The Steel Kiss (Lincoln Rhyme 12) - Page 82

Rhyme agreed. "And the infinitive after 'to try.' It's non-standard to say 'try and'; you should say 'try to.' And using 'then' for 'than' would have been flagged by most usage checkers, even on a basic phone. No, you're right; he's faking."

Szarnek broke in with, "Now for the big find. The most troubling find."

Whitmore asked, "Which is what, Mr. Szarnek?"

"For hours before the murder--while Todd and your unsub were meeting, I assume--Todd was online. He did two things. First, he bought a database. He bought it from a commercial data miner. He spoofed he was an ad agency--used a real one with an account he'd hacked--and he claimed he needed the information for market research. It was a laundry list of the products that DataWise Five Thousand controllers are found in."

"How many?"

"A lot. About eight hundred different products, nearly three million units shipped to the Northeast of the U.S., including the New York metro area. Some couldn't do any real harm if a third party took control: computers, printers, lights. Others could be deadly: cars, trains, elevators, defibs, heart monitors, pacemakers, microwaves, ovens, power tools, furnaces, cranes--the big ones used in construction work and on docks. I'd guess sixty percent of them could be dangerous. Then, the second thing he bought, a database of purchasers of those products. Some are equipment manufacturers. Like Midwest Conveyance. Others are individual consumers, who bought smart appliances. Names and addresses. Again, New York and Northeast mostly."

Archer asked, "That's available? That information?"

Another pause. Perhaps this was one of astonishment. "Data mining, Ms...."

"Archer."

"You have no idea what aggregators know about you. The data collection is why when you buy, in this case, a smart stove you start getting direct-mail ads for other products that might be cloud-oriented. By buying the stove you've declared yourself to be in a certain demographic."

"So he simply browses through the list and finds a dangerous product with a DataWise inside, like the escalator. He hacks in and waits so that--if he's a decent monster--it's not a child or pregnant woman riding to the second floor, and pushes the button."

Sachs asked, "How did he hack it? It can't have been that easy."

No pause this time. Just a laugh. "Well. Okay. About the Internet of Things--a phrase I completely detest, but there it is. Can I give you a brief lesson?"

"I like the brief part, Rodney."

"Smart products from household lights all the way up to the ones I just mentioned are quote 'embedded' with wireless connectivity circuits."

Rhyme recalled this from Williams's blog.

"Now, embedded devices use special protocols--rules, let's call them--which govern how computer devices talk to the cloud and to each other in the networks. ZigBee and Z-Wave are the most popular protocols. The DataWise controller and some other companies use Wi-Swift. The protocols provide for encryption keys to make sure only legitimate users and devices are recognized but there's a moment of vulnerability when the stove or webcam and the network try to shake hands, and hackers can sniff that out and get the network key.

"To make matters worse the manufacturers are, well, don't be shocked--greedy! New software takes time to write, and that flies in the face of the time-to-market issue high-tech companies face. The longer it takes to start selling a product the greater the risk that somebody'll beat you to it. So what's happened is these smart controller companies use existing software for their embedded products--and I mean old, ancient software. Dinosaur-ware. Early Windows and Apple operating systems and some open source code, stripped of gingerbread like the Solitaire game and PaintShop. The software is more vulnerable to security exploits than if the company wrote new code that was specific to the products the smart controller's installed in."

"Exploit?" From Whitmore. "What's that?"

"Hacking. Finding a weakness and, well, exploiting it. You know the refrigerator hack from a few years ago? This was epic. A product line of smart fridges was running some old software written for PCs. Hackers got inside and turned the controller into a spambot. Refrigerators around the world were writing and sending penis-enhancement emails and vitamin offers to millions of addresses. The homeowners never knew."

"The companies that make these smart controllers? Can't they protect against hackers?" Archer asked.

"Well, they try to. They're always sending out updates with security patches. Ever logged onto your PC and you have to wait because Windows is installing updates? That's probably a security patch. Sometimes you have to install them yourself. Sometimes--like with Google--they're downloaded and installed automatically. The patch'll usually do the trick... until some hacker comes up with a new exploit, of course."

Rhyme asked, "Can he be traced when he's online and controlling the product?"

"Possibly. You'll have to talk to the controller maker about that."

"We'll do that, Rodney. Thanks."

They disconnected.

Sachs said, "I'll have somebody at One PP get us the number of a contact at the controller company." She stepped away to make a call. She completed it and said, "They'll get back to us ASAP."

Then simultaneously three phones in the parlor sounded. Sachs's, Whitmore's and Cooper's.

"Well," Sachs said, reading. "Looks like we have our motive." Her face glowed from the phone screen as she read.

"What?" Rhyme asked.

Tags: Jeffery Deaver Lincoln Rhyme Mystery
Source: readsnovelonline.net
readsnovelonline.net Copyright 2016 - 2024