by D. B. Goodin
At the stroke of nine, Dahlia, Mr. Tage, and the Sultan were visible on the conference screen.
“Welcome, esteemed members. I know it is late for some of you, and my apologies. I just wanted to ensure that your lieutenants will be available during our conference. You are allowed three lieutenants, but they must be prioritized in order of rank or importance. For example, the man standing behind me is Ezekiel, and he is my primary,” Chen said.
“Are we to bring all of our lieutenants, or just the primary?” asked Dahlia.
“I’ll leave that choice to you, but it’s your responsibility to brief them on the inner workings of our Cabal. Are there any more questions?”
Everyone on the video conference shook their head.
“Excellent. I will expect all of you—including the lieutenants—at the Bromwick Hotel a week from today. I have reserved suites for all of you. I’ll reserve additional rooms for your lieutenants. I just need a final count before tomorrow.”
“I’m bringing all three of my lieutenants,” Dahlia said.
I don’t know Dahlia very well, but anyone trained by the infamous Black Heart will be formidable, Chen reasoned silently.
“I will bring my primary, but I suspect my two new lieutenants will be in attendance,” the Sultan said.
“Excellent! What about you, Tage? Do you have a final count?” Chen asked.
“Just my primary,” Mr. Tage confirmed.
“Remember you will need to stay for the entire conference, but it shouldn’t last more than a few days. Security will be provided, and bring no additional people, except your lieutenants, of course. We have much to discuss.”
A tall man with black hair and olive skin entered Milford Radio and Repair. Milo, the shop owner, had just opened for the day and had not had the time to tidy up after last night’s inventory that his father had sprung on him.
“Can I help you, sir?” Milo said.
The man was dressed in a trench coat and wore a fedora. The man’s glasses were as thick as the bottom of a soda bottle.
This guy must be legally blind.
“Yes, you can,” the man said.
Something about this guy gives me the creeps.
The man didn’t say anything else. He wandered about the shop a bit. He picked up one of the radios Milo had on display and fiddled with the knobs and switches for a while. Then he turned to Milo. Butterflies entered Milo’s stomach; he didn’t know why this man made him anxious, but his presence unnerved him.
“Hello, son. I have a special need for a radio that I wouldn’t mind having connected to my brain, if you know what I mean,” the man said.
What the hell is he talking about?
“What kind of radio do you need?”
“Something that can scan the airwaves for wireless convos. I also need something that will tell me which airwave has a particular convo. Can you help me, son?”
“Sounds like you need a frequency counter and a scanner radio to get started. What conversations do you need picked up? I mean, are you interested in picking up chatter from cordless phones? Or cell phones?”
“Yes—that’s what I need the convos from.”
Does he want to spy on people’s cell phone calls?
“To be clear, I just want to confirm which conversations you need to pick up. Do you mean conversations from cell phones?” Milo asked.
“Yes . . . yes . . . yes . . . please!”
The man started dry-washing his hands in anticipation. The image reminded Milo of a mad scientist.
“Then you need two pieces of equipment: a frequency counter, which scans for the proper frequency of the cell phone, and once you have it you can use a scanner to listen to the conversation.”
“Yes, give these to me, son,” the man said as he clapped his hands together.
This guy is whacked.
Milo found the two most expensive radios that he could find and calculated the cost.
“That will be $623.32. Will that be cash or charge?”
The man took out a wad of bills several inches thick and counted out seven one-hundred-dollar bills.
“I don’t have enough change,” Milo said.
“Keep it and put it toward a radio lesson for me. How much do you charge for that?”
Milo did not know how much to charge for a radio lesson. Most of his customers already knew how to use the equipment.
“Throw in another hundred, and that will buy you an hour of time,” Milo said.
The man tossed the money at Milo like it was nothing. A tattoo of an angel caught Milo’s eye.
There’s something about this guy. Even his tattoo seems suspicious.
“Now teach me, boy!” the man said with an impatient tone.
About forty-five minutes later, the lesson was over. Something about the man creeped Milo out, but he couldn’t put a finger on it. The man was insistent about using cellular signals to trigger something else—for what Milo didn’t know. The experience troubled him.
Chapter 3
Nigel paced about the shop. He was still rattled by the contents of that video. Every time he looked at the computer that contained the image, he thought of the video of the woman. Visions of Hunter attacking those police officers and slitting his throat overwhelmed him. He closed his eyes, then performed the breathing exercises that usually calmed him.
Nigel’s phone chirped; it was John Appleton.
“Nigel, what’s wrong?” John asked.
“Nothing’s wrong,” Nigel said.
“Then why did you call me five times?”
“I did? I just called you once.”
“No, five times. I have the call log to prove it.”
“Oh . . . I need your advice. I found something . . . bad, maybe illegal, on my first customer’s computer.”
“Does it involve . . . children?”
“I don’t think they are children. They appear to be in their late teens or early twenties.”
“Tell me what you saw on the computer, every detail,” John said.
Nigel relayed the gruesome details, not leaving anything out. John was silent for several moments.
“I don’t think you should view any more of his videos,” John said.
“Why not? I followed forensic best practices by working off an image of the computer.”
“It’s not that. I don’t think your customer has broken any laws. It sounds like he is making a science fiction movie. The people in the video are adults, right?”
“Yeah, it looks like it.”
“Then I would let it go. You don’t want to hurt your business with an accusation like this. If people think they can’t trust you, then you will not get any business. If one of your clients shows you pictures that’s one thing, but you shouldn’t be looking for them on their computer. You can clean any viruses, but don’t get into the habit of looking.”
Serves me right—I should not have involved John.
“Okay, thanks John.”
“Don’t mention it. How is everything in Newport? Are you settling in okay?”
“Yeah, our apartment is just above the business, so we don’t need to go far. Anyway, I should go. The client will be back any minute.”
“Take care of yourself, kid.”
Nigel finished removing the malware from Peter’s computer. Curious, he adjusted one of the network adapters on the laptop so it would analyze every packet it would send or receive. This meant that he could inspect everything that his computer would come into contact with. He turned up the logging settings and outputted it to a flash drive.
Something malicious is trying to get out of that image.
Nigel scrutinized the logged output and observed a distinct pattern. The computer was attempting to contact a command and control (C2) server. If this happened, the malware’s author could send additional instructions to the code. He used a special tailing command to send the contents of the log to one of his monitors. As soon as the malicious traffic patterns restarted, the logs would
tell him.
Time to do a little dynamic analysis.
Using the image he’d acquired earlier, Nigel cloned Peter’s computer in a virtualized environment he could control. The conditions were as close to perfect as he was going to get.
Let’s detonate!
Nigel enabled the network connection and let the malware call home. Moments later, the malware used an open network connection to interface with the malicious server. His monitoring station lit up with activity, and he began reading the output in real time. He stopped the outbound network connection. Nigel noticed that when the malware found a live domain on its list, it shut down. If it found an inactive one, it would continue to function.
That makes no sense—wait! The malware authors created an impromptu kill switch to avoid detection. Time to create a sinkhole to capture that bad traffic.
Nigel constructed a server known as a sinkhole; this would allow him to send all malicious traffic to a server he controlled. Then he could analyze the bad outbound communications to find anomalous conditions that could give up the information about the adversary.
Nigel heard a ringing sound at the door.
Someone’s here!
“Is my computer ready?” Peter said, loud enough to stir Nigel out of his thoughts.
I didn’t hear him come in! I’d better work on my physical security measures.
“Almost—I’m running a final scan now,” Nigel said.
“What did you find? Did any of my files get accessed?”
“You mean by the malware?” Nigel asked.
“Yeah. I’m working on a project that I don’t want anyone to steal. I’ve heard some horror stories about people stealing intellectual property. I don’t want anyone to sell my content before I do,” Peter said.
“I noticed a lot of media files on your system. Are you a filmmaker?”
“Well, I’m creating content for a horror channel. But I’m creating a segment for a web show called Amateur Sleuths.”
“I’ve never heard of that show.”
“It’s put on by a guy who has millions of subscribers. These people pay him anywhere from five to fifty dollars a month for unlimited high-definition content.”
“What kind of content are we talking about?” Nigel asked.
Is he telling me the truth?
“It’s a documentary about revealing the truth about cyborgs living among us.”
“A-about what?” Nigel’s voice faltered.
Has he found Delta? he wondered in panic. No, it can’t be—she’s with Melissa in Scotland. I should play along here.
“It sounds fantastical, but I frequent many dark web sites that have truth about experiments that integrate human flesh with machines,” Peter explained. “It’s not that well known, but there are back-alley clinics in large cities that perform operations.”
“Do you have any proof?”
“Yes, the proof is on my computer.”
A beep emitted from the computer.
“Looks like the scan is complete. No more malware, but I found a rootkit on your computer.”
“What’s that?”
“It’s a piece of software that embeds itself into an area that is not normally accessible to other programs or users. It’s placed there by other malware, and it is malicious. The function of a rootkit is to hide itself from users as it steals passwords and keystrokes. It usually sends what it has gathered to another computer, but I couldn’t find any evidence that happened here,” Nigel explained.
Peter looked relieved.
“I recommend that you back up your computer and wipe it. I can do that for you for an extra charge.”
“How long will that take?”
“It’s a long process, and I’ll need the computer overnight—”
“No, that’s okay,” Peter said, cutting Nigel off.
“I would take care of that as soon as you can. The malware can come back.”
Peter paid for Nigel’s services, took his computer, then left the store.
Time to get back to work. That malware is trying to awaken its botnet army.
Later that evening
Nigel was grateful that Mitch Smith, Jet’s father, had found cheap office space, because Nigel didn’t relish working out of his mother’s house over the winter. His mother’s hospital visit and recovery had put his entire family on edge. Nigel doubted his brother would recover, but to his surprise he did. John Appleton had been spending more time with his mother after her accident, and while she was on the mend, she had a long way to go before making a full recovery.
I didn’t want to leave Mother, but I’m eighteen now, and I want to start my life with Jet, Nigel reminded himself.
Nigel smiled at a recent memory of Jet trying to force a chicken out of its packaging. She had refused his help and was doing her best at setting the table and getting the food cooked.
She is the one for me!
Nigel’s phone rang; it was Jet.
“Hey, you,” Nigel answered, “need any help with getting that fiber connection installed?”
“Nah,” she said, “I had to help the technician—he didn’t know how to program the router.”
“First day on the job?”
“You would think, but he kept going on about his first year on the job.”
“Not everyone is as good as you.”
“Are you flirting with me?”
“You bet!” Nigel laughed.
“Anyway, Dad got all the legal paperwork done, so as soon as we sign the papers in front of a notary, he will be part of N&J Investigations, Inc.”
“And I think I have our first significant customer,” Nigel said.
“Who?”
“Milford High School. They have a lot of incidents with sextortion cases this year.”
“From students?”
“Not sure yet, but Mr. Levinson thinks it might originate from the outside.”
“That’s bad, but the business will be good for us, I suppose,” Jet said.
“Yeah—we need as much as we can get.
Early the next morning
Nigel awoke in a cold sweat.
Did I have another bad dream? I can’t remember. It’s been so long since I’ve had any trouble sleeping.
His thoughts turned to Peter’s computer; those images had left a lasting impression. Earlier, Nigel had dismissed it all as some movie-making magic, but something about it put him on edge. He lay in bed for another two hours; the only sound was Jet’s breathing. He decided to spin up that image one more time. Nigel got out of bed as quietly as he could, as he didn’t want to wake her. With their loft connected to the shop, there was no need to get dressed.
Five minutes later, he was scanning the computer image for any droppers—as in, a piece of software capable of receiving a signal from another server to instruct it to download more code. Hackers and malware authors used these tools to download the real payload.
Time to crack the mysteries of Peter’s malware. Nigel chuckled at the thought.
After reviewing the preliminary scans from Peter’s computer, Nigel dug in a little deeper.
Something’s not right—a lot of internet traffic is concentrated on Edinburgh. What’s there?
Nigel examined the logs on Peter’s computer. He was interested in the custom scripting language built into the operating system.
The latest High Tower operating system (HTOS) includes a custom scripting language based on PSnake called Supershell. If Peter is running as an administrator, I’ll be able to see that activity.
Nigel looked at the internal logs on the system that wrote all system and user activity. Then he examined the configuration settings that were stored in a special area known as the ledger; this kept track of any configuration on the laptop, including flash drives.
I wonder if the malware got installed after Peter inserted a flash drive or hard drive while editing his videos.
Nigel pulled up the ledger that contained thousands of subgroups leading to da
ta nodes known as keys. The operating system stored these keys in top-level areas known as hives. Nigel examined the area known to store these values. He traversed the following path:
ROOT/LOCALMACHINE/SYSTEM/
ControlSettings/PORTSTOR
Under the “PORTSTOR” key, Nigel examined the entries with serial numbers. He also noted the device manufacture names.
It’s time to do a little device recon.
Nigel exported the entire key to an external file. He added the serial numbers and manufactures to a spreadsheet.
The network stack on Peter’s computer is clean. Local attack vectors? Infected flash drives? It’s worth a shot.
Nigel started the arduous process of creating a secure connection to the dark web. If the marketing materials on the MORP browser were to be believed, MORP was all you needed to safely access the dark web. Nigel knew better, so he started layering VPN connections before launching MORP. The purpose of this was to hide your original IP address from any random hacker or denizen with ill intent.
I learned my lessons from Jet and her brother George well. Now it’s time to put my knowledge to the test.
Nigel could only layer six VPN connections before the MORP browser became unresponsive. He preferred at least seven but decided six was enough. After navigating to a dark web site with the strange title of “Raid Cookies”: a common dark web site that dealt in various attacks that relied on exploiting computers without a network connection. Nigel found many of the techniques the hackers posted to be fascinating. One hacker bragged about being able to exploit computers through the walls of hotels. Another claimed to use a drone to exploit infrared systems. Like most dark web sites, there was no logical layout of information. He had to sift through a lot of random stuff. It took him an hour to find the information he was looking for.
