Authors: Jonathan Holt
AS NIGHT FELL
, the hacker's real work began.
He knew there was no such thing as a completely secure internet connection. He had to trust that by the time he came to the attention of the world's security services, he would have moved on, his tracks well covered.
Even so, he took what precautions he could. At the technical college â which was always deserted at night â he first logged onto TOR, then onto a Virtual Private Network service offering anonymous IP addresses, and finally Carnivia. Only then did he access a search engine called Shodan.
Shodan was unique in that instead of searching for websites, it allowed the user to search for devices connected to the internet. Its creator, a twenty-nine-year-old programmer called John Matherly, had said that his aim was to show how large and insecure the Internet of Things had become. His assumption was that if he revealed how lax most devices' security was, manufacturers would be shamed into recalling their products.
Instead, the manufacturers simply ignored Shodan, or at best issued new, more expensive upgrades.
To date, pranksters â one could hardly call them hackers, since no actual hacking was necessary â had used Shodan to turn car washes on and off remotely, accessed a city's
traffic-control system, and shouted abuse at startled security guards through their own monitoring systems.
It was something rather more than a prank the hacker had in mind now.
Setting one of the parameters to “country: Italy” and another to “architecture: MIPSEL”, he searched until he found what he was looking for.
He clicked on the IP address, adjusted a setting, and went off to do something else. When he came back, the readings on the screen confirmed that he'd just managed to raise the temperature in a power plant in Lombardy by one degree.
Immediately he reset the thermostat back the way it had been, before writing a small piece of executable script and adding it to his files. Then he closed the connection and moved on.
Using Shodan, he wandered right across Italy, choosing his targets. A hospital in Friuli-Venezia. The subway system in Milan. A network of seven thousand police-linked burglar alarms in Lazio. A flood-control system in Abruzzo.
At one point he came across a brand of wireless baby monitors that required no password or login. As he considered whether this could be of any use, he found himself looking at a sleeping baby on one of the company's products.
As he watched, the baby's father came into the room, a young man in shorts with heavily tattooed arms. He crouched down beside the sleeping child and, tenderly, planted a kiss on its forehead.
“Sleep well, little fella,” he whispered in English.
The baby stirred, opened one eye, then began to yell.
“Shit!” the father said heavily. Resignedly, he reached down into the cot to pick it up.
Involuntarily, Tareq laughed. The young man froze, then
stared incredulously at the baby monitor. Holding the baby to his shoulder, he went out of shot. Over the baby's squalls, Tareq heard him calling to his wife.
“Janey! Hey, come here!”
When his wife came in, scolding him for waking the child, he pointed at the monitor. “That thing just
laughed
at me.”
“Rufe, what are you
talking
about?”
“The monitor. I just heard it laugh.”
Janey was wearing very short boxer briefs and a tank top, no bra. As the two of them peered at the baby monitor, Tareq couldn't resist saying, “Boo!”
“Fucking A!” the man yelled, jumping back. The baby yelled even louder. His wife, with rather more presence of mind, reached round the back of the monitor and yanked out the lead. Tareq's screen went blank.
Still laughing, he scrubbed the baby monitors from his list and moved on.
It was as he was investigating the capabilities of Yale's new internet-connected deadbolts that he thought again about that family. If he was successful in his plans, he would destroy a major part of the life they currently took for granted. He might even kill them. How did he feel about that?
He had never killed someone at close quarters. But he felt no more remorse about destroying that baby, he realised, than he would about picking off an opponent in a video game. It only reinforced his resolve to unleash a wave of destruction that would annihilate technology itself.
A level playing field.
He moved on from the locks, and spent rather more time examining supermarket supply chains. These were more sophisticated than most networks. When a customer purchased, say, a pear, the scanner at the till sent the information
back to the store's own inventory system. If it looked as if the store might run out of pears in the next twelve hours â based on a complex algorithm factoring in variables such as the price of pears at rivals' stores, the fact that shoppers tended to consume more fresh fruit at the weekend, any special offers on bananas coming up that might tempt people away from their usual fruit, and whether there was a surplus of melons in the back that needed to be got rid of â it would automatically order up more pears from one of the huge Central Distribution Centres, or CDCs, dotted around the country. If enough people bought enough pears, a stock-control program at the CDC would inform its opposite number at the grower's, and inside a vast ripening warehouse a sprayer would adjust the mixture of nitrogen gas and carbon dioxide in the atmosphere, speeding up the ripening process.
As a distribution system it was both incredibly efficient and incredibly fragile. Effectively, it meant that tens of millions of people were never more than a week away from starvation.
Most of Europe's big supermarkets used encryption systems to move data around their networks. Unlike manufacturers of baby monitors, they had a powerful commercial interest in maintaining security: their sales information could be useful to their competitors. What they were unaware of, though, and the hacker knew full well, was that the world's data encryption standards had been designed by a team of American software engineers that had been infiltrated by agents from the National Security Agency, as part of an operation called BULLRUN. The agents deliberately built weaknesses into the protocols, so that the NSA would be able to spy on companies without their knowledge.
Tareq set to work finding a way into the supply chains, using an exploit left behind by BULLRUN. It was intricate,
absorbing work, and he didn't notice the time passing. He jumped as a voice at the door said, “
Sabah el kheer
.”
Quickly minimising his working window, he looked up. Somehow, night had turned to day. “Good morning.”
“You're here early,” the teacher said, smiling. “Still keen, then?”
“Of course.”
“I spoke to my brother. It's all arranged â I'll forward you the details. Of course you'll have to start at the bottom. But if you have the right attitude and work hard, it's a good life.” The teacher came and leant in close. “Americans like to tip, he says. Even for the most stupid things. If you mend their wi-fi, or show them how to get their emails, they'll shower you with dollars.”
The teacher looked at the taskbar along the bottom of the screen, where Tareq's window was minimised. “What's this?” Before Tareq could answer, his hand had gone to the mouse and opened it.
Tareq had hacked into the mainframe of Esselunga, Italy's largest supermarket, and given himself root privileges to access the servers controlling stock levels. “It's nothing,” he said quickly. “That is, I was just curious.”
The teacher gave Tareq a startled look. “This is hacking, you realise that? There are laws about this. You could be arrested. We could
all
be arrested â they can trace it back to here.”
“It's secure. I'm using TORâ”
“TOR? Why?” The teacher stared at Tareq. “What else have you hacked?”
“Nothing,” Tareq lied.
“Listen,” the teacher said, more gently. “I did some stupid stuff myself, when I was your age. I understand the appeal. The
feeling that you know more than they do, so why shouldn't you go wherever you want? After all, if their security is so feeble, it's their own fault, right?” He wagged his finger. “Wrong. There is private property on the internet, just as in the real world, and the penalties for going wherever you want are much, much greater. We'll talk about this today, in class.”
When the other students arrived, the teacher initiated a discussion about computer ethics. Tareq did his best to look like a shamefaced kid who'd been carried away by all the knowledge the teacher had imparted in his lessons.
“What other damage can hacking do?” the teacher asked, towards the end of the talk.
A student raised his hand. “Hacking can kill.”
The teacher raised his eyebrows. “Would you like to give us an example?”
“The Fréjus road tunnel.”
Tareq stiffened. How did anyone know about that?
“There's film of the air turbines, just before the crash,” the student was saying. “They're saying it was a hack.”
While the others studied network protocols, Tareq surreptitiously did a search. The student was right: the film of the Fréjus demonstration had been posted online, along with some stupid slogan. So far it was only posted on a few jihadist websites. But those websites were exactly the kinds of places the West's security services monitored.
Which meant, in turn, that the NSA would pick up on it. Even without those splitters on the fibre-optic bearers, their eavesdropping capabilities were formidable. Electronic ears and eyes at listening stations in Cyprus, Bermuda, Great Britain, New Zealand and Gibraltar would even now be swivelling in his direction, trying to sniff him out, to isolate his digital footprints from all the other billions of computer
users around the world. He was fairly sure they wouldn't be able to trace him immediately, but it was a risk he couldn't afford to take.
At the back of the classroom, unseen by any of the other students, he logged onto an internet dating website. Going to an account he had set up months before, he wrote a message to the commander, then saved it as a draft.
He logged out, then logged in again under a different name and sent a message to a Muslim girl in Morocco. The girl had never received any dates from the site, which was perhaps not surprising since her face was entirely covered by a hijab. The commander would get the message, realise there was a draft waiting for him, and log into the other account using the same credentials Tareq had used. Then he would reply the same way.
As Tareq closed the window, he glanced up. Across the classroom, the teacher was looking at him with a troubled expression.
While the class began an exercise, the teacher stayed at his own computer, clicking repeatedly. Every so often his eyes would stray towards Tareq, his expression ever more troubled.
He's checking up on me
, Tareq thought.
Following my trail.
He wondered how quickly he would be able to finish what he had to do there. It looked as if he was going to have to accelerate his plans.
DANIELE BARBO TAILED
the cloaked female figure along the narrow canalside pavements of Carnivia, hanging back so that she was only just in sight. It was only a precaution: he had used his administrator privileges to become invisible, as had Max.
That's her
, Max said, using a private mode of speech that only Daniele could see.
Domino9859
.
Are you sure?
Certain.
Max's administrator privileges also allowed him to search Carnivia users' activity logs.
This is who changed the settings on the Fréjus tunnel turbines. Who she is in RL, I have no idea, of course.
Domino9859 was going into the area of San Polo just beyond the Rialto bridge. Centuries ago, the city fathers had designated this as a place where prostitutes could walk around bare-breasted, to prove that they were genuinely female and not transvestites; almost seven hundred years later, the effects of that decree still shaped what happened here, both in the real Venice and its digital equivalent. For Carnivians seeking pleasure, this was Party Central.
It was the first time Daniele had been in Carnivia since stepping down. The streets were more crowded than he remembered them. Election posters hung from balconies, and
more were being towed up and down the canals on barges. They bore slogans that made no sense to him: “Carnivia Libre”; “Oldtimer Alliance”; “Taxback Now”.
As they passed through the crowds, an avatar in the basic, uncustomised cloak and mask of a new user suddenly shrieked:
LOOK AT ME! LOOK AT ME
! Ripping off his clothes, he stood there naked, writhing strangely. Daniele saw he was wearing a kind of sash. On it were the words: “I VOTE TO FLOAT”.
What the . . .?
Daniele muttered
.
Newb-hazing
, Max explained.
Oldtimers test for specs by offering them a float badge. If they accept, they find themselves running a prank script.
“
Specs”? “Oldtimers”?
They were terms Daniele wasn't familiar with.
“Specs” are the speculators who've only joined Carnivia in the hope of cashing in on a stock flotation. Oldtimers think only pre-Abdication members like themselves should be eligible to vote. But the most successful party, according to all the opinion polls, are the Taxbacks. They're offering a straight deal: five bitcoins per vote, to be paid for by taxes on the whole user base after the election. When you think about it, that's a pretty neat formula. Nobody wants to be liable for the tax but not get the bribe.
You warned me this would happen,
Daniele said sadly.
I didn't listen.
Even I never thought it would be as bad as this.
Ahead of them, Domino9859 turned into a courtyard and up some steps. Following her, they found themselves in an elegant
loggia
. Half a dozen people, male and female, stood around chatting.
Looks like some kind of soiree
, Max said.
As Domino9859 took her cloak off, Daniele saw that she was wearing an unusual band round her neck, like an iron collar. To his right, another woman was kneeling in a position of supplication, offering a wooden cane to a seated man.
I'm not sure we should be here
, Daniele wrote.
Even so, he couldn't help but watch as Domino9859 lay over a man's lap. The man began to spank her buttocks with a paddle. Daniele could hear the thwack of wood on flesh; the tender skin reddened more deeply with each blow. Except that it wasn't flesh, Daniele had to remind himself. This was role play, not the real world. But somehow the distinction was easy to forget.
All around them, similar scenes were being enacted. Two men were taking it in turns to thrash a female avatar. Another was being roughly taken by a group of three men who were accompanying their thrusts with a stream of abuse. Yet another was being flogged with a cat-o'-nine-tails, each slap of the leather plaits followed by a realistic-sounding gasp of pain.
This makes no sense
, Daniele said.
Like so many things in Carnivia.
No â I mean a jihadist, a hacker, would never get involved in something like this.
Well, if you want to examine her without her knowing, you'll never get a better chance
, Max observed.
Daniele switched to a different view. The lifelike 3D rendering of avatars and buildings that was the ordinary user's experience of Carnivia vanished, replaced by wireframe and lines of code. To most people it would have been incomprehensible. But just as a musician can read a score and hear the music in his head, Daniele could still visualise every feature of the scene in front of him as he searched quickly through the code.
Isolating Domino9859's avatar, he went through it line by line. He felt bad about doing it â far worse than he did about watching her enact a sexual fantasy. The code contained her entire digital footprint. Even though it was encrypted, it was personal to her.
Eventually he found what he was looking for. A tiny anomaly, so small he would have overlooked it had he not specifically been searching for it. It was a worm â a virus designed to take up residence in the user's computer and stay there, dormant and unnoticed, until some specific event or command woke it. Typically, worms were linked to botnets, networks of hijacked computers that were used to send out spam.
He realised now what must have happened. Domino9859 wasn't a hacker. But her computer had been infected by someone who was. Effectively, she had become his proxy, doing his bidding without even being aware of it. And because her real identity was masked by her Carnivia username, there was no way of tracing that computer in the real world.
How are you doing?
Max asked privately.
Almost there.
Daniele made a copy of the worm to study later, then switched back to normal view and made himself visible.
I need to speak to you
, he said to Domino9859.
Who are you?
she said, not stopping what she was doing.
An administrator. I think your computer has been taken over by a virus. If you're prepared to tell me your real-life identity, I can send you some tools that will disinfect your hard driveâ
He found himself talking to empty air. Domino9859 had vanished.
Disconnected
, Max observed.
I thought she'd appreciate our help.
What makes you think she's even a she?
It was true, of course: here in Carnivia, gender was a matter of personal choice. Perhaps to Domino9859, revealing his or her true identity was more frightening than having a virus.
This is a real problem
, Daniele said.
The authorities had been looking for an excuse to close down Carnivia for years. To date, every legal challenge had failed, but terrorism legislation was far more draconian than the anti-pornography and anti-drugs laws that had been used against them in the past.
So what do we do?
This was just the sort of conundrum that had made Daniele decide to walk away from Carnivia. He believed absolutely in the right to privacy. For him and the small, close-knit group of hackers who first colonised the internet, back when it had to be accessed with a dial-up connection and a modem, it was a fundamental article of faith. But the principle, so unimpeachable in theory, seemed to become increasingly difficult and fuzzy when translated into practice.
One thing he was certain of, though. If he simply informed the authorities, they'd shut the site down â but that wouldn't stop this hacker.
Only he, Daniele, had the skills to best him. And it should be done here, on Daniele's home territory, in a world he knew better than anyone.
Not that he had changed his mind about leaving. If anything, this proved that looking after Carnivia wasn't a part-time job. But this last threat would have to be tackled before he could put Carnivia behind him.