The Director - читать бесплатно онлайн полную версию книги автора David Ignatius (15) #16

15

BASEL, SWITZERLAND

Ed Junot tried to look respectable for his trip to Switzerland. He took out his earrings, placed a knit cap over his big bald head and substituted a pair of loafers for his studded black boots; he wore a blue blazer over a white button-down shirt. The costume couldn’t change the hard set of his jaw, or the hooded eyes, but it softened the effect. He bought a first-class train ticket for Basel at the gleaming glass-and-steel train station in the Schoeneberg district of Berlin. Waiting for the train to leave, he bought some Mentos candy to suck on, and copy of Hello! magazine in German so he could look at the pictures and not appear to be American. It was a long ride, more than seven hours, and he quickly fell asleep. He was awakened in the middle of the trip when someone poked him in the ribs and said, “Das Schnarchen!” which he realized must be a reference to his snoring. He muttered, “Fuck off,” and went back to sleep.

The train arrived in the late afternoon at the Badischer Bahnhof on the German side of the city, north of the Rhine. Junot walked through passport control into Switzerland and took a taxi to the Basel Hilton, south of the river. He requested a room overlooking the Nauenstrasse. The clerk at the front desk said that most guests preferred to be on the other side of the hotel, away from the road, but Junot said he didn’t mind the sound of traffic.

Junot took his bag up to the room and opened the curtains. On the far side of the street, just across from Junot’s room, was the nipped, conical shape of the Bank for International Settlements tower, stacked on its foundation like a twenty-story beehive. He unpacked his suitcase and put his meager wardrobe in the closet, and then turned off the lights.

From the bottom of the case, Junot removed a Zeiss spotting scope that he had encased in bubble wrap. He mounted it on a small tripod and placed it atop the desk that faced the window. The lens of the scope was powerful enough that he could read the time on the wall clocks in the offices across the way, and see the expressions on the faces of the bankers who remained in their offices.

Junot opened his computer bag and retrieved a memo from James Morris that he had printed before leaving on the trip. It had the photo, office number, email address and phone numbers of a man named Ernst Lewin, who worked in the tower across the road. His office was on the eighteenth floor, in a room that faced the Nauenstrasse.

Junot focused the scope tighter. He checked the photograph, and then studied the man across the way through the viewer to make sure they were the same. His target, Ernst Lewin, was a tall, thin man, balding, with a prominent nose and black glasses. Lewin was the chief information officer and systems administrator of the Bank for International Settlements. He had “root” access to all of the bank’s systems.

From the computer bag, Junot now took a small device that included a focused laser beam transmitter, along with a receiver to capture the returning signal and an interferometer that could convert these signals into sound, and a pair of earphones. This assembly comprised a laser microphone that could hear through distant windows by reading the vibrations caused by the pressure of sound waves against the glass pane. He focused the device on the window of Ernst Lewin until he heard through his earphones the voice of the man calling his wife to say that he would be home soon for dinner.

Junot put the spotting scope and the laser microphone in the closet of his room. He affixed a jam lock to the closet door so that his tools were safe. The tension in his body eased. He was hungry after the long trip and ordered a club sandwich from room service. The sandwich had chicken salad, mixed with mayonnaise, which he disliked, instead of the grilled chicken he had wanted, and the fries were soggy. He ate half the sandwich and put the tray in the hallway.

Junot was restless: After waiting a few minutes to digest the foul meal, he went down to the hotel “fitness room” to work out. The gym had a set of free weights, but they only went up to fifteen kilograms. A woman was using them when he arrived. Junot noisily did push-ups and crunches next to her until she left. The weights were so light that Junot flung them back on the rack. Everything was pissing him off. He went upstairs and showered, and thought about sex while he lathered himself.

He knew he shouldn’t go out, but the room felt claustrophobic. He put on a black T-shirt, this one bearing the name of a band called Slipknot, and put the studs back in his ears. He went downstairs and asked a handsome young bellman where to go in town for music. The young man recommended a club across the river, located in an old military barracks. Junot cruised for a while, looking for someone interesting and submissive, but the music was insipid, just east of ABBA, and his black mood returned. Just before midnight he went back to the hotel and jerked off.

The next morning Junot got up early. He ordered breakfast from room service, and when he had eaten and bathed, he hung the DO NOT DISTURB sign from his doorknob and went to the closet to retrieve his surveillance tools. He placed the spotter and the laser microphone side by side. He focused them on the eighteenth-floor window he had identified the night before, and settled in to wait for Ernst Lewin to arrive for work.

It was 7:30 a.m. when Junot began his watch. An hour later, he heard through his earphones the sound of a door clicking open and then closing shut, and then he saw through the eyepiece the face of Lewin as he took off his jacket, hung it neatly in the closet and settled down at his desk to work.

Junot recorded useful notes through the morning. Lewin’s secretary buzzed him at 9:20 to announce Bridget Saundermann had arrived for her 9:30 appointment. Junot made a call to BIS and asked for Miss Saundermann, and was transferred to the office of the deputy information officer. Evidently she worked with other IT staffers at the second BIS office, a round white stone building at the Aeschenplatz, several hundred yards down the street from the Hilton.

Saundermann entered the room at 9:25 and gave her boss a report on a new trading management system that was being put into beta testing in the trading room. She mentioned several employees who were working on the project, the software vendor who was supplying it, and the bugs that had been found in the networking software that connected the new platform to other parts of the bank’s system. They talked about the pressure caused by the recent downturn in Asian financial markets.

Just before 11:00, Junot heard what he had been waiting for. Lewin called someone to confirm his luncheon appointment at 1:00 that afternoon at Maison Verte. Lewin asked for the man by name, Aldo Heubner, and said that it was Mr. Lewin calling. Heubner came on the phone and said that lunch was indeed on as planned, and that he had already booked the table. They spoke in English; that was their shared language, evidently. Junot made notes.

Junot waited a few minutes and then called the restaurant and made a lunch reservation for himself at 12:30. He asked for a table overlooking the river, figuring that Lewin and Heubner would want the same. The maître d’hôtel said he would do his best.

Junot went to his computer and found an Aldo Heubner who worked as a vice president for information systems at a big pharmaceutical company that was headquartered in Basel. So they were fellow IT managers, and social friends, to boot.

Junot listened to a bit more of Lewin’s morning routine and made a few more notes, but at 11:45 he changed into his white shirt and blazer and knotted a striped silk tie. He went to his computer bag and removed a final piece of gear he had brought along. It was a miniature shotgun microphone designed to look like a ballpoint pen, with a tiny earpiece to monitor conversations up to fifty feet away. Junot put the pen mike in his breast pocket, checked his tie and headed out the door just before noon.

The restaurant was a mile north of the hotel, on the banks of the Rhine, in the city’s grandest old hotel. The main dining room was small and elegant, with crystal chandeliers suspended from the high ceiling, crisp white tablecloths and deep red plush chairs. The room was perfect for surveillance: good acoustics, low ambient noise, tables well separated but none beyond range.

Junot was one of the first to arrive for lunch and only one table was taken in the main room overlooking the river. He put twenty Swiss francs in his palm as he shook the maître d’s hand and reminded him of his request to be seated in the main room. Junot was shown to a table in the middle of the room, set back from the windows that overlooked the Rhine, but close enough. He had brought a book to read, along with a notebook in which to scribble what he overheard. He put the earpiece in his right ear, away from the door, and studied the menu.

Junot was ordering his meal when Lewin arrived; he was taller and more gaunt than he had appeared through the scope. With him was a shorter man with curly hair and a loud voice, who had to be Aldo Heubner. Junot watched them take their seats by the window, perhaps thirty feet away and in direct line-of-sight range.

He told the waiter, hovering so attentively, that he would have the lobster medallions to start, and then the pigeon breast with Tasmanian pepper, and then cheese, and then a champagne parfait for dessert. He removed the pen microphone from his breast pocket and placed it on the table, under a newspaper he had brought along.

Lewin and Heubner talked with the pleasure of two friends meeting in a fine restaurant. They discussed a mutual friend: Roger Friedman, who worked for UBS; they made plans to see Benjamin Britten’s War Requiem oratorio with their wives the following week; Lewin’s wife was named Rachel and Heubner’s wife was called Angelique; they discussed Christmas holiday plans, and the annual dilemma of whether to go skiing in the Alps or fly to the sun in the Caribbean.

Junot feasted on his meal while he listened to the conversation and made occasional notes. The sound quality was nearly as good as if the two were sitting at Junot’s table. They weren’t wildly indiscreet, but they laid open their personal lives in the way that friends do during a social encounter.

Lewin and Heubner ate their entrée and main course as they talked, but they skipped cheese and dessert. They had to get back to work. They left promptly at 2:30, as Junot was beginning his champagne parfait. He ate the raspberries but left the rest. He had already eaten enough for a week. He put his tiny shotgun microphone back in his pocket and gently removed the earpiece, palming it so that even a waiter standing over him wouldn’t have seen a thing.

Junot paid the bill. It came to over three hundred francs. He thought how pissed off his Denver handlers would be when the expense account came in. Junot looked at the waiter again as he walked out, thinking how he would like to jump him in the men’s room.

* * *

The rest was rote work, once Junot had acquired the raw material through “social engineering.” When he got back to his room at the Hilton, Junot put the surveillance gear back into his suitcase and set up his laptop computer. Morris had loaded him up like a “script kiddie”—with ready-made hacking tools that he could use once he had set his target and payload. He worked carefully, making sure each step had been completed correctly before he executed anything.

The first step was to steal Aldo Heubner’s email address. Junot explored the Internet site of the pharmaceutical company where Heubner worked until he had figured out the basic format for employee email addresses. When Junot had assembled what looked like the right configuration for Heubner, he tested it by using the “email dossier” at a site called centralops.net and found that it was indeed a valid address. He sent Heubner a dummy message at that address, just to make sure. Heubner didn’t answer, but the message didn’t bounce back.

Now Junot constructed the bait on his digital hook: It was a spoofed message for Ernst Lewin that appeared to be coming from Aldo Heubner’s email account, with his normal address visible as the sender. The subject line was Thanks for lunch. Below the subject line, the message read:

Enjoyed our meal at Maison Verte today. Angelique and I will buy tickets for the Britten oratorio for you and Rachel. And holidays? What about this place at Pointe Milou in St. Barts? Expensive, but let me know what you think. Aldo.

Below the fictitious Heubner’s farewell, there was a live link for a resort called the Hotel Francois in St. Barts. Anyone clicking it would see a dreamy picture of a cabana and blue water, with a menu across the top including “Rooms and Suites,” “Bar and Restaurant,” “Spa,” “Rates, “Services” and “Contact.” It would be rude for Lewin not to click on the link, since his friend Huebner had asked for feedback.

The St. Barts resort page was the hook. Encoded with that Web page, so that it would be activated in Lewin’s computer as soon as he clicked on the link, was a piece of malware that was a zero-day exploit of the Windows operating system used by the bank’s internal computer network.

* * *

James Morris had entrusted the zero-day to Junot for this operation. It used a gap in the BIS operating system that would allow installation of malware that would mirror Lewin’s account. Once the malware had installed itself, Morris could monitor every keystroke made on Lewin’s machine and capture his “root” account passwords that controlled the entire system. Using this root access, Morris could create backdoors and move through the network to discover the usernames and passwords of other “root” administrators. With a few lateral moves, he could alter databases, steal and corrupt data files, create phony accounts and server files and conceal himself by deleting any evidence of the original penetration.

Junot sent the spoofed email message to Ernst Lewin. A few minutes later, to cover his tracks, he sent a message to Heubner from a mock-up of Lewin’s address. The subject line read Christmas holidays. Below that, the message advised: Caribbean is too expensive. Let’s talk next week at War Requiem about alternatives. Ernst. If the subject came up, each man would think the other had misunderstood.

Now Junot waited. Forty minutes later he had a text message on his cell phone from a number that James Morris sometimes used. The message read simply: We’re inside. At a computer terminal on another continent, Morris had registered the beacon confirming that Ernst Lewin had opened the link and installed the custom malware without realizing it. Morris was now able to feed other malware through a backdoor that the initial exploit had opened, and create multiple backdoors to make sure he could remain in Lewin’s root account even if the initial penetration was detected later. He could now dump account names, crack passwords and roam through the secret activities of the bank at will.

Why hack the Bank for International Settlements, the clearinghouse for central banks? Junot asked himself that question, though he didn’t dare to pose it to his boss. But had he done so, he would have received a simple, if cryptic, answer: Because it’s a symbol of everything that has gone wrong since 1945.