Aphelion Issue 300, Volume 28
November 2024--
 
Editorial    
Long Fiction and Serials
Short Stories
Flash Fiction
Poetry
Features
Series
Archives
Submission Guidelines
Contact Us
Forum
Flash Writing Challenge
Forum
Dan's Promo Page
    

Grid

by S.F. Katz

Leila Karimi hardly believed her luck – two days on the job and already the Pentagon was up in arms. As the newest security analyst recruited from Cyber Command, she had expected a slew of incidents. Cyber warfare, anthrax, bomb threats, the works.

Her manager Roger Turner, army lieutenant turned NSA agent, clearly tried to mask a frown as he filled her in on her first assignment. Along with three other analysts working from Virginia and San Francisco, Leila would combine efforts in tracking the source of a worm-like, polymorphic executable that had detonated upon the opening of a phished email circulated among US Congressional staff members.

First things first. Leila scoured the network event logs for a correlation between similar external IP addresses and matching timestamps.

“Do you see any patterns?” Lt. Turner’s gruff yet quiet voice startled her as she glanced up from the monitor.

Leila nodded. “The external IP addresses are consistent with the traffic seen beginning at approximately 08:00 this morning. As expected, the IPs are coming from Russia and China, but also government networks in France and Canada. Is there reason to suspect threat actors based out of those countries? Maybe government accounts in those nations have been compromised too.”

Turner’s eyebrows knitted together. “It’s a possibility. Do you see any new evidence of domain navigation activity or further details on attacker actions?” 
Leila nodded. “Four domains have been extracted. One in Farsi that I could read – a BBC Persian news website. The others are in Russian, Korean and German.”

“Thank you,” Turner inclined his head, “Keep up the good work and try to pick up the pace. The higher ups have their eye on you, and I know you can live up to their expectations. Next goal: See if you can recognize a common domain theme from these IP ranges – political, martial, and such.”

“Got it,” Leila returned to work.

Once Turner left, she shut her eyes and took a deep breath. Ever since graduating from UC Berkeley four years prior with a degree in computer science and enlisting in Cyber Command, she knew her Iranian heritage would place her under suspicion. A woman of Iranian descent going into cyber security surely screamed ‘terrorism’, a plan for Stuxnet 2.0 to take down the US government from the inside.

Turner however, being a military officer married to an Egyptian, had long since learned to look past issues of parentage, and she appreciated him all the more for it.

And yet… the pressure was palpable. Scowling in thought at the network traffic logs before her, Leila noticed something with the latest events. The IP that had hosted the BBC Farsi domain was now appearing by the hundreds. Sampling over a dozen of the associated domains in her virtual machine, Leila bit her lip at the realization that the same IP hosted an array of BBC domains. After examining over twenty such websites, the pattern became clear: Articles on the latest conflicts, strategies and artillery used in a plethora of currently ongoing martial situations – from North and South Korea to Israel-Palestine to Russian activity in Syria.

Leila swallowed hard. All the evidence indicated a motive to study global, geopolitical strategic patterns in terms of warfare. Moreover, the thousands of IPs in this same range suggested a botnet rather than a single attacker. A botnet that evidently had no geolocational origin – or at least not a source relevant to human-set jurisdiction.

No – this was the work of an autonomous bot.

“The FBI analysts in San Francisco have confirmed with French federal contacts,” Lt. Turner informed Leila minutes later over the phone, “We are all seeing the same IP range. In Paris, Berlin and even Beijing – this is the most recent IP range detected prior to mass outages across both federal and financial organizations.”

As if on cue, the landline went dead as the room fell dark. The backup generators whirred to life, as Leila rummaged her mobile from her briefcase.

“Lieutenant Turner,” she spoke in a hushed tone, “We were right. It seems to be a kind of grid where this worm has countless systems around the globe interacting with each other.”

Glancing up at the two security cameras over the wall monitor panels, Leila contemplated tossing her shoe or some other object to try and destroy the visual footage and audio. After all, who knew how far this executable had spread?

“Keep calm, Leila,” Turner’s voice seemed far away, as a chill rushed down her spine, “This entity, whatever it is, seems to be targeting the crux of our infrastructure – government and financial institutions. The motive is clearly to weaken us by creating chaos, such as lost finances. Several outages in the local region suggest healthcare could be next.”

“They want us weak so they can attack,” Leila reasoned, keeping her voice as low as possible.

Turner continued, “A computer will have the hardest time extracting meaning from human voice patterns. The nuances are much greater than the surface-level of text communication. The mobile network has yet to be infiltrated, so we will have to work with that.”

Leila nodded, hardly caring that Turner couldn’t see her. She wracked her brain for the next viable solution when faced with terrorism that deprived the target of key resources…

Covert communication. Of course.

“Lieutenant,” Leila hissed, “We have to use language. This botnet can decipher plaintext and encrypt its own code, but if we use one-character system to textually communicate in an unrelated language, it could possibly overload the worm’s processing capability by presenting data in an unrecognizable fashion. One only humans can understand.”

A pause. “Such as Hebrew words written in Farsi characters?”

“Exactly.”

The next hour saw Leila working with Eran Vardi, Israeli crypto linguist, once they had successfully developed a program on the local mobile network to translate hundreds of BBC Farsi web pages into Hebrew characters, the botnet attack ceased, and power restored within one hour.

Overload established – all presence of the malicious artefact had been eradicated.

© 2019 S.F. Katz

Find more by S.F. Katz in the Author Index.

Comment on this story in the Aphelion Forum

Return to Aphelion's Index page.