“Lisa.”
To Jack, Clark called, “Lisa…” Jack nodded and said her name into the phone. Clark, back to the girl: “Gimme your last name and Social Security number.”
“Uh, wait. Wait a second… So you just need the credit card info?”
“Yeah. Don’t worry about it, though. We’ll have a team down here in about twenty minutes. What time do you get off?”
“Nine a.m.”
Clark chuckled. “Sorry, not today you’re not.”
Lisa was tapping on the keyboard again. “They used a Visa. Card number…”
Pretty slick,” Jack said, as they climbed back into the car.
“Nobody wants the hassle. I call it the little-big theory. Make the favor you’re asking seem real small and the consequences real big. So whatdya think? Your type?”
“Her? Cute enough, but something tells me she’s not exactly a crossword-in-ink kind of girl.”
Clark laughed at this. “So you’re holding out for beauty and brains?”
“Anything wrong with that?”
“Not a thing. Call in the card, get Bell working on it.”
It took twenty minutes. “No more motel charges, but the day they checked out I’ve got half a dozen-souvenir shops, McDonald’s, Starbucks… Just incidentals, and just that one day. I’m e-mailing the details and a Google map.”
“Why the map?” Jack asked.
“All the charges were inside a square mile of one another.”
Jack hung up and brought Clark up to speed. “They switched credit cards, switched names,” Clark said. “Good sign.”
“Good how?”
“Stand-up citizens don’t do that, Jack.”
Jack’s phone e-mail chimed, and he checked it. Clark asked, “Where’re we going?”
“Virginia Beach.”
Okay, guys, we gotta make a decision,” Sam Granger said. “Plain text or encoded?”
Granger, Hendley, and Bell had been arguing over it for an hour: With Hadi and his team having gone to ground after the Paulinia attack, and with the URC changing its onetime pads every day, did Hadi have the ability to decrypt messages? Better question: Did they have the ability to “de-stego” the images in which the OTPs were embedded? Granger and Bell didn’t think so, but Hendley was worried.
In the past, the URC had run its big operations by the dead-man switch rule: Once the execute order is given, there’s no turning back and no pulling the plug. This change had come after the failed URC bombing of the Berlin U-Bahn, when, shortly after the go-signal had been given, the URC’s cell leader in Munich was captured by the BfV and persuaded to reel in the attackers. Of course, in the larger context, none of that mattered: Dead-man switch rule or not, either Hadi would get the message or he wouldn’t. If he had the ability to decrypt, a plain text message would spook him and their chance would vanish.
“Listen, we have to risk it,” Bell said. “We use our message to spook him but in our favor. Get him worked up enough and he might not even question the plain text.”
Hendley considered this, then looked to Granger. “Sam?”
“Okay, let’s do it. We’ll move Hadi just once and tell him it’s dry-cleaning, then we’ll move him to the Rocinha, and Chavez and Dominic will grab him up.”
Bell stood up and headed for the door. “I’ll get it uploaded.” He left.
A minute later, Hendley’s phone rang. It was Gavin Biery. “You guys upload the message yet?”
“Rick just went to do it.”
“Shit. Stop him; get him back. I’m on my way up.”
79
BIERY WAS UPSTAIRS and walking into Hendley’s office two minutes later. “I found a pattern,” he announced. “You send that thing in plain text and Hadi will know it’s bogus.”
His last-second interception of Rick Bell had been the result of a marathon night of watching his newly written algorithm chew on the URC’s onetime pads. Though by their very nature the letters within an OTP are meant to be random and therefore unbreakable by anyone not working off of the current pad, it was in Biery’s nature to look for patterns where none seem to exist. It was, he’d once explained to Jack, sort of like the SETI (Search for Extra- Terrestrial Intelligence) project: “There’s probably nothing out there, but wouldn’t it be cool if there was?” In this case, what Biery had found was a pattern to the URC’s onetime pads.
“OTPs are great, probably the simplest form of ‘unbreakable’ encryption in the world, though nothing’s truly unbreakable,” he’d explained once Rick Bell returned. “It’s all a matter of probabilities, really-”
Granger cut him off. “Another time, Gavin.”
“Right.”
“Well, like you figured, the Emir, or whoever came up with this, was probably worried about their people in the field. Kinda stupid to carry an OTP on you, or have it on a laptop you’re carrying around, so they came up with a system to re-create the day’s pad while you’re on the go. It’s time-consuming but doable.”
“Let’s hear it,” said Bell.
“They’re using a formula called the middle-square method. It was created by some Hungarian mathematician named von Neumann in 1946. Essentially, what you do is take a seed number-length doesn’t matter, as long as it has an even number of digits-then square it, then take the middle part of the resulting number-again, however many digits you want-and use it for your new seed number. Since these guys would probably be doing it on paper, they’d use small numbers and build on them. Here…”
Biery grabbed the legal pad on Hendley’s desk and started writing:
49 ? 49 = 2-4-0-1. New seed number = 40
“Since you can’t use zeros, you round up. So your new seed number is 41. Then you square that, and so on, until you’ve filled the OTP grid.”
“And the numbers are random?” This from Granger.
“Pseudo-random, but you wouldn’t be able to tell unless you had a whole bunch of OTPs to number-crunch. The more complicated the formula, the more random the numbers, but at some point you can’t run the calculations with pencil and paper.”
“So what formula are they using?”
“Month, day, and year, all added together. Take today, for example: May 21, 2010…” He wrote:
5 + 21 + 2010 = 2036
“You’d just use the middle two digits. Rounding up the zero, of course.”
“And thirteen is your new seed number,” Hendley said.
“You got it.”
“And all their OTPs use the same method?”
“All the ones we got from Almasi’s safe.”
“Damn nice work, Gavin.”
“Thanks.” He left.
“That boy just saved our ass,” Granger said.
