Start at the Prologue and First Chapter here
Frank frowned as he watched the familiar monuments come into and out of view as the 737 climbed, circling over the nation’s capital before heading off to New York. Everything looked exactly the same as it always did – of course. Just the way they did for him every day now at work. He’d been pulling down his huge salary at First Manhattan for months now without really accomplished anything at all. Not that anyone seemed to care, so long as he allowed Lola to keep trotting him around like a pony at a grade school birthday party. The folks on the IT team must be whispering behind his back, though. If he was supposed to be such a cybersecurity hot shot, why hadn’t he found a critical vulnerability in BankCoin yet?
He started drumming his fingers on the armrest. Humpf! he humphed to himself. Well, maybe there was nothing to find! And then he Humpfed! again. Even he didn’t believe that. If the BankCoin blockchain lacked at least one critical flaw a black hat could exploit it would be the first piece of code to ever attain that exalted state of grace.
He scowled at the clouds and drummed harder. What could he do that he hadn’t done yet? His time to head off a successful attack must be running out. Between the massive attack wave that passed BankCoin by and his realization he needed to worry about state actors as much as criminals he’d already had two wake-up calls. The next wake-up call might be Iran making off with a trillion dollars.
So, what exactly would a state power do, besides put its best people on the project?
Of course! He pounded the arm rest hard enough to make his seat mate jump and give him a dirty look.
He hadn’t been monitoring the Dark Web sites where zero-day exploits were sold! The National Security Agency and its equivalents around the world scanned those sites daily. That could explain why there hadn’t been a successful criminal attack yet – government buyers could have been bidding up and buying all the vulnerabilities anyone had found so far!
He looked at his watch: Darn! The plane didn’t have WiFi and wouldn’t land for another hour. Calm down, he told himself. Another hour won’t make a bit of difference. Dozens of flaws might already have been bought and sold in the months since BankCoin launched.
But he didn’t calm down until he was settled into the town car waiting for him at La Guardia. By the time the driver reached the bank Frank was well into coding a piece of software that every hour would log onto the most popular sites selling zero days and alert him if it found the word “BankCoin.”
By mid-afternoon his little ‘bot was up and running and the brief therapeutic bump he’d enjoyed from feeling like he was finally accomplishing something began to fade. Now what?
What indeed? What if the BankCoin blockchain was already infected with a Trojan or some other kind of malware he’d missed, just waiting to go off? Or even just a simple back door he hadn’t found? How was he to go about finding something he’d already failed to uncover?
He’d asked himself that question a dozen times before, but this time he found the hint of an answer in his frustration. Maybe if he set up his own blockchain, using the original BankCoin source code, he could compare it to the copy all the banks were using and spot anything that was awry. That was an interesting thought. He could keep his experimental copy of BankCoin disconnected from the Internet – “air gap” it – too, so that it would never get corrupted. That sounded promising.
An hour later he had a factory-fresh server sitting in his office, linked to nothing other than a monitor, a keyboard, a mouse, and the electricity outlet in the wall. The next step wasn’t perfect. He’d need to download an on-line copy of the BankCoin source code, and if BankCoin had been corrupted from the beginning, he’d be wasting his time. But that couldn’t be helped.
Using his laptop, he logged on to GitHub, found the original source code archived on the repository, and downloaded a copy. Then he ran every de-bugging program he had on the download in an effort to spot and clean out anything nasty that might be lurking there. The programs found nothing, and that was encouraging. Then he unplugged the Ethernet cable from the wall to air gap his laptop from the Internet, and double-checked his laptop controls to be sure his WiFi radio was disabled, too. Only then did he use the Ethernet cable to connect his laptop to the server and transfer the BankCoin source code to it, along with a copy of his favorite code compiler. Now he could get down to work.
* * *
The voice was shrill in Crypto’s brain.
What is he doing?
Crypto stared at the information scrolling down his computer screen. What was Adversego doing indeed? He’d just downloaded the source code to the original version of BankCode, and then disconnected from the Bank’s system. And his WiFi was turned off, too. This could be a dangerous development.
Of course it is! What are you going to do about it?
I don’t know yet. This would take some careful thought. He waved his hand in the air, trying to concentrate.
You’ll have to kill him!
Crypto lurched back from his computer. Kill him? What?!?
Yes! Kill him!
He stood up and began pacing. I can’t do that! That’s absurd.
Of course, you can! Do it now before he figures out anything more.
No! Crypto was waving both hands now.
Another voice joined in – a thunderous one he hadn’t heard in years.
Fool!
This was getting out of hand. He needed to increase his daily medication right away; but it would take several weeks for that to make a difference.
No! Don’t do that!
Fool indeed!
Where were his emergency meds? He sat down and fumbled with a desk drawer. Where were those pills?
Where you can’t find them, so don’t bother!
He hoped the voices were bluffing. When he found the two containers, his hands were trembling.
Are you listening? Pay attention to me! The deep voice boomed.
He shook a capsule from each container into his hand and swallowed them dry. Time for a walk outside; that often threw the voices off balance a bit, making it easier to reason with them.
But he found little relief on the sidewalk outside as he waited for the sedatives to take effect.
Pedestrians edged away from the strange figure, mumbling and waving his hands in the air as he walked.
* * *
Two days later, Crypto was hunched over, staring back at the video image of himself six inches away on the screen of his computer. He was watching his lips as he spoke out loud, engaged in an exhausting exercise he’d stumbled on years ago while looking in a mirror. Focusing on his own voice made it easier to separate his thoughts from the words of the voices. After an hour, he’d largely succeeded in getting his tormentors back under some sort of control; the voices were fainter now, and a bit better behaved. Good.
He leaned back and spent another fifteen minutes speaking, this time watching his face and bodily motions instead of his lips. Also good. His actions no longer betrayed his inner turmoil so obviously. It was time to progress to the next step: interacting with someone in a store. He would need to not only focus on controlling the voices, but on his own actions as well. Difficult. But he’d pulled it off so often before.
He stood up. There was still the problem of Adversego. Given the stakes, he had decided, the option of violence could not be totally ignored –
Yes!! The voice cheered.
– but it must be a last resort.
NO! You have no sense of the danger – The voice was louder.
He sat back down, shaken, and shoved his face into the screen again, every muscle in his face taut.
What if you fail? What if your foolish soft-headedness ruins everything? The familiar voice was relentless again.
Fool! Idiot! The deep voice chimed in.
Crypto gripped the table and stared at his mouth. “All right!” he cried out. “If I must, I’ll do what must be done! But we’re not there yet! There are still alternatives. Now leave me in peace!”
Peace? The higher voice crooned, suddenly soft and caressing. Yes. You may have peace. But only for now. You know we will be watching.
Exhausted, Crypto snapped the laptop shut. He’d have to be even more vigilant in public, exercising more self-control than ever before. And he’d need to show the voices that he was making progress.
* * *
Author’s Notes for this Week: This being a long weekend, I’ve indulged myself in catching up on a lot of chores during my normal posting time. We’ve moved to Maine for the summer, and the chores demanding attention were many, especially since we sold our house in Marblehead, Massachusetts this winter and swapped out much of our belongings here for what we had there.
As you can see this week, things are becoming more personal between Crypto and Frank, aggravated by Crypto’s demons. In the weeks ahead you’ll see how this plays out. Suffice it to say that Crypto will need to exercise ingenuity in order to come up with ways to put pressure on Frank short of, well, making an early end to this book.
As I’ve noted before, I find that my characters – and you, my alpha readers – typically take a book in directions I had not anticipated. In this case, someone pointed out that I should develop Crypto as a character, which was something that until then I hadn’t spent any time thinking about. That led to having to come up with a credible motive – greed? mayhem? what? And that led to a decision to opt for anarchy, which would be in synch with the philosophical goals of some of those in the group Nakamoto was interacting with on the Web when he came up with BitCoin.
But how credible, really, is anarchy as a goal? To me, not very, and certainly hard to portray for any sane character, which, of course, led us to where Crypto are today. That said, who can tell where they’ll be by the end of the book? We’ll all – me included – have to just wait and see.
Next week: I think we’ll probably be tracking Frank’s continuing flirtation with becoming one of the nouveaux riches. In the meantime, you might want to check out Len Edgerley’s interview of me at his Kindle Chronicles podcast site. It begins at 11:15 in the podcast. While you’re there, check out some of his previous interviews, with folks like Jeff Bezos, Dean Koontz and Jane Friedman.
Continue to Chapter 18
Hi Andy,
Missing a ‘from’ in the following: He could keep it disconnected the Internet – “air gap” it – too, so that it would never get corrupted.
I reread paragraph a few times, and would prefer if you added BankCoin in there somewhere, since we already know Crypto unleashed zero-days on the other cryptocurrencies. If NSA vigilence has any validity, why didn’t they see those z-d’s coming?
I assume there are no squirrels in Maine, just lobsters!
Thanks for the catches, Minrich. The sentence now reads as follows: “He could keep his experimental copy of BankCoin disconnected from the Internet – “air gap” it – too, so that it would never get corrupted.”
Now, on to the important subject of squirrels. Indeed, there are squirrels here, and you’ll doubtless be delighted to learn that, unlike over there in Blighty, the red squirrels are holding their own very nicely against their gray brethren.
As I write this, there’s one sitting on the rail of my deck, eating the seeds I put out for him every morning. He appears there almost instantly as soon as I provide his daily fix.
It used to be customary to transfer bits to and from air gapped systems by burning them on CDs or DVDs. But nowadays, systems do not have optical media anymore. It is a pitty. Neither USB nor ethernet connections are really “safe”.
I was wondering hoe Crypto found out what Frank was doing? A computer going offline is in itself not special. And Frank was supposed to download and study BankCoin.
Rob, that’s a good question, and I’ve now added in a little more detail, but since Frank is now off line, Crypto – and the reader – need to wait until Frank is on-line again and Crypto can find out that he’s also exported a copy to somewhere other than the bank’s network. I can’t really go into more now, as it would begin to give away too much too early.
The CD burner is a good idea. I may decide later to have Frank export BankCoin onto a mobile DVD drive/burner before transferring it to the server, but that may be adding more technical stuff than the reader would be interested in.
New trend: Taking over 51% of the blockchain network and then alter blockchain history to double spend crypto coins. This used to be a theoretical threat, but it has become real for the smaller alt coins.
“CRYPTOCURRENCY HEIST WORTH $20M SEES HACKERS EXPLOIT WORRYING NEW TREND”
https://www.independent.co.uk/life-style/gadgets-and-tech/news/cryptocurrency-heist-hackers-bitcoin-gold-attack-a8374016.html
I’ve always found it rather amazing that Bitcoin could go so far despite the fact that Satoshi Nakamoto (whoever he/she/they/it may be) highlighted the risk of 51% attacks in his original white paper.
Another wrinkle, https://jochen-hoenicke.de/trezor-power-analysis/ – hands on always wins.
The shift to and development of Crypto’s character as an edge case psychologically meets up with a real situation among higher end coders and developers. Rampant drug use to get to ‘normal’ states is common. Another trend is micro LSD dosing in the industry for productivity gains as is remote work contracting. Crypto has an easy in, accomplished with attendance at a few conferences followed by online chat in irc or dedicated forums and mailing lists. It’s here that someone listening instead of talking can glean far more than participants with their guard down in a ‘private’ conversation area would likely realize they are giving out.
In the good old days of the internet, when everyone had their address, phone number, institution, job title and department in their signature; it was relatively easy with a bubble of multiple logins via telnet hopping from institution to institution to enter the directory of the ‘target’ and read their mail, notes and papers. Entering into a public conversation with the target about their favorite preoccupation or research area could result in an invitation to a private mailing list. No bona fides needed because you were obviously a fellow researcher. The fact that your talking points came from their files was besides the point.
This mirrors the technique of phishing. Humans will always be the weakest link in any organization. So if you are not already part of the infrastructure you can get access by getting other people to help.
So, Crypto is monitoring from the network side. I guess that means that Frank’s air gapped server has to be compromised with a dummy connection cord, a usb cable or somesuch that is wireless equipped. So small and looking so much the same.
How do you beat such a foe? Especially when you can hire the replacement ‘service’ off the darknet for bitcoin anonymously. I mean if you looked closely you could see a nub in your usb port for bluetooth or wireless but a cable is just a cable. Why would you even look unless you had your experiment happening in two different places like work and home because you know, why not, you have money now.
Another tidbit:
https://www.cnbc.com/2018/06/05/bitcoin-miner-revamps-alcoas-aluminum-factory.html
Where’s bankcoin coming from? Did you explain that?
Thanks, Frank. Interesting alignment of interests. Unlike some other metals, aluminum is smelted using electric furnaces, which not surprisingly use a humongous amount of electricity. So it’s a nice match up. The author misses, though, on the fact that running the computers themselves, and not just the AC units, takes a whole lot of power. Plus, the complex mathematical calculations have nothing to do with verification – only to being first so the winning miner can claim the reward.
Journalists still seem to be struggling to get their arms around the basics of BitCoin, but then again, that’s not too surprising. It may be simple in some respects, but it’s a really through the looking glass concept in others.