The President Is Missing(72)
“Augie,” I say again.
He smiles in apology. “Here: you type in www.cnn.com, but the network converts it to a routing number to direct traffic. A flood attack sends bogus traffic to the network and overwhelms it, so the network stalls or crashes. In October of 2016, a DDoS attack shut down many servers, and thus many prominent websites in America, for nearly an entire day. Twitter, PlayStation, CNN, Spotify, Verizon, Comcast, not to mention thousands of online retail operations, were all disrupted.
“And then the corruption of the BGP tables—the border gateway protocol tables. The service providers, such as, for example, AT&T—they will essentially advertise on those tables who their clients are. If Company ABC uses AT&T for Internet service, then AT&T will advertise on those tables, ‘If you want to access Company ABC’s website, go through us.’ Let’s say you’re in China, for example, using VelaTel, and you want to access Company ABC’s website. You will have to hop from VelaTel to NTT in Japan, and then hop to AT&T in America. The BGP tables tell you the path. We, of course, just type in a website or click on a link, but often what is happening almost instantaneously is a series of hops across Internet service providers, using the BGP tables as a map.
“The problem is that these BGP tables are set up on trust. You may recall that several years ago, VelaTel, called ChinaTel at the time, claimed one day that it was the final hop for traffic to the Pentagon, and thus for some period of time, a good portion of Internet traffic intended for the Pentagon was routed through China.”
I know about it now, but I wasn’t aware of it then. I was just the governor of North Carolina back then. Simpler times. The understatement of the century.
“A sophisticated hacker,” says Augie, “could invade the BGP tables at the top twenty Internet service providers around the world, scramble the tables, and thus misdirect traffic. It would be the same effect as a DDoS attack. It would temporarily shut down Internet service to anyone served by that provider.”
“But how does that relate to the installation of the virus?” asks Noya. “The object of a DDoS attack, as I understand it, is to shut down Internet service to a provider.”
“Yes.”
“And it sounds as if this—this scrambling of the BGP tables has the same effect.”
“Yes. And as you can imagine, it is very serious. A service provider cannot afford to lose service to its customers. That is its whole reason for existence. It must act immediately to fix the problem or it will lose its customers and go out of business.”
“Of course,” says Noya.
“As I said before, misdirection.” Augie waves a hand. “We used the BGP tables and the DDoS attacks as platforms to invade the servers.”
Noya raises her chin, getting it now. Augie had to explain all this to me more than once. “So while they were focusing on that emergency, you snuck in and planted the virus.”
“An accurate enough summary, yes.” Augie cannot help but beam with pride. “And because the virus was dormant—because it was hidden and performed no malicious function—they never noticed.”
“Dormant for how long?” asks Dieter Kohl.
“Years. I believe we started…” He looks upward, squints. “Three years ago?”
“The virus has been lying dormant for three years?”
“In some cases, yes.”
“And you’ve infected how many servers?”
Augie takes a breath, a child prepared to deliver bad news to his parents. “The virus is programmed to infect every node—every device that receives Internet service from the provider.”
“And…” Kohl pauses, as if afraid to probe further, afraid to open the door to the dark closet to find out what’s hidden inside. “Approximately how many Internet service providers did you infect?”
“Approximately?” Augie shrugs his shoulders. “All of them,” he says.
Everyone wilts under the news. Richter, unable to sit still, rises from his chair and leans against the wall, folding his arms. Noya whispers something to her aide. People of great power, feeling powerless.
“If you have infected every Internet service provider in the country, and those providers have, in turn, passed on the virus to every client, every node, every device, that means…” Dieter Kohl falls back in his chair.
“We have infected virtually every device that uses the Internet in the United States.”
The prime minister and chancellor both look at me, each turning pale. The attack we are discussing is on America, but they know full well that their countries could be next.
Which is part of the reason I wanted Augie to explain this to them.
“Just the United States?” Chancellor Richter asks. “The Internet connects the entire world.”
“A fair point,” says Augie. “We targeted only the ISPs in the United States. No doubt there will be some transfer to other countries as data from American devices is sent abroad. There is no way to know for certain, but we wouldn’t expect the spread to be significant. We were focusing on the United States. The goal was to cripple the United States.”
This is far broader than our worst fears. When the virus peeked at us, it was on a Pentagon server. We all thought military. Or government, at least. But Augie is telling us it goes far, far beyond government usage. It will affect every industry, countless aspects of daily life, every household, all facets of our lives.
James Patterson & Bi's Books
- Cross the Line (Alex Cross #24)
- Kiss the Girls (Alex Cross #2)
- Along Came a Spider (Alex Cross #1)
- Princess: A Private Novel (Private #14)
- Juror #3
- Princess: A Private Novel
- The People vs. Alex Cross (Alex Cross #25)
- Fifty Fifty (Detective Harriet Blue #2)
- Two from the Heart
- Fifty Fifty (Detective Harriet Blue #2)