It’s not as perfect as my preferred setup, which would require completely scrubbed physical hardware, but then I’m deeply paranoid. No matter how good you are, someone else out there is better, and playing in this space is as likely to attract unwanted attention as it is to achieve the goals you want in the first place. When camping, you need twice the warmth under you as you do above you. In hacking, you should spend twice the energy on avoiding being detected or traced as you do on the hacking.
Well, enough foreplay. Time to get to work.
Ratters use remote access tools, originally designed for sysadmin-type work, to remotely install software, monitor computers, and fix problems. That same set of tools, applied to more evil purposes, can be used to watch your every keystroke, record your webcam or phone camera, or change what you see on your screen. Since the ratters are behind a virtual private network, as Igloo said, I won’t be able to trace their IP packets directly back to them, which would be the easiest and most direct way to identify them.
Nathan could probably do it, because he’d possess the tools to intercept all the traffic going to and from the VPN data center. I’m dead set against asking. If he does all my work for me, I’m no longer an equal trading favors, but a supplicant begging indulgence. We have a long history, and he wouldn’t turn me down, but I’m afraid of changing the nature of our relationship.
I consider the tools to hide my point of origin. Do I still trust my own backdoors into Tomo? How about my onion network? The last time I used it, I lost a few nodes. I can use a VPN, but that only goes so far. I could compromise a few systems and set up a temporary routing network, but my tools are a year out of date, which means I won’t have as many zero day exploits. I decide to VPN first, then take my chances with my old Raspberry Pi network. Either the nodes will be up or they won’t.
A few minutes later, I’m reconnecting to the old network, the nodes coming online one by one. Each node reports a last use date consistent with my previous usage. Some of the nodes chosen at random don’t respond, about par for the course, given that those rooftop boxes are two years old now. Surely some were discovered and thrown away, had their solar panels covered with leaves or other debris, or otherwise failed due to exposure. Soon enough my packets are routed through eight nodes.
A custom search tool connects in parallel to all the darknet forums I have access to. There’s a bit of sadness when I see two of my old favorites are gone. The search tool scans the ones left to find any mentions of Mole, the RAT software Igloo detected. A few minutes of reading uncovers that Mole is newish, about four months old, based on an older RAT. The source code is available.
I think of three basic strategies I can exploit: I can try to reverse engineer Mole, looking for undiscovered exploits that would let me tunnel back into the hackers’ computer from code I’d run on their victim’s phone. It would be powerful because it would allow me to identify them and counter-attack in one. Unfortunately, it requires finding and using an exploit in software that’s been presumably been peer-reviewed. If there is a weakness, it could take days to find. Backtracing their VPN connection is another option, though perhaps beyond my abilities.
Lastly, I can search the forums themselves for something to identify the hackers: a brag mentioning the victim’s name or an image file matching a known photo from the phone. This is the simplest approach, and costs me very little. I configure my spidering search tool to find the closest matches to the messages I received from Igloo. Then I sit back to wait, because the process isn’t fast.
Thirty minutes later I’m regretting I stopped for that coffee on the way back from the airport and don’t have a bucket in my cinderblock box. I make a mental note to never again own a villainous lair without a toilet. I’m older and richer, and frankly, too tired and grumpy to rough it. On top of that, I wonder if I’m starting menopause. I’m forty-five. Could it be happening?
With a sigh, I turn to the stack of boxes. I have no idea what’s in most of them. I acquired them at an auction at another storage facility, and moved them in here for show. The second box I open has a men’s felt cowboy hat. I turn it over in my hand. What the hell, it’ll hold liquid for a little while, at least.
The search returns, and I’m staring at the phrase Hitler’s Mustache. What the hell? Am I dealing with a neo-Nazi group? It’s bad enough I have to handle misogynists, now I’m getting into Nazis? Frak me. I shouldn’t have this much responsibility.
A few minutes and web searches later, and I laugh in relief. Apparently a Hitler’s Mustache is the Brazilian term for sculpted pubic hair, or what the rest of the world would call a Brazilian wax job. My attacker is merely Brazilian, not a Nazi.
I spend the next couple of hours researching different Brazilian underground forums, and getting access to them. I pass their quizzes to keep out the riffraff, and know the right names to throw around. Although it’s four in the morning here, it’s mid-morning in Brazil. By the time I should be heading into work, I’ve gotten accounts on four of the biggest Brazilian hacker boards. I reconfigure my spider search tool to use my new forum accounts, and redo my earlier search.
It’s going to take a while, so I use the opportunity to decamp the storage facility, walk a dozen blocks away, and leave a message for Amber, asking her to take over my meetings. My throat is hoarse from the all-nighter which adds legitimacy to my “I’m sick and can’t come in” plea.
I stop at another coffee shop, which has just opened for the day, and buy pastries and coffee and use the restroom. There’s a little hardware store down the block, so I purchase a bucket and a padded furniture blanket.
Back at the storage facility, my search results have returned, and I’ve received several matches on Claire’s photos. The downside is her photos are leaking into the wild, the upside is now I have a line on the person who’s doing this: a user named Titereiro.
Things become a little tricky, because the posts are in Portuguese, which I don’t speak. Online translate is my friend, but I must keep it on a separate network connection from my other work. I take the necessary precautions, and cut and paste forum posts, beginning with the ones surrounding Claire’s photos, and expanding to everything posted by Titereiro.
His profile photo is a football club logo of a team in São Paolo. Occam’s Razor says he lives in São Paolo. The forum posts from Titereiro came in from various hours of the day, not an isolated few, which suggests he’s not doing this from an Internet cafe but has steady net access, probably from home. I spend the next hour scanning forum posts, trying to discern patterns. He’s been online for a year. Longer posts and photos are posted at night and on weekends. There are no photos or long posts between 8 A.M. and 4 P.M. In fact, those daytime posts are short, with even more text-speak. So he’s posting by phone during the day. He’s at work, or more likely, school.
Even if I could compromise the message board and either find a log of IP addresses or start monitoring every connection, there would be no point. If he’s smart enough to disguise himself behind a VPN when he’s attacking these girls, he’ll do the same when visiting the message board.
Instead, I download all his posts in raw Portuguese and connect to Tomo’s network. Access to my backdoors at Tomo was part of my ongoing exchanges with Nathan9, and even though I left the company, he would’ve kept them open. He’s not half the coder I am, but maintaining an existing exploit is easier than engineering it in the first place. Most of my changes were not obvious, and only Nathan and I use them, which means the chance of discovery is exceedingly low. If something breaks, it’s more likely to be a random side effect of code changes.
I write a quick Ruby script to break Titereiro’s posts into individual sentences. The script then takes each sentence and searches Tomo’s database of message posts, filtering by those messages posted in San Paolo, by someone of high school age, and ordering by closeness of match. There’s more than five thousand sentences, and what I’m hoping will happen is one user will bubble up, one person in San Pao
lo who talks about the same sorts of topics, with the same patterns of language usage.
It takes nearly twenty minutes because the API wasn’t built for this type of bulk query, and logging directly into the database isn’t a risk I want to take. When the query is done, one person rises to the top, nearly forty percent ahead of the second closest match. His name, his phone, his high school, all the data is mine. A few searches later, and I flesh out the rest of the picture.
Theo. Seventeen years old. Not a nice person, if he’s the one doing this. Before I burn him, I must make sure. I don’t want to wreck the wrong kid’s life.
I’m not familiar with Brazilian ISPs or Internet records, but what I want to know is easy for someone who is. I connect to a darknet board running on a pirate server on a Scandinavian ISP. There’s a chat room there, busy all hours of the day or night, where people trade favors. Like any modern social media system, of course, reputation is codified, the favor economy measured and meted according to contribution. In short, I’ve got credits to spare, and it takes only a quarter of an hour from the time I post my request with a bounty until I’ve got Theo’s home IP address.
I could trade in another favor to reset the router, but a quick test shows I don’t need it because the router is still configured with the default admin password. In a few minutes I’m on Theo’s machine, a Windows computer. He might have known enough to use a VPN, but he wasn’t smart enough to store all his compromising pictures and videos on a separately encrypted volume. There are thirty-odd folders, each labeled with a girl’s name. I spot check a few files. A video starts with a girl, eyes red and puffy, and Theo’s voice, speaking in accented English, telling her to take off her shirt. The bastard.
I stop and rest my head on the table, feeling sick. Afraid and angry at the same time, I’m divided between wanting to crawl into a corner or punching something. I don’t dare open Igloo’s sister’s folder, although I see her name there in the list of folders: Claire-14.
I sit up, and breathe in and out through pursed lips. I need to take care of him. But how? He’s seventeen. Can I kill a child, even a monstrous one like Theo? Maybe I don’t need to. Unlike in-person abuse, there’s a solid trail of evidence of Theo’s crimes. Here in the US, what he’s done is a significant crime, and with the right tips, the government would investigate and deal with him accordingly.
Will the Brazilian government treat online blackmail with the same seriousness? I don’t know what current Brazilian policies are. However, every government can be counted on to give the utmost consideration to the safety of their leaders. I spend a few minutes searching the Internet, and soon I find my answer. The Vice President of Brazil has a daughter.
I make a new folder on his computer: Juliana-14. I populate it with a few public photos of Juliana, then grab one clear shot, and feed it into Tomo’s image recognition algorithm. A few minutes later, it spits out a matching Picaloo user: xJulie02x. As I figured. The government probably won’t let Juliana create social media accounts as a semi-public figure. But then she’s a clever girl, under peer pressure like everyone else, and she found a way to make an account on Tomo’s companion photo sharing network.
The key thing is she’s in Tomo’s database, and she’s running the Picaloo app, which means I can grab her phone’s photos. I start the process.
It takes a while, so I use the bucket and clean my hands with a wet wipe. I eat half a scone I bought earlier. A few crumbs drop to the floor, reminding me of the accumulating DNA evidence in this room. I used the van for a long time, and before that, I had other blind offices. The problem, of course, is if someone finds this place and my DNA in it. My connection into Sprint’s backbone might be off the radar at present, but an NSA-level investigation would turn it up. If I’m caught now, it’s not only my fate I’m affecting. It’s the future of Tapestry and Thomas.
Is there any reason to believe anyone would be suspicious? How many times can I get away with this?
The upload is done. This part I feel a little queasy about, yet if I want to protect Claire, I can’t take the chance Theo will suffer anything less than prison. I pick a few of Juliana’s photos taken in her bedroom. They’re completely innocent: in one she’s making a funny face while she works on her homework, and in the other she’s holding up her dog and taking a picture in the mirror. But both are undeniably private, and that’s what will guarantee Theo goes to prison.
I add these photos to Theo’s hard drive. Then, working from Theo’s computer, I publicly post the photos on Tomo as Theo, and brag about breaking into Juliana’s home computer. I make sure his social media profile is up to date with his home address. No point in making the police work harder than necessary. To add as much pressure as possible, I submit a tip to Folha de São Paulo, the largest national newspaper, with a link to Theo’s profile.
One last task: I examine his browser history, find the sites where he’s been uploading photos of these girls hidden behind password-protected pages, and destroy all the sites. I’d like to remove the photos of his victims from his computer, but then I’d be destroying the evidence the police will need to put him away.
I disconnect and clean up after myself. It’s afternoon and I’ve been up since yesterday morning. There’s a nugget of satisfaction that I’ve taken care of Claire’s problems, wrapped in a thick layer of exhaustion, surrounded by a crunchy shell of worry. I have more than myself to consider now: my employees, payroll, our board meeting, Thomas.
I have work to do, both Tapestry work, and cleanup work here. I imagine the DNA, fingerprints, crumbs, footprints, and other records of my existence that place me here in this room. I’m too tired for any of it. I’ll come back and do it later. I need sleep.
CHAPTER 34
* * *
SOMEONE YELLS and I struggle up, fighting bedcovers, until I’m sitting, my heart pounding and throat sore. It was me, screaming for help. The room is silent.
I rub my face and stare at the clock before I piece together the time and realize it’s the middle of the night. I have barely enough time to think I haven’t had one of those nightmares in months before I fall back to sleep.
When I wake in the morning, I find I’ve slept for almost fourteen hours, not counting my nighttime waking. I vaguely recall the nightmare, a nameless, faceless terror touching me as I lay paralyzed, unable to move or do anything. I feel dirty, like it wasn’t merely a dream, but someone actually violating me. I can’t wait to shower.
I glance at the urgently blinking light on my phone, which turns out to be a mistake. Too many guilt-inducing missed calls, screenfuls of text messages, and triple-digit new emails. I swipe the notifications off the screen. I can’t deal with all that. I take a long shower, forcing myself to stay in and ignore the psychological pressure of the demands on me. I’m toweling off when my phone rings with a call from Thomas. I place him on speaker as I finish getting ready in the bathroom.
“Hi, I’m getting dressed.”
“I like the sound of that,” he says, “but what the heck happened last night?”
“What do you mean?”
“We planned dinner and I was supposed to stay over. You never showed at the restaurant, and I called and texted a bunch, and never heard back.”
Oh, shit. “I’m so sorry. Work was crazy. When I got home, I took what I thought would be a short nap, and only woke up a little while ago.” My heart twinges at this lie. Crap, I hate being forced into this position. For a moment I’m furious at him for even calling, even asking me about yesterday. I don’t want to be accountable to anyone for how I spend my time. This is why I kept him distant, back when my social work was an everyday occurrence.
“Work, huh?” Thomas says.
“Yeah. There’s a lot going on.”
“That’s funny, I talked to Amber, wondering if maybe your phone had died or something, and she said she hadn’t seen you and you’d missed the board meeting.”
Oh, crap. The board meeting. The funding paperwork. Shit.
/> Whoa. Thomas was calling my coworkers?
“Why are you checking up on me?” The words come out of my mouth reflexively. It’s not until they’re out in the air that I realize what I’ve said. Those are the same words I said once before, before the whole world went to hell. Thinking of it, my skin crawls and my bowels weaken. The room spins and the left side of my face burns for no reason other than my memories.
Thomas talks, although I can’t make out his words over the pounding in my ears.
I gradually sink to the floor, my legs giving way as my mind fills with heinous thoughts. The walls close in on me, and part of my mind screams. Everything is numb and distant.
I look up to the counter, a million miles above me, where a corner of my phone extends out over the counter, a lifeline thin as a strand of spider silk, the other end of which is tied to an abstract concept called help. I fumble for the phone, hang up on Thomas, and hit the button for Emily. She answers, and I try to speak, but my voice has vanished, and nothing comes out. I want to ask for help, ask to be taken away from it all, but she is too far away.
* * *
I’m on a cold floor when there’s a distant pounding on the door. I hear it, but I can’t stand. Emily lets herself in, finds me in the bathroom.
She gets my bathrobe, wraps me in it, and urges me up. I follow her directions without conscious thought. She brings me to bed, gets me in a sitting position, tucks me in. I’m not crying, not thinking. I’m just nothing.
Some time later she comes back with a cup of hot tea, brings it to my lips, and holds it there. “Sip,” she says.
Kill Process Page 25