Read Fatal System Error Online
Authors: Joseph Menn
Tags: #Business & Economics, #General, #Computers, #Security, #Viruses & Malware, #Online Safety & Privacy, #Law, #Computer & Internet, #Social Science, #Criminology
Fatal System Error (2 page)
Mickey asked Glenn if the Top Layer gear was up to the challenge. “We should be safe,” his technician said. “I think our network is nice and tight.” Glenn had no idea how exponentially more powerful the bad guys had gotten in the past half-year. They had taken over hundreds or thousands of PCs for a “distributed” denial-of-service, or DDoS, so that the malicious traffic came from everywhere at once. Once they were turned into zombies, under the control of an unseen master, the computers could attack in multiple ways. Top Layer’s equipment was designed to stop only a few basic methods. After Mickey failed to answer the attacker’s first email, a massive denial-of-service attack wiped out the Top Layer machines in just ten minutes, crashing the BetCRIS site. The onslaught also wiped out Digital Solutions, the Internet service provider for BetCRIS and about half the other gambling companies in Costa Rica. Digital Solutions soon had no choice but to drop BetCRIS from its network, temporarily dumping the site into oblivion.
Glenn felt sick to his stomach. Another email came in from the attacker, this one offering a scant hour to pay before the price of safety went up. Mickey begged for more time, inventing a family emergency. As an old-school expatriate tough guy in an industry full of tough guys, Mickey had already decided to fight back. “I’m stubborn,” he told his deputies. “I want to be the guy that says, ‘I didn’t pay, and I beat them.’”
Going to the U.S. authorities wasn’t an attractive option. The feds wouldn’t have any jurisdiction unless BetCRIS had operations in the U.S.—and if BetCRIS had operations in the U.S., the feds would want to shut the company down themselves for violating American gambling law. Mickey tracked down Barrett, who was already working on behalf of some BetCRIS rivals. Barrett was in the Arizona desert, laying down the digital equivalent of a firebreak at a satellite-based Internet service provider that was the chief alternative to Digital Solutions in Costa Rica. This one had the grand-sounding name of the Phoenix International Teleport. Most customers called it the PIT, and that was a lot more fitting. It consisted mainly of a server farm inside a trailer on an Indian reservation. The PIT hoped that tribal sovereignty would protect it from any legal complications that might arise from letting gambling transactions flow through the trailer’s machines and the enormous satellite dish parked outside up to the sky, then back down to Earth in Costa Rica.
Barrett told Mickey to call Top Layer, which he did to no avail. Mickey’s attacker, meanwhile, warned that Mickey had better wire the protection money fast—and now the price was $60,000. “Sorry moron but I am just having so much fun fucking with you,” he wrote. Mickey called Barrett again on Sunday, more desperate now. “Some advice you gave me,” Mickey complained. “They’re killing me. If I don’t get this fixed, I’m going to have to lay everybody off. Do you have any idea how many families depend on this place?”
This time, Barrett felt he couldn’t say no. He had seen similar assaults before, even before Don Best, but on a much smaller scale. While still in high school, Barrett had created his own company,
TheShell.com
. It hosted a form of group conversation known as Internet Relay Chat. Long the preferred method of communication for hardcore technology enthusiasts, IRC “channels” could nonetheless degenerate into popularity contests as geeks tried to impress one another. A quirk of the format was that if a channel stopped running and was emptied out, a rival could start it up elsewhere under the same name and take control. Likewise, a hacker annoyed with another user could usurp that user’s nickname, causing all kinds of havoc. The way to stop a channel from running and seize power was to shut it down with a denial-of-service attack. By necessity, Barrett figured out how to fend off such attacks while still a teenager, well before temporary shutdowns of big-name sites made national news. After those dot-com assaults, the blue-chip firms providing the fattest targets for thrill-seekers paid dearly to improve their defenses. Smaller companies with fewer resources remained exposed.
TheShell.com
. It hosted a form of group conversation known as Internet Relay Chat. Long the preferred method of communication for hardcore technology enthusiasts, IRC “channels” could nonetheless degenerate into popularity contests as geeks tried to impress one another. A quirk of the format was that if a channel stopped running and was emptied out, a rival could start it up elsewhere under the same name and take control. Likewise, a hacker annoyed with another user could usurp that user’s nickname, causing all kinds of havoc. The way to stop a channel from running and seize power was to shut it down with a denial-of-service attack. By necessity, Barrett figured out how to fend off such attacks while still a teenager, well before temporary shutdowns of big-name sites made national news. After those dot-com assaults, the blue-chip firms providing the fattest targets for thrill-seekers paid dearly to improve their defenses. Smaller companies with fewer resources remained exposed.
The dark art’s advances stunned Barrett. Instead of relying on a few machines, the cutting-edge extortion gangs such as the one assaulting BetCRIS had thousands and thousands. They had begun weaving together the networks in 2003, when they or their business associates released computer viruses of a previously unseen strength and sophistication to take control of unsecured computers. With little public attention, viruses were morphing from an occasional annoyance to a key criminal tool. Usually without the knowledge of victimized PC owners, the viruses marshaled armies of machines for broad-based denial-of-service attacks, spamming, and whatever else the underworld marketplace found profitable.
Barrett saw this as an enticing contest of wits and brawn, a chance to match his expertise and technology against enormous might. There was also an ethical appeal. Barrett figured that since BetCRIS and its peers were legal in the countries where they were based—and since bookmaking companies in England were publicly traded on the stock market—they all were aboveboard. Their enemies, on the other hand, were cartoonishly thuggish. “In a case if you refuse our offer, your site will be attacked still long time,” one wrote. It sounded so much like a joke that Barrett read the message out loud in the voice of Boris Badenov. But he knew that BetCRIS wasn’t smiling. For a libertarian-leaning philosophy major, helping the gambling site was an easy call.
From his work at the Phoenix International Teleport and from talking to Costa Rica companies by phone, Barrett figured that he had a real challenge on his hands. Both the PIT and Digital Solutions were small Internet service providers, and the opposition had already displayed enough firepower to knock them out. He would have to assemble enough bandwidth that he could function like an ISP himself—and that was just to get in the game. He called PureGig, a powerhouse service provider that was also based in Phoenix. PureGig weighed the risk of getting pummeled against the benefit of learning how to handle denial-of-service attacks on customers. It promised to help.
As BetCRIS went up and down, Barrett threw together what he could with the gambling firm’s hardware and what was at PureGig, along with programming he wrote on the fly. His code diverted some of the bogus traffic, and he hunted by eye for suspect clusters of Internet addresses that he could block. But the hackers randomized the locations that their queries appeared to be coming from. They went after specialized computers at BetCRIS, including the routers and Web servers. And they acted more like real customers would, using software to download data-rich images that clogged the pipes while being harder to filter out.
Now the lead attacker knew that Mickey had been stringing him along, and he was genuinely angry. “I don’t care how long I have to destroy your business,” he wrote. If the grammar was poor, the message was clear. The day before Thanksgiving, the attacker turned up the volume well past what Barrett or PureGig had expected. When PureGig’s other customers started suffering, the company took down Barrett’s operation so they both could recalibrate. The enemy went after Digital Solutions as well, knocking off even the bookies who had paid up. Those firms leaned hard on Mickey to pay and stop bleeding them for his pride.
The surge left Barrett battling for thirty-six hours without rest until he brought the website back up. It was slow, but it was up. “Shit, I think this is working,” Barrett shouted in Sacramento. He called Mickey. “Check the site,” Barrett told him. “Yeah?” Mickey said. “Hold on.... Yeah, it’s loading!” Mickey said, clicking around as a customer might, then yelling into the next room. “Hey, guys, we’re back up!” Soon BetCRIS was full of happy men giving each other high fives. Then an underling couldn’t get past the page he was on. “Uh, Mickey?” he said.
Mickey could barely speak. “I know you guys are trying,” he told Glenn Lebumfacil and Dayton Turner, who normally ran the computer networks at another firm in the BetCRIS building. “I don’t want to yell at you guys. But I have to yell at
somebody.”
somebody.”
Mickey’s other employees started to slip away from the meeting. “This isn’t worth it,” one muttered. “We must have paid six figures, for what? My clients are gone, and they might not come back.” Mickey knew what they were thinking, and he called together the staff of two hundred for a pep talk. “I know this seems pointless,” he told them. “But we have to do it this way. If we pay these assholes off, they’ll be back for more later. We don’t answer to anyone!”
Instead of spending Thanksgiving on the couch watching football, Mickey stayed in the office, his wife’s dinner uneaten. “Just tell me,” Mickey pleaded with Barrett, “do you really think you’ll be able to fix this? Because otherwise, I’m out of business.” Barrett said he could do it. He kept slogging away, looking for patterns in the attacks. There were only so many ways that the zombies could move, and he programmed his machines to stop them all. Though it went back and forth for more than two weeks, the attacks finally stopped crippling BetCRIS.
By the time of Barrett’s trip south in late December, the site was up most of the time. One of Mickey’s tormentors sent a final email, mocking him for losing so much business during the fight and spending an additional $1 million fending them off—more than they had sought in the first place. “I bet you feel real stupid,” he wrote. Factoring in equipment, bandwidth, and fees to Barrett’s small company, Network Presence, the estimate was on the money, Mickey acknowledged to himself. The intensity of the experience bonded all of the defenders together sight unseen, and Barrett felt that he really knew the guys at BetCRIS, that they were friends.
COSTA RICA WAS STILL WARM when Barrett and Rachelle landed in San Jose. Glenn met them at the airport and took them to the Hotel Corobici. The balconies jutted out over an angled internal courtyard with hanging plants—not bad for the Third World. There was a decent-sized pool and a casino, which reminded Barrett that gambling was perfectly legitimate in the country. Then Glenn escorted them to the BetCRIS building, San Jose’s tallest. Nicknamed the Hive, it sat across from a park with a large lake and a fountain, stands of bamboo, and jogging paths. Barrett noticed the armed man in a suit posted outside the Hive’s front door but said nothing to Rachelle.
Every company inside was connected to gambling in some way. BetCRIS owned the building and occupied the top two floors, with a pit that made Barrett think of a stock exchange. Instead of computer monitors showing stock trades, though, the area was lined with banks of televisions tuned to every conceivable sporting event. Native Costa Ricans and fast-talking expatriate employees with New York, New Jersey, and Philadelphia accents were constantly taking bets over the phone or tending to the wagers over the Web. “There he is!” Mickey shouted as soon as he saw Barrett. “Goddamn, you’re young! What are you, in high school?” Mickey himself was still in his thirties, though his bad teeth and the extra weight he carried under his Hawaiian shirts made him look older, a bit like an overfed Jay Leno.
He put his arm around Barrett and introduced him around. Barrett had talked to the members of the core group by phone several times daily during the onslaught. Canadian Dayton was about the same age as Glenn and Barrett, and like the others self-taught. Dayton was less serious than Glenn, sarcastic, and a bit of an adventurer. Barrett liked him right away.
On the phone, the head of BetCRIS’s beleaguered Internet service provider, Brian Green, had been all business, with a barky voice and an alpha-male personality kept barely in check. The Digital Solutions CEO was a major figure at the Hive, and Mickey called him his partner. Brian was short and overweight, a Danny DeVito with gold chains.
Brian asked Barrett and Rachelle if there was anything they wanted to do while they were in Costa Rica, which did a brisk business in tourism. When he mentioned deep-sea fishing in the Pacific, the couple said that sounded like fun, and Brian said he’d be glad to take them. The next morning, he and his bodyguard-driver, Leo, picked them up, and they drove for hours to Los Sueños, a posh coastal resort with palm trees, azure-blue swimming pools, and rooms with enormous flat-screen televisions. They met Brian’s regular choice for boat charters, the captain of the good ship
Spanish Fly.
The fishing was terrific. Rachelle snapped photos of Barrett hoisting a sailfish so big he needed help to hold it. They also caught marlin and tuna, which the boat captain, Bimi, turned into sushi on the spot.
Spanish Fly.
The fishing was terrific. Rachelle snapped photos of Barrett hoisting a sailfish so big he needed help to hold it. They also caught marlin and tuna, which the boat captain, Bimi, turned into sushi on the spot.
As they sailed and fished, Barrett got to know a bit about the others on board. Bimi’s past profession, it emerged, was cocaine smuggling. He’d done time in jail, but the government hadn’t found all his money. That evening, Barrett couldn’t help but notice the scars on both of the bodyguard Leo’s knees. “Pistola,” Leo explained, his crooked forefinger pulling an invisible trigger. With Barrett’s rusty Spanish, it took a while for him to work out the basics of what had happened. Leo had been a bank security guard in Panama. A robber came in, the shooting started, and the robber didn’t go out. Leo had killed the man. Barrett took in the story with awe.
Other books
Pestilence: A Medical Thriller by Victor Methos
Too Hot to Handle by Victoria Dahl
Friend-Zoned by Belle Aurora
In the Devil's Bed (Sins of the Duke Book 1) by Eva Devon
Kleber's Convoy by Antony Trew
Choice Matters (Southern Heat Book 1) by Jamie Salisbury
Long, Lonely Nights by Marla Monroe
33 Artists in 3 Acts by Sarah Thornton
Miles to Go by Laura Anne Gilman
Reaper II: Neophyte by Holt, Amanda
