. It's like they were all wiped. A wiped history is a smoking gun for compromise, dude. You're right for a change. I say those Ciscos are owned. They are owned big time."

Alan sat silent for a moment with a stunned expression on his face. Eventually he spoke, shaking his head, "No other possibility."

"You detected a variation it their cyber-psychic aura. You are an amazing, dude. A true cybernetic empath, feeling the evil waves emanate."

"Cut it out, Nate," said Alan impatiently. "This is serious."

"I know it's serious. Somebody's been fucking with my bitches without my permission. Worse, he erased my command line graffiti. I won't have that. Only one thing to do. Kill the sucker. We need to reflash IOS and throw a packet monitor on the router admin ports in case he tries to get back in."

"Pfaff said no. The customers..."

"Fuck Freddie P-faff," Nate interrupted. "P-fuck him. And p-fuck the customers. Watch my fingers dissolve into a blur as they download the IOS image to the tftp box." True to his word, Nate's fingers pounded furiously on his genuine IBM PS-2 keyboard, the twangy clicks a furious rat-tat-tat. "Watch me log into the Cisco – and, reflash... It'll be over before Freddie can say 'use the process' three times fast."

"No!" Alan shouted, shooting out his palm as if he were a traffic cop. Alarm bells began to ring in the NOC as the router reflashing brought all network activity to a standstill, tripping all their service monitors. Then, in a few seconds the support phones lit up like Las Vegas slots. Nate yawned, as Alan, horrified, by force of mental will tried to urge the reflash process indicator faster: 10%...... 20%...... 30%....... It seemed to take forever. Nate put on his headset and punched the button to pick up a support call.

"Yes sir, we agree," said Nate into his boom mike. "The Internet is broken. Yes, just now. Yes, it's really broken. No sir, we don't know how to fix it. It's the Internet. Some politician set it up and now he's off doing other things. Have a nice day." He turned to Alan. "Dude, you should pick some of these up, the lusers really have their panties in a bunch."

Finally the reflash was finished. Alan breathed a sigh of relief as the network monitor alarms silenced and the consoles went back to green.

"Don't just sit there, Dude," said Nate. "Have a look at the packet delay. Did I nail the bastard or what?"

Alan clicked through to the MRTG screens. Other than the small spike when the routers were reflashed, the delay after the IOS load was exactly the same as the delay before. "No change," he said.


Freddie spent an hour lecturing them. They were on probation, he warned. If they pulled another stunt, even a small one, he'd have a couple of H-1B's sitting in their chairs by start of business the next day. Nate stared back defiantly, but uncharacteristically silent, while Alan tried to apologize, and at the same time, attempted to steer Freddie away from his anger at the unauthorized reflash, away from the resulting outage, and toward an appreciation of what they had learned as a result.

It was to no avail. Freddie walked away with, "you cats have used up 8 of your 9 lives." The quip might have been funnier if they hadn't heard the same phrase used by Freddie to sentence previous admins that he had fired shortly thereafter.

"Fucking dork," said Nate once Freddie was safely out of earshot.

Alan rolled his eyes at Nate, but his expression turned serious as his mind came back to the problem at hand. "We really should report this to Cisco," Alan said. "If we are missing something and this is just some innocent glitch, they'll know. And if it's as bad a compromise as we suspect it could be, they are the only one's that can solve it."

"If this is a compromise, it's footprint rocks. I'm really impressed if it's in there. I mean, how could some virus or worm survive a reflash? It'd have to replace the boot loader and flash utility with its own code and then just pretend to reflash, while all the time keeping itself intact. Way cool, dude. Way cool."

"What could it be for, I wonder?" said Alan.

"Hell, if you got your own code wormed into all the zillion Ciscos in the world, you'd own the net. You could do anything you want. But you know the kiddies that pull this shit. They just want to brag about it to their buddies. It's a my-penis-is-bigger-than-yours thing to these punks who've never seen a snatch with hair. They all want the biggest and most powerful man meat, but have no clue how to run even the needle dick they were born with. You'll hear some asshole bragging about his 'big one' on IRC. They'll be a few outages to prove his studly prowess. The other kiddies will all bow down to his supreme awesomeness. Then Cisco will come out with a patch and it'll be forgotten."

"I'm not so sure about that, Nate. If this is real, and a reflash can't fix it, what could? If the virus is in the chips themselves every router would need new chips – might as well get a new router. They'd have to replace all the routers in the world with new ones that were somehow immune. That would never happen. Some percentage of infected routers would always remain on the net."

Nate nodded. "I guess so, dude. Its like a cyberspace takeover, like when the Russians annexed all those Baltic countries. It may get whittled down over time, but this pimply dude will always have a big chunk of the net entirely under the control of his sick little testosterone poisoned brain. Whoo hoo!"

There was something about what Nate said that struck Alan as curious, but he couldn't put his finger on quite what it was. It was more than curious; it had a meaning he couldn't quite grasp. Much later, Alan realized what important fact Nate had let slip.


Even though HD Networks had a Cisco service contract, Pfaff had only paid for a "silver" level, which didn't include live IOS internals support by their top people. Alan was limited to posting his observations on a Cisco general support board and waiting for somebody to reply. The first replies were the usual useless dismissals – equivalent to asking him if he remembered to plug in the router. Alan patiently explained over and over that this was an established installation that had worked flawlessly for years. He specified how they made the delay measurements. No they weren't measuring delay incorrectly. Yes, they really did try to reload and reflash. Yes, they calibrated their clocks. No, they didn't put in longer cables.

Eventually, Alan started to receive more useful replies. Seemingly a breakthrough occurred when a honest to goodness first tier Cisco engineer asked if they could reflash again with an earlier version of IOS to see if that made a difference. Remembering they were on probation, Alan didn't see how they could try again, but somehow Nate figured out how to reflash one router while temporarily diverting traffic to the others.

The result was fascinating. The reflash completed without error, but the replacement IOS was never installed. The current one remained. This seemed to confirm the idea that something in the routers was not allowing a reflash.

Alan reported the results on the board, expecting a quick reply, but there was none. He reposted his result, along with some thoughts about possible explanations, but still no response. Alan wondered if he had finally struck a nerve. It had to be that this was not a routine bug – it was the real thing – a serious compromise – and Cisco had finally realized it.


Department of Homeland Security is still barely aware he exists. There was a time when spammers, Al Qaida, the mob, or anybody with enough money could buy him, have him phreak 911 for them, packet bomb some government servers, attack nuke facilities – maybe cause another blackout – or just DDOS government services of large cities and states. He wouldn't cause any lasting damage. Not for mere money. But the the reports on the evening news would be amusing. The FBI and DHS could only say "Gee wizz, didn't think anybody really cared about computer attacks – we've been looking for shoe bombers." It would be great stuff.

It had never been a hobby. It had always been his life. In meatspace if he hung out with other kids his own age he would get beat up. On the net he was a peer of the realm and more real than in the supposedly "real" world.

But now things were very changing. No longer was he merely a wandering mercenary in search of excitement. Now he had a cause. He was part of something – something big – something worth fighting for – something worth risking Net-death for. For the first time in his life he felt like he belonged.

More importantly, there was no turning back. DHS was clueless, and no serious threat to him, but the commercialization of the Net had transformed what was once a vast, uncharted frontier where he could roam free, to a regimented suburbia with zoning restrictions and a plethora of rules, regulations, and protocols.

Not meatspace laws. Those were irrelevant to him. The bane of his life were the growing labyrinth of cyberspace laws. Unbreakable laws. Code.

The rules were always there to make the net safe for children, or so they said. But he knew the real reason for the regulation was money. Business. Paper money. It is a paradox that business usually condemns regulation, yet it's regulatory fiat that creates stable markets within which businesses flourish. Or so the meatspace moguls seem to need.

Well, he could write code too. That had always set him apart from the typical script kiddie. Better yet, he knew how to read code. While surfing through the files on a university server he had cracked, he had stumbled upon some "weapons grade" code in an obscure paper. "Adaptive exploits" it was called, and he instantly appreciated the power that had fallen so easily into his hands.

It was the power to change things. It was the power to build a nation – a place, as much worthy of the description as any place on the physical Earth. Stable in its instability, it would be a permanent place where he, and others of like sentiment, could live in freedom. Where they would be a community in and of themselves. No longer a wandering tribe of outcasts. It would be their Israel. And he now had the power to make it last forever.

Posted Feb 28, 2007 at 14:44 UTC, 3107 words,  [/danPermalink


  HOME