Kingdom of Lies
Page 13
Because despite the obvious downside, here he is, still watching Sig. Perhaps, he thinks, this is more personal than practical. He shuts his laptop and digs into the bowl of egg salad with a large soup spoon. He will check back in a week to see if Sig has tried to open the bank account.
There’s a sudden commotion on the stairs leading to the kitchen. It’s his wife, the kids. Two daughters, from deep asleep to wide awake in zero to 60. Insane, ghostly children. Hair perpetually a mess. His wife is pregnant again. She glares at him.
“You have egg hanging out the corner of your mouth.”
“It’s that damn book.”
“Watch your language.”
The children shriek: “Damn! Damn! Damn!”
“I’m sorry.”
“You will want tomato sandwiches next.”
“I can get some at the store. Later. Tomorrow. Next week.” Whenever suits you, my love.
He smiles. She smiles back.
She picks up a month-old newspaper from the rack. Reclines on the couch. He reads the unspoken signal.
It’s your turn to mind the children.
He drops down to the floor on his hands and knees. “Who wants to ride the horsey?”
The children cry: “Me! Me! Me! Damn! Damn! Damn!”
* * *
René Kreutz is exhausted. Eight-months-pregnant exhausted. She reclines on her side on the couch while Sig clicks away at his laptop at the kitchen table.
He’s been bothering her for days to go downtown and set up her own bank account. She has no idea why. It’s utterly ridiculous, she thinks. He insists it’s for the baby. His arguments make no sense, and she’s too tired to do anything about it other than politely decline.
She doesn’t want to go into town and risk running into someone she knows. She’s embarrassed about being pregnant. She’s perpetually embarrassed these days. The girl who never got herself into hot water is boiling.
She drifts off into a sort of half sleep. In her daydream, she goes through the motions of what a best-case-scenario childbirth will be like. The epidural. Sig by her side, offering support. Nice nurses dressed in white. She’s in the bedroom, the same one where she was born. Her mother will come later, after the birth.
“Could you stop breathing so loudly?” he says, startling her slightly. She complies, staring at the wall in misery. She’s frowning without realizing it, something Sig forbids in the house. He looks up. “What did I tell you about frowning at me? Why don’t you smile sometimes? You need to smile more. You look old like that.”
She smiles at him, but he’s staring at her. He looks afraid, an unusual expression for him.
“Yes?”
“Look at your legs.”
René looks down.
Blood everywhere. She hates blood.
René turns white as a cloud and passes out.
16.
The Recruiters
The market for cybersecurity jobs is hot and it’s not likely to change anytime soon. There are so many open jobs and so few people who can do them that many firms predict millions of open jobs over the next 10 years. Far more of those jobs will go unfilled globally, where skills are in even shorter supply than they are in the United States.
Cybersecurity education is deficient. It’s hard, if not impossible, for people to get experience in the field, and many of these jobs require experience.
The following are generalizations, but legitimate ones: People with strong technical backgrounds frequently have a hard time making it in the corporate world. They may, like Victor Tanninberg, be excellent programmers and exceptional mathematicians, but they have little taste for politics, paperwork, or being required to show up between the hours of nine and five. Some people hate wearing a suit; others can’t follow rules.
People with a corporate background often can’t get the experience necessary to transition to security. They may be excellent at managing projects or leading a team of people, but the rote requirements for cybersecurity jobs—various certifications, for instance—keep them out of those roles. An investment of six weeks can turn a generalist into a good cybersecurity professional. Somebody talented, like Charlie Mack, for instance, can come from an intelligence and security background with a law degree and can learn the cybersecurity side in an instant. Most companies aren’t willing to take that kind of gamble.
People in the military have a full range of security skills, but they get little help going from the highly structured environment of the government to the free-for-all that is the private sector. Some big corporations, like NOW Bank, tackle this by giving veterans mentors who can help them understand the protocols of the enterprise. Chief among these lessons is that crossing hierarchal lines is more acceptable, and sometimes even preferred, in a corporation than it is in the military.
This type of mentorship has helped countless veterans make a smooth transition to lucrative cybersecurity careers, like the employees Caroline Chan plucked out of obscurity to work at NOW Bank. However, military brass like Bob Raykoff, who have been in leadership positions for a substantial amount of time, don’t always think they need this type of training, and before they know it, they inadvertently alienate huge segments of their organizations.
There is, as Victor points out, a significant lack of experts who are both proficient and savvy enough to do truly original cybersecurity work. The very good ones are quickly courted by the largest technology companies, followed by the banks and start-ups, with other types of companies, like healthcare firms and hedge funds, bringing up the rear. Those who are left often go to the government. There are many government cybersecurity employees who are highly proficient and true believers in their mission, but no one is under the illusion that a good hacker will be satisfied with making $50,000 a year for the National Security Agency when he could be pulling in four times that much at Google.
There is also a lack of people with truly good social-engineering skills. When a malicious person calls you and convinces you they are a help desk employee and you need to give up your username and password to prevent a problem, that’s social engineering. When he says he’s a Nigerian prince and needs your help, that’s social engineering. When they open an account under a fraudulent name and identity at a bank branch, they are socially engineering the bank branch manager with a wink and a smile.
This is social engineering, taken from the 2018 indictment of 12 Russian hackers accused of infiltrating the Democratic National Committee:
On or about June 8, 2016, and at approximately the same time that the dcleaks.com website was launched, the Conspirators created a DCLeaks Facebook page using a preexisting social media account under the fictitious name “Alice Donovan.” In addition to the DCLeaks Facebook page, the Conspirators used other social media accounts in the names of fictitious U.S. persons such as “Jason Scott” and “Richard Gingrey” to promote the DCLeaks website. The Conspirators accessed these accounts from computers managed by POTEMKJN and his co-conspirators. On or about June 8, 2016, the Conspirators created the Twitter account @dcleaks_. The Conspirators operated the @dcleaks_ Twitter account from the same computer used for other efforts to interfere with the 2016 U.S. presidential election. For example, the Conspirators used the same computer to operate the Twitter account @BaltimoreIsWhr, through which they encouraged U.S. audiences to “[j]oin our flash mob” opposing Clinton and to post images with the hashtag #BlacksAgainstHillary.
People who can do this type of work are incredibly hard to find, because they often don’t realize they can do this type of work. Having a technology degree doesn’t help, but being a social butterfly certainly does.
This is why Russian intelligence operatives have thrown in with criminals, because they are good at these things. They aren’t wonks. They find your soft spots. This is why Bo Chou, when he decides to go legit, will be so good at his job in Singapore—because unlike many other strong technicians, he knows that running down a taxicab and rescuing a customer’s passport is a key to success de
spite the fact that there is no immediate payoff for him.
It is also why, when René wakes up in the hospital, she will be eminently employable. Even if, in a fog of shame, she doesn’t realize it yet.
* * *
“Placenta previa,” says René. Her mother cuddles the baby, a boy, not yet named. “That’s what they called it.”
It was the lining of her uterus. Stuck in the wrong place. It caused some bleeding and she had to have an emergency C-section. Baby is fine. Mama is fine. She is in pain, but opioids are making everything better.
Sig paces nervously. He’s been spending the past hour alternately charming René’s mother and the nurses, talking about how worried he was for René and the baby. His baby. He seems thrilled, but René has grown wise in the past 24 hours.
“I’m so exhausted,” Sig says.
René’s mother tries to hand him the baby, but he demurs. Looks at his mobile phone. Picks at his cuticles.
René’s mother pats him on the back, asks him if he’d like to go out for cookies. He says yes. René is grateful her mother is there to help, and to keep Sig out of her way.
17.
The Insider Threat
By April 2016, ransomware has become so prevalent that many of the criminal organizations that pioneered it are breaking apart at the seams.
But Bo Chou couldn’t be happier. The financial firm in Singapore offered him a contract. He was worried it wouldn’t work out. But the boom in this new kind of criminal enterprise means his inbox is overflowing with interesting work. Work he is very good at.
Bo is in the midst of helping write a ransomware policy for his company and translating it into several languages. Just the other day, he helped coach a department through a difficult ransomware attack. They were able to avoid paying the ransom after verifying that all of the locked data was held on a cloud server. Now he’s writing a proposal to move all data backups to cloud servers in advance of what will become a much larger and more damaging wave of ransomware. His boss is thrilled. They might even win a bigger budget.
From a drab cubicle on a red dot in the middle of Asia, in a glamorous high-rise office far removed from his drab military days, Bo silently high-fives himself.
* * *
Absolutely no one at TechSolu is happy. All the workers are getting recruited by other criminal groups. Some of them, Sig knows, are plotting to go off on their own as independents. Some of them, Sig suspects, are planning on stealing his intellectual property before they do.
Sig tries finding a new woman for the office, but it hasn’t yet worked out. The guys want René back, but he told them she didn’t want to see them anymore. That she’s too busy with the baby. They are offended. Sig shrugs. You know, women …
* * *
Based on his recent searches, Dieter knows that Sig is worried about insiders at his enterprise making off with his criminal trade secrets.
Dieter has been leaving Sig’s feed alone in recent weeks. He’s been thinking about a number of projects and thought pieces on ransomware. As a researcher, he is somewhat lazy and easily distracted, but he’s curious about one of his favorite topics: insider threats.
What Dieter loves most is the inevitable and ultimate failure of organizations attempting to find someone who is threatening their business from the inside. It’s like trying to rid a house of mice. You think they’re there. You imagine you hear them scurrying. Sometimes you catch a glimpse of a darting gray form across the floor.
But human beings are even less predictable than mice. They easily have a change of heart. They are able to evaluate their priorities and change them on a whim, reconsider their decisions, and turn into completely different people.
Edward Snowden, for example, was a good and trustworthy Booz Allen Hamilton employee before he turned into the infamous figure we know today. The only difference was a change of heart, a shift in thinking, from doing an engineering job he enjoyed to being offended by government oversteps to going rogue.
Chelsea, née Bradley, Manning was an Army employee with a history of filing complaints and small behavioral problems, but not enough to put him on the front burner for discipline, when she was charmed by the online community at WikiLeaks. So convinced was she by these latent online friendships that she went from being a middling employee to committing high espionage.
History is filled with examples of decent, hardworking people who, upon experiencing a startling revelation, suddenly and irreversibly become insider threats.
And here is Sig with his tiny criminal enterprise, Googling “how to find an insider threat.” Good luck with that, Dieter thinks. His employees wouldn’t need much of a reason to turn on Sig. His compatriots are criminals, after all.
* * *
René doesn’t care about TechSolu’s troubles, or being ostracized from the workplace, or the fact that she’s so young and is now a mother. She has a little baby boy named Henry. He’s lovely. She’s breastfeeding him.
Henry. She calms at the sound of it. It’s not a name so much as a course forward.
Sig has noticed her sudden shift in loyalty. It’s made him even less pleasant but also kept him away more often. He’s never home, and when he is, he’s a terror. Everything is a reason for a fight. He yells at her in the morning, at dinner, in front of the baby, while she’s breastfeeding. The harder she clutches Henry, the louder he yells. The louder he yells, the closer she pulls the baby to her. It’s a ridiculous spiral that must end soon.
She hasn’t seen other people for ages. But that is going to change. Despite Sig’s efforts to keep René away from the TechSolu office, he still wants her to come down to show off the baby. They plan on going today.
Henry is so cute and perfect looking, after all. Shiny dark hair and light eyes. “He looks just like me, don’t you think?” Sig says as they head outside to his BMW. René stares straight ahead, her pretty mouth flat as a dash on her face.
“I’m sorry,” she says in a monotone.
Sig smiles.
* * *
At the office, René thinks things look different. They smell different. Several seats are empty. The remaining guys glare at her, follow her every move. She senses their suspicion but doesn’t understand its origin. She doesn’t really care. She can withstand their looks. She won’t engage in their workplace drama. She has nothing to explain to them.
Sig gives her some money for lunch, fans the bills out in front of everyone so they can see how generous he is. Sig says he has to get back to work, that she should go down to Cafe Americain and grab whatever she wants. He keeps his arm around her as if he’s reluctant to let her go and wears a huge, unflinching smile.
“Everyone here misses you!” he says.
She smiles halfheartedly.
“You’re so shy these days,” he says.
She nods again. Doesn’t speak. Doesn’t make eye contact. She takes baby Henry out of the carrier around her chest, briefly shows him off like Simba in The Lion King. He wakes up, fusses. “He needs to feed,” she whispers to Sig. He directs her to the ladies’ room. “What about my old office? It’s more sanitary,” she suggests. He ushers her in, lets her sit. Closes the door. Gives her five blessed minutes of privacy.
She puts Henry on her breast, then reaches under the desk, her fingers feeling around the fiberboard underneath. There it is. Taped just where she remembers it. $1,000 in cash. She stuffs the money into her bra.
It is a gift, she thinks, left to her by the old René, the one who packed a pistol in her purse on her first trip to TechSolu.
18.
The Terrorist
The new dark web Silk Road is where Brendan “Tahir” Gerie likes to spend most of his time these days, and in spite of himself, he keeps getting tempted by the less refined wares the service has to offer, like this one:
FRESH, NEW UPSKIRTS. HOT YOUNG TIGHT UNIQUE. FREE WITH YOUR PURCHASE OF THESE AMERICAN RETAIL CC NUMBERS.
He hovers his mouse over the chyron. He could use some more credi
t card numbers. The price is reasonable. And, of course, the value proposition is high.
But is it halal? Probably not. Depends on the girls, though. Maybe they are Muslim, and if it was unwitting, or if they were tricked, then it is not their fault. So maybe he can look? He’s confused, consults an ISIS messaging board that he frequents. He waits for several minutes. No answer to this pressing problem.
He prays, has to start over again four or five times. It’s March and it’s hot in Singapore. HOT HOT HOT.
Brendan goes back to his previous assignment. Finding identities on the dark web that could be of use to ISIS.
He posts again, this time on a chat board with other terrorists. He buys credit cards elsewhere. He trades for them using a rootkit that he has customized slightly and loaded onto a variety of popular pornography websites. Anyone who visits them will have malware downloaded onto their computers, a botnet for minor-type cyberattacks like DDoS. He doesn’t care. These people deserve it. It is his right to ruin their computers, because he is pure.
These things are bad, corrupting to the human mind. That’s why he designed it. Rootkits are important tools, made of software but no different from the shovels and spades ISIS is using to create a new and better civilization in Syria. He will fight for his brothers using his engineering degree and his heart, which is just like a lion’s heart. Fucking women. None of them ever appreciate this about him.