- Home
- Andrew Updegrove
The Turing Test Page 2
The Turing Test Read online
Page 2
The display switched to a schematic diagram of the same generator. Barker used his pointer to highlight half a dozen dots. “These represent sensors. Some monitor vibration, some temperature, some alignment, and so on. They’re state-of-the-art, wireless units that can talk to each other and report their status to the control room. Except in this case, they didn’t.
“So, what happened? It appears there were four separate interventions. First, the attacker cut contact between the generator sensors and the monitoring software in the control room. Second, he stopped the flow of lubricating oil to the armature bearings. Third, he opened the drains in the bearing cases, allowing the oil already there to seep away. And fourth, he seized control of the valves that regulate the amount of steam entering the turbines that spin the generators.
“From what we’ve pieced together, here’s the sequence in which those actions occurred. At 2:40 AM local time, the attacker blocked the sensor system, and at 2:41 AM he shut down the lubricating system and opened the drains to the oil sumps. Then, at 2:56 AM, the attacker began gradually increasing the flow of steam into the turbines, a process that ended at 3:06 AM when the maximum possible flow had been achieved.
“The turbines were now spinning the generators at a speed far greater than they were designed to handle. With the oil now drained away, the bearings began to overheat. When they got hot enough, they burned off what little oil was left.
“Now comes the really interesting part. Once the generators were red-lining, the attacker started flipping the generator emergency brakes on and off. Kind of like what happens when the automatic skid control system in your car kicks in after you hit an ice patch. Except a spinning generator has a heck of a lot more momentum, so the effect was violent. If you time the on-off switching just right – and the attacker obviously did – it can set up a back-and-forth rocking force that amplifies the effect every cycle. That’s what caused the rocking motion the engineers observed. Eventually, some of the generators broke completely free from their floor mounts.
“That takes us to the damage report, which is also impressive. Let’s look at the list on the screen. Armature bearings destroyed on every generator. One or more floor mounts damaged on every generator. Two generators pulled free completely before their bearings seized up. Armature windings on every generator will require replacement. Varying degrees of damage to the turbines. Generator building presumed to be structurally unsafe until a full evaluation of vibration damage can be performed. Plus, damage to various related equipment, feeds, and structures.
“The bottom line: no power will be generated at this plant for at least eighteen months. Early word from Japan and India is that damage there is comparable. And the CIA has picked up indications the attackers hit more than one power station in China and at least one in Russia as well.”
Frank sat up straighter at that. He’d assumed the most likely attacker was Russia, given the sour state of Russo-U.S. relations and how much cyber mischief it had already caused. But what did the U.S., Russia, China, India, and Japan have in common that could provoke a coordinated attack? And who might have a grudge against those specific countries?
“Any questions so far?
Several hands went up.
“Okay – Bill?”
“Any readout on how the attacker got to the control systems?”
“Not yet. So far, we’ve found nothing that looks like a successful phishing attack. Our friends in Japan say the same thing.”
That was significant. Frank would have expected that the hacker gained access when a careless employee opened a file attached to an email that appeared to come from a co-worker. Except that it really came from the attacker, and the attachment that looked like a Word document was really a packet of malware that installed itself as soon as it was opened. A “phishing attack” like that was the easiest way to get inside a target’s firewall.
Barker pointed to someone on the other side of the room. “Okay, over there; sorry – I don’t know your name.”
“Was there anything in common among all the targets? Same operating software, or something like that?”
“Good question. What’s remarkable is how different each of the targets is. The Japanese plant uses different control software than the U.S. facilities. The plant in India was old and used software custom-developed just for it. And it’s safe to assume the plants in Russia and China were each running different systems as well.”
Now, Frank was really impressed. That meant whoever was behind the attacks had to find and exploit a different vulnerability at each plant, and then figure out how to take control of that system once it was inside. That suggested a large team, and therefore a state actor.
“Okay. We’ve got time for one more question. Susan?”
“Any guesses yet who might be behind the attacks?”
“Not a clue. The selection of countries is too diverse, and none of the attacks fits the profile of anything we’ve seen before.”
“Impressive piece of hacking,” Frank said to the major as she led him up to the podium at the end of the meeting.
“Very. Let me introduce you to Jim Barker.”
“Jim, this is Frank Adversego. Frank seems to have recruited himself on to your team.”
Frank’s ears burned as Barker gave him an enthusiastic hand shake. “Happy to have you on board! I know of your role in the North Korean crisis, of course – even read your book – but I wasn’t aware of your other escapades until I reviewed your file. You’ve never worked with the NSA before, is that right?”
“Not directly, no.”
“Why don’t you come back to my office, and I’ll put you in our operational picture. Major, does that work for you?”
“He’s all yours till 11:30. Then I’ve got to let personnel do their thing.”
“Excellent. Frank, come with me.”
Twenty minutes later, Barker finished briefing Frank. “So, that’s the big picture. Any questions?”
“Thanks – just one, for now. How do you see me fitting into the team?”
“According to your file, you’re a bit of a Lone Ranger. Is that right?”
“Uh – yes. I guess that’s not a bad way of putting it. In the past, I’ve kind of been a fly on the wall of the project team rather than having specific duties.”
“That approach paid off before, so let’s do the same. What did that mean as far as logistics were concerned?”
“Each time I had access to all reports and data. In my last project, I sat in on weekly team meetings. I also had access to Agency domain experts who weren’t on the team. Oh, and they assigned someone on the project team to work with me directly. The only inefficient part was traveling to CIA headquarters in Langley to read anything that was classified. Which was just about everything useful.”
“Where do you live?”
“In the District.”
“In that case I can help you out. We’ve got a SCI facility downtown with direct access to everything we have here. You can go there any time you want. As for a principal contact, let me give a little thought to who I should pair you with. In the meantime, I’ll have someone grant you access to all the investigation materials and to the downtown facility. That way you can start getting up to speed immediately.”
Barker looked at his watch. “And I guess that’s about all we have time for. I’ll ask my admin to show you the way to personnel so they can put you on the payroll.” He stood up and extended his hand again. “Looking forward to working with you.”
2
The How and the Why of It
Frank climbed the Metro escalator and followed the street numbers up the avenue to the northwest. He found his destination two blocks away, sandwiched between a dress store and a restaurant. He smiled at the listing when he found it between two staid business names: the Helena Blavatsky Theos
ophy Reading Room. Who had come up with that one? He pressed the intercom button and waited to be buzzed into the foyer.
Stepping off the elevator, he saw a single glass door. Inside was a room filled with floor-to-ceiling bookcases, mission-style chairs with port-wine leather upholstery, and a long table with green library lamps. An elderly man in a tweed jacket and bow tie sat in one of the chairs. Frank wondered whether he was alive or just another prop.
He opened the door and approached the reception desk. Above it was a large portrait of a dourly dressed middle-aged woman with a broad face and large, somber eyes. Obviously, that was Madame Blavatsky. Beneath the portrait was another middle-aged woman with a pair of glasses hanging from a beaded chain around her neck. She looked much more pleasant. He said hello and handed her a card provided by the NSA personnel department.
“Welcome, Mr. Cerf,” she said, standing up to shake his hand. “I’m always pleased to meet a new member.” The elderly gentleman turned their way and peered at Frank over the top of his glasses; he was real after all. “Perhaps you’d like to see the rare book collection?” the librarian continued.
“I’d like that very much, thank you.”
Frank followed her to a door where she inserted his card into a reader set in the wall. Inside were several lockers, an elevator door, and a desk with what looked like a Bureau of Motor Vehicles eye exam camera mounted above it.
“The lockers are for anything electronic or photographic you have with you.”
“Just my phone,” Frank said, placing it inside. “Just curious – does anyone ever buzz you to ask who Helena Blavatsky was?”
“Not often. None of the other businesses on the building registry exist. Once someone who knew about theosophy insisted on coming upstairs. He even asked how to become a member.”
“What did you say?”
“That he needed to be recommended by a member and that the membership list is private.”
“Well, that was an honest answer. Who’s the old gent out front then?”
“Probably a retired NSA agent who likes to get out of the house. Or whose wife wants him to. He adds a nice touch of credibility, don’t you think?”
“Quite.” Frank sat down and rested his chin on the little saddle in front of the camera. When the device confirmed that the retina it had just scanned belonged to Frank Adversego, the elevator door slid open.
Frank wondered at all the cloak-and-dagger precautions as the elevator door closed. Covert meetings must also be held here. Or maybe all the folderol was just to impress visiting members of Congress. Two floors down, he stepped out.
Frank was familiar with Sensitive Compartmented Information Facilities – SCIFs in the acronym-obsessed world of the government. He was pleased to see this one was more than usually comfortable. The main room was filled with work spaces with oversize computer screens. Behind glass walls he could see a small kitchen, two meeting rooms, and a security guard watching multiple video screens. Cameras linked to those screens would allow the guard to monitor Frank’s activities anywhere he went inside the facility. Other than the guard, Frank was the only person there. He gave a small, self-conscious wave, and the guard gave him a bored nod back.
Frank sat down and booted up one of the computer terminals that would allow him to connect directly to the main NSA computer system. That network was “air-gapped,” meaning it had no connections to the Internet and the Web. That made it difficult for an enemy to hack directly into the network from outside. The SCIF Frank was sitting in was similarly shielded and separated from the Internet. The only thing he would be able to connect to was the NSA network, via a dedicated fiber optic cable running between the two locations.
He settled in with satisfaction; what more could he want? No distractions, free coffee, and a direct line to infinite banks of information served by some of the most powerful super computers on earth. And he could start delving into whatever nefarious game was afoot.
* * *
Stepping out of the SCIF late that afternoon, Frank was better informed but no wiser. All the data suggested the attacker had exploited “zero-day” flaws to gain access to the power plant control systems. In other words, vulnerabilities not known to exist prior to the attack.
If that was true, a lot of other power stations might also have been penetrated and compromised, since many used the same software as one or another of the targeted plants. Frank wondered how many that might be. Tens? Hundreds? Maybe even thousands, vulnerable to destruction at any time at the whim of the attacker.
He was particularly intrigued by one piece of information: not one of the attacks had caused a blackout. Each one had been launched in the middle of the night, giving power grid managers time to reallocate reserve capacity from elsewhere before demand spiked in the morning. And there had been no injuries, probably because only night watchmen and reduced control room staff were on duty.
That was very odd. Why would anyone stage such difficult and sophisticated attacks if the goal wasn’t to wreak maximum havoc? It didn’t fit any known attack profile. Could the attacks have been some kind of trial run? But that didn’t make sense either, because now the attacker had tipped his hand. Security experts were working overtime at power plants around the world to fix the types of flaws the attacker had exploited. If the same enemy wanted to strike power plants again, it would need to find new vulnerabilities to exploit.
It just didn’t add up.
* * *
The next day, Frank was back at the SCIF engrossed in the details of the India power plant incidents. The destruction there had been particularly great and the attacks unusually clever.
“Frank?”
He looked up, startled. Of course – he was supposed to meet his NSA contact today. He stood up and accepted the outstretched hand.
“Yes – you must be Shannon Doyle.”
“That’s right. Pleased to meet you.”
“You too. And thanks for meeting me here. I appreciate that.”
“Not at all. I live in town, too. And I’m thrilled to meet you – I read your book right after it came out.” She looked around the room. “Nice little place you’ve got here. And all to yourself, except for your minder back there.”
“I can’t complain. Would you like a cup of coffee or something?”
“Sure – thanks. I’ll set up in that conference room.” She watched him walk away. He was in good shape but needed someone to shop for him. Maybe pick and lay out his clothes, too.
Frank put a miniature coffee canister in the machine in the kitchen and looked across to the conference room. Shannon was slim and tall – probably as tall as he was – with tied-back red hair. Probably a half dozen years younger than he was. He picked up the cup and joined her.
“Here you go. I forgot to ask how you take it. Can I get you any cream or sugar?”
“Black is just right, thanks. Oh – before I forget …” She reached down to pull something out of her bag and, with a big smile, slid it across the table. “Would it be rude of me to ask you to autograph your book?”
Frank looked down at the familiar, flashy cover with a rocket soaring upward, silhouetting a running figure. Why had he let the publisher pick the cover design?
“Oh, sure.” He signed his name, thinking as always it would be more honest to suggest she get his co-author’s autograph instead.
“How’d you learn to write so well?” Shannon asked. “Engineers like us aren’t exactly known for that.”
“Uh, to tell the truth, my ‘co-author’ wrote the whole thing.”
“Oh, well,” she said, “the important thing is what you did, not who wrote about it.”
“Well, he embellished it a bit here and there, too. Anyway,” he added quickly, “thanks again for meeting with me. What’s your role on the project team?”
“I�
�m a systems analyst,” she said. “I’ve been tracking global power grid sabotage to see what types of attacks are gaining momentum.”
“Is there much to track?”
“A lot, of all different types. Thousands of incidents a year, in fact. Most are just vandalism. But every now and then, there’s a big one you need to take more seriously. 2014, for some reason, was particularly busy. Someone in California took out a power substation without ever getting near it. He just spent ten minutes shooting a rifle through the chain link fence and hitting the transformers in just the right places. If someone used the same approach at enough substations, they could take the grid down across the entire country. And in Belgium, someone sabotaged a turbine in a nuclear power station. The operators had to shut it down for repairs that took months to complete. Those are just samples.”
“How about cyberattacks?” Frank said.
“Nowhere near so many of those. Maybe because there’s so much undefended infrastructure out in the open you can blow up, burn, or bang away at. But I track those, too. So, what can I tell you about the project?”
“Here are a few of the things I’m curious about,” Frank said. “Why do we think the hacker hit the specific targets he did? Why in these particular countries? Why not others, or more, or fewer? And why only one wave of attacks?”
“All good questions,” Shannon said. “But if there are any answers yet, I don’t know them. Our project team focuses on the how, not the why.”