started: “Only saw one police cruiser. Looked like a mandatory drive-through. Didn’t do a lot of looking around.”
“Jack?”
“Didn’t see any lights on in the apartment. There’s an alley on the back side and a crappy wooden fence with an unlocked gate leading to a concrete patio. Dogs two yards down on either side. They barked as I walked by, but I didn’t see any faces come to the windows.”
“Back porch light?” Clark asked.
Jack nodded. “Bare bulb. And no screen door.”
“Why’s that important?”
Jack shrugged. “Screen doors squeak; they rattle.”
“Man gets a gold star.”
Thirty seconds apart, they circled the block, then met in the alley. Chavez went through the gate first, up the steps, then unscrewed the lightbulb and stepped down. Clark and Jack came through. Clark went up the steps and spent ninety seconds crouched by the door, working the knob lock, then the deadbolt. He gave them the wait signal, then slipped through the door. He was back sixty seconds later and waved them in.
The apartment’s interior was a mirror image of the architecture: long and narrow, with cramped hallways, narrow-plank hardwood floors covered in worn carpet runners, and dark baseboards and crown molding. Nayoan wasn’t much on interior decoration, Jack saw: a utilitarian kitchen and bathroom done in checkerboard porcelain tile, and a front room with a sectional sofa, a coffee table, and a thirteen-inch television. Probably didn’t expect to be here for long, Jack thought. Why bother with anything but the necessities? Could that mean something? Might be worth checking how long Nayoan had left on his tour at the embassy.
“Okay, let’s toss it,” Clark ordered. “Everything back in its place when we’re done.”
They clicked on their flashlights and went to work.
Almost immediately Chavez found a Dell laptop on a card-table desk in Nayoan’s bedroom. Jack powered it up and started sifting through the folders and files, the Web browser history, and the e-mail backlog. Clark and Chavez let him work, spending thirty minutes dissecting the apartment room by room, checking the obvious hiding spots first.
“Okay,” Jack said. “No password protection, no key logging software… Aside from a standard firewall and an antivirus program, this thing is wide open. Lot of stuff here, but nothing that jumps out. Mostly unclassified embassy business and e-mails-some of it personal. Family and friends back home.”
“Address book?” Clark asked.
“Same there, too. Nothing we’ve seen from URC distribution lists. He cleans his Web browser history almost daily, right down to the temporary files and cookies.”
“‘Cookies’?” Chavez asked.
“Little bits of data websites leave on your computer every time you visit. Pretty standard practice, for the most part.”
“How deep can you dig?” Clark asked.
“Here? Not very. I can copy all his files and folders and mailboxes, but to duplicate his hard drive would take too long.”
“Okay, grab what you can.”
Jack plugged a Western Digital Passport hard drive into the Dell’s FireWire port and started copying files while Clark and Chavez kept hunting. After another forty minutes, Chavez whispered from the kitchen, “Gotcha.”
He came into the bedroom carrying a zip-top sandwich baggie. “False bottom in his utensil drawer.”
Jack took the baggie, looked at it. “Read-write DVD.” He popped open the Dell’s drive bay and slipped the DVD inside. He clicked on the appropriate drive letter, and the window popped up on the screen. “Lotta data here, John. About sixty gigabytes. A lot of them are image files.”
“Pull some up.”
Jack double-clicked a folder open and brought up the pics in thumbnail sizes. “Look familiar?”
“They do indeed,” Clark said.
Jack tapped his index fingernail on three pictures in turn. “For sure those are from URC websites.”
“Where’s there’s smoke…” Chavez said.
Clark checked his watch. “Copy it. Ding, let’s police it up. Time to get out of here.”
They were back at their hotel, a La Quinta Inn near the airport, an hour later. Jack used a secure FTP-file transfer protocol-to upload some of the images to The Campus’s server, then called Gavin Biery, their info-tech wunderkind, and put him on speakerphone.
“We’ve seen these before,” Biery said. “From the Tripoli flash drive?”
“Right,” Jack said. “We need to know if they’ve got stego embedded.”
“I’m putting the finishing touches on the decryption algorithm; part of the problem is we don’t know what kind of program they used for the encryption-commercial or homemade. According to the Steganography Analysis and Research Center-”
“There’s such a place?” asked Chavez.
“-to date there’s seven hundred twenty-five stego applications out there, and that’s just the commercial stuff. Anybody with halfway decent programming skills could make one up and fit it on a flash drive. Just carry it around, plug it into a computer, and you’re in stego mode.”
“So how do you break it?” This from Clark.
“I put together a two-part process: First check for discrepancies in the file-be it video, or image, or audio. If that finds an anomaly, then the second part of the program starts running the file through the most common encryption methods. It’s a brute-force process, but chances are the URC has its favorite methods. Find that and we can start speeding up the dissection.”
“How long?” Jack asked.
“No idea. I’ll start feeding the monster and get back to you.”
At three a.m. the phone rang. The three of them were awake instantly. “Biery,” Jack said, rubbing his eyes and squinting at the cell phone’s ID screen. He put the call on speakerphone.
“I might be popping the cork a little early,” Biery said, “but I think we’ve hit the mother lode. That’s the good news. The bad news is it looks like they’re using three different encryption methods, so it’s going to take some time.”
“You have our attention,” Clark replied.
“First thing: The banner image we saw on the URC website showing Dirar’s murder-I think it’s a digital onetime pad. Essentially a decoding grid for plain-speak messages. Whether it’s outdated or current I don’t know yet.”
This was no surprise to Jack. What was old is new again, he knew. The OTP system was ancient-how ancient was a topic of debate among cryptography scholars, but its birth into the modern age was in 1917 with an AT &T engineer named Gilbert Vernam-and while there were a variety of OTP flavors, at its core it is a substitution cipher, most simply arranged in the form of a random alphanumeric grid: combing a character from the left-hand margin with a character from the top margin, and where they intersect in the grid’s body is the single character substitution. Encoding and decoding was time-consuming, but providing the OTP was restricted to only the sender and the receiver; it was virtually unbreakable. In this case, certain URC members would know to check certain websites on certain days and download certain images, which would then be steganographically decrypted, revealing a onetime pad with which plain-speak phone calls, letters, and e-mails could be securely transmitted.
The question was, Jack thought, how often did the URC rotate its online OTP? The only way to find that out was to try to match known URC messages with onetime-pad images in the same time frame.
“This could explain why the baby announcement e-mail has dead-ended,” Jack said. “They switched pads and we’ve been a step behind.”
Clark nodded and said, “Go ahead, Gavin.”
“Second: One of the larger image files on Nayoan’s DVD-didn’t have a match on any we pulled off URC sites.
