Rogue Code (15 page)

Read Rogue Code Online

Authors: Mark Russinovich

BOOK: Rogue Code
3.47Mb size Format: txt, pdf, ePub

Though Victor Bandeira’s rise within the NL had been greatly facilitated by his marriage to Esmeralda, Carvalho’s unexpected death from a presumed heart attack just three years later placed him in a precarious position. Bandeira had not by that time been designated as the heir apparent—though that, it turned out, was what saved his life. He’d not been seen as a threat among those who vied for leadership.

Still, there’d been changes. For one, Bandeira had been removed from his safe sinecure and assigned responsibility for a street gang. The new
chefe
told everyone except Bandeira that the young man was soft, that he’d been coddled by Carvalho. To his surprise, Bandeira found he took pleasure in working the streets, taking part in the action, overseeing the executions or doing them himself. He understood finally the addiction of the streets, the allure of power, the sense of invulnerability that came with guns and violence.

But Bandeira was not a foolish man, and he knew that there was nothing in the streets in the end for him but death or prison. So when the opportunity came, after he’d proved his manhood to the
chefe
’s satisfaction, he was moved into finance, a safe cubbyhole where he was content to bide his time.

His movement up the ranks thereafter had been slow but steady. He’d been careful to remain on favorable terms with every potential leader and made no enemies. It had not been easy, but he’d managed to walk the tightrope. Only when he was finally in upper management, a mere rung or two away from the prize, had he acted. It had taken two deaths, one staged as an automobile accident, the other as a botched surgical procedure, but two years earlier, he’d emerged as the undisputed leader of Nosso Lugar. He’d moved quickly thereafter to clean out upper management of any potential rival. He’d not mentioned any of this to his son.

Over the years, Bandeira had studied the organization’s cash flow and slowly became convinced that it should move away from activities that made them the target of other cartels. They weren’t big enough to take them on. As
chefe,
he kept with the tried and true. NL still sold drugs within its territory and trafficked in prostitutes; these were the standards of their business, but he was careful not to expand. He ordered that they stop dealing in guns as he wanted to see fewer weapons on the streets and whenever he spoke with the other
chefes,
he made the point with them. Their men would always have the weapons they needed but it made no sense to be selling firearms to uncontrollable gangsters. He saw no sign that he was convincing anyone, but he kept at it.

Bandeira also cut back on the protection money NL took from small businesses. It no longer constituted a major source of income, and he knew from his own experience how counterproductive it was. He wanted thriving shops and stands in his area and his agents were able to use the loyalty of the merchants in other ways, as lookouts, to stash illicit items for a few hours or days, or to provide places of refuge when needed. In Bandeira’s view it had all worked out for the better.

While working in finance, even before becoming
chefe,
he’d become convinced that the future of real money was in computers and the Internet. He’d followed closely the growth of cyber-crime and even before he’d become head man he’d set up operations. As a consequence, NL was a major world player in Internet gambling, running the three largest such operations.

He’d moved aggressively against his competition in the early days. He’d sent men to infiltrate other operations and sabotaged their sites at every opportunity. He’d used denial-of-service attacks against rival gambling Web sites and to that end had a team of bright young men led by Abílio Ramos setting up botnets constantly, botnets that sat idle for long periods until his other teams put them to good use.

A botnet was a collection of computers connected to the Internet, thousands of them, in which the cyberdefenses had been breached, and they’d been placed under the control of an outside party, unknown to whoever owned or operated each computer. The computers were co-opted when someone using them executed a bit of malicious software. They may have been lured into making a download, or been penetrated by a vulnerability in their Web browser, or even tricked into running a Trojan horse program, which likely came through an e-mail attachment, often from a known source. Such infected computers were used to recruit other computers. Once within the computer, the malware placed the computer under the control of the botnet’s operator, known as the “herder.”

Typically the herder directed the botnet group to his own ends. Among these were denial-of-service attacks, and just the threat of one allowed the herder to blackmail the potential target. Introducing spyware was not uncommon and allowed the herder to collect the user’s passwords, credit card numbers, and banking information all of which would be used to loot his financial accounts. The planted malware might be something so simple as placing ads on the computer without the owner’s consent or employing the computer to distribute spam.

The reality was that the herder had at his disposal a vast network of computers he could put to most any use he desired, all without the knowledge of the individual computer owner or operator or both. The NL’s vast network had proved highly effective against others but in analyzing the uses to which they were put, Bandeira had determined that such vast networks remained largely untapped as future sources of illicit income.

Marvelous as computers were, though, he was still forced to deal with error-prone people. There was no getting away from it. He’d seen it time and again. Carefully designed systems stumbled because some idiot wrote sloppy code.

Just then, an aide entered quietly, waiting to be acknowledged. “Yes?” Bandeira asked, turning from the window.

“Your son wishes to speak with you. He says it is urgent.”

Casas de Férias
,
Vacation Homes, the operation managed by Pedro, had been slow developing and had been fully operational for only the last year. But careful planning and Ramos’s hard work had paid off. It was Bandeira’s special pride, and he had high expectations for its long-term success. He’d invested a bundle to make it happen.

The rewards flowed over the wires, bounced around the world, sometimes even into his own bank. This particular cyberoperation was about to turn into a cash cow, one he saw no reason he couldn’t keep milking for decades. The only negative he could see was that the millions they were making were small time. Billions of dollars were out there for the taking, it was just up to Ramos to figure out how. Someone, somewhere, was going to manage to steal from the NYSE without detection, why not NL?


Padre
,” Pedro said. “I’m sorry to report we have a serious problem. It’s just come up.”

“Tell me.”

Pedro laid out what was taking place in New York. He was worked up and Bandeira cautioned him to slow down twice, but he got it all out in the end. “So we’ve been detected?” Bandeira asked.

“That is what I’m told, though they don’t yet seem to know precisely what we are doing.”

“Tell me again about the killing.”

“This American was instructed to fix the problem he’d caused with sloppy code. His response was to kill the IT manager who stumbled on it.”

“That’s amazing. He did this on his own?”

“Yes. I’m shocked. I never thought things would go this far. This is a cyberoperation.”

Bandeira paused to consider the implications. “Has the body been found?”

“This happened in Chicago. Many killings happen there every week. The manager hasn’t been reported missing as yet.”

Bandeira suppressed his anger. There was no doubt what he’d do with the American if the man lived in Brazil. To kill without authorization unless in self-defense was absolutely forbidden in his organization. Even now, Bandeira considered dispatching César or one of his special operatives to take care of this. “How crucial is this man in New York?” he asked.

“Vital. He has access to functions we would not have otherwise. As part of his responsibility he is one of those who places code directly into the trading engines.”

A weak link Bandeira realized. Could anything have been done about it before now? Shouldn’t he have known this man was capable of such independence? And that he was a killer? Ramos should have known.

“Is this the same man who used a stealth program to hide key code?”

“Yes, the same.”

“He’s reckless and not just with computers. I made it very clear this was to be a cautious, low-key operation. I have planned to run it, or variations of it, for years. That’s why I’ve committed so many resources to it.”

“I understand. But … I didn’t recruit the man. That was Abílio.”

“Can he be controlled?”

“I … I really don’t know. I don’t know if any of us could have anticipated something like this. It is all so unexpected.”

“All right. I understand. What should we do?” This was not the first time Bandeira had asked his son directly for advice. Whenever possible, he followed it or some version of it. He knew he must build up the young man’s confidence and confirm his judgment.

“I’m concerned. I think we’re running out of time. We’ve taken ninety-four million so far, but we were expecting much more. “

“You see no chance this can be kept quiet?”

“I talked with my team here before calling you. As you know the code this man planted is concealed but the fact that it is concealed has been discovered. Abílio doesn’t know for certain, but suspects they are tracing our program.”

“Merda.”
Bandeira closed his eyes. Right now, he wanted to have his hands around someone’s throat. He’d talk to César. This fool in New York was a dead man. He didn’t care how long it took. He drew a deep breath, then released it slowly. “What else do I need to know?”

“That is all I can tell you. Maybe we need to shut down and revisit our options.”

Out of the question, Bandeira thought. “I mentioned upping the take on Carnaval next week. You had reservations and so I did not proceed but everything has now changed.” He paused to think, and then, as always happened in the face of adversity, a solution came to him. “Pedro, here’s what I want you to do. You must trust me in this.”

 

19

TRADING PLATFORMS IT SECURITY

WALL STREET

NEW YORK CITY

5:09
P.M.

This was a rush job, but Marc Campos reminded himself not to be careless because of that. He had enough time to do it right. If he botched this, he’d make the situation worse than it was, and that was the last thing he wanted. Iyers had already made one major coding error, and Campos didn’t want to repeat it.

Recruiting him, Campos realized, had been a mistake. He’d thought Iyers a gifted code writer disenchanted with Wall Street, and he was right. The cynicism in his manner and voice when Iyers agreed to join him had been honest indicators of how he truly felt. But obviously there was much more to him than that. The man was
louco
.

In English, he was crazy, psycho. All of them fit. Traveling to Chicago and murdering an IT manager was so out of bounds, so extreme, Campos was still stunned that he’d done it. He’d not even wanted to tell Pedro but knew he had to. So far no one had asked him how such a thing could happen, but he knew he had to have an answer.

Iyers might be nuts—now, there was another word—but when he put his mind to it, he knew how to write code. The remarkable success of Vacation Homes was testament to Iyers’s aptitude. He was skilled in the use of the paths through to the deployment server so that their malware blended in, gluing the Brazilian code into the trading engine.

Once Iyers had agreed to work for him, Campos sent to Rio the trading engine source code and software architecture design documents he’d provided. From Rio, Campos received code drops and after reviewing them transferred them to Iyers for insertion.

Campos wondered if something was going on with the man that he should know about, but then dismissed the thought from his mind. Of necessity this project would all be over soon and the damage was done.

Now he’d been instructed to immediately launch Carnaval, in consideration for months. He would set Iyers loose on it; he had to. There was a great deal to do and not much time. Now, more than before, he needed Carnaval to be a great success. His instructions were to make it a hit and for that he required Iyers.

What really angered Campos was the need to bring Vacation Homes, his pet project, to an abrupt close. Yes, the potential payoff from Carnaval was substantial, but he had devoted nearly five years to Vacation Homes, and while it was true that even in the relative short year it was operational, he’d become a rich man, the project had barely scraped its potential. He was convinced they could skim a billion dollars without being detected, and in fact had honestly believed they could take ten times that given enough time, and without Carnaval.

Now this American fool had brought it all to an end. Campos had no doubt what would happen to Iyers once his access and skill were no longer needed. The man had figured out that Campos had a boss. What he didn’t imagine was how ruthless the
chefe
was prepared to be. His boss had put great stock in Vacation Homes, and in Carnaval, and would not be happy that a preventable coding error had ended it all before its time. Iyers had been cautioned about how code was to be revised. He’d understood but instead took a shortcut.

And that hadn’t been Iyers’s only misstep. When they’d first set up accounts to funnel the money out he’d carelessly stolen an identity that too closely resembled his own. He argued that it had been necessary as it was increasingly difficult to set up financial accounts with false identities. Campos had put a stop to his involvement in managing target accounts and now had it all done out of Rio.

As if all that weren’t enough, Campos didn’t like his hand being forced this way. When Pedro had first suggested Carnaval, it was Campos who’d opposed it. It was too risky he’d argued. It was crafted to exploit an IPO, and they could be very unpredictable. Such a launch might prove too chaotic. Now, on receiving instructions to initiate it immediately, he was convinced more than ever that Carnaval was a step too far. Putting it into place in a rush, aiming for so much, would doom it to failure, he believed. If it unraveled in the worst possible way, he might be caught before he left the country.

Other books

French Twist by Catherine Crawford
Bridge Of Birds by Hughart, Barry
Courage by Joseph G. Udvari
Untimely Graves by Marjorie Eccles
Songs of Spring by Amy Myers