Start at the Prologue and First Chapter here

Crypto shadowed Frank’s latest interactions at the GFBS section of GitHub and considered what to do next. Nothing that Frank had done to date suggested that he was on the way – yet – to discovering anything of concern. But the possibility of his doing so was not zero. Happily, it was time for Crypto to launch the next step in his plan, which was to raise the perception in the marketplace that the GFBS blockchain was far more secure than any other alternative. That should reassure Adversego and his overseers as well.

But there was no need to act in haste. Only methodical care and an almost fanatical attention to detail had allowed Crypto to remain unknown for over a decade. Over time, a slow, careful approach had become second nature to him; a source of pride rather than impatience at the extra time and effort such care required. But it was clearly time to act.

He began by browsing on to the Tor Network, the most popular manhole through which anyone could drop into the Internet netherworld commonly referred to as the Dark Web. Dark, because unlike the everyday Web, its contents were invisible to the robotic crawlers that index the pages accessible to browsers like Chrome and Firefox. Dark, too, because access points like Tor provide almost impenetrable anonymity. Any message you wished to send was encrypted, and then encrypted again, down through the multiple layers of scrambling that had yielded the TOR acronym – short for The Onion Router.

Once logged in, Crypto gained access to thousands of routers maintained by TOR volunteers all over the world. Not only could you send or post a massively encrypted email, chat message, or file wherever you wished, but your identity was separated from the message or document itself. When you hit the “send” command, each was sent caroming randomly throughout the vast expanse of the Dark Web until eventually they were reunited at the intended destination and decrypted by the intended recipient. It was a wonderful system for anyone anxious to protect their on-line anonymity – perhaps someone bravely acting as a whistleblower. It was even more useful to someone engaged in illicit activities, whether it be drug dealing, fraud, or – in this case – facilitating the theft of alt coins.

Still, one had to be careful. The Tor technology was powerful indeed, but its creation and further development had been funded primarily by the U.S. Department of Naval Research, and by that venerable skunkworks of the U.S. Department of Defense popularly known as DARPA, short for the Defense Advanced Research Projects Agency. There was reason to believe that there might be weaknesses built into TOR that only the U.S. government knew how to exploit.

But Crypto felt comfortable enough engaging in the type of quick hit and run activities he had in mind for today. It took only minutes to load his offer to several sites where zero-day exploits were bought and sold. Zero day exploits described ways to take advantage of a vulnerability in a program that until then had been unknown. Such a software flaw was hence still at “zero days” from the time the honest world learned of its existence.

If the vulnerability was bought by a criminal, it would soon be used to launch an attack. But it might instead be bought on the Dark Web by a government agency, like Israel’s Mossad or the National Security Agency (NSA), in the United States. Such agencies regularly bought zero day exploits to hold in reserve against the day when they wished to infiltrate or compromise a foreign government or criminal enterprise. All of these buyers bid against each other on the Dark Web until the highest bidder won.

But not this time. Crypto was an anarchist, not a capitalist. He wanted to make sure that black hats, not governments, purchased his vulnerabilities. So he priced his vulnerabilities high enough to avoid suspicion, but not so high as to discourage purchase by criminals all over the world. And he offered them to anyone for a price, and not just to a single successful bidder.

The profits were irrelevant in any case. They were nothing to Crypto compared to the risk of discovery. Despite the fact that the blockchain enabled payments to be made and received anonymously, Crypto directed the payments to a brand-new blockchain wallet he would never access again.

Half an hour after logging on, his work was finished. All that was left was to watch the fun begin.

*  *  *

Josh Peabody was hosting a cocktail party at his office for CryptoBoom’s! largest investors when the telephone in his pocket started going berserk. He ignored it for most of a minute, because he was speaking to the chairman of the fund’s Valuation Committee – the Committee that decided on the value of the fund’s portfolio, and therefore the amount upon which Peabody’s management fee would be calculated. But eventually the angry vibrations began to unsettle him. That degree of unease was nothing compared to the sensation he felt when he looked at the phone’s screen and felt the bottom of his stomach hit the floor. With a sick smile, he excused himself and left the room as rapidly as he could without being obvious.

Once in the hallway, he dashed to his office and opened up an exchange program. To his horror, the price of Tabbies was plummeting on the breaking news that more than one half of the entire issuance – including CryptoBoom!’s entire position in the alt coin – had been stolen.

*  *  *

Frank was once again sitting in the main conference room on the sixty-fifth floor of First Manhattan Bank. At the head of the table sat a grim-faced Executive Chairman of the Board, impatiently waiting for an update on the wave of assaults that had nearly destroyed the alt coin markets over the preceding forty-eight hours. To varying degrees, everyone around the table looked shell-shocked. The financial carnage was severe.

The door opened and the receptionist ushered in the last anticipated attendee, a middle-aged man wearing the expensively-tailored uniform of someone who advises similarly dressed people. Nukem nodded to him and immediately began speaking.

“All right, everybody. Let me introduce you to Henry Dana, from Bingham & Gould, the analytics firm advising us on alt coin markets. Greg, we’re all waiting to hear what you have to say.”

“Hello everyone,” the analyst said. “I’m sure you’ve all read the public accounts of the chaos roiling the alt coin markets over the last two days. What I’ll try to do today is quantify the actual losses to date and provide our view on the possible short and long-term impacts on BankCoin.

“Let’s start with the high-level numbers. The attackers hit a total of six cryptocurrencies, including Bitcoin and the three alt coins with the next highest market value, other than BankCoin. They made off with approximately seven to eleven percent of the total number of each of those alt coins currently on the market, depending on which coin we’re talking about. Taken together, the stolen coins have an aggregate value of over twenty billion dollars based on their trading values at the time of the attacks. That’s a truly staggering amount – far higher than all previous coin thefts combined.

“But that’s just the tip of the iceberg, at least on a temporary basis. Following the cascade of news breaks revealing one attack after the other, the market valuations of all major alt coins plunged, dropping from fifty-six to eighty-two percent, again, depending on the coin. That amounts to a further loss of over one hundred fifty billion dollars of value.”

A hand went up. “Yes? Dana asked.

“Why was the impact so great on coins that hadn’t been hit. That’s new.”

“You’re correct. The difference is that in previous theft situations, only one type of coin was affected. This time, six were hit. The market presumably decided that if six different coins could be hit all at once, every other coin must be just as vulnerable. So a lot of people obviously decided to move some or all of their coin investments out of the blockchain ecosystem and into traditional investment alternatives, like stocks, bonds, or even cash, at least temporarily.

“At its lowest point, the main alt coin index dropped below twenty-seven percent of its pre-attack value. It came back about ten percent when no new attacks occurred over a twenty-four hour period, but it’s still off by more than sixty-four percent. Assuming no new attacks occur, we expect it to gradually move up, but that’s about the most we can say for now.”

“Happily,” Cronin interjected, “The value of BankCoin hasn’t been affected at all, since it’s pegged to the dollar. And our blockchain remains secure. Can you confirm that, Dirk?”

“This is correct,” Delhohn said solemnly. Frank, dressed to blend in with the rest of the suits crowding the table, noted that Audrey Addams had not yet succeeded in paper-dolling the crotchety Dane.

“Just as I would expect,” Delhohn continued, “The GFBS blockchain is set up in a completely different manner than any other blockchain. We are a closed system. This is fundamental to maintaining its security.”

“Can you tell whether an attempt was made?” Nukem asked.

“I have seen no evidence that any attack was launched against BankCoin.”

To Frank’s embarrassment and Delhohn’s obvious annoyance, Nukem turned to Frank. “Do you agree?”

“I do,” Frank said. “We scan the bank’s blockchain infrastructure constantly. And by agreement with the other banks, a third-party security assessor runs vigorous penetration tests against each bank’s blockchain host computers every week. We’ve seen no increase in hostile activity beyond the usual baseline of probing we experience.”

“Well, thank God for that,” Nukem said. “Here’s hoping it stays that way.”

Sure, it was great that the BankCoin blockchain had been spared, Frank thought. But if Delhohn was right, why had the attacker tried to breach every major coin except BankCoin? Did the differences between the private BankCoin blockchain and the various public systems provide the answer? Or were the attackers simply saving BankCoin for a later day?

That possibility deeply troubled Frank. And another thing did, too: not a single attack had been launched at the edge of the crypto-currency system, as had usually been the case with past attacks. Instead of hitting exchanges and wallets, the attackers had exploited flaws in the blockchains themselves. That was truly unnerving, as it struck at the very core of the blockchain concept itself.

It also highlighted the fact that a supposed blockchain strength could also be a weakness. Normally, a bank was the sole repository of the records relating to its assets. Tamper with them at a single location, and you could steal those assets. With a blockchain, the equivalent records – and the supporting software – could be found on hundreds, or even thousands of computers. Nobody could attack all of those computers at the same time, and the blockchain itself could not be changed except by mutual agreement of a majority of the owners of those computers.

That sounded good, except that any Tom, Dick or Harry with a powerful enough machine could decide to join the club. Worse, since there was no central authority, there was also no minimum level of security required. If some Dick wanted to set his password as “password,” or “123456,” there was no one to stop him. It was truly chilling. And since each such developer hosted a copy of the blockchain itself, each represented a point at which a flaw in the blockchain could be exploited.

“So, what do you think about all this, Frank?”

Frank jolted back to attention. Horace Nukem, as well as everyone else, was looking straight at him.

Frank had no idea what had most recently been said, so he ran for what he hoped was safe ground. “It’s certainly a credit to Dirk and the rest of the GFBS coders that BankCoin wasn’t hit. That said, the fact that we weren’t breached this time is no reason to be complacent. Even if we’re more secure today than the competition, we can assume the best of the other alt coin projects will up their security game to plug the gaps, or they’ll be left behind. That means that over time we’ll become a more attractive target, unless we maintain our security lead.”

“Nonsense!” Delhohn snorted, to Frank’s surprise. “You are all looking – what is your saying – the gift mule in the mouth. There is a reason that every major alt coin scheme was hit except BankCoin. That reason is that BankCoin is far more secure. It was designed with security against theft as its highest priority, rather than as an afterthought, like the other coin blockchains. Instead of sitting here wringing our hands over the future, we should be promoting the fact that BankCoin is the only secure blockchain in existence. What are we waiting for?”

Cronin, being no fool, seized on the lifeline thrown from such an unexpected quarter. “Dirk is right, Horace. These attacks are an opportunity, not a disaster. We should be doing exactly what he says. Not in an inappropriate way, of course. But we shouldn’t be shy about pointing out the fact that not one penny of First Bank of Manhattan assets was stolen, nor was the value of any customer assets compromised.”

Nukem paused and frowned. “Fair enough. I’m as happy as the next man to ride a gift horse for all it’s worth. But I’m also with Frank. If anyone gets complacent about blockchain security, they’ll be doing it somewhere else if I find out. And I want a weekly update on everything we can find out about these attacks – how they were carried out, who may be behind them, and what the vulnerabilities were. That’s all for today.”

*  *  *

An exhausted Josh Peabody turned off his computer and slumped back in the office chair he’d occupied for the last thirty-six hours. Exhausted, but triumphant. It was good to see he could still pull out the old magic when he needed to. Truth to tell, he’d been coasting for years now, taking advantage of investment waves that anyone with adequate savvy and inadequate principles could ride to a handsome profit. But pulling off the thousands of complicated puts, calls and swaps he’d just executed in the face of plummeting alt coin prices had taken real skill, not to mention balls. Now that the dust had settled, he could congratulate himself on managing to notch a small profit for CryptoBoom! And he’d been smart enough to insist on cash for all his previous alt coin underwriting deals.

Yes, he thought, rolling down his sleeves and watching the first light of dawn coloring the coastal mountains in the distance, I do believe that Elvis has reentered the building.

*  *  *

Author’s Notes for this Week: We’re starting to get into the meat of the cybersecurity plot now, which is always an interesting journey for someone with a BA in history who’s never written a line of code in his life. I have, however, represented coders for my entire professional career, and done a lot of reading besides. The result is what you might think of as a symbolic, or metaphorical level of understanding of  the technical nuts and bolts, and that’s a good level to think in when you’re writing light reading for non-technical readers. The trick, of course, is to keep it detailed and credible enough to appeal to technical readers while not losing the rest. One thing that each of you, as readers, can do to help me out a lot is to tell me if there’s every anything you can’t follow, on the one hand, or that’s technically wrong, on the other.

While we’re on the topic of technology, let me bring you into my thinking about how Frank will eventually figure out that something’s going on with BankCoin. My thought is that Frank will set up a duplicate of the BankCoin blockchain for experimental purposes, and in order to get familiar with the code, he won’t just copy what’s there already. Instead, he’ll compile a copy from the source code instead.

For those of you who don’t have a clue what I’m talking about, here’s the distinction. “Object” or “machine” code is the ones and zeros that you think of when you think about computer programs. It’s also what you receive when you buy software. But even to a skilled programmer, one and zeros are tough to make sense of. What they usually work with instead is something called “source code,” which is words, symbols and other objects you can find on a computer keyboard. Here’s a sample of source code from the MIDI music player that you’ve likely used:

Still kind of incomprehensible to a non-programmer, but you can see how someone who knew what they were doing could make a heck of a lot more sense out of this than 100100 101010 111100 and so on. Developers write code like this on their laptop and then use a tool called a compiler to convert it into object code, which is what a computer can “execute.”

Now back to our story, and here’s where I’m going to ask for some help from any of you that are programmers. I’m assuming that compilers aren’t perfect, and that a programmer would still have to do some debugging in order to get a program running perfectly. That’s why Frank would want to start with the source code, as in the process of debugging the BankCoin blockchain he’ll get a feel for how all the pieces fit together.

So, here’s my question: am I right in assuming that compilers aren’t perfect? Knowing the answer to this would be very helpful to me. If the answer’s yes, I’m off to the races. If I’m wrong, then back to the drawing board.

Next week: I believe that next Saturday you’ll learn the first half of Crypto’s back story. However, I’m now writing about a half dozen separate threads – Frank’s investigation, Crypto’s offensive and defensive efforts, the kickoff of the new CIA task force, Frank’s war of wits with Fang, and several more besides. At this stage in the book I therefore need to decide in which order to start introducing these multiple building blocks to create an effective narrative. Later on, I may reshuffle the deck to make the story evolve more naturally depending on how the plot is coming together. Often, I’ll think of a whole new thread half way through the book. So whichever way I come out next week, don’t be surprised in the final book if something different happens next.

 

Continue to Chapter 13 here