by Tom Clancy
Jack leaned back in his chair. “How many files are we talking about?”
“The system went online in the early two thousands, but the OPM went back and put a range of old files online as well. Going back to 1984.” He paused for effect. “We’re talking about well over twenty-five million files.”
“Jesus, Gavin.” Jack put his head in his hands. “Let’s hope you’re wrong.”
Gavin said, “Hope all you want. But I’m right.”
Ryan said, “I’ve been giving this a lot of thought. Having your old application in the OPM database wouldn’t be enough to compromise you, not in the way these events have taken place. Whoever is exploiting this data to make real-time targeting packages has to do a lot more work to connect the dots than just pull names off an application. Just because Joe Blow’s name is in e-QIP doesn’t mean he works for CIA or FBI. Somebody had to take the raw data from the SF-86 and fill in a thousand blanks.”
Jack pulled up the Commander Scott Hagen incident. “Take this first guy—Hagen. He’s in his mid-forties. His SF-86 has to be twenty years old. You can’t tell me there is something in that application that is going to tip off a gunman that Hagen will be eating a burrito at a Mexican restaurant in Princeton on a particular night twenty years later.”
He continued. “An application for security clearance is a snapshot of that person’s life at one point in time. It isn’t going to have a tenth of the data on it that the terrorists would need to target these guys. Especially when you are talking about the military and intelligence community. Their application says they want a security clearance, so here is all their info as of the date of the app. It doesn’t say they are now a CIA NOC in Minsk undercover with the Russian mob, and they live at a particular address.”
Gavin Biery was already nodding his head. “Ryan, you are exactly right, but that only helps us narrow down the culprit. The question we should be asking isn’t ‘Who could steal all this data?’ It’s ‘Who could steal all this data and also possesses the ability to exploit it?’” He pointed to the monitor on the wall. CNN was playing a story about the attack in Italy the day before. “This is tier-one targeting information.” Now he pointed to his laptop, with all the cases of intelligence leaks of the past few weeks. “These, as well. It isn’t that somebody knew Scott Hagen and Jennifer Kincaid and Stuart Collier and all the others. It’s that they knew Hagen was going to be in New Jersey on this date with his sister at his nephew’s soccer tournament, and Kincaid was in Minsk on a CIA op, and a compromise to her husband at State at the embassy in Jakarta. Somebody managed to get fingerprint data to the Iranians and the Indonesians, for Christ sakes! This is high-level shit, Ryan, and it was done through a high-level cyberattack and high-level research and high-level social engineering.”
Jack said, “Look . . . I’m an analyst. I have to take in all the possibilities. I can’t put all my eggs in one basket and work under this unproven assumption of yours that we’re dealing with a breach of OPM data. All the OPM data.”
Gavin said, “You can do what you want. But you keep saying that there are a lot of people trying to find who is responsible for all these compromises going on. They are all chasing down leads, testing suppositions, and dissecting each event. I am sure of what I’m doing, and you can work with me. We’ll be doing something no one else is doing. If we’re wrong . . . well, then, somebody at DoJ or NSA is going to solve this issue. But if we’re right, we’ll be the only ones with a chance to uncover what is going on, and we can end this disaster before it gets any worse.”
Just then, Jack glanced down at his computer when an instant message from Gerry popped up with an audible ding. He read the message twice, a pain growing in the pit of his stomach.
“It just got worse. Did you hear about that mail bomb yesterday in Falls Church?”
“Yeah. Killed a lady.”
Jack said, “Gerry says he doesn’t know if there is any connection, but the victim was a civilian at the DIA in the Directorate for Analysis. She was working on a task force dealing with Islamic State movements in Iraq.”
“Wait,” Gavin said. “Nobody thinks ISIS really whacked some DIA working stiff in the burbs of D.C., do they?”
Jack looked up at Gavin. “Who knows? Look at Sigonella. Who saw that coming? If this lady’s death is related to that leak we’re working, this is probably just the tip of the iceberg.” He clicked on a link to a news article that Gerry included in his message. After he read the name of the street where the attack took place, he said, “I’m going to go over and take a look.”
—
The drive to the crime scene was less than twenty minutes from Alexandria, so Jack walked home, climbed in his black BMW 5-Series, and headed off. He pulled up on the scene at ten a.m., meaning he arrived some sixteen hours after the event itself.
While he didn’t have the exact address of the bombing, he didn’t need it. When he turned onto the street he saw the crime scene tape and a squad car out in front of the house halfway up the block. The mailbox was gone, and the bricks of the post were blackened and chipped. There was some dark charring on the street itself, but the loose debris and blood that he assumed had been there immediately after the incident had been cleaned up.
Jack remained in his BMW. He didn’t want the Falls Church police officers recognizing him. With his beard it was a rare occurrence, but it did happen from time to time, and it wasn’t worth the risk.
Instead, he pulled to a stop at the end of the block, a hundred yards from the blast site, and he looked on at the two-story home. Using a small pair of binoculars to inspect the area from front to back, he then scanned up and down the now quiet street.
He had just been sent a preliminary FBI report that explained the explosive had been rigged with a detonator wired to a mobile phone. This meant someone had to call and set it off the moment Ms. Pineda went to the mailbox. This, of course, indicated that the killer or killers were nearby when it happened.
He wondered if they had parked right here. This was as far back on the street as you could sit on the south side and still have line of sight on the mailbox, so he thought it a safe bet they were either right in this same spot or else parked to the north of where the bomb went off.
Jack had also read in the report that this was not the residence of the woman killed. A friend lived here, and Pineda had simply stopped by to pick up the mail. For this reason the FBI had doubts Pineda was the intended target, but Jack realized anyone going to the trouble to command-detonate a reasonably sophisticated bomb would have some knowledge of what their target looked like, and they would have been looking right at her when making the decision of whether or not to set off the device.
Jack felt near certain the killer or killers had taken out exactly the person they’d been after.
But that left one important question. Why not target her up at home? Once he got a good feel for this crime scene, Jack knew he had to drive to where she lived and compare the two locations.
He spent fifteen minutes sitting here, looking around, and in the back of his mind he started to connect this place, this bucolic suburban street, with the events in Jakarta several days earlier, and the event in Minsk, the shooting in Princeton, the arrest of the CIA officer in Iran, and the other horrible scenes he’d spent the last full day studying. It was hard to do. Other than the blackened asphalt and the missing mailbox, this Falls Church street didn’t look to be the front line of some sort of secret war being fought by an actor who had managed to pilfer information on the personal lives of America’s military and intelligence professionals.
He stepped on the brake pedal and pushed the automatic start on his 535i, firing the near-silent engine. He put his car in gear and rolled quietly out of the neighborhood without the police ever noticing he was there.
He arrived at the Vienna, Virginia, condo building of Barbara Pineda ten minutes later, and it didn’t take him long to come up with a theory a
s to why she wasn’t killed at this location. He followed an elderly man through the door to bypass the lock, then stepped into the lobby of the small building, and here he saw the mailboxes. They were small PO box–type affairs, with tiny slits in each to slip the mail in.
And there was his answer. Dead simple. The terrorists used a small package bomb, roughly half the size of a loaf of bread—and when they went to Pineda’s condo they realized they couldn’t get it into her mailbox. If they left a package for her at her front door, or at a table here by the mailboxes where packages were left for residents by postal workers, then there would be no way to see her retrieve it without standing here in the lobby.
Jack drove back to Alexandria knowing good and well that the key to discerning how Islamic State terrorists successfully targeted a DIA analyst was to figure out just how they found out about Barbara Pineda’s plans to pick up the mail at her friend’s house. When he learned how they came across this time-sensitive and particular piece of intel, then he would be a lot closer to understanding how the leak was connected to the attacks.
Thinking it over, he decided he himself would take the SF-86 that Gavin kept insisting was at the heart of the leak, and he would then try to use all the means at his disposal to turn that into targeting data that could have put a killer at the Falls Church mailbox yesterday before the bomb went off. As an analyst at The Campus, Jack had access to all sorts of classified databases that would help him track the path of this DIA worker. Hell, he could even get Gavin to find traffic camera footage of Pineda and her vehicle.
But no. Jack decided he wouldn’t use classified intel. He realized his mission here was to find out how the perpetrator targeted Pineda, and the perpetrator did not work at The Campus. He would use Barbara Pineda’s SF-86 form, and open-source intel, to see if he could build the picture that was used to send killers after her.
As he drove he thought this could be done. It occurred to him that there is so much out there these days about people in open source that a motivated and intelligent individual could take old SF-86 info and translate it into real-time targeting info. As he thought it over, it made more sense. If you knew a woman like Pineda was trying to get a security clearance ten years ago, then all you would need to do would be to thoroughly track her, her friends, family, and contacts through years of open-source hits, to get an idea of where she is now. From different factors you could figure out if she was in a clandestine position today, and perhaps you could make inferences from OSINT about her specific role in the intelligence or military structure. And then, once you’ve decided this woman was your enemy and hence your target, you could use other OSINT means to find out where she will be next Tuesday at noon. Jack thought the work would be slow and arduous, but if worked by a motivated person well trained in identity intelligence, even open-source data would give up the secrets that would make targeting possible.
He called Gavin Biery’s mobile phone while he drove.
“Biery.”
“Hey, it’s Jack. Quick question. Do we have a way to look at these SF-86 files you think are at the heart of this?”
“Sure. I am looking at the e-QIP data right now.”
“Really? You figured out how the attackers got in?”
“No. I have classified administrator access. I’m sure the hackers found a way to get the same thing, but I got it from NSA to do my own poking around.”
Jack said, “Can you send me the application on Barbara Pineda? I want to use it to see if I can do the same thing the bad guys did. To find my way to this mailbox in Falls Church.”
Gavin whistled softly. “Good idea, Ryan. Might give you an idea of the types of brains working on the other side of this fight. I knew there was a reason to keep you around.”
Jack wasn’t in the mood, but he joked anyway. “I thought I was just around to bring you your lunch.”
Gavin didn’t miss a beat. “Speaking of which, can you grab me a turkey on whole wheat on your way back?”
Jack smiled despite his dark disposition. “Your wish is my command.”
28
When Jack returned to the conference room, he found a note from Gavin saying he had to go to an IT meeting, but would return shortly. Jack put the man’s sandwich in front of his workstation, then sat back down in front of his own laptop. Here he found a folder containing the complete 127-page SF-86 application, formally called the Questionnaire for National Security Positions, of Barbara Maria Pineda.
The form was filled out in her handwriting and was nine years old.
He decided he’d read it from cover to cover, and then see if he would be able to discern from this, using any open-source intelligence he could find, that this twenty-two-year-old Army sergeant stationed at Fort Huachuca in Arizona would, nine years later, be opening a specific mailbox in Falls Church, Virginia.
The beginning of the form was boring government-speak. Some nods to the rights of the applicant and the scope of the investigation that would be done.
Soon though, Jack started feeling uncomfortable. This young woman was telling her life story up to this point within the squares, boxes, and lines of the form. Leaving nothing out. Friends, boyfriends, teachers, details on her family history, trips she’d taken, and even mentions of her parents’ economic problems.
Her father was from Honduras, a salesman who had immigrated to the U.S. with the help of relatives who had become citizens. Her mom was from Chelsea, Massachusetts. Barbara had never been out of the USA till she joined the Army.
Jack felt voyeuristic, almost dirty, poring over all the details of this young woman’s life.
But he kept going. He told himself no one else was looking at this document to see if it had somehow led to the death of Barbara, and could help him track down whoever was responsible for this widespread attack on America.
When he finished reading, he looked up the address of the crime scene. Typing this address back into his computer, he found the owners were Dwight and Cindy Gregory.
Jack thumbed back through the pages of the SF-86 to section 16, titled “People Who Know You Well.” The second name on the list was a Cindy Howard. Jack didn’t think there was much chance to find a connection, Cindy was a common name, after all, but he went to Facebook and typed in the name Barbara Pineda. It was surprisingly common, but the twelfth choice had a thumbnail picture that looked a little like the image sent along with the preliminary report from the FBI.
Sure enough, when he clicked on the page he saw this Barbara Pineda was one and the same as the deceased.
Jack opened her Facebook page and saw she kept her wall private, but he was able to see her friends list.
He did not find Cindy Howard from the SF-86, but he found Cindy Gregory easily, and she didn’t hide any posts on her Facebook wall. He began scrolling down her various postings.
And he saw everything he needed.
This is how the data thief did it. By using open-source intelligence. This intelligence. The SF-86 form to identify a person involved in the U.S. government in a classified role, then open-source methods to find out where that person was working. After the person involved placed the applicant in a specific role, he used more open-source in the form of the social media accounts of the friends and family of the men and women targeted. Friends and family the thief found either directly or tangentially from the OPM data breach. Perhaps not exactly as he had done it, but in a similar fashion.
A chill ran up his spine. Whoever was doing this had done what Jack had just done.
And it had taken Jack less than twenty minutes.
Gavin came back into the conference room from his IT meeting, and Jack said, “I’ve got something.”
“You better have my turkey sandwich.”
“Over there. But I also think I have the last piece of the puzzle.”
Gavin plopped down in his seat. “Oh, no you don’t. This is my puzzle to solve.�
�
“Then I guess I’ll sit on this information till you get it yourself.”
Gavin sighed. With a frustrated tone he said, “Go ahead, genius. Spit it out. Maybe I can poke holes in it.”
“This woman murdered last night. Barbara Pineda, an analyst at the DIA. She was killed getting the mail at a friend’s house.”
“Right,” said Gavin. “So if she was targeted, somebody knew she was house-sitting this week.”
Jack said, “In order to get that information, I figured they were tailing Ms. Pineda, listening to calls, tapping her e-mail. I decided I needed to find out when she made plans to do the house-sitting. I figured I could establish a time window for when they decided to use that location to hit her.”
“Makes sense,” Gavin allowed.
“But I’m no computer whiz kid like yourself, so that was a problem.”
“You are being a smartass, but since no one has called me a kid in forty years, I’ll let it go.”
Jack said, “So I just started looking at Twitter and Facebook. Barbara Pineda wasn’t big on either, but it was the low-hanging fruit, so I started there. I found the homeowner’s account where the bombing took place, and after only a minute I saw a post where she publicly thanked her friend in advance for watching over her house while she and her husband went on vacation. Barbara Pineda herself responded saying she’d do her best to keep the plants alive. Just joking around on another woman’s page, but this was the woman who lived in Falls Church. I found other pictures of Barbara with the family. It was that easy to find out she would be going by the house all week.”
Gavin said, “Pretty low-tech spy shit, but enough to get the job done.”
Jack pointed across the table. “And that, my friend, is the point.”
Now Gavin asked, “Any idea how the bad guys found out she was DIA?”
Jack shrugged. “That part took more work. If there are, as you suggest, tens of millions of applications, then the search would have to be automated with handmade databases. You could tell the computer to look in the SF-86s for specific schools, programs, backgrounds, that meant the person was Army intel, as was Pineda, or maybe an Arabic-language major at Georgetown or something that might indicate the person had gone into intelligence. She was stationed at Fort Huachuca, which is where the U.S. Army Intelligence Center is located. An automated application could pull out everyone who went there and then filled out an SF-86. It wouldn’t be easy to sort through with limited information, but we’re dealing with a person who knew exactly what they were doing.”