Read DARKNET CORPORATION Online
Authors: Ken Methven
“So you think it followed you all the way from the middle of Germany and
then attacked you in Kent?” Cullen creased his brow.
“I didn’t say that. It was a similar vehicle to ones being used by the
criminal syndicate. That’s all.” Bill concluded.
“Is it normal for MI6 to be involved in drug-running cases, Mr Hodge?”
The detective was fishing.
“This particular case has a terrorism aspect. The purchase of the drugs
directly funds terrorist elements in Afghanistan and the Pakistani tribal area.
SIS was drawn into it not only because of that, but also because I personally
have previously met the suspect, Wood, and could identify him,” Bill responded.
“OK, so what do you know about the criminal syndicate? Are they British,
or German?”
Bill looked Cullen in the eye, “We know almost nothing. They smuggled
half a tonne of very pure Heroin from the tribal areas of Pakistan to Germany.
The only person we know who is involved is a British ex-SAS soldier named
George Wood. He was in the Special Forces Support Group, SFSG. They’re based in
Cardiff. He’s been out at least two years. He was working for a security firm
in Kabul called International Risk Management. I’m pretty sure he killed my
partner in Kabul, and he appears to have killed the innocent driver of a car he
hijacked in Bad Hersfeld. The last we know of him, he dumped the car in
Frankfurt, about 24 hours ago.”
“What was his speciality in the forces?” asked Gower, speaking for the
first time.
“Nuclear biological and chemical warfare countermeasures; essentially,
clean up.”
“So his military background isn’t much of a clue to his activities?”
Gower clarified.
“I suspect that his tours in Afghanistan probably put him in contact with
people in the opium industry that he has leveraged, but I doubt it will be
anything to do with his service.” Bill suggested.
“I understand you returned fire, sir. Is that right?” Cullen was studying
his response and body language.
“Yes. After the initial burst, they came to a halt and reversed up to
finish me off so I returned fire through the shattered windshield.
Seven shots.
At least two of them will have hit the vehicle
and I hit the shooter in the nearside rear passenger seat. He was firing on
automatic at me at the time.” Bill tried to calm his sarcasm.
“Yes, I realise you were in mortal danger, but it’s a very dangerous
thing to discharge a firearm in a public place, sir.” Cullen was probing now.
“Indeed it
is,
which is why I was very careful
to cease and desist when I could not be absolutely sure of hitting only the
target.” Bill was ready for this jousting and waited for the policeman to make
his move.
Cullen sat and watched silently trying to resolve the puzzle that was
Bill Hodge. Finally he said, “You’re not English, sir?”
“No. I’m a kiwi on attachment to SIS. We serve the same Queen.” Bill
couldn’t help educational sarcasm.
Abruptly Cullen rose and said, “That will be enough for now, thank you
very much, sir. We’ll follow up the information you’ve been good enough to give
us and we’ll be in touch. In the meantime, please be careful.” He was looking
up from under his eyebrows in a reproachful way. He left his business card and
asked that Bill contact him if he thought of anything else.
Bill decided that was enough for one day and went off to find his room on
the fourth floor. He waved his ID card near the door lock and it clicked.
Although it was in what was essentially an office building, it looked like a
motel room anywhere, which offered quite a bit more comfort than he had
experienced for a while.
Bill had only just become conscious from sleep and aware of his dry mouth
when his mobile buzzed. It was Jenkins.
“Sorry to wake you early, sir. It’s late afternoon here.” The excuse was
weak, but Jenkins used it anyway.
“We traced communications with the landline number
Bicep
contacted
yesterday, it
might
be in London. The registration details are to a
front company and the premises where the line terminates is actually owned by a
completely innocent party. I had one of ‘ours’ in London, go check.
The landline doesn’t even go to a phone jack in the building anywhere,
it’s call forwarded to another line in the PABX, and then its call forwarded
again several times at other premises. Since there are no outgoing calls there
are no charges so it doesn’t seem to have raised any flags. If the bad guys
have the ability to change the call forwarding at any of these intermediate
exchanges along the route, the line could go absolutely anywhere and we might
never be able to trace it.
But …we found several other phone numbers that had made calls TO the
landline over a period.
The landline is only used for incoming calls and then only once in a
while. Anyway, one of the numbers was for a mobile phone that is active, I mean
still powered on, most of them are switched off, except when they make a call.”
“OK Randall. So how does that help us?” Bill remembered Jenkins given name,
trying hard not to be rude about getting to the point.
“We were able to triangulate the location of that mobile between cell
towers and have given the information to the
Bundespolitzei
,
it’s an industrial park in Frankfurt, an area called Offenbach,” Bill could
hear the excitement in Jenkins voice.
“Excellent work Randall. Maybe we’ll get …” he paused trying to remember
Wood’s codename, “
Bicep
. I assume you are monitoring the landline?” Then
a thought came to his mind, “is the person who checked out the landline in
England?”
“Yes and yes. I should arrange introductions. She’s been assigned a
couple of follow up tasks in London. You should meet. Let me set that up.” He
paused as if he was taking a note.
“Anyway.
The
Bundepolitzei
and State
Kriminalpolitzei
are preparing a raid of the premises shortly.
Frankfurt is in the same state as the Bad Hersfeld incident, so
Kripo
officer, Max Brandt and the same BPOL team are
involved in organising the raid. I thought you would want to know. Details will
be posted on the directory in due course. We’ve started another table in the
database linking phone numbers.”
The mention of the German police services reminded Bill. “I’ve been
interviewed by a Detective Chief Superintendent Cullen of the Metropolitan
Police in London.” Then Bill realised Jenkins was not aware of the
assassination attempt on his life and related the barest details. Jenkins was
stunned. “I’d like to share anything I think might be relevant from our
Dinner-Jacket intelligence with him. OK?”
“He cannot have access to the system.”
“No. What I meant is, to relay any information that will help him, not
access to the system,” Bill clarified. “Until we get these guys I am a
walking target. So the sooner we get them, the happier I’ll be.”
“...and he cannot be told about our Afghanistan targets, or anything that
reveals our methods and capabilities. Look, I’ll sort this out with Joe Martin
and get you an authorisation. It will have a lot of caveats and exclusions but
I understand they will need input from you. I’ll email it.”
“Thank you Randall.
Any news of
Monarch
?”
Bill queried.
“His activity has ramped up. We are struggling to keep on top of it, but
no sign of him. I am beginning to think
Aminyat
have no stomach for it,”
Jenkins confided.
“
Ya
think!?” Bill could hardly mask his scorn.
“I was surprised they found
Bicep
. He must have been a novelty. With the
money
Monarch
is awash with now he could buy several
Aminyats
.
Stay safe
.
”
-|-
Bill thought he wouldn’t need to eat again that day after the ‘full
English breakfast’ in the SIS cafeteria. Just when he was leaving Curry saw him
and came over.
“GCHQ are ready to give us an update on their analysis of the dongle. We
can use a conference room on the seventh floor when you’re ready,” he said.
“No time like the present,” replied Bill and they both made for the
lifts.
Curry made a call to GCHQ and fired up the teleconference link and they
could see empty room at the other end in the widescreen panel on the wall of
the conference room. A tall man entered the empty room wearing a grey
cardigan with bushy grey hair to match. He was accompanied by a younger woman,
Asian, probably ethnic Chinese, with jet black hair, in a white, half-sleeve
blouse and a blue lanyard around her neck with her ID badge dangling on it. They
introduced themselves as John
Buttrose
and Chen Yen,
Technical Analysts.
John read out a statement from a card referring to the content of the
conversation being classified and that it was not to be recorded or its content
divulged to anyone who had not signed the Official Secrets Act.
Looking up from the card, he held up the USB stick/key and said, “This
USB stick we were provided with contains customised software, which is a
variant of the Tor browser that applies its own public key encryption to Internet
Protocol packets.” He stopped himself and said, “Please stop me whenever I get
too technical or say anything which isn’t completely clear.”
Bill jumped straight in, “TTR browser?”
John replied, “Tor stands for ‘The Tunnel Router’, or the
darknet
of volunteers who are prepared to run software on
their computers which allows the routing of internet traffic through them as
randomly defined nodes rather than the normal, Internet Protocol router
services we all know as the Internet. The ‘tunnels’ being a concept where
having many routes obscures the one route taken by the traffic.” He sought
confirmation that he was understood by grunting an interrogative “
humpfh
?”
Bill nodded.
“The browser is a version of Mozilla modified for use of TTR, but in this
case further modified to apply a two thousand-bit public key encryption to the
content portion of the packets sent. The Tor traffic routing is already
encrypted with the Tor encryption, but this extra layer means that the Darknet
operators can’t read it either. It’s an encrypted tunnel inside an encrypted
tunnel.
The routing elements of each packet use the dynamic routing of the Tor to
make it untraceable and the encryption overlay makes it indecipherable, even if
you could intercept it.
Very clever.
Almost unbreakable,”
John concluded.
“What would it take to create this solution?” Bill asked.
“A clever programmer.”
“That’s all? Not a multi-million-pound development program?” Bill was
surprised.
“That’s all,” confirmed John. “We suspect that, for it to work, the
services the dongle talks to would need to use the public key to both identify
it to the server and to decrypt the traffic. The public key does away with the
need for a login.”
“But there definitely
is
a login required. We all saw it.” Bill
was confused.
“Hmmm, yes.
But what you saw was the software on the USB demanding the
passphrase for the key. You see the key is held as a file in the USB stick, but
if it were just
en clear
, that is; not encrypted, anyone with the USB
stick could read the key. So the key file is itself protected and the ‘login’
is the screen shown for you to access it so it can be used.
Humpfh
?”
Bill said, “Ok. So the key is protected by the password on the USB. It’s
NOT a login on the server.”
John said, “That’s right. The server can identify the user from the
decrypting messages sent to it. There will only be a few keys for the server to
parse to find the match. Since it can work out which key has been used, it is
clear that the user knows the password to access the key. It’s much more secure
than a ‘login’. We surmise that this is only one USB stick of many, each with
their own public key. So the server it talks to would be quite sophisticated,
but nevertheless, clever programming.
Nothing more.”
“…and the ‘two-thousand-bit’ part means what?” Bill queried.
“The longer the public key the more combinations are possible and the
longer it takes to try them all to resolve it. Two-thousand-bits essentially
rules out breaking the key by brute force. We don’t have enough parallel
processors to try them all in a timeframe that would be tactically useful.
You’d be better to try other methods first.”
“So, when someone uses this…dongle, they would first have to enter their
password in order to invoke the key which is recognised by the server and therefore
how to decrypt the traffic that will come?” Bill mused, almost to himself.
“Yes. And while breaking the key given an encrypted message is very hard,
if you’ve already got the encrypted key file, breaking the password is much easier.
So, if you can find a dongle, we have a much better chance of breaking the
passphrase protecting the key. Then we could at least talk to the server.”
Bill and Fenton both sat back. Clearly the syndicate was not going to be
easy to penetrate, at least electronically.
“What about the key …sorry the other end of the USB stick is a key,
right? Is it a ‘real key’ or is it just a ‘prop’?” Bill asked.
“Oh it’s a real key. There were scratches and wear on the
bitting
consistent with it turning tumblers.”
“
Bitting
?” queried Curry.
“The cuts on the blade to fit the lock,” replied
Buttrose
.
Curry nodded in acknowledgement.
“Turning to the laptop hard drive,” John continued.
Bill noticed that Curry twitched.
“There was virtually nothing of interest on the laptop. It seems that all
of the relevant traffic through the dongle was in the ‘cloud’. In other words,
the laptop was used for displaying information in the modified TTR browser that
came from the server. Nothing was kept actually on the laptop. No files or databases.
But we could identify the TTR services from the browser bookmarks and the
history files. Unfortunately this only tells us what the services are called
and which ones the laptop used on what dates. Not really much help. We tried
them all and the key is no longer authenticated by the server. In effect it
is
a login, in as much as you need to use the key to be recognised by the server.”
“So the laptop told us nothing?” Bill clarified.
“Not exactly.
For some reason we can’t quite fathom, there was a spreadsheet-like
file in the recycle bin. It may have been downloaded for printing or some other
reason, but it contains a list of 75 bank branches, account numbers, and
amounts, that are all under five thousand euros. The totals show €370,000. The
accounts appear to be banks in Kosovo and Montenegro. Both countries use Euros
as their currency even though they are not in the European community.”
“So what do you make of it?” asked Curry.
“It looks like a ‘
smurf
list’.
Money laundering.
Small deposits of less than monitored
amounts placed into multiple bank accounts so that they don’t arouse any
suspicions. The army of ‘small’ people who actually deposit the money are
called ‘
smurfs
’, for obvious reasons. These countries
are known to be pretty lax about currency controls.”
“Excellent! So we can start tracing the accounts, transactions and
accountholders?” Bill was eager.
“With your permission we will refer this to Interpol?” said John.
“Sure. Inform them, but I want to get the CIA to take the lead on
analysing this, if we can get them to put resources into it,” said Bill turning
to Curry for approval.
“The Company?
Why would they be involved?” asked Curry.
“They started this whole operation and have the electronic capabilities
to dig into it faster than anybody else. Just leave it to me to persuade them,”
said Bill. Fenton gave a reluctant nod of approval, lips slightly pursed.
“What else have you got?” Bill addressed this back to John.
It was Chen’s turn to respond. “We analysed the images you provided and
they confirm the use of the TTR and give us a good idea of the functions they
are using. The browser URL only confirms the use of the TTR network, they are
all dynamically defined, but it doesn’t provide any actionable intelligence.
The services include communications applications such as Voice over IP,
email, instant messaging, task management, schedule management and applications
specific to their operation. The one called ‘Shredder’ we think is the money
laundering system, which is quite appropriate given the chopping up of amounts
into small packages.