True Faith and Allegiance

28

When Jack returned to the conference room, he found a note from Gavin saying he had to go to an IT meeting, but would return shortly. Jack put the man’s sandwich in front of his workstation, then sat back down in front of his own laptop. Here he found a folder containing the complete 127-page SF-86 application, formally called the Questionnaire for National Security Positions, of Barbara Maria Pineda.

The form was filled out in her handwriting and was nine years old.

He decided he’d read it from cover to cover, and then see if he would be able to discern from this, using any open-source intelligence he could find, that this twenty-two-year-old Army sergeant stationed at Fort Huachuca in Arizona would, nine years later, be opening a specific mailbox in Falls Church, Virginia.

The beginning of the form was boring government-speak. Some nods to the rights of the applicant and the scope of the investigation that would be done.

Soon though, Jack started feeling uncomfortable. This young woman was telling her life story up to this point within the squares, boxes, and lines of the form. Leaving nothing out. Friends, boyfriends, teachers, details on her family history, trips she’d taken, and even mentions of her parents’ economic problems.

Her father was from Honduras, a salesman who had immigrated to the U.S. with the help of relatives who had become citizens. Her mom was from Chelsea, Massachusetts. Barbara had never been out of the USA till she joined the Army.

Jack felt voyeuristic, almost dirty, poring over all the details of this young woman’s life.

But he kept going. He told himself no one else was looking at this document to see if it had somehow led to the death of Barbara, and could help him track down whoever was responsible for this widespread attack on America.

When he finished reading, he looked up the address of the crime scene. Typing this address back into his computer, he found the owners were Dwight and Cindy Gregory.

Jack thumbed back through the pages of the SF-86 to section 16, titled “People Who Know You Well.” The second name on the list was a Cindy Howard. Jack didn’t think there was much chance to find a connection, Cindy was a common name, after all, but he went to Facebook and typed in the name Barbara Pineda. It was surprisingly common, but the twelfth choice had a thumbnail picture that looked a little like the image sent along with the preliminary report from the FBI.

Sure enough, when he clicked on the page he saw this Barbara Pineda was one and the same as the deceased.

Jack opened her Facebook page and saw she kept her wall private, but he was able to see her friends list.

He did not find Cindy Howard from the SF-86, but he found Cindy Gregory easily, and she didn’t hide any posts on her Facebook wall. He began scrolling down her various postings.

And he saw everything he needed.

This is how the data thief did it. By using open-source intelligence. This intelligence. The SF-86 form to identify a person involved in the U.S. government in a classified role, then open-source methods to find out where that person was working. After the person involved placed the applicant in a specific role, he used more open-source in the form of the social media accounts of the friends and family of the men and women targeted. Friends and family the thief found either directly or tangentially from the OPM data breach. Perhaps not exactly as he had done it, but in a similar fashion.

A chill ran up his spine. Whoever was doing this had done what Jack had just done.

And it had taken Jack less than twenty minutes.

Gavin came back into the conference room from his IT meeting, and Jack said, “I’ve got something.”

“You better have my turkey sandwich.”

“Over there. But I also think I have the last piece of the puzzle.”

Gavin plopped down in his seat. “Oh, no you don’t. This is my puzzle to solve.”

“Then I guess I’ll sit on this information till you get it yourself.”

Gavin sighed. With a frustrated tone he said, “Go ahead, genius. Spit it out. Maybe I can poke holes in it.”

“This woman murdered last night. Barbara Pineda, an analyst at the DIA. She was killed getting the mail at a friend’s house.”

“Right,” said Gavin. “So if she was targeted, somebody knew she was house-sitting this week.”

Jack said, “In order to get that information, I figured they were tailing Ms. Pineda, listening to calls, tapping her e-mail. I decided I needed to find out when she made plans to do the house-sitting. I figured I could establish a time window for when they decided to use that location to hit her.”

“Makes sense,” Gavin allowed.

“But I’m no computer whiz kid like yourself, so that was a problem.”

“You are being a smartass, but since no one has called me a kid in forty years, I’ll let it go.”

Jack said, “So I just started looking at Twitter and Facebook. Barbara Pineda wasn’t big on either, but it was the low-hanging fruit, so I started there. I found the homeowner’s account where the bombing took place, and after only a minute I saw a post where she publicly thanked her friend in advance for watching over her house while she and her husband went on vacation. Barbara Pineda herself responded saying she’d do her best to keep the plants alive. Just joking around on another woman’s page, but this was the woman who lived in Falls Church. I found other pictures of Barbara with the family. It was that easy to find out she would be going by the house all week.”

Gavin said, “Pretty low-tech spy shit, but enough to get the job done.”

Jack pointed across the table. “And that, my friend, is the point.”

Now Gavin asked, “Any idea how the bad guys found out she was DIA?”

Jack shrugged. “That part took more work. If there are, as you suggest, tens of millions of applications, then the search would have to be automated with handmade databases. You could tell the computer to look in the SF-86s for specific schools, programs, backgrounds, that meant the person was Army intel, as was Pineda, or maybe an Arabic-language major at Georgetown or something that might indicate the person had gone into intelligence. She was stationed at Fort Huachuca, which is where the U.S. Army Intelligence Center is located. An automated application could pull out everyone who went there and then filled out an SF-86. It wouldn’t be easy to sort through with limited information, but we’re dealing with a person who knew exactly what they were doing.”

Gavin picked up his sandwich. Before taking a bite he said, “So… you know how they did it. Does that help you figure out who did it?”

“Not really. But the target selection does. I’d say this was someone working on behalf of the Islamic State. Why they picked her specifically, I have no idea.”

Gavin shook his head. “But ISIS didn’t steal this OPM data. That’s so far out of their abilities it’s not even a consideration.”

Jack said, “Well, Vadim Rechkov didn’t steal the OPM data, either. But this incident looks like it came from the intel leak Rechkov used. I’m thinking the entity who stole the OPM data and built a targeting package on Scott Hagen did the same thing for Barbara Pineda, only this time he gave his targeting package to ISIS.”

Jack added, “He’s a one-stop shop. He’s got the intel and the means to exploit it.”

Gavin said, “These are two very different skill sets involved. Makes me think this isn’t one guy. It’s a group working in concert.”

Jack considered what Gavin was saying. “You’re right. We’ve been thinking the hack was some government actor. But social engineering of this type, using open-source intelligence to determine patterns, that’s what you see in the criminal sector.”

“What do you mean?” Gavin asked, surprised at the statement.

“Getting passwords, identity theft, stuff like that. Sounds like cybercrime. Not cyberwarfare.”

“Yeah… you’re right. But whoever did this, it wasn’t some teenager calling customer service lines to trick call center employees into giving out passwords. Like I said, this targeting data is top-notch investigatory work.”

“Agreed,” Jack said. “It was someone first-rate. A criminal or a criminal organization able to scoop up this classified intel, and to exploit it. So… where would you go to find the best in the world at that?”

Biery shrugged. “Some places are known for cybercrime. The Russians are great. Central Europeans, too. There’s a group in Taiwan stealing identities all over the world, but they haven’t gone after secure government databases. North Korea pretty much sucks at it, but they try… a lot. Hell, even here in the U.S. there is a robust cybercrime problem. You could find some criminal organization in any one of these places and see the skills to expand the raw intel by social engineering and open-source investigations, but how did they get the data in the first place? And why? Why would a private company do this, when there are banks to hack, credit card records to exploit? Individuals to rip off on a large scale. All the easy money for them.”

Jack said, “What if one of these private companies was doing the bidding of a nation. An enemy of the U.S.”

Gavin nodded quickly. “Yeah, that does happen, but usually on a smaller scale. Some nations’ intel agencies contract with existing criminal hacking concerns, often based outside of their own borders, to do the dirty work. The company tries to penetrate our systems on behalf of their client. China does it all the time. They work with private hackers all over the world to try to raid American government networks. Sometimes they even get something out of it.” He took another bite of his turkey sandwich. “But in this case, since we have different types of targets being compromised, it sure doesn’t look like China is involved. I mean, why would China be involved with the Russian kid? Why the hell would Beijing use him as a proxy assassin against a Navy captain?”

Jack said, “I can’t answer that. But the U.S. government is looking for the state actor. What do you say we start digging into the cybercrime aspect of this? We can research organizations, study the criminal groups who have been particularly successful. Is there something more small-scale we can do to look for fingerprints of the criminals?”

Gavin shrugged. “Like I said, we need to figure out the why to figure out the who.”

“Would the private company sell off the data to the highest bidder?”

Gavin made a face. “Shit. I wouldn’t. That would be suicide. Evil Hacking Company Inc. doesn’t know who it’s working on behalf of, because of all the cutouts between themselves and the state actor, right?”

“Right,” agreed Jack.

“But the state actor is the one who hired Evil Hacking Company Inc., so they know exactly who they are.”

“Of course,” Jack said, then connected the dots Gavin placed. “Which means, if Evil Hacking Company Inc. decided to sell the data it stole on behalf of the Russians, for example, the Russians would be pissed, and they would just fly to Bangalore or Singapore or wherever and start killing off the senior staff of the company.”

Gavin said, “Or tip off the USA about who just stole all their data.”

“Right,” Jack said. “The state actor would have put a lot of time, money, and risk into this op, they aren’t going to let anyone screw them over and survive.”

Gavin deadpanned, “We computer hackers are a stalwart bunch, but we aren’t the types brave enough to go toe-to-toe with Chinese assassins.”

Jack smiled, even though he felt further from a solution that he did before. Suddenly, though, another thought came to him. “What if someone stole data from the ones who stole the data?”

“You lost me.”

“What if… what if the private enterprise who snatched the OPM data for the state actor got ripped off? Another company stole it out from under them, or a pissed-off employee who works for them decides he wants to make money selling off the exploited files.”

Gavin said, “Possible.” He thought for a moment more. “Honestly, you might be onto something. It’s as good a theory as any for why so many different types of bad actors are apparently abusing the same data, which looks to be pilfered on behalf of a government.”

Jack rubbed his eyes. His head hurt from thinking this through. “If somebody did swipe the files, how would they go about selling them off to Iran, Indonesia, a private Russian citizen, ISIS, and whoever the hell else? Could they really reach out individually to just the right person in each government without getting exposed for what they were doing?”

Gavin said, “Sorry, Ryan… can’t help you there. I’m the computer guy. That’s spy shit.” He laughed to himself. “I’m not aware of an eBay for spies.” He laughed at his own humor, but he did not laugh for long.

“Unless.”

Jack cocked his head. “Unless?”

“I mean… If you want to sell something illicit, you do it on the dark web.”

“That’s for like drugs and stuff, right?”

“It’s a safe way to conduct business between two parties without knowing who the other party is. If I were a thief who’d ripped off the criminal enterprise I worked for, screwed over a very dangerous state actor in the process, and wanted to make money by dealing with terrorist groups, organized crime, and other nasty state actors out there… I’m not placing an ad in The Wall Street Journal with my office address. I’m going to the dark web. I can open up my own little marketplace there, trade in Bitcoin with a Bitcoin hopper so that there is no way I can possibly be traced.”

Jack felt a tingle in his spine. He was onto something solid, he knew it. “Awesome, Gavin! Let’s go to the dark web and start hunting for this marketplace! Maybe there will be some clues into who is behind this whole thing.”

Now Gavin gave Jack Ryan, Jr., a disappointed look. Jack had received this look from Gavin Biery many times in his years working at The Campus.

Gavin said, “Some days I think I’ve trained you well. Then you go and say something so dumb I don’t even know why I bother hanging around you.”

Jack was used to Gavin’s style of admonishment. He didn’t take it personally, because he knew Gavin had spent his life with his head hunched over a keyboard, and social skills had never been his thing. “What did I say?” Jack asked.

“You don’t spend a lot of time on the dark web, do you?”

To that question, Jack asked, “And you do?”

“Hey, man. I do my job around here; it sends me down some creepy alleys. Anyway, you don’t search on the dark web. You have to have a specific address to type in to find something, and that’s how you get there.”

Jack said, “I get it. You don’t look. You are invited.”

“Exactly.”

“Oh,” said Jack, realizing for the first time that he had no idea how this worked.

Gavin leaned close and whispered to him. “That’s why they call it ‘dark.’” He was being a smartass, but Jack ignored it.

“So… If we have to get an invitation, then it’s hopeless finding the bad guy this way.”

“Not necessarily. What if we were able to hack into someone who our thief was in communications with? Maybe that way we could get information on how to see what he had to sell.”

“How the hell do we do that?”

Gavin looked down at his computer. “We don’t know who he talked to when he made contact with the Iranians, the Indonesians, the North Koreans, or the Islamic State.”

Jack understood. “But the Russian guy! Vadim Rechkov. He wasn’t aligned with anyone, as near as we can tell. He had his own personal axe to grind with his target.” Jack thought another moment. “And there is another way he doesn’t fit the mold.”

“What’s that?” Gavin asked.

“Money. All the other actors presumably could pay for the intel they were given. But Rechkov was a nobody. Not even working.”

Gavin was intrigued by this. “Very true. Why do you think he was given the data if he couldn’t pay for it like the Iranians and the others?”

Jack said, “Maybe Vadim Rechkov was someone the actual thief knew, or knew about, at least. For some reason, he gave Rechkov a freebie.”

His shoulders slumped a little now. “But I’m sure the FBI is looking into this already. They’ll have investigators taking apart Rechkov’s life and poring over his communications with everyone.”

Gavin brushed this away with a wave of his hand. “Yeah, but there’s something you aren’t considering.”

“What’s that?”

“Even though Rechkov is a piece of shit, and a murderer, and dead, and a foreigner overstaying his visa, the Feds will have to get court orders and everything signed off on before they even look under his doormat. Every step of the way the FBI will have to deal with the bureaucracy that will slow them down.”

Jack said, “But we don’t.”

“Nope, which means by the end of today we can potentially be further along in knowing who gave Rechkov the intel about Commander Hagen than the Feds who have been working on this the past two weeks.” Gavin smiled a little. “Unless you too are concerned about protecting the late Vadim Rechkov’s privacy by jumping through all the legal hoops the Feds have to go through.”

Jack looked at Gavin like he was insane. “Screw Rechkov. He’s a dead asshole, let’s crack open his life and see what falls out. If it can help us find who is behind this leak, and save others, I don’t give a damn.”

Gavin said, “Works for me.” He thought for a moment. “It’s safe to assume the person who passed Rechkov the intel about Hagen was a computer guy. Rechkov himself was a computer guy. I’ll see what message boards Rechkov hung out on, stuff like that.”

“Where will you get that info?”

“The FBI forensic team has his computer. I’ll get Gerry to ask Dan Murray for their findings. What’s the time frame we are working with here on the Rechkov attack?”

Jack thought about this. “Rechkov’s brother was killed, and seven months later he went after Hagen. Somewhere after the first event, and before the second event, the leaker made contact with Rechkov.” Ryan looked over the data he had on the Hagen case on his computer. Then he said, “Rechkov started moving from Portland to Princeton four days before he acted, so it happened before then.”

Gavin was looking at his own information on the case now. “Hagen’s sister booked the hotel rooms five weeks out from the trip. Before that, how would the leaker know to tell Rechkov that Hagen would be in Princeton, New Jersey?”

Gavin said, “I’m going to do some research on Rechkov’s online and e-mail activity in this roughly four-and-a-half-week time window. Maybe it will be a dry hole, but just maybe we’ll strike oil.”