THREE MONTHS BEFORE the raid, a team of American computer aces working at the National Security Agency in Fort Meade, Maryland, discovered what they also could not believe. The most secret database in the United States, probably in the world, had apparently been hacked.
Fort Meade, as the word “fort” implies, is technically an army base. But it is a lot more than that. It is the home of the fearsome National Security Agency, or NSA. Heavily shielded from unwanted view by forests and forbidden access roads, it is the size of a city. But instead of a mayor it has a four-star army general as its commanding officer.
It is the home of that branch of all intelligence agencies known as ELINT, or electronic intelligence. Inside its perimeter, rank upon rank of computers eavesdrop on the world. ELINT intercepts, it listens, it records, it stores. If something it intercepts is dangerous, it warns.
Because not everyone speaks English, it translates from every language, dialect and patois used on planet Earth. It encrypts and decodes. It hoards the secrets of the United States and it does this inside a range of supercomputers which house the most clandestine databases in the country.
These databases are protected not by a few traps or pitfalls but by firewalls so complicated that those who constructed them and who monitor them on a daily basis were utterly convinced they were impenetrable. Then one day these guardians of the American cybersoul stared in disbelief at the evidence before them.
They checked and checked again. It could not be. It was not possible. Finally, three of them were forced to seek an interview with the general and destroy his day. Their principal database had been hacked. In theory, the access codes were so opaque that no one without them could enter the heartland of the supercomputer. No one could get through the protective device known simply as the “air gap.” But someone had.
Worldwide, there are thousands of hacker attacks per day. The vast bulk are attempts to steal money. There are endeavors to penetrate the bank accounts of citizens who have deposited their savings where they believed they would be safe. If the hacks are successful, the swindler can pretend to be the account holder and instruct the bank’s computer to transfer assets to the thief’s account, many miles and often many countries away.
The most secret database in the United States, probably in the world, had apparently been hacked.All banks, all financial institutions, now have to encircle their clients’ accounts with walls of protection, usually in the form of codes of personal identification which the hacker cannot know and without which the bank’s computer will not agree to transfer a penny. This is one of the prices the developed world now pays for its utter dependence on computers. It is extremely tiresome but better than impoverishment and is now an irreversible characteristic of modern life.
Other attacks involve attempts at sabotage stemming from pure malice. A penetrated database can be instructed to cause chaos and functional breakdown. This is generally done by the insertion of a sabotage instruction called “malware” or a “Trojan horse.” Again, elaborate protections in the form of firewalls have to be wrapped around the database to frustrate the hacker and keep the computerized system safe from attack.
Some databases are so secret and so vital that the safety of an entire nation depends upon them remaining safe from cyberattack. The firewalls are so complicated that those who devise them regard them as impossible to breach. They involve not just a jumble of letters and figures but hieroglyphs and symbols which, if not in exactly the right order, will forbid entry to anyone but an officially “cleared” operator with the precise access codes.
Such a database was at the heart of the National Security Agency at Fort Meade, housing trillions of secrets vital to the safety of the entire United States.
Of course, its penetration was covered up. It had to be. This sort of scandal destroys careers—and that is the good news. It can topple ministers, gut departments, shiver the timbers of entire governments. But though it may have been hidden from the public, and above all from the media and those wretches of the investigative press, the Oval Office had to know . . .
As the man in the Oval Office finally comprehended the enormity of what had been done to his country, he became angry— spitting angry. He issued a presidential order. Find him. Close him down. In a supermax, somewhere far beneath the rocks of Arizona. Forever.
THERE WAS A three-month hacker hunt. Very aware that the British equivalent of Fort Meade, known as the Government Communications Headquarters, was also of world quality and the Brits were, after all, allies, GCHQ was asked to collaborate at an early stage. The Brits created a dedicated team for that single task, headed by Dr. Jeremy Hendricks, one of the best cybertrackers they had.
Dr. Hendricks was on the staff of the British National Cyber Security Centre, or NCSC, in Victoria, central London, an offshoot of the GCHQ at Cheltenham. As its name implies, it specializes in hacker prevention. Like all guardians, it had to study the enemy: the hacker. That was why Sir Adrian sought the advice of Mr. Ciaran Martin, the director of the NCSC. He reluctantly and nobly permitted Sir Adrian to filch Dr. Hendricks from him on what he was assured was a temporary loan.
Jeremy Hendricks, in a world where teenagers were becoming leading lights, was mature. He was over forty, slim, neat and reserved. Even his colleagues knew little about his private life, which was the way he preferred it. He was gay but made no mention of it, choosing a private life of quiet celibacy. He could thus enjoy his two passions: his computers, which were also his profession, and his tropical fish, which he bred and nurtured in tanks in his flat in Victoria, walking distance from his workplace.
He had graduated from York University with a First in computer sciences, gone on to a doctorate, then another at the Massachusetts Institute of Technology, before returning to an immediate post with GCHQ in Britain. His particular expertise was his ability to detect the most minute traces hackers often leave behind which reveal, eventually and inadvertently, their identity. But the cyberterrorist who had penetrated the Fort Meade computer nearly defeated him. After the raid on the house in that suburb to the north of London, he was one of the first allowed access, as he had played a major role in finding the source of the hack.
The trouble was, there had been so little to go on. There had been hackers before, but they were easily traced. That was before increased and improved firewalls had made penetration all but impossible.
This new hacker had left no trace. He had stolen nothing, sabotaged nothing, destroyed nothing. He seemed to have entered, looked around and withdrawn.This new hacker had left no trace. He had stolen nothing, sabotaged nothing, destroyed nothing. He seemed to have entered, looked around and withdrawn. There was no vital IP, the Internet protocol that serves as an identification number, a source address.
They checked all known precedents. Had any other database been penetrated in this way? They factored in some seriously clever analytical data. They began to exclude, one by one, known hacker factories across the world. Not the Russians, working out of that skyscraper on the outskirts of Saint Petersburg. Not the Iranians, not the Israelis, not even the North Koreans. All were active in the hacking world, but they all had their hallmarks, like the individual “fist” of a Morse code sender.
Finally, they thought they detected a half-IP in an allied database, like a smudged thumbprint discovered by a police detective. Not enough to identify anyone but enough to match if it ever occurred again. For the third month they sat back and waited. And the thumbprint occurred once more, this time in the penetrated database of a major world bank.
This penetration posed yet another enigma. Whoever had achieved it had, for the duration of his presence inside the bank’s database, had at his disposal the means to transfer hundreds of millions to his own account far away, and then cause it to disappear forever. But he had done no such thing. He had, as with Fort Meade, done nothing, wrecked nothing, stolen nothing.
To Dr. Hendricks, the hacker was reminiscent of a curious child wandering through a toy store, satisfying their curiosity and then wandering back out again. But this time, unlike Fort Meade, they had left one tiny trace, which Hendricks had spotted. By this time the tracker team had given their quarry a nickname. He was elusive, so they called him “The Fox.” Still, a match was a match.
Even foxes make mistakes. Not a lot, just now and again. What Hendricks had spotted was part of an IP, and it matched the half- print discovered in the allied database. It made a whole. They reverse-engineered the trace and, to the considerable embarrassment of the British contingent, it led to England.
For the Americans, this proved that the UK had sustained an invasion of some sort, a takeover of a building by foreign saboteurs of unimaginable skill, possibly mercenaries working for a hostile government, and very likely armed. They wanted a “hard” building invasion.
The British, as the guilty hacker seemed to be housed in a detached suburban home in a peaceful suburb of the provincial town of Luton, in the county of Bedfordshire just north of London, wanted a silent, invisible, no-alarm, no-publicity attack in the dark of night. They got their way.
The Americans sent over a team of six SEALs, lodged them in the U.S. embassy under the aegis of the Defense Attaché (himself a U.S. Marine) and insisted that two at least go in with the SAS. And so it took place, and no neighbor suspected a thing.
There were no foreigners, no mercenaries, no gunmen. Just a fast-asleep family of four. A thoroughly bewildered chartered accountant, already identified as Mr. Harold Jennings; his wife, Sue; and their two sons, Luke, aged eighteen, and Marcus, thirteen.
That was what the SAS staff sergeant had meant at three in the morning: “You are not going to believe . . .”
__________________________________
