Home > Most Popular > Lock In (Lock In, #1)(72)

Lock In (Lock In, #1)(72)

Written By: John Scalzi



“Nice,” I said.

“Everyone likes candy,” Tony said.

“So someone could steal a hash and get into someone else’s network,” Vann said, dragging us back on point.

“Right,” Tony said. “The problem for the hacker is that even when they’ve got the hash, they’re still coming through the front door. Everyone’s looking for the stolen or spoofed hash and the malicious code. Which is why every patch is first unpacked and executed in a sandbox—a secure virtual machine. If something malign is in the code, it’ll execute there and get caught. And there are other security measures as well.

“The story here is that it’s very difficult to get any suspect code into the network in the established route. Even for a brilliant hacker, it’s a long walk to a dry well.” He turned to Vann. “Which is why I told you that it was very unlikely.”

“But then Rees tried to kill me,” Vann said.

“Actually that’s not the part that convinced me I was wrong,” Tony said. “It was the part where Chris said Rees tried to get away from the grenade after intentionally pulling it to avoid being caught. It’s possible control was taken by the front door, but if it was there’d be a record of it—patches installed when they shouldn’t have been, sandboxes launched to test the patches, a record of the acceptance of the validation of the patch and the hashes of the programmer and company who sent it along. There was nothing out of the ordinary.”

“So there’s another way in,” I said.

“There is,” Tony said. “Think about it.”

It was Vann who got it. “Fucker did it when he integrated,” she said.

“Yes,” Tony said. “When a client connects with the Integrator, there’s a handshake of information, and then a two-way data stream opens up. This aspect of the network is meant to be a totally separate process from the internal operation of the network, and it is … but the code isn’t perfect. If you know where to look you can find places to access the network’s software. And that’s what happened.”

Tony zoomed into the network to focus on the nodule that included the receiver for the client data stream. He pointed to a structure. “That’s an interpolator,” he said. “If there’s any short disruption of the data stream, a millisecond or less, the interpolator polls data on either side of the gap and fills in the gap with averaged data. But to do it, the interpolator has to access processing from the network. It’s a break in the firewall. And that’s what Hubbard exploited.”

The image changed to a schematic. “Here’s what I think he did,” Tony said. “First, he handshakes a data feed with the Integrator. Then he intentionally introduces gaps into the data stream, long enough to activate the interpolator. Then he uses the interpolator’s channel to the processor to feed it an executable file. It does this as long as needed in order to download the file. Then it unpacks and rewrites the network’s software.

“It’s going directly into the processor, so no sandbox. It’s avoiding the verification process, so no need for a hash. It’s a small file, so the Integrator’s network doesn’t have to close the session to execute it. The Integrator never even knows they’ve been compromised.”

“Why the hell hasn’t something like this been fixed already?” Vann asked. I could tell she was seriously creeped out by what Tony was telling us.

“Well, think about it,” Tony said. “This is a pretty damn big bug, but it’s a bug that has a very narrow pathway to it. First someone has to know about it. Then they have to have the technical ability to exploit it. Then they need the technical means to exploit it—by which I mean that the ability to introduce intentional disruptions into the data stream isn’t something your average Haden is going to be able to do in their own head. This needs a specialized instrument between the client and the Integrator. And by ‘specialized,’ I mean that as far as I know it doesn’t actually exist. It would have to be created.

“No one’s patched this bug because up until now it wasn’t actually a bug. It was a benign quirk at best. Basically you would have to be a Lucas Hubbard to exploit this.”

“But Brenda Rees never integrated with Hubbard,” I said. “She integrated with Sam Schwartz.”

“Hubbard created the process and tools,” Tony said. “Once they existed, they could be used by someone else.”

“Sam Schwartz is Hubbard’s lawyer,” Vann said. “He’s in the perfect position to assist him.”

“Not a very ethical lawyer,” Tony said. “But, yeah. There’s no reason Hubbard couldn’t hook Schwartz up to his machine and let him have a go at it.”

“You seem pretty sure that it’s Hubbard,” I said.

“You seem pretty sure about it, too, Chris,” Tony said.

“I know, but what I want to know is whether you think that because I do, or whether you think it because you have another reason to.”

“I believe it because you believe it,” Tony said. “I also believe it because the scope of what we’re talking about here—both for this and for what happened with Johnny Sani—requires resources of either a small country or a very wealthy person. But most of all I believe it because of the code.”

John Scalzi's Books