“I presume you want some kind of protection?”
“No, we can take care of that—we know how to hide our identity. We just don’t need you looking for us. I want to return to the States. And be able to fly.” Mick waited, with his best poker face. This was his only card and he was playing it. He didn’t have a Plan B if the General didn’t go along. The seconds turned to minutes and seemingly hours.
“I’ll think about it. In the meantime, don’t go anywhere.”
“Oh, and I need a new passport and a visa that says I entered China legally. I’ll just be hanging out at the conference. Feel free to have one of your guys come to the sessions—he might learn something as well. Oh, and one more thing.”
“Yes?”
“You can’t go after, or share any information about any of my friends, and I mean ‘friends’ in the broadest sense of the word.”
“Right.”
“So, may I go now?” Mick asked. The General nodded and glanced at the man standing by the door, who moved aside.
Out on the street, Mick walked to the nearest train station and rode back to the conference, which still had two sessions left before the lunch break.
He found Lars, Gunter, and Liz all sitting together in the back row of one presentation. They were chuckling at a remark that Lars had made presumably about the speaker. Up on the giant screen was an acronym-laden slide that seemed to say everything and nothing at the same time.
He paused for a moment to enjoy the sight. It was the final day of the conference, so everyone had dressed down a bit. Lars was wearing a T-shirt from a competing security conference. Gunter was wearing a sport coat over a black shirt. Liz was wearing jeans and flannel shirt. Mick realized how much he had missed his friends over the past months, and this crazy lifestyle of travel, speaking, and research.
Will I be able to go back to it? Is the General going to play ball?
His thinking was interrupted when Lars spotted him and started waving wildly at him. Mick strode over, sat down in the row in front of them, and turned sideways so he could see his friends and safely ignore the speaker. The speaker was showing no signs of winding up despite the session coming to a close.
“Mick, what the hell are you doing here?” Lars asked him in an excited whisper.
“I’m here just like you, to mock the speaker,” Mick replied. “But it looks like you have the situation well in hand. What are your plans for dinner?”
“We were thinking about some Dim Sum, maybe down near Nanjing Road,” Liz replied. Mick nodded.
“Sounds excellent! I have mainly eaten street food since I got here.”
“And when was that?” she asked.
“Ah… best not to talk about that,” he replied.
“What’s with the hot water?” Gunter asked to no one in particular.
“I know,” Liz replied. “I’m used to getting water without ice in Europe at a restaurant, but hot water?”
“I think it is a Shanghai thing,” Mick replied, laughing. He had experienced it a few times, and it always shocked him if he didn’t notice the steam rising before he put the glass to his mouth.
They passed the next few hours together comfortably, until Kateryna arrived just as the last session of the day broke up.
“Are you coming with us?” Mick asked her, and explained the plan.
“Sure!”
“He’s going to try a demo!” Lars interjected, which got their attention. They watched intently as the speaker started a Wireshark packet capture, then proceeded to show off his software. He then switched to a command line terminal and started typing in commands. “Look! Look!” Lars hissed, “He’s been bogoned!”
“No way,” Mick replied, straining to see the screen. He could just make out the command line prompt which began:
bogon:~ root$
“Way,” replied Gunter, laughing. “I wonder if he will notice.” So far, the presenter had not, and continued to type in commands and explain the results to the audience.
“What’s ‘bogoned’” Liz asked Mick.
“Oh, a ‘bogon’ is an invalid IP address that has been incorrectly assigned to a network. It is a common mis-configuration in networks here in China. But the DHCP server is trying to let him know about this by renaming his hostname as ‘bogon’ i.e. bogus—that’s why it shows up on the bash prompt.”
“So is it bad?” she asked.
“Not really, but if you haven’t ever experienced it before, it can be pretty disconcerting—”
“He just noticed!” Lars almost shouted, interrupting. Mick turned to see the presenter pausing in his spiel with a puzzled look on his face. He hit the return key a few times. Typed ifconfig and a few other commands. He had completely lost his train of thought!
“Bogoned!” Gunter echoed. “Someone should explain it to him afterwards.”
“We should get a T-shirt made,” Lars replied.
With the demo interrupted and time running out, the presenter hastily wrapped up and took his applause, shaking his head slightly as he walked off the stage.
“That was me five years ago,” Mick replied, but could not resist a smile.
They set off walking as a group into the early evening. Mick and Kateryna trailed behind the rest of them.
The air felt cool and crisp, and Mick felt, for the second time since he swam ashore, relaxed. In the back of his mind he still was wondering if he would get a deal, but he also knew that this was out of his hands.
They talked about all kinds of things, including Kateryna’s latest travels, and some interesting bugs she had found in the development tools she used.
Mick found himself wanting to know more about what was going on in her life. It was as if a set of partitions he had created in his mind had been suddenly removed, and now he was adjusting to the new roominess and the different view.
And he certainly liked the view.
Chapter 2F.
The General watched as the taxi turned the corner and the embassy disappeared out of sight. His short visit to China was over, and so was his brief foray out of retirement.
He had managed to get O’Malley what he wanted, and the deal had been approved in record time by State.
The botnet was no more, and the Company had a new asset to use against the Russians. From what he had heard, Milos had already provided some very useful information.
Some people felt the case was a failure because the botnet was lost, but he didn’t care. It was not in the hands of the Chinese or the Russians or organized crime. It wouldn’t be long before another botnet came along, or some other threat against the Internet.
But that was someone else’s problem. He was already beginning to turn his attention towards the long trip back to Montana and his rabbit farm.
Chapter 3Ø.
Ja2 Sometimes things don’t turn out exactly how you expect, but you just have to go with it. #dontgiveup #keeplooking
Mick felt the train pick up speed as it completed a banked turn and straighten out. He paid attention to all his senses as the acceleration continued.
He glanced down at his GPS and saw that it was approaching 43Ø km/h, the fastest he had ever gone on rails.
He wondered briefly whether this actually counted as ‘on rails’. ‘Above rails’ would be more accurate way to describe his ride on the Shanghai Maglev high speed train.
A moment later, his GPS recorded his top speed, 431 km/h before he felt deceleration begin.
The ride from the Longyang Road station to the Pudong Shanghai Airport was short and very fast—the fastest production train running in the world.
In a way, Mick mused, it was like the past few months. A very intense ride, but short. And in the end, he ended up not too far from where he began the journey.
At the airport, he would board a non-stop flight to the west coast of the U.S. and would begin a new chapter in his life. He wasn’t going to try to pick up where he left off in Manhattan. And he knew it would take a while to rebuild his relationship
with his sister and niece. But he would, over time.
And he knew that Kateryna would be waiting for him when he disembarked the plane.
Mick loved airports.
EPILOGUE.
The early morning sun broke over the jagged hillside. NØviz shaded his eyes with a hand and surveyed the landscape. It was rugged, mountainous, and wild, except for a ribbon of stone rubble that snaked along the ridge contour. He continued his hike along one of the less accessible sections of the Great Wall.
His calves ached from the hiking, and his shoulder was still sore. He had been hiking for three days, and was still trying to come to grips with the events of the previous week.
He pulled out his mobile, a hard to break habit, then put it away shaking his head. He had resolved to stay offline for the next six months at least.
He wondered if Jasinski was looking for him, or if she was moving on.
As he hiked, he tried to imagine the wall as it was centuries ago. Just like all walls, this wall was double-edged. In addition to keeping out the invaders, it also imprisoned the builders, and was a constant reminder of their insecurity.
NØviz realized that he had come full circle. He was a nobody before he created that extraordinary exploit code that ultimately led to the Zed.Kicker botnet. And now, again, he was a nobody, a zero.
But such is life.
# # #
Privacy Resources
The characters in Returning to Zero are extremely privacy conscious, perhaps to a fault. You may not be willing to go to the lengths they do, but there are some things that I think everyone should do. In my personal opinion, we should only share our private data and meta-data with who we choose, and not give it away to everyone all the time. Here are some simple things you can do.
Firstly, check out the resources of the Electronic Frontier Foundation (EFF) http://www.eff.org. This amazing organization fights every day for our privacy and security online. Their slogan is “Help us fight for your digital rights: Defend free speech. Fight surveillance. Support innovation.” What could be better than this?
Secure messaging and voice is an essential part of one’s online privacy strategy. Using mobile carrier provided SMS and voice communication is just the worst for security and privacy. There are many good open-source choices, and in addition, they provide higher quality communication, as well as cool features. Why not use them? My favorite free services are (with my full disclosure): Wire http://wire.com (I’m good friends with the founders and have done some consulting work for them), Signal http://whispersystems.org, and Telegram http://telegram.org. WhatsApp had some good privacy, but then some huge company bought them, so no more... For paid services, there is Silent Circle http://www.silentcircle.com (I’m friends with the founders). The EFF periodically publishes a secure messaging scorecard so you if you use a different service, you can see how poorly your existing service performs. It should scare you into switching.
Tor http://www.torproject.org is used extensively by the characters in Returning to Zero, as a way to privately browse the Internet. Tor is free and open software and an open network that helps you keep your privacy online. I’d highly recommend using it. And even better, consider hosting a Tor relay.
You should also consider using a VPN, a Virtual Private Network. There are all kinds to choose from, but you should do some investigation, and read reviews before you choose. Also, the EFF has some good guidelines to help you choose a VPN provider. You can even use a VPN on your smartphone, which protects you against some of the awful things mobile carriers do with your unencrypted data if you let them.
Finally, if you or your organization runs a website, make sure it supports encryption with HTTPS. You can tell by looking to see if your browser displays a green padlock to the left of the website URL address. If it doesn’t, you can force it to do so by changing the http:// to https:// on the browser address bar and seeing what happens. If you get the green padlock, great—use this HTTPS version from now on. If you get an error or failure, work to get HTTPS supported. The EFF has a program called HTTPS Everywhere and some great guidelines on how to deploy HTTPS. Every site should now use HTTPS all the time, not just when prompting for login and payment information. If your favorite site doesn’t support HTTPS, ask them why—and see if there is an alternative site that does support it.
Related to the HTTPS Everywhere effort is Let’s Encrypt, a free, automated, and open certificate authority http://letsencrypt.org. In order to do HTTPS you need a CA-backed digital certificate. These used to be expensive, annoyingly difficult to install and configure, and only available from a small number of companies. Now, thanks to Let’s Encrypt, anyone can get a free certificate, and configure it automatically with automatic renewal and installation. If your web hosting service still requires you to purchase an expensive cert, tell them you want a Let’s Encrypt cert or you will take your business elsewhere!
Good luck with these tools! If you have successes or make new discoveries relating to these tools, I’d love to hear from you on Twitter (@alanbjohnston) or Facebook (https://www.facebook.com/countingfromzero).
Alan B. Johnston
Originally from Australia, Alan B. Johnston grew up in the United States surrounded by technology. Always going to become an engineer, he experimented with amateur radio, computer coding and creative writing from an early age, and traveled the world with his family. He has a doctorate in electrical engineering, and has worked in industry and taught at a number of universities. He has written five best-selling technical books, and authored over thirty patents and international standards in real-time communications over Internet Protocol and in security. He is the co-author of the Session Initiation Protocol, SIP, and the ZRTP voice security protocol standards. He enjoys mentoring robotics teams and hacking around with Arduinos and Raspberry Pis. He lives near Seattle and continues to travel the world, ride motorcycles, and sail. Returning to Zero is his second novel, the continuation of the story of Mick O’Malley and the botnet started in his first novel Counting from Zero.
ACKNOWLEDGEMENTS
I would like to thank Angelica Zeller-Michaelson for her excellent feedback and editing. Special thanks to my friends and family for their support, especially my mother Jeanne Johnston. Thanks to early readers David Kemp, Laura Krueger, Ryan Wallace, Jonathan Lacey, Lorenzo Miniero, Dave Umrysh, Dan York, Justin Rauschuber, Linda Peoples, Chris Johnston, Peter Johnston, Greg Johnston, Frank Johnston, Terry McKenna, Azure Xu, Jenkin Xia, Damien Trezise, Manuel Vexler, Leon Portman, and Denis Dowling.
Returning to Zero (Mick O'Malley Series Book 2) Page 20
