the third floor come into the room after submitting to a pat-down, and this poor young man then had to hand- transcribe hundreds of pages of document files onto a legal pad for translation back at his desk.
While the documents were being transcribed, Biery looked through the executable files and discovered other secrets.
A complicated custom-coded file-uploading system on the device was at first a mystery to Biery. Looking through the source code of the program, he could not for the life of him discern what made it different from all the commercial file-uploading applications available for free. It seemed to be an overly complicated Rube Goldberg piece of software.
He was certain there was something to it; FastByte22 was not the kind of hacker to build something so bloated just to pass the time, but he put it aside and kept hunting through the device.
In the end, the Chinese translator unlocked the secret of FastByte22’s computer. The Mandarin notes, it seemed, were ruminations that Zha had in his time away from work. Ryan had explained to Gavin that when they tailed FastByte through the streets of Hong Kong, and even when he sat in the strip club, he seemed to always be typing away on the computer. Biery understood the kid; he was the same way. In his time away from work Gavin was always on his laptop at home or making little audio notes to himself in his car, ideas that just came to him in that moment that he wanted to record for later.
Most of Zha’s notes were just his ideas, and many of them were silly or downright weird: “I want to break into the website of Buckingham Palace and place a picture of Chairman Mao over the Queen’s head,” and “If we were able to fire the stabilizing rockets on the International Space Station, could we hold the world for ransom to prevent the ISS from crashing into a satellite?”
There was also a detailed plan to take control of a diabetic’s insulin pump remotely by going through the attached low-power superheterodyne receiver and hacking into it with a directional antenna, presumably for the purpose of increasing the flow of insulin into the person’s bloodstream to kill him from up to one hundred feet away. It was clear from the notes that FastByte22 had done some testing on the equipment itself and had recently ordered a receiver from a company in Marseille to be sent to a P.O. box in Mong Kok.
Many of Zha’s notes revealed to Gavin that the dead Chinese hacker had possessed a brilliant mind with a fertile imagination.
But many more of the notes contained important pieces of intelligence value. “Discuss with Center the discovery regarding the hydroelectric dam fail-safe measures.” And “Ukrainian command servers are only as stable as the local power grid. Kharkov = better than Kiev. Discuss with Center the need for Data Logistics to reroute traffic away from Kiev before adopting next phase.”
Most of the notes posed more questions than they provided answers for Biery, but he did find the explanation for the large, complicated file-uploading application. From a note Zha had made just one week before his capture by Navy SEALs, Gavin learned the software was a handmade piece of malware Zha created that would allow a hacker to upload a virus via Cryptogram, the instant-messaging system Center used that was thought to be virtually hackproof. Gavin had studied Cryptogram when it came out, but he’d not delved deeply enough into the software to where he could easily recognize the code Zha wrote. Once he had the simple explanation from the Mandarin text document, he went back into the code and saw there was nothing at all simple about the uploader itself. It was brilliant and intricate, and Biery saw in the different way the code was written that a large team of coders had been involved in constructing it.
That was interesting. Back in Hong Kong, Zha had been seen with other well-known Chinese hackers. Here was more evidence that they were, in fact, working together on high-level computer malware.
The second big revelation from FastByte’s handwritten notes was even more of a bombshell. The young Chinese hacker used code words to signify people and general names to signify places, and Gavin realized quickly that he would not be able to break the code without being inside Zha Shu Hai’s head. But Zha slipped up in one of his documents. He had mentioned the “Miami command server” four times earlier in a long note to himself about exfiltrating data from an unnamed U.S. defense contractor, but the fifth time he referred to the location as the “BriteWeb command server.”
Gavin immediately left his sterile lab, rushed to his office, went online, and searched for BriteWeb in Miami. He got an instant match. It was a Web-design and data-hosting outfit located in Coral Gables. A little more digging showed him the business was owned by a holding company on Grand Cayman.
Gavin picked up his phone, called in one of his employees, and told him to drop everything and dig into the holding company.
An hour later Gavin was back on the phone, this time calling Sam Granger, director of operations.
“Morning, Gavin.”
“How soon can you get everybody into a conference room?”
Granger replied, “You’ve got something?”
“I do.”
“Come up in twenty minutes.”
Twenty-five minutes later, Gavin Biery stood at the end of the conference table. In front of him was the entire complement of Campus operators, along with Gerry Hendley and Sam Granger.
“What do you have for us?” Hendley asked as soon as everyone was settled.
“I’ve got a long way to go before I’ve unlocked all the secrets on the device, but in the meantime, I’ve located one of Center’s command servers.”
“Where is it?” asked Chavez.
“Miami. Coral Gables. Southwest Sixty-second Place.”
“Miami?” Granger was clearly surprised. “So this is the command-and-control location of the hacking operation?
“No. This is one of the places a botnet run by Zha and Tong sends data that it steals from hacked machines. It looks as though this is not just some benign server being hacked as a data drop location, though. You can tell by how the company is set up that the owners of this server knew good and well they were going to be using their hardware for nefarious purposes. It’s an underground-economy server. Definitely run by shady bastards. They have a drop point nearby, so they can pick up cash and goods.”
“We are talking about criminal acts?”
“Yes,” Gavin said, “there is no doubt. They are hiding the identities of the owners of the server behind front companies and bogus registry information. The owner of the company is Russian, his name is Dmitri Oransky, he incorporated in the Caymans, and he lives in the U.S.”
“Shit,” said Granger. “I was hoping… expecting it to be somewhere out of the country.”
Gavin replied, “There will be other command servers in a botnet this large. Some will likely be in the U.S., others will be overseas. But this one is definitely part of the operation, and the guys running it definitely aren’t playing by the rules.”
Driscoll said, “If it’s attacking the U.S., why would it be here in the U.S.? Don’t they know that makes it easier for us to shut it down?”
“Bad guys
Gavin saw most of the men at the table did not really understand. “They think they can hide the origin of their command servers, so why not put them right under our noses? The fact is that it works pretty damn well ninety- nine percent of the time.”
Dom Caruso said, “Even if Miami isn’t the nerve center of the entire operation, it’s clear this Coral Gables address is a piece of the puzzle, and we need to check it out.”
Sam Granger put up a hand. “Not so fast. I’m leery about sending you guys on an op on U.S. soil.”
“Not like we haven’t done it before.”
“True, the Nevada op, for example. But that was a different situation. We know Tong and his people, whoever the hell they are, have targeted us directly, and they have evidence that could close us down easily. This
