For the first time, Jeremy’s cool facade cracked. He froze, the straw of his swizzle puckered between his lips. His complexion visibly transformed to a sickly gray. Just sat there staring back at Randall with those handsome brown eyes.
Advantage Jam.
But, sensing confirmation of his worst suspicions, Randall suddenly wasn’t feeling so well, either.
“You’re sure it was a Gmail account?” asked Jeremy.
“Yup.”
On Monday afternoon, one of the NSA’s hotshot hackers, Josh Tierney, had refused to tell Randall precisely what he’d uncovered in his data-mining search—just kept making dickhead references to what he’d be doing with that $50K in prize money during his all-expenses-paid trip to the Caymans. Josh got cocky like that only when he knew he’d solved a puzzle. Sure enough, on Tuesday morning, things got totally fucked when Josh showed him the Gmail intercept that he’d forwarded to their dickhead boss and the FBI in Manhattan to formally stake his claim to the Caymans prize package. “And the metadata points directly to your f-fucking work email at the NCA. What the f-fuck were you thinking? You f-fucking asshole.”
No response.
“Now, why the fuck would you do that, Jeremy?”
“So I wouldn’t forget the passphrase. But, mate, I blended it in with the cipher so it wouldn’t be obvious, and I—”
“You thought using ‘Archos’ wouldn’t be obvious?” Archos wasn’t a reference to the AI cube in Robopocalypse, like Randall’s nemesis in the NSA thought it might be. It was the short name he and Jeremy used when referring to Archer Offsite Systems LLP: Arch-O-S. “They’ve already figured out that the accounts are registered under Archos, here in Bermuda, you f-fucking moron. Don’t you s-see the connection? Email…bank account…you”—Randall jabbed a finger at Jeremy, then back at himself—“me. Like a fucking boomerang. Don’t you get it?”
“I deleted that message straightaway. Right after I printed it. I don’t understand how they could have recovered—”
“Please tell me I didn’t just hear you say that,” Randall said, clenching his fists. “It’s the f-fucking NSA, numbnuts. You know better than anyone that there’s no such thing as ‘delete’ when it comes to the Web! God, did you really figure it was okay to use a f-fucking Gmail account?”
Jeremy was chewing on his fingernails now. “How was I supposed to know someone would steal the program and use it to have people killed for kicks or to attack Russia, for Christ’s sake?”
Randall took a moment to try to navigate through the haze of this nightmare. “What part of the system did the passcode access?”
“Come on, mate. Let’s not—”
“Answer me.”
Jeremy’s lower lip quivered. “All of it. All right? The whole bloody thing.”
Now Randall was feeling a bit queasy. “Come again?”
“All of it, mate. It was my administrator password.”
“Jesus fucking H Christ,” Randall said woozily. Only two administrators had been assigned global access codes to Razorwire, and both of them were sitting at this table. He fell silent for a long moment, dumbfounded. “That’s how they got to us—these Bounty4Justice pricks. Don’t you see? Your email was being monitored…every fucking keystroke. Had to be. They must have infected your laptop with a keylogger. Then you went and sent yourself a fucking Gmail message with the passcode and a subject line in big bold letters that read ‘RAZORWIRE.’ Clear as day. And—” His eyes went wide and adrenaline gushed through him, making him see white for a brief moment. “Oh, fuck me. Motherfucker. If you were compromised, that means they could also monitor every f-fucking exchange on Atlas-5. They know everything. EVERYTHING! And you have the balls to call yourself a spy? You handed the whole fucking thing over with a big fucking bow on it!”
“Easy, now…” Jeremy said. “Let’s think this through. That password still works to access the gateway, right?”
“The gateway is only a bridge to the host server’s root directory,” Randall reminded him. “The command modules are the guts of the program.” The modules were the entry points to the dashboard of programs that controlled everything from encrypted communications between intelligence operatives worldwide to every network node connected to the Web’s global routing systems. “Each module had its own separate password. Just like we designed it. Remember? It was meant to be a f-f-failsafe. So don’t you see what they’ve done? Of course you can access the gateway, but they’ve changed the p-passwords in each module.”
“Then why wouldn’t this genius have changed the gateway access code, as well?”
Randall thought it through for a second, and the disturbingly logical explanation became so very obvious that his vision flashed white again. “Fuck! To lead the authorities right to us, fuckwad! Just like they led them to Canada…and the bank accounts. God. Fuck! What were you thinking?”
But there’d be no more thinking for the pride of British cyberintelligence, because something struck him violently in the side of the head with a pa-chump, destroying his skull and spewing his brain onto the pub’s exterior wall with enough force to splatter Randall’s face and glasses with gobs of blood and gray matter. In the same instant, a sharp cracking sound reverberated out across the harbor: pock-chooooom!
“F-fuck me,” Randall managed, knowing that he was already a goner. Only a high-caliber bullet traveling faster than the speed of sound could have blown Jeremy’s head clean off its neck. And that made him instantly recall an arcane factoid he’d heard years ago on some Military Channel testosterone-fueled weapons show: “Once you’re in the sniper’s crosshairs and he takes that shot, you’re dead before you even hear the muzzle blast of his high-performance rifle, because the velocity of the bullet outruns the sound wave—”
It was the last computation his brain processed in vivid color.
He felt an insanely intense pressure erupt in his left ear.
Then the melodies of his genius went forever silent.
# 67.04
The barkeep, who’d heard both retorts of the sniper’s rifle, darted outside and blanched at the carnage left behind by the two Lapua Magnum slugs that would later be extracted from the pub’s stone wall.
Checkmate.
The Telegraph @Telegraph • 17m
Vigilante mania wanes as public sentiment shifts against @Bounty4Justice. Analysts blame the fickle nature of #popculture trends.
bit.ly/1CWtsK1
# 68.01
@ London, England
Novak and Michaels stood behind Burls, watching as he took the helm at the keyboard and entered the Rang-O-Chat Internet Relay Chat message board on the darknet.
“You’re saying I just type ‘password’?” Burls asked.
“Correct,” Novak said.
Burls entered the term, and up came the password entry prompt—the blinking cursor that indicated the presence of something on the other end of a darknet wormhole that was now awaiting a reply.
Novak felt like he’d entered the Matrix. “Go ahead and enter the password.”
Burls typed in the thirteen-digit passcode and hit ENTER.
› ENTER PASSWORD: 89eTf‹iArchos
› Please wait…
› PASSWORD ACCEPTED
› Please wait…………..
There was a five-second delay as the bot went about establishing its connection outside the message board. The command was pinging some server—calling out to the mother ship. But they didn’t pass through the wormhole just yet. Instead, what came back was a list of commands that could direct them to where they needed to go:
YOU’VE ENTERED: RAZORWIRE GATEWAY
PLEASE SELECT A COMMAND MODULE: _
DIAG
CMOD
RFSH
ROOT
ADMN
NTWK
“We believe that Razorwire is the systems engine behind Bounty4Justice,” Novak said.
“Remarkable,” Burls muttered in astonishment.
“Now what?” aske
d Michaels.
“Type ‘CMOD,’ ” Novak said.
Burls entered the command.
Up popped another prompt:
› ENTER ADMIN PASSWORD: _
Burls reentered the thirteen-digit code, and the response was exactly what Walter had told Novak it would be:
› PASSWORD INVALID. ENTER ADMIN PASSWORD: _
“Damn. What’s the next password?” Burls asked.
“We don’t know yet,” Novak said. “The NSA is working on it.” Even had he already known it, that was a piece of information best kept close until they better assessed how badly British intel had been compromised. “I was advised that a brute force attack could take days, depending on the strength of the passphrase.”
There was a knock at the door, and Sarah rejoined them, looking pale.
“Pardon the interruption, sir.” Her eyes filled. “We’ve just received some rather disturbing news. The BBC is reporting that two men have been murdered in Bermuda by a sniper. They’re saying one of them was a Briton named Jeremy Grimes.”
From: Walter.Koslowski@ic.fbi.gov
Sent: Wednesday, November 8, 2017 at 11:32 AM
To: Josh Tierney
Cc: Roman Novak, Tim Knight, Dilip Kapoor
Subject: Bounty4Justice gateway address request
: Razorwire.gateway.jpg
Josh, regarding your cryptanalysis of the Razorwire ciphertext, my team has discovered a usable password hidden within the character block: 89eTf‹iArchos. Note: the “6I6” referred to the code format: 6 characters to each side of the lowercase i. This password can be entered into the Bounty4Justice chatbot hosted on Rang-O-Chat (IRC message board). The attached screen print shows the actual input sequence, for your review. I’m hoping that you might be able to confirm the host server the bot is referencing. When I pinged the server, it gave me the same IP address over and over. Not sure if I trust it. Fingers crossed! Please advise. Thanks very much.
Walter Koslowski
Senior Cybercrimes Specialist
Special Operations Cyber Division
FBI New York
26 Federal Plaza
New York, NY 10278
Phone: (212) 555-0453
Fax: (212) 555-8858
@NewYorkFBI | Email Alerts | FBI.gov/NewYork
Cyber Tip Line: (800) 843-5678
# 69.01
@ Fort Meade, Maryland
11:32:22 EST
Josh Tierney wasn’t surprised to see another request from Walter Koslowski in his in-box. After feeding Koslowski the Gmail intercept sent to Jeremy Grimes, Tierney had fully expected that the FBI would want more information. What did surprise him, however, was that the cyberanalysts from the Manhattan field office had figured out on their own that the ciphertext in that Gmail message indeed contained a passcode, albeit one that was, in and of itself, a puzzle. That “6I6” wasn’t a typo for the number of the beast after all but a clue to the coding format. Clever.
He plugged that thirteen-digit code into the Rang-O-Chat message board Koslowski had referenced in his email. The Razorwire command list came up on his screen, and it made his eyebrows lift.
“Well, hello.”
These damn bots were getting cleverer by the day.
“And just where did you come from?”
He wasn’t sure what system this protocol was running on. It wasn’t anything he’d seen before, and he’d pretty much seen them all. Looked like a variant of Unix—the tried-and-true server platform that had been evolving for over forty years now—or perhaps some bastardized version of Linux or Apple OS X. But the command structure didn’t quite fit those systems, either.
Whatever the case, Walter Koslowski was right. This chatbot was feeding commands to a central server—from the looks of it, the module that controlled the Razorwire protocol. The designer had probably snuck this gateway in as a remote back door to access the system from anywhere in the world. Nice touch, he thought. Sneaky. He was a tad pissed that he hadn’t figured this one out on his own. But everyone deserved a lucky break every now and then, so kudos to the dataheads in Manhattan. Besides, he’d identified the actual human being who’d received the gateway password. That had to count for something. Realistically, without the thirteen-digit password, there was no way he could’ve figured out this IP address earlier.
Whatever.
Time to have some fun.
The bot’s command structure was rudimentary. So he ran through each command, typing it at the prompt on the Rang-O-Chat message board. Each module required an additional administrator password. He figured one password might unlock all the modules, or separate passwords might be required for each one, which would make sense if multiple users were assigned specific privileges. But in theory, someone had to control global access to the system—someone who could break open the whole damn thing and execute every superuser privilege in the root system. To determine that person’s passcodes, a brute force attack might work—hit the server with a password hasher at quantum speed. But that could take a few hours, or days, or longer, depending on the server’s response time. Most likely, the server would apply basic session logic to lock out a unique IP address that was endlessly spoofing passwords.
He logged in to a containment quad, quarantined from the NSA’s main network, so that he could run his experiments. He began with pinging the server via plain old ICMP, like Walter Koslowski had done from his computer in New York, or just about any goofball could do sitting in his underwear at his home computer. The target server responded with an actual IP address that mapped to a precise location halfway across the globe, just like Koslowski had said it would. All along, Bounty4Justice had been using an entire network of proxy servers to cover its tracks, and this was probably some zombie decoy whose sole purpose was misdirection. When he pinged it a few more times, however, the same IP kept responding, which was weird. Why wouldn’t Bounty4Justice just shut down the ICMP port and simply not respond? After all, obfuscation was this website’s forte. So he dug a little deeper and ran a full trace on the physical network connectivity. He was getting back readings on a very specific physical connection—from backbone to branch fibers to last-mile connection to front-door hookup—with no ISP or middleman playing hall monitor. Straight to the source.
Interesting. Too easy. Yet it certainly appeared that this IP address wasn’t fucking around with him. Could this whole damn command module reside on a server at this actual address that kept coming back at him? He shook his head. Appearances were often deceiving, and even more so in the realm of the darknet.
He moved on to the next level. The NSA had a very extensive tool kit when it came to exploits—an entire arsenal of infiltration scripts grouped into bundles, including every known back door built into every brand of router, server BIOS, telecom operating system, programming language, and software protocol.
The agency even had secret alliances with the technology manufacturers themselves, who, in the interest of national security, “cooperated” by incorporating back doors into their firmware that allowed targeted penetration, when needed. Though more often than not, those exploits were used to bypass encryption and listen in on a chancellor’s mundane phone calls about trade policy or to eavesdrop on some dopey jihadist wannabe in Yemen looking to bring down the evil American empire with sticks and stones. Wiretapping wasn’t simply sporting in the Digital Age; it was a given. The game was pretty much rigged. And hands down, the United States and Britain swung the biggest sticks.
Josh perused the cyber arms catalog and sent a band of his favorite port sniffers out to hunt. Server infiltration scripts reminded him of those high school sex-ed videos of sperm attacking an ovum—a bunch of aggressive invaders wiggling and squiggling every which way to force themselves inside to the sweet spot.
The confirmations came back within seconds, and much to his chagrin, all the results agreed that the server’s thousand-plus TCP and UDP Internet transport security layers were all locked down. Okay. So it was run
ning an ultratight firewall, and its routers were somehow shielding the true identity of the operating system. In fact, the routers seemed impenetrable. How could that be? he wondered. You’d have to do some serious monkeying around to retool a router like that. It had to be running through its own darknet within the darknet.
He went back to his tool kit and checked off a few more choice payloads—the super sperm—and set them loose. These dogs barked a lot louder, drew a lot more attention, and often left pawprints. The nuclear option. But given where the server was located, Josh didn’t have to worry all that much about legalities or the rules of fair play. For this problem-child country, it was gloves off. No management approval required.
In seconds, the responses came back. Same shitty results. Even the most potent SSL exploit packets were coming back empty. For Josh, this was a first.
“Shit.”
He stared at the screen…puzzled. Okay. The server wasn’t shy about its location, but it was doing a stupendous job of not revealing a damn thing about itself. What a tease. He stared at the screen, his brain burning in bright, overlapping colors. A computer the NSA couldn’t hack? Nah. Couldn’t be.
Too bad Randall was off on personal leave, he thought, looking over at the empty desk to his right. That guy was a spaz, but he was really good at this kind of thing. He hadn’t earned the nickname Spoof Master for nothing.
For the time being, Josh injected a botnet script into Rang-O-Chat’s servers to monitor its message boards, so that if any user established a connection with the target server IP hosting Razorwire, the bot would capture the input data using a Quantumbot exploit and send it back to him, along with any packet data that might reveal the administrator’s IP address. It was a long shot, certainly not foolproof, but worth a try. He repeated the same process for the other message boards hosting the Bounty4Justice chatbot, so that all the traps were set.
Bounty Page 33
