* * *
By the time I finally finished, I was freezing and swearing. My hoodie was totally inadequate and I suspected that my long-fingered vulgarian had ordered one of his Armored Borises to turn the thermostat down to sub-Arctic.
But it was done, and the test-cases ran, and so I got up off the folding chair I’d been hauling around the data-center’s corridors as I moved from one rack to another, tracing wires, untangling the hairball of grifty IT contractor shortcuts and fat-fingering.
Surveying my work, I had a deep feeling of … Well, to be honest, a deep feeling of pointlessness. I’d labored for sixteen hours—fifteen if you subtract meals and pee breaks—getting the Xoth Sectec network appliance installed, and all I had to show for my trouble was an inconspicuous black one-unit-high server box, mounted on the bottom shelf of the furthest rack (this was Xoth policy—put our gear in the most out-of-way place, just in case barbarian hordes topple our dictator clients and storm the gates, looking for mediagenic evidence of collaboration with evil surveillance contractors) (that would be me).
But now I got to celebrate. I looked over my shoulder and made sure I was alone—the RoboCops had made a point of standing behind me, watching my ass, as I dragged my chair around—bent down and touched my toes, feeling the awesome stretch in my hamstrings and the unkinking of my neck and shoulders as my hair brushed the ground. Then I stood, cracked my knuckles, plugged my laptop into my phone, and tunneled out to a network box I’d left in my hotel room that morning, making sure it was all charged up and successfully connected to the hotel’s wifi, which (see above) sucked monkey shit. I fired up a virtual machine on my laptop, choosing a container with a fully patched version of the latest freebie version of Windows, and used its browser to connect to Facebook.
The Slovstakian uprising hadn’t figured out that the only real use for Facebook in a revolution was as a place to teach people how to use something more secure than Facebook. All their communications was in a couple of groups that they accessed over Facebook’s Tor Hidden Service, good old https://facebookcorewwwi.onion, which was pretty good operational security (if I did say so myself).
Their problem was that they were way, way outgunned—as of now, they were facing down the best Xoth had to offer (at least, the best Xoth had to offer in its middle-upper pricing tier). Things were about to get very, very bad for the plucky demonstrators of Slovstakia.
The virtual Windows box in my virtual machine connected through the hotel’s network to Tor—The Onion Router, a system that bounced network connections all over the world, separately encrypting each hop, making it much harder to trace, intercept, or modify its users’ packets—and to Facebook’s hidden service, a darknet site based in a much nicer data-center than this one, in an out-of-the-way corner of Oregon with remarkably low year-round temperatures (ambient chilling is the number one money-saver when it comes to running a building full of superheated computers).
I alt-tabbed into my monitor for the Sectec box beside me, using an untunneled interface on my phone’s native network connection. That Sectec box could handle ten million simultaneous connections, combing through all their packet-streams using machine-learning models originally developed to recognize cancer cells on a microscope slide (fun fact!). Sure enough, it registered the existence of a stock Windows laptop in the Sofitel Bltz, communicating over Tor. It profiled the machine by fingerprinting its packets, did a quick lookup in Xoth’s customer-facing API to find a viable exploit against that configuration, and injected a redirect to the virtual machine on my laptop. I pinned the monitor window to the top of my desktop and flipped back to the VM, watching as the browser’s location bar flickered to an innocuous-seeming error message, and by flipping to a diagnostic view of the VM, I could see the payload strike home.
It used a 0-day for Tor Browser—always based on a slightly out-of-date version of Firefox and thus conveniently vulnerable to yesterday’s exploits—to bust out of the browser’s sandbox and into the OS. Then it deployed a higher-value exploit, one that attacked Windows, and inserted some persistent code that could bypass the bootloader’s integrity check, hooking into a module that loaded later in the process. In less than five seconds, it was done: the virtual machine was fully compromised, and it was already trying to hook into my webcam and mic; scouring my hard drive for interesting files; snaffling up saved password files from my browser, and loading its keylogger. Since all that was happening in a virtual machine—not an actual computer, just a piece of software pretending to be a computer—none of that stuff really happened, thankfully.
Now it was time to really test it. Sectec has a mode where it can scour all the traffic in and out of the network for specific email addresses and usernames, to locate specific people. I gave it Litvinchuk’s email address, and waited for his computer to make itself known. Took less than a minute—he was polling the ministry’s mail server every sixty seconds. Two minutes later, I controlled his computer and I was cataloguing his porn habits and downloading his search history. I have a useful script for this; it locates anything in my targets’ computers that make mention of me, because I am a nosy bitch and they should know better, really.
Litvinchuk was into some predictably gross porn—why is it always being peed on?!—and had googled the shit out of me. He also had a covert agent who’d searched my room; they had put a location logger on my phone using a crufty network appliance I’d already discovered in my epic debugging session in the data-center. I could have fed that logger false data, but I turned it off because fuck him sideways. I downloaded half a gig of videos of Litvinchuk in full-bore German heavy latex, gleaming with piss, then stood, stretched again, and shut my lid.
* * *
I’d started my adventure at 4 p.m. the day before. Now it was 8 a.m. and that meant that the demonstrations in the main square would be down to skeleton crews. Anyone interesting only came out after suppertime and worked the barricades in the dark, when the bad stuff always kicked off. That’s when the provocateurs and neofascists came out—often the same people—and the hard-core protesters had to work extra hard.
I called the Sofitel on the way back and ordered room service. All they had was breakfast and I wanted dinner, so I ordered triple, and gave up on explaining that I only needed one set of cutlery.
I arrived at the room’s door at the same time as the confused waiter. I waved at him and carded the door open, then followed him and his cart in. He was one of those order guys you saw around the hotel, someone who’d once had a job in Soviet brute-force heavy industry but ended up pushing room service trolleys when it all went to China. Those guys never spoke English, not like their strapping sons, who spoke gamer-international, the language of Let’s Play videos and image boards. “Dobre,” I said, “Pajalsta,” and took the folio from him and added a ten-euro tip—everything at the Sofitel was denominated in euros, ever since the local currency had collapsed. I hadn’t even bothered to change any cash on this trip, but I had bought a 10,000,000,000-dinar note from an enterprising street seller who’d been targeting the tourist trade. I liked the engraving of the opera house on the back, but the Boris on the front was a unibrowed thick-fingered vulgarian straight out of central casting. I kept forgetting to google him, but I was pretty sure he was being celebrated for something suitably terrible, purging Armenians or collaborating with Stalin.