For Money or Mayhem ©2015 2018 Nathan Everett, Elder Road Books, ISBN 978-1-939275-57-8
Being a hacker, I’ve always had an impulse to hide my identity. As a result, I’ve never put my real name on the Internet. I’ve never put my own photo on a social site. I’ve never indicated in my profile where I live, how old I am, or even my sex. I have very few ‘friends’ online and they mostly know me by one of my aliases and not by name.
Amazingly, I’m still pretty active and think of myself as even a little vulnerable online. I have a dozen email addresses, carefully concealed behind various identities. My passwords for those accounts are changed every thirty days. I create temporary email addresses through anonymous host sites and then create permanent addresses using the temporary one as a reference. Then I delete the temporary account. My security software is the best I can find, but because I’ve cracked it myself, I place little trust in its ability to keep my systems safe.
I don’t use WiFi in my office or my home. I use a cellular modem to connect my computers through encrypted packet data on a virtual private network. That makes my activities almost undetectable as my IP address changes with every location from which I connect.
It also makes everything damned inconvenient.
I am a digital fortress, and even so, I am afraid of being spied upon. It really irritated me that in my first day at EFC, I’d found two devices set to spy on me as I worked. And I figured there would be more.
I hadn’t opened email after logging on. I’d simply stared at the computer screen watching the security camera outside my office continue its 360 degree pan every four minutes. Who monitored that camera? As I left for the day, I wandered aimlessly down the corridor. All through the office I could see monitors on people’s desktops displaying images from security cameras. Occasionally, I would see myself on a screen as I walked by, which meant the cameras were located all through the building. That amount of visual data would take truckloads of digital space to store, even after high compression. But I had to admit, the simple reminder that I was being watched at all times had a Big Brother effect on my willingness to commit any grave sin in the office. It probably had the same effect on every other employee.
I left the building and wasn’t sure that I ever wanted to go back.
The keyboard was tapped. The camera was watching. What other types of surveillance were in place? I had to bet that the laptop I was assigned had monitoring software installed on it—very likely in places that I couldn’t touch. So, Tuesday morning when I went into the office at half past eight, I swiped my ID against the reader and went straight to my desk. I attached a portable keyboard to the laptop and did a network boot, avoiding accessing the hard drive at all. As soon as I reached the ‘repair’ screen, I slotted in my smartcard and gave the commands to format the hard drive and reinstall the operating system and standard company issued software. That should take care of any malicious software on the computer that was directed only at me. The fact that I’d never know what was there was irritating, but not worth bothering over if I wanted to start exploring the company networks. Of course, EFC might be monitoring everyone’s computers and have software built into the network install. Que sera, sera.
After the disk was formatted and the system was up and operating again, I’d have to figure out how to put my own protection on the computer. I was pretty sure the network security protocols would prevent me from installing any software that wasn’t on the official list—that was typical of both financial and government offices—but I was confident I could find an unprotected network computer where I could install and run it remotely. If not, I had a way of running the programs that I’d use remotely, although I’d rather have it right here.
While the system was installing, I tapped into my own VPN on my cell phone and started a series of probes at the company’s firewalls from outside. If there was someone getting through from outside, then the fraud they were worried about might not be employee-based at all.
I timed the rotation of the camera outside my office and while it was turned away, I used a small bug detector to sweep the rest of my office. There were two—a listening device in the lamp and a bug on the phone. Those, I simply wouldn’t tolerate. I removed them and went out of my office to the restrooms and flushed the two devices down the toilet. With luck, no one would have been listening that early in the morning and they’d just hear silence from that point on. But I didn’t care. They would all know by now that I’d detected the devices and cleaned house. And good luck to them trying to break my password to reinstall.
I wasn’t surprised to find that when the screen-saver kicked in on the computer, I was once again viewing a security camera, but it wasn’t the same one. I’d read my company handbook the night before. EFC had security camera feeds as the standard screen-saver for all network computers. The feeds were randomly assigned and changed to a different camera each time the screen-saver kicked in. I was willing to bet, though, that the feed I’d seen on my screen the previous day had not been chosen randomly. Someone was making sure I knew I was monitored. The question was, “Who?” After all, Arnold had told me when he hired me that I’d be watched. Throwing me the camera might simply have been a way of driving the point home. There was no reason to believe I had a strong ally anywhere in this company. Yet.
They’d as much as challenged me to show I could get around them. I was going to do it.
I opened my email and scanned through the messages that came through yesterday and early today. If the number of messages in my inbox was any indication, it was a wonder anyone got any actual work done. I set my mailbox up on a removable drive. I wasn’t keeping anything on the company computer. When I turned it back into them after I was done here, it would look unused.
It was time to start earning my keep.
The EFC network was a new city and the streets were unfamiliar to me. Usually when I track someone, I know the streets and I can eliminate the background noise. Here, everyone I saw looked like a threat, and everyone I couldn’t see was suspect.
I could randomly pick virtual doors and walk in hoping to find something interesting, but I was pretty sure some of the doors I could see had security systems that would sound alarms all over if I just busted in. And being random wasn’t a good plan. I needed to learn how this city was organized. Where did people live and where did they play? And most importantly, where did they keep their treasures? If I was going to catch a thief, I needed to know where there was something worth stealing.
Every bit of information on the Internet—every file on a company server—has value. The problem is making it transactionable. If I buy artwork for my home for $1,000, one day it might be worth $10,000, but only if I can find a buyer who will pay that much. The same thing is true of information. It is worth what a buyer will pay for it. So, when looking for something to steal, the first place to look is not at what people are guarding most heavily, but at what people are most willing to buy.
I headed for the vast underground marketplace of the Internet.
Most people think of the Internet marketplace as big storefronts that house multinational companies or auction houses. Those are the ones with a dotcom address. Most of the places I visited were identified by IP addresses without even a domain name. In my mind, it was more like a medieval village than a shopping mall. Random booths were set up throughout the square offering goods for sale. Auction blocks competed for attention as everything from slaves, to weapons, to food was offered to the highest bidder. Hawkers barked out their wares and the benefits of their products. Crowds pushed and shoved, individuals clamoring for attention. But these were the sellers. The buyers stood around the perimeter, usually silent. Occasionally one would step up to buy, often haggling over the price. Those were bargain-hunters. I wasn’t interested. Demand drove prices up. If the price was going down, it wasn’t worth stealing.
In the side streets off the market I found people asking for goods and services. They weren’t there to bicker about a price. What they wanted had value to them. It was worth going after. These were the people who could inspire theft.
I wasn’t there to engage, but lurked in the shadows watching transactions and proposals taking place. Nonetheless, a shadowy figure attached itself to me and spoke quietly.
“Buying or selling?”
“Depends,” I answered. “What do you need?”
“Bank accounts would be nice.”
“Wouldn’t they though?”
“You don’t have any to sell? Go away.”
“I didn’t come to you. You came to me.”
“Go away.”
I decided it was in my best interest to go away. I left the alley and circled around to it by a different direction. I could feel the presence nearby, though it didn’t approach. I moved out again and came back a different way. It was definite. I was being watched.
I hit ESC and dropped into the real world a moment before a tousled redhead with black rimmed glasses poked through my doorway. Ford McCall was trying to get my attention. I waved him in.
“I like your furniture arrangement,” he started. “It’s good feng shui. These offices make it difficult to find a position where your back is neither to the door nor the window. Nice solution.”
“Thanks. You a decorator?” I’d had nearly the same conversation with Eric after we’d painted my apartment black and he’d convinced me to go to IKEA for furniture. When there are windows or doors on three sides of a room, it gives few options for positioning yourself so that you don’t have your back to one or the other. I guess that would make Wild Bill Hickock a feng shui expert because legend said he never sat with his back to a door or window while playing poker.
“No. Just read a lot. Speaking of which, did you see the article in TechCrunch on the upcoming meeting of the standards committee for IPSec? You should put in for a field trip. Arnie’s serious about improving security all the way around, so I’m sure he’d fund the travel.” I could see that Darlene’s assessment of Ford’s connection to the Internet and reading every article on every subject was probably true. I’d have to be careful what subject I engaged him on as I was sure he probably knew more about anything than I did. Still, the fact that he was standing in my doorway as I was being followed through cyberspace meant that it wasn’t him that was following me—didn’t it?
“Thanks, Ford. I’ll check it out and see what Jen thinks.”
“That’s a lost cause,” Ford snickered. “If you talk to her, put together a spreadsheet that shows how much the whole venture will cost, where you’ll stay, who you expect to talk to, and a list of objectives for the trip with a dollar value attached to each one. She may look like a woman, but she’s just a suit. If there isn’t a bottom line, there isn’t a reason.” There was a little bitterness showing through Ford’s comments, as if he’d tried to convince her of a venture with no success. “Oh, Allen says we’re going out for a beer Thursday night. I understand you aren’t in on Wednesdays, so I’ll see you then.”
With that, the smartest and most socially inept man I’d ever met left the room. I glanced at my clock and was surprised to find it was already past five. I’d been so absorbed in my exploration of the network that I hadn’t had lunch. My stomach growled. I shut down my computer, unlocked the security cable that fastened it to my desk, and packed it in my briefcase.
I wouldn’t be in the office tomorrow, but I’d be doing a lot of work before I showed up here on Thursday morning.
Please feel free to send comments to the author at nathan@nathaneverett.com.