Counting from Zero
Page 15
The next day Mick left for the train station, heading to Logan for his flight back to New York. He had a short wait in the First Class check-in line.
“Checking in for the 11:10 to JFK,” he said, handing over his drivers license to the woman behind the counter. She typed for a moment.
“What is your date of birth?” she asked. He told her. “What is your middle name?” she asked.
“I don’t have a middle name.” he replied. She looked up at him, surprised. “It’s just Mick O’Malley. Here’s my passport, if you want to see that,” he continued, handing it over to her. She looked down and continued typing and paging through screens. She picked up the phone and pressed a button.
“Yes, yes… OK,” she said hanging up the phone. “Mr. O’Malley, if you could step over here. My supervisor needs to talk to you.”
“What is this in reference to?” Mick asked, looking at the time.
“In just a moment my supervisor will explain. If you could wait right here, thank you.” She motioned for the next person in line to come to the counter. She did not return his driver’s license or passport.
Three minutes later, the supervisor came over.
“Mr. O’Malley? I’m Jay Bishop. I apologize for the delay. I just need you to come to my office so I can ask you a few questions.” The supervisor picked up a printout and what he presumed was his driver’s license and passport.
“OK,” Mick replied, trying hard not to become annoyed. He had lots of experience with officialdom, and knew that showing anger or annoyance only made these situations much, much worse. He patiently followed the supervisor past the ticket counter and up the stairs to a small office. The supervisor motioned for Mick to sit down.
“So, Mr. O’Malley, you do not have a middle name?” he asked.
“No.”
“And is this your correct address?” he asked, holding up the drivers license.
“Yes.”
“And your date of birth?”
“Is correct on both the passport and drivers license, yes.” he replied. “Can you please tell me what this is about?”
“Well, Mr. O’Malley, your name is on the Transportation Safety Administration No-Fly list, so I’m afraid you won’t be able to check in for your flight today.”
“What? That’s ridiculous? I am a frequent flier! I fly all over the world! How could I be on the TSA list? There must be a mistake...” A burning feeling spread through his body as he made the connection with the events of the previous day.
This is no random bureaucratic snafu – this is another message to me!
A uniformed police officer entered the room, startling Mick.
“Don’t be concerned. We just need to ask you some questions...” Bishop began as the policeman sat down and pulled out a notebook.
Three hours later, Mick left the office after answering a bunch of questions about his recent travels and history. He also made them telephone a higher-level supervisor and spoke to the supervisor himself. The responses were the same each time: he can go to the Transportation Security Agency website and file a Department of Homeland Security Traveler Redress Inquiry form. He was told they would review the case and give him an answer in a reasonable timeframe. There was no way he was going to board a plane today. He was just happy to not be detained further.
Mick needed to decide on a course of action. He considered going back to Jocelyn’s, but again decided against it. He needed to get back to Manhattan. Looking for a change from the train, Mick jumped on a bus and was at a car rental counter a few minutes later, arranging a one-way rental. According to his GPS, it was just over 4ØØ kilometers or about four hours of driving at this hour. At the rental counter, he had another unpleasant surprise.
“Mr. O’Malley, I’m afraid your credit card was declined. I’m required to keep the card – my apologies.” He rarely used credit cards due to privacy concerns about credit card companies collecting databases of purchasing habits and data. Renting a car was one of the few cases when Mick needed to use a credit card instead of the prepaid debit cards that he mostly used. He tried to think the last time he used this card. He decided it had been a while.
This is very odd…
He took the train instead.
Back in Manhattan, he filed the TSA online paperwork, although he did not expect it would do any good. He wondered how he would do business if he couldn’t fly.
Next, he checked his U.S. bank accounts, and confirmed his worst fears. His accounts were frozen! This explained the declined credit card at the rental counter. For now, he had no access to his money. No one at the bank would talk to him about it or tell him what he could do to regain access to his money, but he presumed it was done using anti-money laundering laws. He decided not to check his foreign accounts – they were only for emergencies, and he still had plenty of cash and a couple of debit cards – enough for the moment.
The government was definitely putting the pressure on him. He wondered exactly which branch of government they were, if they had National Security Agency connections, and if his guess about Ft. Meade in Maryland, just outside of D.C. was accurate.
Mick decided to tell no one – no one except Kateryna, with whom he had planned a video call that evening.
“Mick, you look terrible!” was how she started the call, looking at his high definition image in alarm.
“Thanks, and so do you!” he joked weakly, even though she looked fantastic, as always. “I was denied boarding on my flight back to New York, so I had to take the train. Apparently, I’m on the No-Fly list.”
“No way! You’re kidding me right? You are pulling on my leg or something? This is crazy!” she began.
“I am totally serious, Kat. No joking. I am persona non grata at airports until I get this cleared up... I am so mad, I don’t know what to do.”
“Mick, I am so sorry! I wish I could help in some way. I presume you’ve called your contacts and spoken to everyone you could.”
“Yes, I did that. No one can help me, and I don’t have any friends in Homeland Security, unfortunately.”
“Me neither. Wow. This is hard to comprehend. Do we live in such a society now?” asked Kateryna.
“Kat, please keep quiet about this No-Fly list thing. I really hope to have it sorted out soon, and I don’t want to lose any consulting jobs as a result.”
“Of course, Mick! You know you can trust me...”
“Don’t worry – I’ll sort it all out,” he managed a grin.
“I know you will,” she replied. They signed off shortly. He had decided not to tell Kateryna about his bank accounts as it would have required explaining his ‘interview’ with the government. Mick was also now operating on the assumption that his apartment was bugged. With his use of encryption for all his communication, it was the only way for the government to listen in to his conversations.
After a fitful night’s sleep, Mick decided to take the morning off and do something fun. The engine in one of his bikes needed new rings, which fit between the piston and the cylinder walls. When the rings no longer provide a tight seal, the engine has low compression and runs poorly. Mick had been saving the job for a day when he was in the right mood, and that day was today.
Mick wheeled the 1978 Ducati 9ØØss on to the work stand, and raised it about a half meter off the ground, putting the engine at a comfortable level for working. He removed the fairing and windshield, the gas tank, and the seat. He disconnected the exhaust pipes.
Mick pulled up a stool and set to work on one of the cylinders. He removed the valve cover and paused to admire the pair of desmodromic valves, used to regulate the flow of the fuel into the engine and the exhaust gases out of the engine. Mick even got out his camera and a flash unit and took a few pictures, admiring the unique desmo valves, the ultimate in Italian engineering in high revving racing engines.
Mick continued removing components until he had one piston exposed. He was getting ready to remove the old rings and install the new ones when he
suddenly realized he wasn’t into the job anymore. Mick put down the tools and went back to his apartment, frustrated.
Mick checked his messages and found a PGP encrypted mail from Mathison waiting for him. His pulse raced with anticipation as he opened it. He let out a shout after reading the first few lines – Mathison had done it! He had broken the encryption and included the keys for a few of the messages. Mathison had not read any of the messages, respecting Mick’s privacy, and also not wanting to get involved. Mick read Mathison’s summary of how he had broken the encryption:
... I noticed a pattern where there would be an initial exchange of three messages, which would then be followed by a number of messages in one direction, then a number in the other direction. I suspected the first few messages might be a key negotiation. I analyzed them and determined that it was a simple 512 bit Diffie-Hellman exchange – hardly strong at all, but enough to keep most people out. I used the BoltCutter distributed network to break a few messages for you. I’ve given you off-peak access to the network, so if you script it carefully, you should be able to break about three messages per day. Good luck with whatever the hell this is!
Cheers,
Math
Now that he had a way to break the botnet encryption, Mick planned to learn all about the operation of the botnet, and in particular, the hostnames and addresses of the control servers, or boot servers. This might ultimately lead to a way to disrupt or destroy the botnet.
One step at a time.
Mick set to work.
Breaking encrypted messages, or reading them without knowing the secret key, takes a lot of computation on a powerful computer, and each set of messages exchanged within the botnet network used a different key. Mathison used a distributed computer network for this work, which combined the computational power of thousands of computers, effectively turning them into a supercomputer. His offer for Mick to use the BoltCutter computer network for a few minutes each night was incredibly generous one. Such computational power was available to a very few, and almost no one unaffiliated with a government or large corporation. However, he would only be able to decrypt about three messages per day with the off-peak access, so the analysis of the botnet control messages would take time. However, he had confidence he could figure it all out.
Mick was still going through the messages when he received an anonymous message which read:
Mick O’Malley,
I have heard that you are working on the Zed.Kicker botnet. I also happen to know that you are good at what you do, but that won’t be enough. You need my help and I am willing to give it, but I’ll only communicate in person. Let’s just say I have *personal* experience with Zed.Kicker. To get you started, here’s a link you might find useful: http://svn.softsource.org/p2pmsg
I’ll be at the EuroSecurity conference next month – I presume you’ll be there too? I’ll introduce myself and share the information I have.
Good luck! You’re going to need it!
Turing
------BEGIN PGP SIGNATURE-----
3wCcTs5TyFY1OKRAVs/s3VRT3mltmp
FFX+qhy/v9iQPDsPWKVWndBr7lseGH
T046PMOPcqbs12nViuhjL2ICgDsoHu
o82uuLrwCz5N2oq1hENnh783VB7kEw
qYD8H5KEdNyFyVeBoSig9L4zz7TTQn
------END PGP SIGNATURE-------
Mick couldn’t believe his luck: both good and bad. He was being followed by the government, who had frozen all his assets and put his name on the No-Fly list. And on the same day he was able to look at actual decrypts of the Zed.Kicker network, he was contacted by an insider, someone who could be key to him bringing down this network. But to meet up in London! Not likely for him.
Mick liked the alias of his correspondent; obviously it was a reference to Alan Turing, the British code breaker and computer pioneer. He followed the link which led to an apparently abandoned open source project on peer-to-peer message routing. He noticed Turing had checked in lots of code on the project – very interesting…
He analyzed the P2PMSG source code, and excitedly set to work reading the decrypted messages. He quickly figured out the syntax or structure of the messages, a simple TLV, short for “Tag Length Value” encoding. With further analysis, he confirmed the messages were indeed botnet control messages, used to coordinate the activity of the individual computers. And as he suspected, the botnet was very, very large. One of the messages seemed to contain an order of magnitude estimate for the size of the peer-to-peer botnet network, which he deduced was a power of 2. In this case, it was 2 to the power of 24 or over sixteen million hosts! Mick took a deep breath, realizing this was the biggest botnet ever documented on the Internet! It was no longer surprising to Mick that these messages accounted for such a large percentage of spam traffic.
Unable to focus on anything else, Mick went back to the garage to the motorcycle. He hated leaving a job undone, and needed some time to think. Mick needed a plan, and a good one. By the time he was torquing up the last few bolts the cylinder head, he had a plan. He had decided to tell no one. It would mean some lying to his family, friends, and even Kateryna, but he was determined.
The next day, Mick made his preparations.
He got out a prepaid mobile phone with a data plan that he had purchased with cash and activated a few months ago. He removed the SIM card and noted the serial number of the phone. He then removed the existing SIM card in his mobile, reprogrammed the serial number to match to the other phone, then put in the new SIM card. He carefully destroyed the other phone to be sure that the serial number could not be retrieved from it. Anyone trying to track his phone would be out of luck now!
He wondered whether he was going rogue, or just being overly careful...
As darkness fell, Mick packed a few things in a backpack and rechecked the 9ØØss. He had run the engine on the dyno the previous day to ensure the rings were properly seated. He made a voice call to his sister and talked for quite a while. He told her he would be busy on a new project for the next few weeks. He ended by saying he was going to bed. Instead, he dressed warmly and went out to his workshop. With the lights out, he opened the door silently, wheeled the 9ØØss outside, and put on his helmet. Closing the door and locking it behind him, he looked out into the drizzling skies, which glowed brightly in the city lights. The wet streets would make this a little more difficult, but he would manage.
Mick fired up the engine and roared off down the street. In his mirrors he saw a dark sedan start up and pull out behind him. He accelerated up to fourth gear, running two stop signs before turning right and heading uptown. The sound of squealing tires told him his pursuers were not far behind.
A car pulled out from a parking space in front of him, forcing Mick to swerve the Ducati, but he kept upright. A garbage truck ahead was blocking the road as it was loaded. As he approached, he spotted a side street and turned left sharply down what turned out to be an alleyway. Ahead he saw a stack of wooden pallets that had collapsed blocking the alley. He made a split second decision not to stop, but instead picked a spot where the pallets were piled in a rough ramp. As he approached, he lifted the front wheel off the ground in a wheelie, and braced for impact. His front wheel cleared the pile but his rear wheel made contact, throwing the bike into the air. He absorbed most of the impact with his knees, and pulled up on the handlebars to keep the front wheel up. He landed on his rear wheel and stuck the landing. He slowed to a stop just in time to see the following car plow into the pallets and come to a halt. Mick smiled, then took off again, spinning the rear wheel on the wet pavement.
Mick took an unusual route to the Lincoln tunnel, keeping his speed down to avoid attracting attention. But once he entered the tunnel towards New Jersey, he let loose the ninety-degree L-twin engine and opened the throttle, mostly riding along the line dividing the two lanes as he passed cars left and right. He prayed he would make it out before the far end could be closed. He approached the motorcycle’s top speed of 204 km/h as he exited the tunnel, the engine screaming just below the redline.
He could see police moving into position, but he was already past!
Making a sharp left turn, he was soon on the back streets of Hoboken. He pulled up outside his storage unit, unlocked the padlock, and rolled the bike inside.
Glancing up and down the street, he closed the door and set to work. First, he removed the gas tank and the side pods. From another bike won in a recent auction still in a shipping crate, he removed the same components and put them on the 9ØØss. The silver paint scheme was not as nice as the original bright red, but that was, after all, the idea. The replacement parts mounted with just a few minor modifications. He transferred the fuel from the old tank to the new. The final step was transferring the Arizona license plate from the other bike.
Next was a short walk to a nearby outdoor outfitter to buy a complete set of warm clothes. Back at the storage unit, Mick took off all his clothes and put on the new outfit. While the risk from RFID trackers in the clothing was minimal, Mick wasn’t willing to leave anything to chance. He strapped two heavy panniers to the bike, put on the backpack, and set off riding south.
I’ve definitely gone rogue…
Part II
Chapter 18.