Previously on netwars 2 — Down Time
About the Book
About the Author
Previously on netwars 2 — Down Time
The team at the NCCU have been hotly pursuing an anonymous, online group of elite traders known as The Water Boys, who they suspect have been developing a potent piece of malware called MalCom, which is threatening to cause havoc in the financial sector. As their investigation continues, it becomes clear that members of The Water Boys are being killed in suspicious circumstances.
Scott Mitchell finds himself in the frame for one of the murders when one of his own, private targets turns out to be the latest victim of The Water Boys’ killer. During an interrogation with the by-the-book Agent Stacy, Mitchell is quickly able to clear his name.
With a murderer on the loose, and an attack on the whole financial sector looming, Mitchell finds himself pulled back into the NCCU. He is quickly persuaded to join Rebecca, Franklin, and Agent Stacy as they pool resources to find the real killer.
Meanwhile, The Salesman puts the first stage of his plan into motion. The target is Desai Group, one of the high-frequency trading firms in London. His team deploys their updated malware, MalComX, and they manage to take the finance firm’s entire network hostage. With their files encrypted, Desai Group have no choice but to pay the ransom. They should tell the authorities about the attack, but pride and reputation are getting in the way.
Even as the team at the NCCU begins searching for clues to the serial killer’s identity, a whole new level of malicious software is beginning to set up shop in the dark recesses of the Desai Group’s servers. Nobody knows the full extent of the planned attacks, but Uli Hirsch, Head of Security at Desai Group, is convinced they haven’t seen the last of MalComX.
About the Book
netwars 2 — Down Time 3: Prey
Part 3 of 6
The Head of Security at Desai Group figures out that one of the firm’s own traders had been part of the crippling ransom attack.
Meanwhile, back at the NCCU, Rebecca discovers that her contact in The Water Boys had tried to defect, and that his private server holds a copy of some code that may help them beat the MalCom threat.
The killer is circling closer to the investigation now, and anyone with ties to online group The Water Boys could be at risk. Will Rebecca and the team be able to keep themselves out of danger long enough to stop The Salesman’s plot?
About the Author
M. Sean Coleman launched his career as one of the original writers on Hitchhikers Guide to the Galaxy Online. He has since written and produced original, award-winning shows for MSN, O2, Sony Pictures, Fox, the BBC, and Channel 4. He continues to write novels, graphic novels and tv scripts from his home in London.
Episode Three — PREY
Uli Hirsch was exhausted. He had been running on adrenalin since MalCom had first taken over their machines. The first few hours after yesterday’s attack on Desai Group had passed in a blur of panicked action, but now, almost a full twenty-four hours later, the adrenalin rush had passed and there was still no hope of sleep for Uli. He hadn’t even left the office yet, but at least now he was back downstairs in his own department.
He was feeling more strained and emotional than he was used to, but it was easier to concentrate down here, away from Ellie Desai and Niall McCartney. They hadn’t said anything explicitly, but he knew that they blamed him for the breach. He figured they were probably right, too, although he couldn’t for the life of him see how the hackers had penetrated the trading engine servers without being given some kind of access from inside the company. He had built in every layer of security that they could afford, and even some they couldn’t, but he was all too aware that there was no way you could completely mitigate against employee corruption or just plain negligence.
He had been thinking about what had happened, and he just couldn’t shake the feeling that the company had got off too lightly considering the complexity of the malware that had taken over their systems. The ransom demand — about a quarter of a million pounds — had not been as extortionate as he had heard of in similar attacks. Sure, it was big money, but it was nothing compared to the kind of money Desai was worth.
Despite Uli’s protests for them not to capitulate, Ellie Desai had agreed to pay the ransom straight away. He still felt they should report the attack to the authorities, as he was almost sure something similar could have happened to a number of firms at the same time. He understood Ellie’s reluctance to divulge their weakness to the wider, but he was convinced that the NCCU would work to protect their identity, and they would surely know if others had suffered the same attack. He had made his feelings perfectly clear to both Ellie and Niall, but they had overruled him.
Nonetheless, Uli had done everything that they had asked of him: he had sourced and transferred the ransom, which they had demanded be paid in Bitcoin — a kind of online-only digital currency which isn’t tied to any government, bank or set of rules and, with the convoluted method they’d had to use to make the transfer, would be virtually untraceable. It made him feel sick to the stomach that they were handing over yet more money to a bunch of hackers who had already been siphoning profits from Desai Group for the last six weeks thanks to their clever manipulation of one of the company’s trading algorithms. He felt utterly defeated, and the growing tiredness wasn’t helping.
As soon as the ransom had been paid and verified, their attackers had sent across the decryption key, and Uli had begun the laborious process of unlocking, and checking all of their files. They had sent the trading staff home as soon as they knew what the ransom demand was — even with the files decrypted, there was no way that they could carry on trading that day, despite Ellie’s desire to get back on track. It would have to wait. Uli and his team needed time to ensure that the MalCom virus had been completely removed and that there was no residual damage to any of their files, servers, algorithms or processes.
Uli was all too aware that there were companies out there with far less security in place than they had at Desai Group, who would be at even more risk. He knew that publicly traded companies were obliged to report any cyber-attacks, but Desai were a private fund and, as such, were not bound by the same rules. He had considered, briefly, going behind Ellie’s back and reporting it anyway, but in the end, he knew that doing so would not only mark the end of his career at Desai, but probably within the whole sector.
Finally, he had persuaded Ellie to concede that she would consider letting him report it, but only when he had found out exactly how it had happened, and made sure that there was no way it could happen again. She wanted to be able to tell the world that they had faced the attackers and solved the problem — it was the only way she would let the news come out. It was the closest he would get to an agreement from his boss, so he had set to work trying to find answers.
He had spent several hours wading through the archived server logs, going all the way back to the month before they had first noticed the profits starting to dip. His rationale was that the malware had probably been installed and had then sat dormant, awaiting instructions. He wasn’t expecting it to be easy or quick, and he had divided his small team into shifts so that they could work around the clock to achieve what they needed to. He had hand-picked only those he knew he could trust implicitly, and everyone else had been sent home. He had been just about to leave, when one of the guys had flagged something for him to look at.
Uli Hirsch was a stickler for detail and efficiency, and his team knew it. He liked systems, and he liked everything to run smoothly. It made it much easier to detect problems, and it meant that they could be more effective. When new staff started, he would always start their email accounts and logins at least two weeks before they were physically in the building, and he would have his own team run every test on them, to make sure that they worked exactly as they should from the first moment. He had created a test server, which was like a mini exchange, on which the new starter’s account could trade safely offline, to ensure that, when they hit the real markets, there were no anomalies with the way they worked.
One of his team had just flagged up a new starter account which had moved onto to the trading engine servers, but no trades had ever been made in its name. When they had checked with the HR department’s records, it transpired that the member of staff had never started. The account had been used to access a number of servers, and had been switched to live after the requisite two weeks. There was enough activity across it to ensure that it didn’t raise flags for Uli’s department, so it was obviously being controlled by someone who knew the process. It all suggested that someone had been manipulating their system. Nothing strictly untoward had happened with the account, but the team knew that even these kinds of errors were something Uli would never have sanctioned, and they should never have missed the fact that the account wasn’t actually trading. Whether this account was the source of the intrusion was still up for grabs, but Uli had told them to bring him anything unusual, and this certainly qualified.
All of the trading floor new starter forms were signed off by Niall McCartney, and Uli knew that he would have been just as diligent in his own checks — there would be no point calling him at home and asking him about it, it was clear that the person attached to the account had never actually existed, and it would just give Niall another reason to be upset with him. Uli would find out more before mentioning it.
But as he waded through the log files, he came to a shocking conclusion.