Zero Day: A Novel
FOREWORD
Mark Russinovich is recognized by many as the world’s leading expert on the Windows operating system. His tools are used worldwide by corporations and government agencies not only to keep their IT systems running, but to perform advanced forensics.
In this book, Mark has woven a compelling tale about an imminent threat to every person, household, corporation, and government that relies on technology and the systems that we depend on. While what Mark wrote is fiction, the risks that he writes about eerily mirror many situations that we see today. Clearly, we are more and more dependent than ever on Internet-connected computer systems: it is the way we communicate, do our banking, pay our taxes, book our travel, and buy merchandise. We take for granted that these systems will always be there and are set to protect our privacy and are secure. The strength of the Internet and Internet technologies is that we are so connected. However, this strength is also a weakness—these systems are vulnerable to attack from anywhere by anyone, and with little capital investment. The Internet also facilitates maintaining anonymity, on which many of us depend, but often creates a fertile ground for bad actors. As Mark’s story unfolds, we see the hacker creating superviruses hiding behind many layers of virtual disguises, which make fixing the problem even more complicated and dangerous.
For too many years, we have heard cyber-security experts saying that we need to have more security, we need to use antivirus, we need to use anti-spyware, back up our systems, use firewalls, and be vigilant about what documents we open, links we click on, and programs we execute. These and other technologies help protect a system or small network, but do not necessarily protect the overall environment that weaves through the very fabric of the Internet, touching all of us. Mark has created a unique work that is not only entertaining but a call to action as well. This is a great read and a forward-looking picture of what we need to avoid.
I hope stories such as Zero Day remain just that—great reads that will hopefully never come true.
PROFESSOR HOWARD A. SCHMIDT
PRESIDENT AND CEO, INFORMATION SECURITY FORUM LTD.
WHITE HOUSE CYBER SECURITY COORDINATOR
CONTENTS
Foreword
Title Page
Memorandum
Week One
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Chapter 18
Chapter 19
Chapter 20
Chapter 21
Week Two
Chapter 22
Chapter 23
Chapter 24
Chapter 25
Chapter 26
Chapter 27
Chapter 28
Chapter 29
Chapter 30
Chapter 31
Week Three
Chapter 32
Chapter 33
Chapter 34
Chapter 35
Chapter 36
Chapter 37
Chapter 38
Chapter 39
Chapter 40
Chapter 41
Chapter 42
Chapter 43
Week Four
Chapter 44
Chapter 45
Chapter 46
Chapter 47
Chapter 48
Chapter 49
Chapter 50
Chapter 51
Chapter 52
Chapter 53
Chapter 54
Chapter 55
Chapter 56
Chapter 57
Chapter 58
Chapter 59
Chapter 60
Chapter 61
Chapter 62
Chapter 63
Chapter 64
Chapter 65
Chapter 66
Chapter 67
Zero Day
Chapter 68
Memorandum
Acknowledgments
Copyright
MEMORANDUM
NS rated 10
DATE:
April 14
FROM:
John S. Springman
Deputy NSA, The White House
TO:
Roger Witherspoon
Executive Assistant Director, DHS
RE:
Interim Report
Following the catastrophic events late last year, Congress and the President directed the creation of a confidential Committee of Inquiry. Attached is the Interim Report of the Committee. It strikes me as a bit purple in places and speculative in others, but I accept that this is an accurate and fair rendering of the events last year. The IR has been disseminated to all involved agencies. Should there be areas you wish expanded, be certain to convey that desire to me within 10 days. Should you desire redaction of any portion, I am instructed to advise that such a request must be made in writing within the same time period, and state with specificity those sections to be deleted accompanied by a satisfactory explanation of the justification.
It is clear to me now that you were perfectly correct in your initial impression as stated at our enabling meeting. The events that led to such a cataclysmic chain of events, events I wish to add from which we are still attempting to recover, began in New York City, but only by a few minutes. They might just as easily have started over the Atlantic.
WEEK ONE
MAJORITY OF COMPUTERS LACK SECURITY, REPORT
By Isidro Lama
Internet News Service
August 10
A report released Wednesday found that more than 80% of computers lack essential security software.
The overwhelming majority of PCs in homes have been found to lack essential security protections, according to a report by a leading cyber-security firm. Most home computers lack either a firewall, anti-spyware protection or current antivirus software.
“Curiously, most consumers falsely believe they are protected,” said a spokesperson for the Internet Security Association. “The reality is quite the opposite.”
Despite modest improvements in home security since the first survey four years ago, much remains to be done. “At a time when the public turns increasingly to computers to handle finances and to house personal information, it is leaving itself exposed to exploitation,” the spokesperson added.
The situation is no better with military and government computers, according to the report. “We are significantly exposed to a cyber-attack,” the report concludes, “the consequences of which could exceed our imagination.”
Internet News Service, Inc. All rights reserved.
1
MANHATTAN, NYC
SATURDAY, AUGUST 11
12:01 A.M.
“Shhh!”
When the whisper came out of the darkness, the man stopped. A vast panel of glass covered the wall before him, displaying uptown Manhattan in a scene that might have been sold as a poster. Ambient light and the soft glow from a dozen computer monitors was all that spared the room total darkness. The logo of Fischerman, Platt & Cohen floated on each monitor.
In the hallway, the steps faded. A moment later her fingers touched his arm, pressing lightly against the soft skin on the inside of his wrist, her flesh much warmer than his. The thought of her so excited aroused him even more.
She tugged and he followed. “Over here,” she whispered. He tried to make her out in the darkness but all he could see was her form, sha
peless as a burka. They stopped and she came into his arms, on him even before he realized she’d moved. Her scent was floral, her mouth wet and also warm, tasting of peppermint and her last cigarette.
After a long moment she pulled back. He heard the whisper of clothing across nylon, the slight sound of her skirt dropping to the carpet. He sensed, more than saw, her form stretch on the couch. He unbuckled his trousers and let them drop around his ankles. He remembered his suit jacket; as he removed it, her hand touched his erection through his undershorts. She tugged them lower, then encircled him with her fingers.
Her grip guided him, and as he entered her, a single computer screen sprang to life behind the groaning couple. Turning blue, it read:
Rebooting …
After a few seconds, the screen flickered and read:
NO OPERATING SYSTEM FOUND.
The screen turned black.
BRITISH AIRWAYS FLIGHT 188
NORTH ATLANTIC, 843 MILES OFF NEWFOUNDLAND
FRIDAY, AUGUST 11
12:01 A.M.
The flight attendants were clearing breakfast in the passenger compartments as Captain Robert McIntyre scanned the dials of the PFD, the primary flight display, once again. Beside him, copilot Sean Jones sat facing dead forward in that semihypnotic posture so common to commercial pilots on extended flights.
The sound of the twin engines well behind the pilots was distant. Outside, air slipped past the airplane with a comforting hiss. The Boeing 787 Dreamliner, with 289 passengers, all but flew itself. Once the airplane reached a cruising altitude of thirty-seven-thousand feet, the pilots had little to do but monitor the instrumentation and be available should something go wrong.
The airplane could take off, fly itself, and land without human assistance. It was state-of-the-art, fly-by-wire technology, which meant the airplane had the latest in computers. The manual controls, such as the throttle and yoke, were not physically connected to anything, though they were programmed to give the feel that they were. Instead, they emitted electronic signals that moved the parts of the plane needed for control.
Computers had even designed the plane itself. So convincing was the computer construct that the airplane was approved for commercial use and had gone straight to production without a prototype. McIntyre commented from time to time that the 787 was the most beautiful and well-behaved airplane he’d ever flown. “Any plans in New York?” he asked his copilot.
Jones sat motionless for several long seconds. “Excuse me,” he said finally. “Did you say something?”
“Want some coffee? I think you were off somewhere.”
Jones yawned. “No, I’m all right. I get so bored, you know?”
McIntyre glanced at his wristwatch. They were still more than an hour out of New York City. “Better watch it. You’ll be on record in another half hour.”
The cockpit voice recorder functioned on a half-hour loop, constantly recording thirty minutes at a time, again and again. Pilots had long learned to be utterly frank only when they were not within half an hour of approach or for the first half hour after takeoff. These were the times anything unusual occurred, if at all. Once in the air, the airplane was all but unstoppable.
“I know, but thanks. ‘Plans,’ you asked? Nothing much. How about you?”
“Just a walk in the park, I think. I’m too old for the rest.”
“Right. Tell it to your wife.” Jones glanced back outside. “What’s the altitude?”
“Let’s see, right at thirty-seven thousand … Jesus, we’re at forty-two thousand feet.” McIntyre scanned the dials again as if searching for an error. The airplane had climbed so gently neither of the men had noticed. “Do you see anything on the PFD?”
“No. Looks good. We’re on auto, right?” They’d been on autopilot since London. This wasn’t supposed to happen. The plane had just come out of a complete servicing. All of the computer software had been reinstalled, with the latest updates. Everything should have been functioning perfectly. Instead, they were on an all but undetectable gentle incline.
“Right,” McIntyre said. “I’m resetting auto.… Now.” Nothing changed. After a moment he said, “Altitude is 42,400 and climbing. What do you think, Sean?”
Jones pursed his lips. “I think we’ve got a glitch. Shall we go manual?”
Pilots were under enormous pressure from the company never to go manual except at takeoff and on approach for landing. The computer not only flew the airplane in between but did a far superior job, increasing fuel efficiency by as much as 5 percent, a great money saver. If the pilots went manual, the flight data recorder, which kept a record of everything from preflight to postflight, would record it, and they’d have to file a report justifying their action.
“Airspeed’s dropping,” Jones said evenly. The autopilot was not only failing to keep the airplane at the proper altitude, but it hadn’t increased power to the engines to compensate for the steady climb.
“Altitude is 42,900 and climbing,” McIntyre said.
The door opened behind them and the senior flight attendant, Nancy Westmore, entered. “Are we climbing, boys? It feels odd back there.”
The pilots ignored her. “Airspeed is 378 and dropping,” meaning 378 kilometers per hour, well below the standard cruising speed of 945. “Altitude is 43,300 and climbing,” Jones said.
“Have a seat, luv,” McIntyre said. “And strap in. We’re going manual.” Westmore, a pretty blonde, blanched, then dropped into the jump seat and buckled up. The two had carried on an affair for the last three years.
“Bobby,” Jones said, “PFD says we are approaching overspeed limit.” The computer was reporting they had exceeded their normal flight speed and were approaching a critical limit.
McIntyre looked at the controls in amazement. “That’s impossible! Airspeed is 197 and falling.” The yoke-shaker program engaged and the stick began to rattle in front of him. In traditional airplanes, the yoke shook at stall. In the 787, the computer simulated the effect for the pilots.
At that moment the stall warning came on. “We’re nearly at stall! It can’t be both. Going manual … now.”
A soothing woman’s voice spoke. “Warning. You are about to stall. Warning. You are about to stall. Warning…”
But when the autopilot disengaged, nothing happened.
“Are you nosing down?” Jones asked, looking over, seeing for himself that McIntyre had pushed the yoke forward.
“No response,” McIntyre said. “Nothing. Jesus!”
“Airspeed 156, stall. Altitude 43,750, still climbing. Holy shit!”
Then the mighty 787, cruising at over forty-three thousand feet, stalled. All 427,000 pounds of the airplane ceased to fly as the plane nosed up a final moment, then simply fell toward the blue ocean eight miles below. All three experienced a sensation of near weightlessness as the plane plunged toward the earth. Westmore closed her eyes and locked her mouth shut, vowing not to make a sound.
Behind them came a roar of passengers screaming.
As it stalled, the airplane lost its flight characteristics, which depended on forward motion through the air for control. The plane fell as an object, not as an aircraft. Without comment McIntyre pulled the yoke well back, fighting to maintain some control and keep the craft upright. Without air control, the plane could easily roll onto its back. If it did, they were lost.
Under his breath Jones said, “Hail Mary, full of grace, the Lord is with thee…” He scanned the PFD. “Airspeed 280, altitude twenty-nine thousand.”
“Jesus,” McIntyre said. “I’ve got nothing.” The yoke was not giving him any feel. The plane was moving through space absent any control. “Engaging auto!”
Through the closed door came more screams. Neither pilot heard them.
Jones reached over and engaged the autopilot. Both men were trained that in an emergency, the autopilot had a superior solution to any they could come up with. They’d been shown example after example of pilots wrestling with airplanes until they crashe
d, doing the wrong thing over and over, when the autopilot would effortlessly have saved the craft.
“Patience. Give it time,” McIntyre said as if to himself.
Another long moment passed. Nothing happened. The airplane wobbled to the right, corrected itself as it was designed to do, then wobbled to the left.
“Airspeed 495, increasing; altitude twenty-seven thousand, falling,” Jones said. He resumed the Hail Mary.
“Mother of God,” McIntyre muttered, “hear me. Disengaging auto. Setting throttle to idle!”
The airplane was now in a significant dive, and the crew could feel the buildup of airspeed as it rushed toward the sea. The sound from the passengers was now a steady desperate drone. The plane was well nosed forward. The horizon, which should have lay directly in front of them, was instead high above.
“Airspeed 770, altitude twenty-two thousand!” Jones’s voice had risen an octave.
“Shit!” McIntyre said. “God damn you!” he shouted, cursing the airplane. “Reboot,” he commanded. “Reboot the fucking computer! Hurry up.”
Jones tore his eyes from the PFD. “Rebooting.” They were under strict orders never to reboot in flight. This was a ground-service procedure. Jones fumbled for the switch. “Got it! Not responding, Bobby. It’s not responding! It’s locked!”
“Kill the power.” McIntyre’s face shone from sweat. “Hurry. We haven’t much longer!”
Jones looked to his right, ran his hand and fingers down the display, found the master switch, and flipped it off. The PFD went black.
“Wait!” McIntyre snapped. “Give it a second. Okay. Now!”
Jones flipped the switch. “On!” There was a pause. The dials before them sprang to life.
From behind them came a steady roar of terror punctuated by loud noises, as luggage from the overhead compartments and laptops flew about, striking anything in their own flight path.
“Engaging auto!” McIntyre said. Nothing.
“It’s still rebooting,” Jones said. They couldn’t know for certain either their airspeed or altitude, making reliable decisions impossible. “I estimate fifteen thousand with airspeed in excess of 836.” They were nearly at standard cruising airspeed. “We’re falling fast.”