The first time I met the contact, he was wearing Jake Gyllenhaal's face on a $LOGNAME called Frank. Spoiler alert. I deal with a lot of assholes in this business, but it's the banality that really gets to me.
We were both hanging out in a command and control node that the botherder had skinned to look like rain-slick alleys from Blade Runner, but the crowd assets milling around outside the mouth of the alleyways were all wrong. In a noir setting people are supposed to dress like shadows are fashion accessories; broad hats, raincoats showing a little leg, even a lace veil here and there, that kind of thing. The botherder had pasted in lifted assets from some kind of porno immersive, had them running street hooker scripts. Thigh-high boots, miniskirts, PVC corset tops, microsuede newsie hats, hoop ear-rings, the whole thing. I'd been signing into this node for a few weeks, and every time I was here I felt like Jake Gittes standing on the set of an Amsterdam red-light district scene, shot in Vancouver. The uncanny valley aesthetics weren't working for me at all, but maybe that was the point. Some of these guys try to play off as total amateurs to keep the customers off guard. These days it didn't matter how many signatures someone had on their public key, even well-established identities could suddenly start being driven by somebody's rent-a-cop.
Frank had something interesting for me, claims of a PKCS#12 file with a huge keysize, signed both by a public CA and by personal credentials belonging to the CSO of a company you've definitely heard of. He gave me the public key, pointed out the certificate extensions, which were sexy indeed: codesigning, server auth, client auth, intermediate issuing rights, the works. I squirted a challenge to him using the public key, his decrypt and response were back in milliseconds, and they were good. It was unbelievable. Plenty of corporations had cryptographic material like this, but it's the sort of thing you only ever hear about sitting in a reinforced vault on a console with no outside connectivity, biometrics for multiple C-level officers required to unlock the system and the one guy with the passphrase can't get on a plane without a public-private partnership exit visa signed by the CEO, the general counsel, and the outside auditor. The idea that anyone would give a rent-a-cop that kind of crown-jewels key material was unthinkable.
I checked my keystore against three different off-site backups, and everything checked out. The credentials had to be real, and they had to be stolen. Frank was playing party tricks with something he could just as easily use to embezzle billions in credscrip. What was he doing in a shitty neighborhood like this?
He had my attention, either way. Running that challenge/response with me had been a huge risk; if I were to put that recording out onto one of the security-focused data-streams, the key would be worthless in a matter of days. I asked him for a time and a place. Hey, we all make mistakes.
Our next meeting took place in private server space that Frank had rented for the occasion. I was inside a featureless cube with a chair, and the sad Gyllenhaal pastejob filled one full wall in front of me, now posterized down into a 4-color image like he was going to screen it onto a T-shirt later. Pixels the size of my fist would occasionally glitch and whirl. The whole effect grated on my sensorium like shaking hands with stale cotton candy, but I kept my composure and asked Frank not to keep me in suspense.
I'm here for you, Gittes. I need you to get something for me.
You'll understand if that seems a little unbelievable. A guy like me should be about eight pay-grades beneath a guy like you. What can you give me in the way of references?
This demand was bluff and bluster, and Frank knew it. Our handshake in the alley was the only reference he needed. I was a low-rent hack who made my money by breaking into computer systems and selling information that didn't belong to me. We both knew that he wouldn't have tipped his hand the way he had unless he already had a way to control me. I was asking him to make the threat that had to be coming.
He offered a file transfer. I accepted, skimmed it. It was the predictable worst-case scenario, a blackmail file like Kobayashi had on the crooks in The Usual Suspects. There's no such thing as airtight provenance on a dossier like this; I could have beaten back any three charges that the Mandatory Arbitration panels could make from the content. The problem was that there was enough material for a dozen charges or more. Frank didn't just know where the bodies were buried, he knew where I bought the shovel and what brand of quicklime I had poured over the remains.
That was the stick. The carrot was flattery:
We like your work, Gittes. You have a light touch and once you're on the inside, you never take more than you came there to get. Our models show that once you've taken on a contract, you're only 0.14% vulnerable to temptation. Once you've seen the job, you'll see why that's important to us. Go ahead and sign, and we'll talk more.
Frank had left one more file in my incoming queue, contract-terms.json. The pay wasn't insulting, but the details of the work were redacted; I wouldn't know anything about what I was being forced to do until I had put my digital thumbprint on this file and sent it back to him. I ran it through my EFF T&Cs analysis app, and the grade came back a few moments later, boldred text on a black background:
(tap for additional details)
Fuck it. When the Man is threatening to march you off a cliff, you don't linger at the edge enjoying the view. I signed.
We were standing out in unincorporated space, shapeless blackness that history buffs still called RFC1918 space even though the term hadn't been legitimately used for years. The network visualization toolchains were mostly designed for up-close analysis of the big corporate strongholds or for statistical-analysis models of the endlessly forming and reforming mesh networks that stretched out endlessly into the horizons. The prefix advertisements measured size of the objects, the ASN aggregations placed the objects at specific coordinates on grids, port scans opened up windows of bright light in otherwise blackened facades. Public information sources about usage and corporate ownership gave color, and strung bright lines between the structures. The overall impression was of impossibly cyclopean corporate-owned skyscrapers rising up out of a dense rainforest of consumer devices. Some jackass had figured out how to put billboards on the building models, and network operations groups had spent months trying to figure out how to filter that noise out of the BGP advertisements until one of the joint ventures that had been injecting ads into the network diagrams won its first restraint of trade lawsuit. 128 bits was supposed to be enough for everyone, and this is what we did with it.
RFC1918 was a good vantage point because there was no point in building anything on it; embedded devices from the last century were still plugged in all over the place, endlessly vomiting ARPs, attempts to bootstrap up into routable networks, SSDP NOTIFYs, and similar noise. From a network segment with no legacy equipment, RFC1918 was like a couple of 24-bits-and-change vacant lots on the outskirts of town. Frank had shed his Gyllenhaal aspect in favor of a more expensive procedurally generated man-in-suit, but for some reason had kept the initial UID. He pointed deep into the American legacy allocations, at a spiderweb of squat but broad structures, slung low between the larger buildings but still far above the treeline of the mesh networks. The data model showed them all wired together by fat golden strands of legacy trunknet, the fiberoptic cable that we used to call the backbone before a proliferation of consumer-grade wideband devices went peer-to-peer, solving the last-mile problem overnight and simultaneously collapsing authoritarian governments in half the countries of the world. These days even the North Koreans had instant runoff voting.
Do you know what that is, Gittes?
Sure, it's one of the old CDNs. Nobody bothers with those any more since the meshnets came online, do they?
You'd think so, but a lot of these corporations just keep paying the contract every year. You know how it is: some CFO gets asked to pay a one-time staffing cost in the mid six figures to tear out the old infrastructure but balks at the price tag, and decades later the lifetime opex costs have hit half a billion and everyone is pleading the Fifth in Congressional Board of Directors hearings.
Yeah, yeah, tech inertia. Let me guess, you met some grandmotherly lady on a cruise, turned out she was a sales rep for Akamai who hadn't signed a new client in years but actually owned the cruise ship. Why do we care, Frank?
Your job is right there. It's down in the logdata stream. Let's go in for a look.
The interior of the storage node was cramped and seemed to smell of cheese. The node was packed with logs of midgress traffic, internal exchange between CDN nodes of cached data. The companies collected this stuff obsessively, because it was all grist for the billing system. Frank was a small icon in the corner of my vision, a still closeup of Gyllenhaal's left eye and eyebrow with a little hairline and part of an ear. He wasn't here with me, he was just another open task in my mind's eye. I was accessing the node's diagnostic instrumentation, streaming Frank real-time metrics on load average, uptime, network latency, disk usage; just to give him something to watch while I worked.
Entry hadn't been difficult; to me it felt like running my hand over the surface of a brick wall, finding a spot with just a little bit of give, pressing gently, and watching a door swing open. You could unpack the semantics of what I had done and there would be a lot of conversation about packet fingerprinting, probability matrices, known vulnerability lists, social engineering, misdirection; but these are just tools. It's the way a man brings them together that makes him a craftsman.
A URL appeared in my field of vision: a picture of somebody's cat.
Show me how this image has been used recently, said Frank.
The data in the node wasn't much, barely even a terabyte, but it showed the way the image had been passed around from one node to another over the past few weeks. I ran it through my fingers, felt the weight and line of it. Timestamps, headers, billing codes. I packaged up some summary data and flicked it toward Frank's icon.
Is this what we're here to do? Track usage statistics on a Caturday macro? What good is any of this?
Humor me. Show me where it came from.
I reached back into the data, twisting streams of it back and forth in my hands. Grasp, pull, listen; a low hum like an orchestra tuning up before as symphony. There. I flicked another datastream back at him: time, location, probability. The midgress data told me that the image had gone viral somewhere near Atlanta, and had followed the sun across the country as various people woke up and checked their social streams. I included a social graph indicating a group where the trend had probably started.
To be more specific I would need to compromise one of the edge nodes. Look, why does this matter? Data about the origin of memes isn't worth anything to anyone. It doesn't even quell the arguments about how something got started.
Just be patient, we'll get into that later. For now get out of there, and use that light touch of yours to make sure you don't leave a trail back to us.
I signed out an hour later, rubbed my eyes, crushed and snorted an Adderall, and popped a couple of benzos. I closed my eyes and massaged my temples, trying to ignore the creaking astringent orange sensation that filled my senses as I did it. The job was huge, bigger than anything I'd done before, and my data implants were aching just thinking about it. Frank hadn't chosen me because of my supposed immunity to temptation, he'd chosen me because of my filtering skills. He had laid out some infographics, the kind of glossy internal marketing data that moved back and forth through modern corporations like systole and diastole. He could have stolen it from anywhere, and in fact it looked like he'd stolen the same thing from several sources. Product after product, company after company, the infographics told the same story: at quarterly-report views, the data showed an investment in marketing followed almost immediately by a spike in sales. At the daily view, drilling down into which marketing campaign had delivered the sales boost, the numbers were vexing: the sales spike had actually preceded the release of the marketing campaign by a matter of hours. The campaigns were always freelance work, coming from little New York LLCs with names lifted from song lyrics. Wu-Tang, White Stripes, OK Go. Out of business as soon as the check clears. Whatever it was, it was happening to everybody, nobody was to blame, and from a macro view it looked a lot like spooky economics.
Frank was looking for Root Cause Analysis. What had precipitated the sales spikes, since it couldn't have been the marketing campaigns? Mining CDN logdata made a sort of perverse sense. We had no idea what people had been doing at the moment each Event started, but almost everything they were doing would have left little fingerprints here and there in the CDN logs. Those sites using the CDNs weren't doing much important any more, but it was a ubiquitous obsolescence. Image macro memes never died, they just kept bouncing from site to site, and every image served meant a fraction of a fraction of a fraction of a penny in revenue for the CDN operators.
Earlier, I asked him:
How will I get in? You're not just asking me to break into one CDN, you're asking me to break all of them at once, without getting caught. He opened his right hand, software schematics slowly rotating above his palm like a blue-white digital egg. I accepted the download, read for a minute, then backed up and caught the metadata he had used to wrap the gadget: it was signed with a descendant of the PKCS#12 file he had shown me back in the off-brand Vancouverdam C&C node. I whistled in awe. The thing was packaged as a low-level driver update for the packet radio sitting in nearly a third of the world's meshnet devices. It was a trick that would only work once: all he had to do was join the meshnet showing a signed update to the code, and every device that connected with his would pass it outward and then update itself. After the update, the payload would activate, silently waiting for either password material or VPN connectivity related to the target networks. We would have at best half a day before security researchers had sounded the alarm, hit the kill-switch on Frank's update, and repudiated his codesigning key. Post-mortem of where the break in the trust hierarchy had failed would take days or weeks more, but most likely the executives who had let their crypto escape into the world would be spending a few long weeks in interrogation. The analysis would probably never determine what we had actually broken into; the same mob of rogue meshwork devices that would give us our entry into this particular basement in this particular corner of the city could open any lock in the world, and for the sake of misdirection Frank would probably use the hack to open an enormous number of them, all at once. He didn't seem worried about losing the security certificate.
Here's the reason I'm so good, the reason Frank heard I have a light touch: digital synesthesia. A century ago, I would have been an ordinary man who couldn't work factory jobs, because a century ago there were no I/O implants. I had the Rolls Royce of machine-brain interfaces welded directly onto my nervous system, microscopic filaments of modern science wrapped around the nerves all the way up and down my spine, reporting back to nanoscale circuitry that had been screwed directly into my vertebrae, C3 through C6. With most people this would have just meant a cyberspace with hijacked touch, balance, and locomotion. Good enough to walk, swim, and fly without leaving your recliner, but with me, it had become something much more. From an early age, I had surprised my parents with statements like "these pants feel goldenrod yellow," or "my purple crayon is shouting at me!" I almost had a seizure the first time someone gave me a deep-tissue massage.
I volunteered for the implants because it meant a free ride all the way through grad school. My thesis adviser encouraged me to use neural network techniques to train the implant software to use my synesthesia to encode different kinds of data-streams. The success was so unprecedented that I simply dropped out of college then and there: I could simply run my hands over the lock on a virtual door and feel how it would open. Few doors in the networked world would remain closed to me. Other than my adviser, absolutely nobody else knew exactly what I could do. Until Frank. Maybe.
Was he inside my head, or did he just have my CV and know what results he could expect? Either seemed possible.
Back in-band, I was standing directly underneath the CDN infrastructure Frank had shown me before. My POV had shifted to that of the compromised meshnet nodes. I'd never smeared my perspective across so many data-sources before. Trying to focus on a single network object was a little bit like trying to look up my own nose--and succeeding. I thanked the fuck Christ for those benzos; I could feel the cluster migraine coming on already, but it was like hearing muffled shouting through the cheap walls of an apartment building. Suddenly, my perspective snapped back into focus and I was inside a giant high-ceilinged warehouse, the CDN servers represented as golden crates piled high to the ceiling.
I made my left hand into a reducer, and my right hand into a sampler. Twist the fingers of the sampler like this and tendrils go flying off in every direction, brushing alongside the golden crates and dipping into them like this: cool/molten/sandy/silky/raspy/singing/pungent/oooh-too-loud/exquisite/stinging!/chartreuse. Thrust the knife edge of the reducer into the floor like so and a pool of data started accumulating in front of me, colorless and shapeless, but growing truer all the time.
I lose my sense of time when I'm doing this kind of thing, but deadlines are an easy software fix, so I didn't worry about it. I had configured the sampler with some stabs at initial metrics I thought I might care about: product names, date-and-time ranges, customer demographics, and similar. Imagine tuning the dial on a radio back and forth, catching snatches of a tune on the tip of your tongue, not quite knowing the song you're hoping to find but somehow zeroing in on it anyway. Imagine a visit to the optometrist, layering different lenses in front of your eyes one after another, asking repeatedly:
Which is better? One or two? One or two? One or two? until your vision is perfectly clear. Imagine running your fingers repeatedly through long, tangled hair, teasing out the knots. Imagine you're in front of a stove, seasoning a pan gravy by smell. Imagine you're sitting blindfolded in front of three glasses of wine, asked to guess their origins. Imagine all of these experiences merging slowly together into one single answer. Yes. The answer. THE ANSWER! One sensation that isn't taste, touch, sight, sound, or scent--just certainty, raw and uncut.
Shit. There was a message waiting alarm on my secure stream. It was Frank; the message was just a number. Correlate: it was the checksum of the blackmail file he had sent me when I first accepted the job. He was saying Stay on task, Gittes. Asshole.
The reducer in front of me had captured the filaments of data Frank had sent me here to gather. I felt like old tea that had been left to steep too long. I felt like old tea ready to put fists through brick walls. I felt like old tea ready to dance the night away. When I disconnected from the networks, I would need to lie still in my bed for hours, pressing a damp washcloth to my eyes until the terry cloth stopped radiating cerulean blue through the pores of my skin. The data in front of me was golden, but several shades deeper than the crates I had teased it from. The reducer had, for some reason, shaped it into a perfect Fort Knox bar.
I knew I had what I needed, but I didn't know how to read it. There could have been a dozen explanations for trends like that: leaked ad campaigns gone viral, paid flash mob activity gone overeager, even marketers stealing their ideas from some feral, inscrutable tribe of coolhunters marketing amongst themselves. The first rule of cryptographic espionage is to never let the enemy know you have broken his codes. The brute force attack that got me to this place, an aggregate view of a thousand individual system hacks, broke that rule completely. Frank the Rabbit had spent an unthinkable amount of capital putting me here so that I could give him the answer to his question, and it would probably turn out to be nothing of consequence. There was always the chance there was something truly spooky here, a lever of true control for a man like Frank, or for the powers that must have been massed behind him.
That fucking threat. Frank just had to remind me, in the middle of the job, what he could do to me if I betrayed him. Like I'm not a professional. Like I'm going to lose focus at the penultimate moment.
What if the break-in had been worth it? What would Frank's operators do to the guy that had given all that power to them? What would they do to keep me from selling their secret to my next customer? I didn't want to find out.
Who was Frank, really? He had put me here, in the secret nerve centers of our digital world, because he knew the depth of the hold he had over me, and because he knew that I had never gone on fishing expeditions during any of the other jobs. But does Frank know how I became the man with the light touch? Did he hijack me because he had my internal schematics, or because he knew my expected outputs?
I thought: He was concerned about my discretion. He picked me because my history told him that I could get what he wanted without disturbing my surroundings. He wants a cat burglar, a delicate hand. I am those things, but with the right kind of eyes, there are other ways to think about the man with the light touch.
I thought: Frank came to me using recycled media assets. Jake's face, which reflected my own assumed name: a name I had assumed in turn to reflect the back alley where my customers hired me. In a world where anything and everything can be a part of your costume, the man who had everything didn't make a costume of his own. He decided to mock my own camouflage instead. A show of power, rather than a show of wealth.
I thought: When you get down to it, that was a big mistake. Here in this place, with origin, midgress, and edge all spread out in front of me, his first choice of costume meant that, if I wanted to, I could probably look behind the costume and into the eyes of the man who had worn it. Frank paid the price to get me here because stealing a single treasure from the vault was worth more to him than keeping the key to its door. Frank put me here because he had a dossier that told him there was a 99.86% chance that I wouldn't try to use the key on my own. Then he tried to hedge that fraction of risk with threats he didn't need to make.
I checked the alarm timers, and I seemed to have plenty of clock-cycles left. I looked down at my right hand, still configured as a sampler. My fingers were golden, and they shone like the warm rays of the sun.
I was the man with the touch of light, and as I spread my sampler's grasp over the dark corners of the warehouse like this, I focused on my reducer like so, with one question on my mind:
Who are you, Frank the Rabbit? Who are you, really?