DARKNET CORPORATION (3 page)

Read DARKNET CORPORATION Online

Authors: Ken Methven

BOOK: DARKNET CORPORATION
9.64Mb size Format: txt, pdf, ePub

“Being passive means it is much more likely
to be undetected with scanners, because it’s only on when you’re actively
tracking. It also extends the battery life, but its battery will go on forever.
I wish I could get one for my laptop, but they cost way over my paygrade,” he
prattled conversationally, oblivious to the early morning hour.

“It powers on and off by opening and closing
the control unit. It’s paired with the transponder on the vehicle downstairs.
Once the GPS link is established for the control unit a signal is broadcast
that wakes up the paired transponder which then connects to GPS. The system
displays the GPS links on the control unit.”

Bill checked the registration with Hans to
make sure they were tracking the right vehicle, but Jenkins had already covered
that in his careful assignment for Hans.

“I’ve mounted the transponder inside the
centre high mount stoplight cavity. There’s no way it will be detected unless
they completely dismantle the stoplight and pull out the back reflector. The
display shows the line-of-sight distance to the transponder, but you can reset
the scale of the display with this slider,” he said pointing to a slider widget
on the side of the display. “The GPS will pick it up anywhere, globally.”

“This area here,” he said pointing to a box
along the bottom of the display marked ‘Transponders’, “gives the GPS
coordinates of the control unit, in blue for the control and in red for the
transponder location.” Bill read the content of the box as “C:
34.527048/69.186187
|
T-1:
34.527049/69.186179
|”.

“Pretty much intuitive,” he concluded.
“There are other administrative functions and features, but nothing you’re
going to need just to track the transponder.” He added, “Any questions?”

“I have also installed a cloned hot point at
the Internet café
Bicep
used yesterday. It will pick up any connection
if he uses it again,” Hans noted.

“Hot point?”
Bill
looked blank, trying to cut through this technical services jargon.

“A wireless network access point. I
installed a clone one next to the Internet café’s one so if he connects into
that Internet café again we will get the same signal and collect whatever we
can of his session. Something might be useful.”

Closing the control unit and making a point
of handing it to Bill, Hans left.

-|-

Bill stood on the corner, his tee-shirt and cargo pants replaced by long
loose fitting
partōg
pants
and knee-length
perānor
korta
shirt and waited until he saw Gorbat arrive, sit down and order tea, scanning
the street for anything untoward in his wake.

Gorbat was approaching forty, a good-looking, bearded ethnic Pashtun,
slight and wiry, wearing a black sleeveless jacket, and the same kind of loose
fitting cotton pants and knee-length shirt as Bill and a round, woollen, earthy
coloured hat, typical of Pashtuns.

Bill recognised him immediately as he arrived, but paused for some
moments to observe. He was not suspicious of Gorbat, but considered he was
still alive because of being alert and cautious at all times and expecting the
unexpected. After all, his current assignment had come about because of an
unsuspecting courier being tailed by
Aminyat
.

Looking left and right one last time he walked over to his friend clasped
his right hand to his heart in the traditional way in greeting then embracing him
warmly first on the right then on the left shoulder. Before sitting he
rearranged their positions so that he could sit opposite Gorbat, facing the
hotel entrance.

Once his coffee had been brought to the table, he began “I need you to
help me stake-out a westerner.” Gorbat was familiar with the slang term and had
proved to be a very effective watcher in the past.


Assayyid
Bill, I am very appreciative that you
think of me for this job. My daughter will wed soon and the expense is a
burden. It is good of you to hire me again,” said Gorbat.

He showed Gorbat an image of Wood on his phone until he had memorised it.


’Bicep’
is six foot one,” he translated this for Gorbat as 1
metre 85, “well built, but not bulky like a body builder. He has mousy hair;
coloured like a mouse?” he checked for comprehension. “Blue eyes,” then gave
him a briefing of the subject, his background as a Special Forces soldier and
explained that the objective was to witness anything which might be out of the
ordinary; places he might go, contacts with people, especially locals. Gorbat
would act with Bill as a tag-team, relieving each other and swapping places if
they needed to follow the subject for any length of time. Nothing in the
briefing was surprising or unusual for Gorbat.

“Are you armed?” Bill checked. Gorbat gripped either side of his square,
black, sleeveless
overjacket
and spread them
sufficiently for Bill to see the pistol on one hip and the knife on the other.
“OK,” he continued, “we will wait until the target leaves the hotel. I expect
him to go to the office on
Shash
Darak
,
but let’s wait and see. Go back to your vehicle and position to see me at the
hotel, and follow.”

Bill gave him descriptions of his vehicle and Wood’s vehicle and the
registration numbers.

“I am glad you can help me with this,” he thanked Gorbat and returned to
the hotel to wait on Wood.

Wood was visible in the dining room behind the lobby having breakfast so
Bill quickly collected the tracker control unit from his room and made his way
to his car. Not to be conspicuous, he drove out of the hotel carpark and parked
up the street, across from the hotel, so that he had a view of both the hotel
entrance and the carpark. In his rear-view mirror he saw Gorbat pull in to the
kerb, in a battered and dusty white Toyota.

An hour later, Wood’s four-wheel drive pulled out of the hotel carpark
and drove directly to the office on
Shash
Darak
without stopping at the Internet café. Bill lifted
the top of the tracker control unit and witnessed the GPS connection show him
as the blue blip, and soon afterwards the T-1 red blip of Wood going up
Shash
Darak
road in front of him.
Bill grunted in satisfaction that the tracker worked.

Bill pulled into a side street and was followed by Gorbat. He walked
around the back with Gorbat following some distance back to be a little less
conspicuous to any onlookers. They met up again at the rear door of the
observation post.

Gorbat looked around the room and glanced out of the curtains to get a
feel for the environment, then climbed on to the table and took a seat in the
wicker chair.

“A good position,
assayyid
Bill.
Are
there any other entrances to the office across the way?”

Bill said, “There probably is a back entrance but there is no reason to
assume that Wood will sneak in and out. There is no way he can know we are
watching. His four-wheel-drive is parked at the front. It should be O.K.”

Gorbat took out his mobile and said into it “On station,
Shash
Darak
.”

Bill smiled confident of
Gorbat’s
competence
and left.

Chapter Four

Bill pulled up the first of his emailed alerts from the
Bicep
intercepts and logged in. He quickly found it was easier to browse through the
Bicep
directory file log on the system than to read through all the individual
emails. There was a large list of files showing date, time, type, intercept
number and other codes he did not immediately recognise. He listened to the
voice files first. They were mostly boring and routine conversations about
administrivia and expense claims, “What a surprise,” Bill thought, but nothing
that sounded remotely sinister or relevant to Abu
Ukasha
.

Then he looked at the Internet logs. The history file of Wood’s browsing
included porn, expensive looking power boat retailer sites and English
newspapers of both left and right political persuasions. “Very ecumenical of
you,” Bill said aloud to himself. He looked at some of the newspaper articles
that Wood had read but they all seemed to be current affairs and popular press
pieces with no conceivable connection to anything in Afghanistan.

He started on the email traffic. There was virtually nothing outbound. A
reply to an admin at IRM in London confirming the date and time of a dental
appointment in London three weeks hence implied that Wood expected to be back
in England soon. He thought that worth a note and spoke briefly into his
mobile.

A couple of ‘unsubscribes’ to power boat magazines.
An
IRM expense claim with an attachment.
He sighed, thinking that the world
was ruled by accountants and clicked the link to see the claim details. Airline
tickets from London Heathrow to Kabul dated two weeks ago; food and
accommodation at the Ariana; a mobile phone bill; a subscription fee for ‘
Soldier
of Fortune’
magazine and a bill for ammunition supplies. “That’s more
interesting,” thought Bill but was immediately deflated when he scrolled right
and noted that the total cost was US$120. Personal weapon, presumably, he
surmised.

He turned to the inbound email.
Floods of spam.
He checked a few in case there might be something hidden in innocuous-looking
spam emails, but he was starting to go cross-eyed with them and just scanned
down looking for something real. He could not find anything that looked
personal or business related.

Just then Jenkins appeared with a plump-looking fellow in tow.

“Sir, I’ve brought Kowalski here over from ‘
Comms

to give you a briefing on Darknet,” he announced. “We’re set up in conference
room 1, when you’re ready.”

Bill was happy to interrupt his concentration on the tedium of digging in
Wood’s trash and followed them into the conference room, nodding
acknowledgement to Kowalski.

There was a PowerPoint presentation cued up on the screen entitled
‘Covert Networks Exploitation of the Internet”.

Kowalski launched into a history of covert activity on the web and Bill
was unsurprised to discover that the US military were largely responsible for
the design of the techniques employed by those who wished to remain anonymous
on the web. The covert techniques began and evolved almost concurrently with
the development of Internet Protocol networks with a view to hiding routing
information, which clearly would create opportunities for military exploitation
by eavesdroppers and enemies. Kowalski explained how the concepts had been
taken up by various academics and enthusiasts and developed incrementally over
the years.

Kowalski announced “As with most tools they can be used for good or
evil.”

“What do we use it for, good or evil?” shot back Bill.

Kowalski turned towards Bill, his mouth opening and closing silently like
a fish.

“I’m only pulling your tits,” apologised Bill, to Kowalski’s complete
bewilderment.

Eventually Kowalski got back on track and explained that one of the key
enablers in the network is the willingness of volunteer participants to run
software on their computers to route traffic independently over the web, as a
‘relay node’.

In the normal web, he explained, the explicit name of a website or URL
(uniform resource locator) identifies firstly, a high level register, for
example ‘.com’ which segregates the vast number of websites into a set which is
a little more manageable. In effect it tells the browser which directory to
look in for the website. The domain name, the piece in front of the ‘.com’, is
used as a lookup in the directory to find a unique address in the network
associated with that name. This occurs in Domain Name Servers (DNS) and every
Internet Service Provider provides this service to its users, so that it is
ubiquitous.

The browser accessing the website provides its unique network IP address
so that the response from the website can be routed back to the right browser.
Once the start and end points have been determined by this process, any and all
routers on the Internet will route traffic packets to the destination IP, even
if some paths become interrupted, busy or closed down. This makes the network
infinitely dynamic and robust and also why it is called “the web”.

Bill was pretty much aware, at this level, how the Internet worked.

Kowalski went on to contrast the Darknet. The Darknet uses the Internet
as the underlying infrastructure, but creates tunnels within it. In addition to
using the DNS process for regular websites, it is also able to provide its own,
private list of computers operated by volunteers that are used as relay nodes,
instead of, or in addition to Internet routers.

The Darknet uses a modified browser, programmed to make use of the
Darknet private relay nodes to map a path to the website using a unique
sequence of relays nodes for each session. If they go back to that same website
later the browser will use a different, random path through the private nodes
to get to it. While the regular Internet typically optimises traffic for best
performance, the Darknet is random and intended to bounce the traffic around to
avoid tracing. So it is slower.

Each link between a relay node and the next is encrypted and therefore each
relay node can only know the relay node before it and after it. Techniques that
break into one relay node are useless in tracing traffic, since the traffic
bounces around randomly you cannot identify its origins or where it’s going from
any point along the way.

The Darknet is a boon for all those who seek anonymity and the bane of
all who maintain security.

Bill followed along the diagrams showing dynamic chain paths through the
visible web, encrypted into dark tunnels to create an undetected dark network.

Bill took a big breath in and asked “So who are these people?”

“Mostly geeks and academics.
Righteous freedom seekers, hell-bent
on avoiding surveillance by ‘the state’, or ‘big corporates’ or whoever they
fear, for whatever reason. From a jurisdiction viewpoint they are
international. Every country in the world, just about, has volunteer relay
nodes. Even if we prosecuted and knocked down a few, if we could actually prove
illegal activity, they would be replaced by dozens more. We don’t have an
effective answer, yet.” Kowalski looked a little sheepish.

“OK. We cannot trace them electronically, but if we can get eyes on their
computers we can observe where they point their browsers and track them down at
the far end, whoever they are talking to.
Right?”
Bill
proposed.


Er
… well that’s the other half of the story,”
Kowalski acknowledged, not looking any less sheepish.

“The string of
alphanumerics
you observed
Bicep
using is a ‘hidden service’,” still sheepish, Kowalski was looking up at Bill
with his head bowed.

“OK,” said Bill, “I‘m sure you have another slide?”

Sure enough Kowalski turned to the screen and clicked a button. A diagram
showing a cloud representing the Internet appeared and Kowalski stepped through
how ‘hidden services’ were hidden.

“First of all, the service provider uses a random set of relay nodes,
much the same as we saw previously. But this time these relay points are just
to make it difficult to guess which one has the pea under the thimble. They are
introduction points, for a user to find the hidden service. The introduction
points don’t know anything about the hidden service other than its encryption
key.

The service provider essentially creates his own DNS-like entry, by
creating entries in the Darknet hidden service database, listing all the
introduction points he’s chosen for the hidden service.

A Darknet user linking to a hidden service picks one of a number of
possible rendezvous nodes that ‘handshakes’ with the service’s introduction
points allowing connection to the hidden service.”

“You are familiar with public key infrastructure?” Jenkins queried, just
to check.

“Yeah, sure,” replied Bill. In the military Bill had been a daily user of
all manner of techniques and methods of secure communications; one-time
ciphers, authentication schemes, and encryption techniques, and now as a member
of the intelligence community he had been introduced to whole new worlds of
such subterfuge. He understood that a public key was one half of a unique pair
of related keys where anything enciphered with the public half could only be
deciphered with the private half associated with it.

“Of course the user doesn’t have to manually deal with all this, the
software automates it in the same way that you don’t even notice how you
connect to a secure website in the visible web, with SSL,” he said, referring
to the universally applied
secure sockets layer
technique that has seven
unseen separate message interactions between a user’s browser and website
before establishing a secure session between them. “Electronic commerce would
simply not exist without it, but it is opaque to most people, maybe other than
a ‘padlock’ icon.”

Kowalski seemed to be sweating.

“It is impossible to find where the browser or hidden service is, because
of these tunnels,” he said starting to mop his brow.

“So they’ve got you by the balls?” Bill smirked and Kowalski winced.

Jenkins came to Kowalski’s rescue and chimed in “Anyway, that’s what you
saw on
Bicep’s
laptop; a hidden service with a randomly generated
address within the Darknet.”

“…And the strange suffix?” said Bill turning to Jenkins.

Kowalski answered “The suffix is the equivalent to the ‘.com’ telling the
browser to look in the Darknet directory rather than in the visible web.
Remember the Darknet browser can access regular websites as well as ‘hidden
services’, seamlessly.”

“So what kinds of ‘hidden services’ do they run?” Bill asked.

“Anything!
Anything you can do in the visible web, you can do in the
Darknet. Websites, shopping, games, database applications, email. Whatever.”
Jenkins explained.

Bill was suddenly tired. He asked Jenkins, “OK. So where do we go from
here?”

Jenkins looked down and said “Well you can see how difficult this is. We
cannot prove that what
Bicep
was doing was illegal, or a threat to
national security or anything to do with Abu
Ukasha
.
He might have been looking at porn and didn’t want anyone to know about.”

“No. He happily checks out porn on his office PC. I’ve seen his browser
history. Whatever he was doing connected at that Internet café it was something
he
really
didn’t want seen,” Bill concluded.

“Well there are precious few techniques we can use. If we have a suspect
server at one end and a suspect browser at the other we can compare the traffic
and prove a match. But of course that means we have to find them both first. If
we were able to get a keystroke recorder onto any browser device he was using
we could at least see his end of the conversations. But that might not be so
easy to accomplish,” Jenkins looked sideways at Bill.

“No, but you never know what opportunities might present themselves. Have
you got one of those ‘keystroke’
thingys
?”

Without speaking Jenkins turned his fist over and placed a very small USB
stick down on the table in front of Bill.

Kowalski said “all you need to do is get the stick plugged into his PC
without him knowing or seeing it for about thirty seconds while it loads. The
computer has to be on for it to load, but the software will do the rest.”

-|-

Gorbat photographed people coming and going from the IRM office on his
mobile and recorded notes about what he saw. None of these were the target.

Then a flatbed truck came to a halt in front of the office building with
three Afghans armed with Kalashnikovs sitting on the back. Gorbat started
taking images. He knew these would be sharper than video and occupy less
memory. Another sedan pulled up behind it, followed by another pickup with
another three, armed, Afghans.

Two of the three from each truck jumped down and took up positions
preventing anyone from approaching the little convoy. A westerner got out of
the sedan and opened the boot. He was not the target, ‘
Bicep’
.

Other books

Schrödinger's Gun by Ray Wood
Sick by Brett Battles
Calumet City by Charlie Newton
Bungalow 2 by Danielle Steel
The Widow of Windsor by Jean Plaidy
Foreign Land by Jonathan Raban