The Trojan Horse
William Quincy Belle
Alexei finished doing a compile and uploaded the executable code to the test machine. He swiveled around in his chair and faced Ivan. “That’s it, buddy. Over to you. I think I outdid myself this time. I’ve got things buried so deep, there is no damn way Symantec or McAfee will get it out, never mind detect it.”
Ivan chuckled. “Okay, Mr. Smarty-pants, let me be the judge of that.” He shook his finger at Alexei in a sign of admonishment. He swiveled in his chair to another console and tapped away at the keyboard.
“What’s up, guys?” Dmitri strode into the room. He was the brains behind the outfit and always acted the part by wearing a suit. Even when Dmitri took off his suit jacket, he never took off his tie.
“I’ve uploaded the new version of the Trojan,” said Alexei, looking at Dmitri. “If I do say so, this is going to be a good one.”
Dmitri smiled. “Good stuff, Alexei.” He turned to Ivan. “You’ll put it through its paces?”
“I’m already on it,” said Ivan without turning around.
“I snagged ourselves a new contract with a group operating out of Hong Kong. If we furnish them with email addresses and personal information for fifty thousand, they will pay us a good buck. If we give them a hundred thousand, they will give us all a nice bonus. And when we get more, the scale will go up. Let’s hope this latest effort does the trick as we could be looking at a good profit.”
Alexei had spent the past few months developing what he thought was the mother of all rootkits. Once this software was activated, it would overwrite the boot sector of a computer and put in its place a clever but nasty series of checks and balances which provided a renewable buffer between the operating system and the hard disk. Once it was in place, it would be virtually impossible to get it removed without wiping the entire hard drive clean and doing a fresh install. Alexei had inserted a number of load points into the operating system itself so, even if something put a fresh copy of the boot sector back, one of the other load points would kick in and restore the infected boot sector. If any of the anti-virus scanners kicked in, the Trojan would operate the disk interface so that any of the infected folders, the infected boot sector, or infected system files would be automatically replaced with a clean uninfected copy. Symantec or McAfee would keep reporting everything was okay because they could never gain access to the infection. The user would go about their day unaware their machine was compromised, their keystrokes were being recorded, and their personal information was being relayed back to Alexei’s group through an untraceable worldwide anonymity network.
Dmitri and group had successfully deployed several such Trojans in the past two years. Anti-virus software eventually caught on to their work and they then had to modify things to further disguise their code, but any fresh deploy usually gave them several months to even a full year before a Trojan was rendered unusable. Despite the coverage in the newspapers of computer viruses and the importance of safety measures, the general level of security wasn’t all that good. The average home computer owner had no clue what was going on. They bought a machine; they surfed the Net; they played games and shopped online, but they really had no idea how anything worked.
Dmitri stood behind Ivan and watched him work on the test machine. The three of them had developed a significant operation with a number of so-called products which netted them all a tidy profit. In addition to viruses and Trojans, they had assisted several pharmaceutical websites in emailing advertisements to millions of users to drum up sales, all with a commission. Business was good.
“Are you taking Dominika to that new movie tonight?” Dmitri hadn’t stopped watching Ivan, but the question was directed to Alexei.
“Yeah, I plan to. I figured if I got out of here by five, we’d have enough time for dinner before the seven-thirty show.” Alexei was lounging in his seat, watching Ivan work on the test machine.
“Sounds good,” said Dmitri. He half turned to Alexei, but kept his eyes on the screen of the test computer.
There was a knock at the door. Ivan stopped typing. Dmitri turned and looked at Alexei. Alexei looked at Dmitri. All three of them had perplexed looks on their faces. Nobody knocked at their door. Ever. Nobody even knew they were there. Dmitri had rented the office space a few years back and had set up a dummy company name so no one would ever know about their operation.
“Who’s that?” Alexei turned to the door.
“Beats me,” said Dmitri. “Maybe it’s the super.”
Dmitri walked over to the door, which led into the corridor. He turned the knob and pulled the door open to find a man in a suit holding a piece of paper. “Yes? May I help you?” Dmitri said in Russian.
The man hesitated and said in English, “Are you Mr. Dmitri Ivanov?”
“Yes,” said Dmitri in English.
“Are Mr. Ivan Lebedev and Mr. Alexei Pavlov here with you?”
Dmitri now looked perplexed. “Would you mind explaining what this is all about?”
“Not at all,” said the man. He stepped to one side, turned to look up the hall and said, “Gentlemen,” while gesturing to the open door.
The next few moments happened quickly, so quickly that Dmitri, Ivan, and Alexei didn’t have any time to grasp what was going on. Six men rushed into the room from the hallway. They were all wearing latex gloves. The first two men stepped through the doorway, grabbed Dmitri’s arms, picked him up, and carried him into the center of the room before forcibly seating him in a chair. The other four men paired off; two went to Ivan and two went to Alexei. Each man pulled out a roll of duct tape and fastened a forearm to the armrests of the two programmers’ chairs.
Ivan and Dmitri were stunned into silence but Alexei yelled. “Hey! You can’t do that!” One of the two men standing over Alexei slapped him hard. The blow stunned Alexei and he fell silent. The men taped the arms and the legs of Dmitri, Ivan, and Alexei to their chairs. They pulled out rubber balls and forced one into each of their mouths, then ran a band of tape around their heads to ensure they couldn’t spit the balls out.
In the meantime, the seventh man had shut the door to the corridor, found an empty chair, and brought it around. He seated himself, unbuttoned his suit jacket, and crossed his legs. The other men grabbed the three chairs holding Dmitri, Ivan, and Alexei and lined them up to face him.
“Gentlemen, my name is Mr. Alan.” He glanced at the paper he held in his latex-gloved hand. “Now if I have this correctly, you are Dmitri Ivanov.” Mr. Alan pointed to Dmitri. “And you are Ivan Lebedev and you are Alexei Pavlov.” Mr. Alan pointed to each man.
Mr. Alan folded the piece of paper and put it in an inside pocket in his suit coat. “I’m sure you are all curious who I am and why I am visiting, so we will dispense with the civilities and get right to the heart of the matter.” He looked down and brushed a piece of lint off one pant leg of his suit.
“The three of you have been working together for about two years now, producing various pieces of software of a dubious nature. You are working on the fringes of the computer world, taking advantage of the security holes to be found in many systems and taking advantage of the general gullibility of a naive public. Far be it for me to stand in judgement of anyone conning a mark. Caveat emptor.” Mr. Alan paused and looked at each of the three men. They stared back wide-eyed.
“However, you targeted my organization. We could argue that casting one’s net on the Internet means we cast a wide net with little concern where that net falls. Such is the nature of the beast. But when one is attacked, when one is compromised, one feels the need to take remedial action to ensure they remain safe and secure.”
Mr. Alan turned to Alexei. “Mr. Pavlov—Alexei—I believe you are the author of the Trojan horse called the May Blackhole.” Mr. Alan waited a moment as if to give Alexei a chance to respond, but the ball gag prevented him from saying anything.
“This is an interesting bit of programming. Ingenious, in fact, the way it first exploits the ignorance of the user, then worms its way into the operating system and records keystrokes. From what I understand, and I understand little of these technical matters, it passes back to the host—that is, you—private and confidential information such as bank account numbers, PINs, passwords, etc. It’s intriguing what you can find out about anybody if you are, so to speak, leaning over their shoulder and watching what they are doing at their computer. And with your key stroke recording, you are doing exactly that.
“Unfortunately, gentlemen, I can’t allow you or anyone else to look over my shoulder. My operations are very important to me and very, very secret. Secrecy is the key to my success, in fact. Which brings me to why I am here.” Mr. Alan put one hand up to his mouth and coughed. “Pardon.” He smiled. “I wonder if I may be coming down with something. Either that or it’s jet lag.
“You gentlemen have stolen information, secret information from my organization. I can’t allow that to happen and I am here to take all the steps necessary to ensure that never happens again. I have had to spend a fair bit of time and resources—resources including money spent on consultants, anti-virus software, upgrading firewalls, etc.—to better protect myself and my colleagues from outside malicious attacks such as yours perpetrated against my computer systems.”
All eyes were fixed on Mr. Alan; the eyes of his three captives and the eyes of his six cohorts. Mr. Alan was in command.
“Do you know what the total cost of spam is to the world? A recent report in the Journal of Economic Perspectives estimates the overall cost to be $20 billion. That takes into account lost productivity due to spam and the additional resources necessary to combat it. Twenty billion dollars! Gentlemen, that is a lot of money. Now, if you and your buddies were making $20 billion, well, heck, I would want a slice of that pie, but the fact is, what you make overall is a mere pittance compared to the cost to the world. The same report estimates the global profit to be only $200 million dollars. Imagine that for every dollar of profit you are causing one hundred times the damage. Sounds pretty inefficient to me.
“Of course, that is talking about spam. If we move into the area of Trojans, viruses and whatnot, we’ve moved into the area of corporate espionage and who knows what fortunes can be made there?
“Now my Russian friends here were of the mind to rid the world of your presence permanently. However, after careful reflection, I thought it would be better, if not best, to use your folly as an example to others who may be tempted to prey on the weak and stupid, but target the strong and smart.” Mr. Alan smiled again. “You have to admit that you all being tied up right now is a display of strength, and the fact we’re here should indicate we may be more than a pretty face.” He paused. “Consider the fact we found you. I wonder why the American CIA or some other secret government service hasn’t zeroed in on you.” He shrugged. “I guess you must be too small of a fish to fry. Humph, many times we think we’re safe at home in bed when, in reality it’s a question of somebody bigger having not yet set their sights on us.”
Mr. Alan looked at his cohorts. “Would you three start on removing the storage?” Immediately, three of the men began going around the room with screwdrivers, taking apart computer cases and removing hard drives. They disconnected laptops and took the entire machine. One man went into the next room.
Mr. Alan turned back to the trio of programmers. “Now, to best make an example of you, I need you to live. Therefore, nothing fatal will be done. Nevertheless, we must do something to dissuade the next group thinking of entering this dubious field of endeavor.” Mr. Alan uncrossed his legs and re-crossed them the opposite way. “I thought the easiest thing to do would be to remove a digit.”
One of the Russian thugs pulled out a pair of wire cutters. The three programmers recoiled at the sight of the tool. Alexei yelled and thrashed around in his chair. The chair teetered and fell onto one side. Another man pulled the chair upright.
Mr. Alan looked at this scene with utter detachment. “Are you familiar with Michael Moore?” He raised an eyebrow as he looked at each of them. “He’s an American filmmaker who does excellent investigative documentaries. In his film Sicko about the American health care system, he talks with a gentleman who cut off the ends of two fingers with his table saw. Since he didn’t have health insurance, he had to pay out of his own pocket to have the fingers re-attached. I’m not sure how the hospital came up with this pricing schedule, but they wanted $12,000 to re-attach the ring finger and $60,000 to re-attach the middle finger.” Mr. Alan shook his head. “Imagine that the United States is the only advanced industrialized nation which does not offer its citizens universal health care. Shameful.
“In any case, I estimated that it cost my organization about two hundred thousand dollars to respond to the little security breach you caused. We had to change passwords, move accounts, reformat hard drives, hide transactions, etc. etc. It’s amazing how such costs rack up, but technology isn’t cheap and, if you want the best, you have to pay top dollar.
“So I decided, based on the cost of $60,000 per finger, that I would take the right middle finger of each of you for a grand total of $180,000. Not quite two hundred thousand, but what the heck, I’ll eat the difference.
“As I said, I want to create a deterrent out of this, a warning to others. Therefore, we are going to film the amputations and post them online. We will include your names and contact information, so if anybody wants to verify the authenticity of the video clips, they can speak with you directly. Since you all speak English fluently, I’m sure it will be fairly easy for you to enlighten most of the international crowd.
“Shall we begin?”
A man pulled out a small video recording device and pointed it at Dmitri. Without warning, the man with the wire cutters came forward, grabbed a hold of Dmitri’s right hand, moved the instrument into place, and snapped. Even though Dmitri had a ball gag still in place, his muffled yelling filled the room. Alexei cried and shook his chair around again. One of the thugs held it so it wouldn’t tip over. Ivan remained silent. Mr. Alan glanced at Ivan and saw that he had wet himself.
The thug with the cutter moved to Alexei. Alexei let out a long muffled yell, then his head pitched forward onto his chest. He had fainted. The thug snapped.
The thug then moved to Ivan. Ivan was perfectly quiet. He remained limp, passive. The thug amputated his finger and, yet, Ivan didn’t react. Mr. Alan thought Ivan must be in shock.
“Bandage the wounds,” said Mr. Alan. “We don’t want anybody bleeding to death. These gentlemen are worth more to us alive than dead.” The men set to work.
Three of the thugs came back into the room with a cardboard box filled with various items, including four laptop computers. Mr. Alan glanced at the contents. “Is that everything?” They nodded.
“Gentlemen, our work here is done. And I would think your work is done here, as well.” The thugs removed the duct tape and freed the three programmers.
Mr. Alan looked at each programmer. “Dmitri, your wife is five months pregnant. You are going to be a father to a boy. A boy needs a father. Go back to studying law. I’m sure you will make a good lawyer. Alexei? Dominika is a fine girl. Treat her well. She would make a good life partner. Ivan. You’ve got good programming skills. There are many legitimate organizations who would like to have you. Seek them out.”
All the men shuffled out the door. Mr. Alan followed, but paused at the door and looked back. “I trust we will never see one another again. I would hate to make a second visit because if I do, I guarantee I will follow the advice of my Russian friends and it will be the last visit.”
Mr. Alan stepped out in the hall and closed the door. Within an hour, the videos were posted on YouTube. Within two hours, YouTube took them down but, by that time, people had copied the videos and posted them on various secondary video-sharing sites, along with the contact information of the three programmers. While the story spread somewhat, many thought the videos consisted of special effects. Only a few people called Dmitri, Ivan, and Alexei to confirm the story.
Six months later, Mr. Alan came back to Russia, but this time to visit a group calling themselves the Russian Freedom Fighters. This group of five rebel computer enthusiasts had hacked into secondary systems connected to Mr. Alan’s organization. For this visit, Mr. Alan followed the guidance of his Russian friends and the Freedom Fighters ceased to exist. In a country of 150 million people and a record of questionable political stability, who’s going to miss four men and a woman? Mr. Alan thought it was an unfortunate waste of talent, but had realized over the years that some people seemed detached from the results of their actions. They wanted something from somebody, and they didn’t care if the other person suffered or not. They were determined to get what they wanted, regardless of the price paid by anybody else. Mr. Alan appreciated the idea was also applicable to him but, in this instance, he had the bigger stick. There is no honor among thieves, he reasoned. I don’t care if you steal, just don’t steal from me. Period. Mr. Alan also reasoned he was doing his share to stop these nefarious people from possibly bleeding the system dry. A wise parasite doesn’t kill its host. That would be suicidal.
About the Author
William Quincy Belle is just a guy. Nobody famous; nobody rich; just some guy who likes to periodically add his two cents worth with the hope, accounting for inflation, that $0.02 is not over-evaluating his contribution. He claims that at the heart of the writing process is some sort of (psychotic) urge to put it down on paper and likes to recite the following which so far he hasn’t been able to attribute to anyone: “A writer is an egomaniac with low self-esteem.” You will find Mr. Belle’s unbridled stream of consciousness here (http://wqebelle.blogspot.ca) or @here (https://twitter.com/wqbelle).