“I do, but think what might be done with it. You would be responsible. You might also find yourself in danger. How can you license the botnet but not give up control? You won’t be able to repeat your licensing trick. What will you do when they demand the source code?”
“These are solvable problems. I am not worried.”
“You should be! You know better than I what these characters are like. And then there are the governments of the world… the Americans, the Russians, the Chinese…” This last mention seemed to get NØviz’s attention.
“China.” he repeated.
Damn—he hadn’t thought of the Chinese?
“Look, no one can tell you what to do, but you need to think this through carefully. You could be famous. You, along with Linus, Marc, and Richard. Your software and ideas would be discussed all over the world.” Mick decided to put it all out there. “This really is a zero sum game—either the bad guys get this botnet, or the good guys—and it is all up to you!”
“Ha! ‘bad guys’, ‘good guys’—you Americans make me laugh!” NØviz replied sneering. “Don’t you know that everyone is the same—only out for themselves.”
“I understand you,” Jasinski began. “I used to think like you, but it is wrong. There are real hackers out there—a whole community. This could be your ticket to join that world. Don’t blow it.”
NØviz seemed to be really listening to her—maybe she was getting through. He felt like he was negotiating with a kid who had a loaded gun. It wasn’t a good feeling.
“I’ll tell you what—” he began, but suddenly stopped as his mobile twitched. His eyes glanced furtively around the café. He touched his mobile and a map popped up. “We are being watched, my friends. We must leave instantly.”
“Who’s watching?”
“I don’t know. I’ve been followed and watched for weeks, so I’ve taken to setting up sensor nets to detect unusual activity in my proximity. Right now, someone is hiding in the kitchen behind those doors,” he replied, indicating with his eyes. “We—”
NØviz didn’t finish his sentence as two police cars suddenly pulled up out front of the café, sirens blaring. NØviz jumped up and bolted out the side exit of the café, and Jasinski followed a few steps behind. Deciding that splitting up was probably safest, Mick took the only other potential exit—the kitchen.
He could hear shouting behind him and tables being shoved out of the way. He slammed against the kitchen door and, as the door bounced open, he caught a glimpse of a man in yellow trousers heading out the back door of the kitchen. He followed, sprinting out onto the narrow alley, and was relieved to see that no police were waiting there.
The man had crossed the street, hurrying towards an entrance to the Charles Square metro station. Mick cursed as he was delayed while waiting for a tram to cross. He entered the station, but didn’t see the yellow trouser man, and made a split-second decision which direction to head. He vaulted the turnstile and reached the escalator going down. It was one of the longest escalators he had ever seen. He suspected the yellow trouser man was also on the escalator, near the bottom. Mick took a few steps downward, but the crowd prevented him from moving faster.
Desperate not to lose him, he looked around and noticed that the space between the up and down sides of the escalator was just a smooth sheet of metal. It didn’t have any divisions or separators to prevent something from sliding all the way down.
A perfect slide!
He grinned, climbed up and over, and started sliding down.
He accelerated quickly, laying back like a luger in the Olympics, and tried to keep his skin off the stainless steel. It was just starting to occur to him that he hadn’t planned how he was going to get off the slide when he spotted the yellow trouser man. He was riding the escalator near the bottom, looking straight ahead, apparently deciding which platform to take as the escalator was nearly at the end.
Mick planted his right palm on the slide, and decelerated, spinning slightly to the right. He caught up with the man at the base of the escalator, and rolled his body over, sitting up in one motion.
He had only a moment to decide if this was a good plan or not, and was about to conclude that perhaps it wasn’t when he collided with the man, sending them both sprawling and rolling along the floor of the platform.
Mick shook his head and focused his eyes. He spotted the man, who turned towards him and stared, a trickle of blood running down from his temple. Mick stared back, unable to speak for a moment before he managed to say:
“Gunter?”
Chapter 11.
From the Privacy and Other Mirages Blog:
Can I trust my mobile phone?
Wow! This is the opposite of a softball question! Trusting your mobile phone? I presume you are asking from a privacy perspective? Oh, boy. Short answer: no. Longer answer: no, but…
OK, let’s look at why you can’t trust your phone. First of all, you have no idea what software is running on your phone. We know that mobile service providers are willing participants in the surveillance state that we all live in today. The more advanced (or ‘smart’) your phone is, the more it can spy on you. At the very least, whenever a mobile phone is on, it knows your location and can share that information with others. If it has GPS, it knows your location down to a few meters, and can be storing this even when disconnected from the phone network for later retrieval. If you use your mobile for email, texting, and other communications, then you must assume that someone could store and get access to all of this, unless you take precautions.
So what can you do? Well, for one thing, you can try to keep your identity separate from that of your phone. If you use disposable pre-paid mobile phones, you can do this a little, but it is hard to do, unless you can modify the unique identifiers, such as the IMEI, the International Mobile Endpoint Identifier, on your phone.
Are some phones better than others? Yes. The dumber the phone, the better from a privacy perspective. Also, the more open the phone is the better. There are some open-source phone projects out there which lots or reputable experts have reviewed the code. With them, you could compile the software yourself to be sure. Compiling turns the source code, which can be understood and evaluated by a computer expert, into the binary machine code instructions that are executed by a computer, which is too low level to be understood by a human.
There are also some security services out there that will encrypt all your voice calling, email, and messaging. However, this only works with others in that same service. The Electronic Frontier Foundation (EFF) publishes a good scorecard on various voice messaging applications.
Otherwise, always assume that your mobile phone is spying on you, all the time, unless it is turned off. I’ve even heard rumors of phones that don’t really turn off even when you shut them down, but I’m not sure they are true.
Chapter 12.
Ja2 From the department of #funniesthacks: ‘Non-drivers sent $1ØM in NJ Turnpike Bills: Authority blames database corruption” Who is behind all this?? #likeanyonebelievesyou #getacar #givethatmanamedal
NØviz stared across the table at Jasinski, not quite sure what to make of the situation. After bolting from the café, Jasinski had caught up with an angry NØviz. They had stepped inside another small café to catch their breath and get off the street.
“Why did you follow?” he began.
“Why not? We hadn’t finished our conversation. Why are the police after you?”
“I was about to ask you the same thing!” he replied. “I’ve been living here quietly for a half of a year, but the day you two show up, I get chased by police! WTF!”
“I have no idea—well, I have some ideas, but nothing conclusive, that is, I have—”
“Would you stop babbling!” NØviz interrupted. “We must think carefully. Did anyone follow you?” Jasinski shook her head. “My apartment is just down the street, but I’d suggest we wait a while so we can see if anyone shows up here looking for us.”
“Good i
dea.”
Over cappuccinos, they tried to continue the interrupted conversation.
“Why did you agree to meet if you knew you were being watched?” asked Jasinski.
“It wasn’t all the time, just sometimes. And it was under control.”
“Obviously!” Jasinski retorted.
NØviz smiled, but there was no mirth in his eyes.
“I’m sure your boyfriend got away, so I wouldn’t worry about it.”
“He’s not my boyfriend. We are just working together. But wait! You don’t know my connection to this whole mess, do you?” She paused as NØviz looked her up and down slowly before shaking his head.
“I’m Jasinski—I wrote P2PMSG for the peer-to-peer botnet command and control network,” Jasinski explained. NØviz snorted.
“Bull! P2PMSG was an open-source project that a contractor adapted for Cloud 8 plus plus. Wait, you were the contractor?” Jasinski nodded. “It was your open-source project?” Jasinski nodded again. “No way,” he sighed.
“Way,” replied Jasinski. “Surprised?”
“Actually, no. I’ve been over your code base many, many times. I thought there was something different about it. You are an awesome coder, you know?”
“Thank you!” Jasinski replied, bowing her head.
“I just really liked the way you structured the callbacks.”
“But back to our situation here.”
“Right. I think we should just, how do you say it, ‘hang loosely’ and wait to hear back from Mike.”
“It’s Mick, by the way, and must I keep calling you No-viz? Don’t you have a real name?”
“As if you’d tell me your real name.”
“OK, point taken. I’ll find it out eventually anyway—it will just take a bit of re-search, but that isn’t important right now. The bigger question is: what are you going to do with the botnet?”
“I don’t know yet, but Mick,” he replied, pronouncing his name more like ‘meek’, “did give me a new idea.”
“Share it with the security community?”
“No, sell to the Chinese. I hadn’t thought of them. Wonder what they might pay for my botnet?”
“Argh! Weren’t you listening? You don’t want to give control of your botnet to the Chinese, or anyone! Do you have any ethics or principles?”
“Yes, my principle is to do the best for me. This town is cheap, but I’m almost out of money. This botnet is my calling card. I’ll be famous once it really gets out.”
“You might be dead, too, if you try double-crossing the Chinese. Your licensing stunt was clever, but I wonder how those guys would have reacted to you had Zed dot Kicker gone according to plan. Might not have been pretty.”
“I am not worried,” he replied, nonchalantly. NØviz opened his computer and Jasinski caught a glance at his home screen.
“Wow! You found the Easter Egg in P2PMSG!” Jasinski exclaimed, referring to a hidden feature or message in a piece of software inserted by the coder but left out of any documentation or other official information. Gamers would often spend hours looking for Easter Eggs and sharing their discoveries with others.
“Oh, my background image—sure, I found it—doesn’t everyone?” he replied.
“No! Absolutely not! You are the first I know.”
“I had forgotten about it,” he replied.
“Sure you did, that’s why you just happened to open it up right now.”
“Yes, very true,” he replied, ignoring her implication. They both stared at the da Vinci drawing montage on NØviz’s desktop for a few minutes. It showed a number of his famous and not-so-famous drawings layered on top of each other.
“You are Russian?” Jasinski asked him after a pause.
“Yes, born in Moskva, and my family still lives there.” he replied.
“How did you end up in Prague writing exploit code?”
“I’ve lived here nearly for a year. I like Praha very much. The food is good and the beer, and everything else, is cheap. I needed to get out of Moskva, and I had always heard stories of Praha.”
“What kind of stories?”
“Well, I was told that the world’s most beautiful women are here.” Jasinski looked at him, bemused.
“And are they?”
“I believe so. It is especially true today,” he replied. Jasinski rolled her eyes, which he ignored, continuing: “Definitely so. At any rate, I haven’t been doing much exploit writing lately. I’ve written and sold a few, but none very good. None as good as Zed dot Kicker. And what about you? How do you end up in Praha with a pain-in-my-ass security consultant who is supposed to be dead?”
“Another long story. I was born just outside of Warsaw, and had a miserable childhood there until I discovered software. I’ve been moving forward ever since. I lived in London for a few years, which is where I wrote P2PMSG. I agree, Mick is a pain-in-the-arse—he is really good at that. I managed to track him down, and he located you here, so here I am.”
“And what’s your angles, as the Americans say?”
“Simple. The fact that this botnet is using my software makes me angry. I want it shut down so I can go back to my life before I met those damn Ukrainians. Are you going to cooperate?”
“I haven’t decided. What is in it for me?”
“Satisfaction of having done the right thing? Being on the side of the good guys? Not helping the murderous thugs known as the governments of the world?”
“Hmm. Got anything else? With money involved?”
Jasinski glared at him from across the table.
“No.”
“Well then, I guess we don’t have much to talk about. By the way, you are very hot when angry.” Then, before she could comment, he announced: “I think it safe to go to my apartment now.”
NØviz’s apartment was not very impressive, but it did have a nice view, showing lots of rooftops and steeples. It was messy, but not too messy.
“We need to get out of Praha, and right away,” NØviz began, almost as soon as they crossed the threshold. “Do you have your passport?”
“Of course! But where are you going, and why would I go with you?”
“I can think of many reasons,” he replied, “But I suspect the Czech police will soon show up here and they will have plenty of questions that you probably don’t want answered.”
“You mean, ‘that I don’t want to answer’,” she corrected.
“Yes, that’s what I said. We should leave right away. I just need a minute or two to pack my things.”
“Hold on—where are you going?”
“Somewhere nice.” She glared at him. “OK, Berlin. I have a very nice room on the eastern side there we can stay while we figure out about this botnet.”
“We?”
“Yes, we. You still want to try to convince me to throw away this botnet, right? Well, come with me to Berlin and you will have many chances.” he replied. By now, Jasinski was smiling.
“This is not a good idea.”
“But you will do it anyway?”
“Yes, I will do it anyway. But what about Mick?”
“Forget him. Loser American has no chance of convincing me. You said he’s not your boyfriend, unless you lie.”
“I’m not lying.”
“Good, then it is settled. And don’t contact him—he will figure out where we have gone… eventually.” NØviz replied, laughing.
NØviz did some research for the trip while Jasinski looked around.
“If I’m coming, I need to go out and buy some things,” she announced.
“OK, but don’t go looking for your non-boyfriend. Everything you need you should be able to find in a one kilometer block radius, so don’t go wandering off.” NØviz replied, looking up. Jasinski nodded, threw open the door, and slammed it behind her.
She returned shortly with some basic clothes and toiletries. NØviz left cash in an envelope for his landlady, and glanced out the window, staring wistfully for a moment, then they left.
A short time later they were boarding a train bound for Germany. Throughout the trip, they mostly slept, not feeling secure enough to talk.
When they were awake a few hours later, NØviz cracked the train WiFi network and gave Jasinski the network key.
“WPA,” he muttered, and she nodded and got online. She knew NØviz was watching her, so she couldn’t do what she really wanted to do. Instead, she worked on her blog.
After a while, NØviz interrupted with a question.
“Jaz, if you could make anything happen on the Internet with a wave of your hand, what would it be?”
“Anything?”
“Anything that can be done with software,” he replied. She thought for a moment.
“I hate the worst those anti-immigration politicians and agitators back in Polski. They are so smug by the accident of their birth and citizenship. And they have no feelings for those who weren’t so lucky. I wish I could do something to them so that they would understand how it feels to be a stranger in a strange land.” she replied.
“Interesting,” NØviz replied.
“Why?” Jasinski asked.
“No reason. Sometimes it is fun to imagine what you could do.”
Chapter 13.
From the Privacy and Other Mirages Blog:
What are the tricks and traps of hard-drive encryption? Will it protect my data?
The good news is that you do have two good options to keep your computer data safe. The first one is to use hard disk encryption software. This software encrypts all data stored on a disk, and can be run on most computer systems without any special hardware. The resulting encryption/decryption happens automatically, after the user enters a pass phrase. This software also has plausible deniability options, so that it is impossible for an adversary who has gained access to your disk to be certain that encryption is in use. In addition, the use of hidden operating systems and hidden volumes allows for decoy volumes to be created. Under duress, passwords to these decoy volumes can be disclosed without revealing the existence of the real encrypted volume.
Returning to Zero (Mick O'Malley Series Book 2) Page 7