Read Fatal System Error Online
Authors: Joseph Menn
Tags: #Business & Economics, #General, #Computers, #Security, #Viruses & Malware, #Online Safety & Privacy, #Law, #Computer & Internet, #Social Science, #Criminology
Fatal System Error (4 page)
Barrett’s project won attention on technology websites, and thousands of readers volunteered spare processing power on their computers. After four days of full-time programming, Barrett got the rough outline of the Internet’s largest branches in less than a day, and he ran the program again and again to bring out more detail. The hobby lasted years, and the resulting full-color pictures were spectacular. Barrett called it the Opte project; in 2008, it would be accepted as a permanent exhibition at the Museum of Modern Art in New York.
Barrett returned to working part time and summers at Network Presence, where he earned $25 an hour and wore employee badge No. 3. The company’s clients included the Navy and the Defense Department, and there was one big perk: the use of a corporate apartment on the beach in Santa Monica, just south of the noisy roller coaster on the pier.
In 2002, Network Presence got a call from the owner of Don Best Sports, the pioneering Las Vegas oddsmaker. “We’ve got a problem,” the man said, reluctant to give away much more over the phone. Once Barrett arrived on the scene, he understood why Don Best wanted things fixed as quietly as possible. A hacker had taken control of the company’s database of customers—1,647 names of hard-core gamblers and betting companies, along with their credit card numbers—and encrypted it. A follow-up email promised that Don Best could have its system back for $200,000. Fortunately, the company had a backup system, and it refused to pay. Days later, the hacker responded with a denial-of-service attack that took the company offline.
It was Barrett’s first battle with a professional DDoS. There were no quick fixes. But Barrett guessed he could handle that amount of traffic with enough Web servers and hardware. Over the next four days, he worked frantically to build up a server farm so big that it wouldn’t have been out of place at a major Internet commerce company. It cost the oddsmaker the same $200,000 the hackers wanted, but it multiplied Don Best’s capacity a hundred times over, and it did the trick. Barrett concluded that DDoS attacks were something that could be managed.
Back in Santa Monica, Barrett wondered how to trace the bad guys who had hit Don Best. The answer came unexpectedly. He had just finished a weekend surf session—a beautiful sunny day, with the weak waves typical for the summer season—and was walking back to his apartment.
There were thousands of computers attacking us,
he thought.
One of them has to have some useful information on it.
He started mulling over all the different kinds of software the drones must have had running. Then it hit him: at least some had to be using a basic piece of networking software called the Simple Network Management Protocol in a way that was visible to outsiders. After all, Windows 2000 machines kept SNMP open unless the buyer changed it. The main point of SNMP is to monitor what is happening on a group of connected machines, so that whoever is in charge can modify what they do. But it also keeps track of all Internet connections. If Barrett could get access to the SNMP running on a zombie that had bombarded Don Best and ask it the right questions, he should be able to see where the zombie had been getting its marching orders.
There were thousands of computers attacking us,
he thought.
One of them has to have some useful information on it.
He started mulling over all the different kinds of software the drones must have had running. Then it hit him: at least some had to be using a basic piece of networking software called the Simple Network Management Protocol in a way that was visible to outsiders. After all, Windows 2000 machines kept SNMP open unless the buyer changed it. The main point of SNMP is to monitor what is happening on a group of connected machines, so that whoever is in charge can modify what they do. But it also keeps track of all Internet connections. If Barrett could get access to the SNMP running on a zombie that had bombarded Don Best and ask it the right questions, he should be able to see where the zombie had been getting its marching orders.
Barrett quickened his step. Back at his apartment, he fired up his molasses-slow dial-up modem and launched a scanning tool. Then he unleashed it on the long list of Internet addresses that had been attacking Don Best. After a couple of hours, he found one with the right kind of SNMP He interrogated it, then pored over the data it spit out. Eventually, he saw connections that were way out of place—from port 9990, the computer had been talking to an Internet Relay Chat server in Kazakhstan,
irc.kamaz.kz
.
irc.kamaz.kz
.
Barrett joined that channel himself and saw that the administrator of the channel was listed as Oko. He typed in the command for the server to identify Oko and got back: “oko is stran
@
fbi.gov
.” A bogus email address, of course, but a valuable nickname to remember, Stran.
@
fbi.gov
.” A bogus email address, of course, but a valuable nickname to remember, Stran.
Don Best also gave Barrett his first look at how law enforcement pursued hackers. That scared him more than the criminals did.
The company’s call for help went to the U.S. Secret Service, which was taking on a major role in fighting Internet crime as part of its mission to protect the national financial system. The Secret Service dispatched an agent to Don Best. The hacker’s threatening email had come from overseas, and he had obviously taken over the database from far away, using the company’s electronic connections to the outside world. Yet as Barrett and the Don Best employees watched in disbelief, the agent carefully dusted the compromised computer for fingerprints. It was just policy, he explained. As soon as Barrett’s sleuthing identified the connection to Kazakhstan, he excitedly informed the agent. The case appeared to die on the spot.
Barrett had earned enough working for Network Presence to buy a condo in Sacramento for $75,000. He and Rachelle, who was starting to work as a graphic designer, moved in together. But Barrett thought he could do better financially, and his entrepreneurial itch was returning. On the BetCRIS job, which was far harder than the Don Best case, he designed new and more sophisticated means to weed out malicious Web traffic. He told his bosses at Network Presence that they should back him in a venture that would do nothing but fight denial-of-service assaults. They said sure—as long as Network Presence got to keep 95 percent of the company.
THAT OFFER STILL RANKLED AS BARRETT flew down to Costa Rica to meet Mickey and the rest of the BestCRIS team in 2003. The battle for BetCRIS was all but won, and in the back of his mind, he thought BetCRIS or its grateful executives might invest in a new business. When he saw the full scope of the BetCRIS operation, he decided to follow that instinct. All they could do was say no. In January, as his time in Costa Rica was nearing an end, Barrett asked if he could see Mickey in his office. “You know,” he said, “I’m thinking of going out on my own, and I was wondering if you’d be interested in helping me out.” Mickey didn’t seem surprised. “Give me a little time,” he said, “and let’s meet at the end of the day tomorrow.”
The next evening they met again. This time it wasn’t in Mickey’s understated office but across the hall in a high-end party room, with a bar and a card table, overlooking the park. Mickey sat next to Digital Solutions’ Brian Green, looking out at San Jose. Barrett, across from them, saw nothing but wall. “You’ve been good to us,” Mickey said. “We’ll take a gamble on you.” While Mickey presented it as a huge favor, the deal he proposed was pretty modest. He and Brian would put in a total of $250,000 and each get 40 percent of the new company, with Barrett devoting his expertise and keeping 20 percent. On his own turf, with more time, Barrett might have thought harder about it. He sensed Mickey expected him to make a counteroffer, to bargain a little. But Barrett was far from home and still angry about the lowball offer he’d gotten from his bosses at Network Presence. So instead of haggling with Mickey, Barrett simply took the offer.
I’ll just ride this wave,
he thought.
I’ll just ride this wave,
he thought.
“Terrific!” Mickey exclaimed. Barrett would be chief technology officer. Within a couple months, Mickey and Brian would name as chief executive Darren Rennick, whom Barrett had met a few days earlier. Mickey called Darren “The Weasel” but insisted he was the right man for the job.
Darren, like Dayton Turner, was one of the many natives of gambling-friendly Canada who made the trek to Central America. He was big, friendly, and a bit goofy. He didn’t carry himself with the same air of authority that Mickey and Brian did: Barrett found out later that his personal blog was titled “Big Dumb Kid.” Though he came off like an overaged fraternity boy, Darren ran a major company in the betting industry, one called Digital Gaming Solutions. Based in the same building as BetCRIS and often called Digital Gaming (to avoid confusion with Brian’s Internet access provider, Digital Solutions), it was one of the biggest sellers of software for gambling operations. Darren’s programs conducted the electronic equivalent of casino games, including virtual roulette and slot machines, along with sports betting and poker. BetCRIS was one of its dozens of customers, and Brian and Mickey were Digital Gaming investors. Barrett didn’t know it yet, but Darren had also been president of an older rival of Digital Gaming that had accused him of making off with its key software. Darren also had helped get another big Costa Rica bookmaker, BetonSports, off the ground.
Mickey had already gotten Barrett together with some of the other extortion victims in town, and now he and Brian helped make those men into customers. Barrett, meanwhile, concluded that there wasn’t enough bandwidth in all of Costa Rica to absorb the attacks heading for the gambling sites, no matter how good he got at culling bad traffic. On January 12, he and Glenn Lebumfacil flew to Phoenix to set up a data center that would handle the Internet onslaught heading for BetCRIS and any new clients.
When the plane took off, Barrett’s new company had one customer: BetCRIS. When the plane landed, it had a half dozen more, and Barrett had seventeen by the end of the first week. Even as Barrett was plugging in the computers, a San Jose bookmaker called VO-Group came under attack. The CEO tracked Barrett down on his cell phone. “How soon can you guys get going?” he begged. “I’m getting creamed!” Barrett realized there wasn’t going to be any more college for a while. He dropped out of Cal State Sacramento just a semester shy of graduating and took to sleeping alongside the computers in Phoenix until he had them in the shape he needed. Two weeks went by before he could get back to Sacramento for more than a night at a time.
Barrett named his company Digital Defense International. After one of Mickey’s people complained that there might be copyright issues with that word, Barrett came up with Prolexic Technologies Inc., a play on the word dyslexic. A Google search on Prolexic yielded zero hits, and the word captured Barrett’s feelings that his dyslexia gave him an advantage, not a disadvantage. Barrett hired Glenn, Dayton, and a few others. Soon he needed more computing power. As a backup to the PureGig facility in Phoenix, which he knew from his Opte project, Barrett contracted for so-called domain name services from UltraDNS Corp., which managed the master computers that steered everyone looking for a site name ending in .org to the right numeric location. That proved a wise choice. In a final push, the hackers went after Barrett’s clients’ domain name servers in March 2004. After that onslaught failed, the hackers seemed to lose heart. On some days, their computers still sent thousands of times more hits than normal to BetCRIS. But the surges grew less and less frequent.
Unfortunately for Barrett, the same focus that supercharged his technological guile also left him with a bad case of tunnel vision. For all of his dedication in pursuing the bad guys, Barrett remained shockingly naive about much in the business world, including the people he had chosen as partners. He didn’t stop to think how they had come to be in their positions atop a questionable world of expat gambling pros. Rachelle thought the negatives were obvious. These people had moved to Costa Rica to get around U.S. laws, and anyone that dedicated to avoiding the rules was probably prone to cheat partners as well. But Rachelle and Barrett had only been dating a year, and he hadn’t come to rely on her judgment when it came to other people. Barrett also had made it clear that he would choose his career over her. She couldn’t count the number of times he had canceled dates in order to work. Besides, she didn’t want to stand in his way. She kept her misgivings to herself. In Barrett’s defense, the U.S. government hadn’t caught up with reality. The rulebooks remained vague on whether citizens broke the law when they wagered overseas, and in any case the police arrested no one. Barrett was setting out to infiltrate the murderous and well-connected Russian mob, with only the murkiest of ideas about its danger. But he had already unwittingly penetrated the U.S. mafia, just as the two forces were accelerating their rivalry over which would reap the most massive spoils from the Internet. Through their offensive and defensive actions, the governments of both world powers would play major roles as well, raising the stakes to a level that intelligence officials would call an undeclared global war.
It was
WarGames
for real.
WarGames
for real.
2
HARDCORE V5. EXE
THE ATTACKS ON BETCRIS trailed off early in 2004, granting Barrett Lyon a respite from the essentially constant hand-to-hand combat. He used the time to build the infrastructure to support a rapidly growing roster of clients needing protection. As the Super Bowl approached, virtual gambling houses inundated him with pleas for help. The extortionists would crash one site, then use it as a powerful argument to make others pay up. “We decided to take down some sites today so you understand how important it is for you to make a deal before it costs you more money and you start to lose customers,” [email protected] wrote to Heritage Sports from Kazakhstan. “Try going to
www.jazzsports.com
.... These are just a small example of the hundreds of sites that will be down this Sunday and Superbowl Sunday.”
www.jazzsports.com
.... These are just a small example of the hundreds of sites that will be down this Sunday and Superbowl Sunday.”
Other books
Fatal Exchange by Harris, Lisa
Better Than Another Man by HK Carlton
The Coed Experiment by Sylvia Redmond
Espacio revelación by Alastair Reynolds
A Break Up Survival Guide by Nancy Wylde
Momentary Marriage by Carol Rose
Fifty Is Not a Four-Letter Word by Linda Kelsey
Another Night, Another Day by Sarah Rayner
Zack (Armed and Dangerous Book 1) by Cheyenne McCray