Read an Excerpt From Cory Doctorow’s Attack Surface (Part 3)

  • More Chapters from Attack Surface:
  • Part 1 - October 2, 2020
  • Part 2 - October 2, 2020

Most days, Masha Maximow was sure she’d chosen the winning side…

We’re excited to share an excerpt—the final of three appearing this week—from Cory Doctorow’s Attack Surface, a standalone novel set in the world of Little Brother and Homeland. Attack Surface publishes October 13th with Tor Books.

Most days, Masha Maximow was sure she’d chosen the winning side.

In her day job as a counterterrorism wizard for an transnational cybersecurity firm, she made the hacks that allowed repressive regimes to spy on dissidents, and manipulate their every move. The perks were fantastic, and the pay was obscene.

Just for fun, and to piss off her masters, Masha sometimes used her mad skills to help those same troublemakers evade detection, if their cause was just. It was a dangerous game and a hell of a rush. But seriously self-destructive. And unsustainable.

When her targets were strangers in faraway police states, it was easy to compartmentalize, to ignore the collateral damage of murder, rape, and torture. But when it hits close to home, and the hacks and exploits she’s devised are directed at her friends and family—including boy wonder Marcus Yallow, her old crush and archrival, and his entourage of naïve idealists—Masha realizes she has to choose.

And whatever choice she makes, someone is going to get hurt.


 

 

The Sofitel wasn’t the only hotel in Blzt, but it was the nicest by far. Everything else was either a glorified youth hostel or a crumbling, ex-Soviet pile with an angry Boris sitting at a desk outside of each floor’s elevator lobby, ostentatiously marking down the comings and goings of everyone who got in or out of the elevators.

I checked into the least-worst of these, the Kharkiv, and when the check-in clerk demanded my passport, I beckoned her close and slid her a hundred-dollar bill. It was faster than arguing. She gave me a long, considering look, then plucked a key off a board behind her and passed it over.

The eighth floor was nearly entirely derelict, with plywood permanently wedged into the doorways of nearly every room. The “concierge” behind the desk in the elevator lobby smirked at me as I wheeled my bag past him, waving my key at him. Room 809 was between two boarded-up rooms, which was fine with me—more privacy was always preferable.

In the room, I stripped the stained coverlet off the bed and dug my silk sleep-sack out of my bag before sitting down at the scratched desk to unpack my laptop and phones and collection of SIMs. I plugged in a prepaid SIM from a company that sold cheap data roaming to business travelers and checked that I could tether my laptop to it and fire up a VPN.

It was 7 a.m. and I was simultaneously exhausted and frantic, unable to stop replaying the night’s events, unable to stop racing around a mental hamster wheel that made stops at my total savings (absurdly fat), and Kriztina’s chances (terribly thin). I climbed into my sleep-sack and listened to the footsteps from the floor above me and the traffic noises from the street below leaking through the drafty window and the grimy drapes. I put my laptop and phone in my backpack and went down to the hotel’s breakfast room and ate some stodgy porridge with pickled vegetables and salted meat, then went back to the room and lay back down again, trying to pay attention to the sound of my stomach gurgling while I put Kriztina and her friends into a purpose-built compartment.

I finally drifted off, waking up just after noon, feeling bloated and fraught, the sense of a powerful sorrow and danger just over my shoulder. I got into my VPN and did some careful work to verify that Xoth had indeed terminated my official access, including the backdoors I’d left for myself. Someone farther up the chain had been watching me. The undigested breakfast in my gut curdled a little more.

On the other hand. If I couldn’t get into the Slovstakian state networks, then I didn’t really have much to offer Kriztina anymore, did I? I’d given them the help I could, when I could, and I’d warned them to get away when it became clear that I wasn’t going to be able to keep on offering that kind of help. It had been good advice and they were adults, capable of making their own decisions. The fact that they—and every other dissident—were likely to end up in the knucklebreakers’ custody was a reality they would have to reconcile for themselves.

Aeroflot had been steadily cutting the flight schedules to Blzt as the protests had grown and grown and the number of business travelers had shelved off. There was still a daily Moscow flight, and a twice-weekly Berlin service. I could get that Berlin flight the day after next, visit the offices of my Swiss bank on the Ku’damm, take a fast train to a luxury spa in the countryside somewhere, and decompress for a week or two, far from conflict and responsibilities. A week of that, I’d be ready to think about what to do next. That was the advantage of being me: I could fight other peoples’ battles—for money or for my own reasons—but I didn’t have to.

 

I tried to go clothes shopping, slogging from heavily guarded mall to heavily guarded mall, stubbornly insisting that somewhere there must be a store selling a single, solitary garment I’d voluntarily wear. It was a comfortably pointless way to spend a few hours, and I ate a numb pizza at a Domino’s and went back to the hotel. There was another protest planned for the square, and I had to detour around several police blockades. That was okay by me. The last thing I wanted was to involve myself with the protests. I’d be in Berlin in thirty-six hours. All I needed to do between now and then was nothing.

I shared the elevator to the eighth floor with a hooker and her client, all of us awkwardly looking away from one another. When the doors opened, the man behind the desk waved them through, then insisted on seeing my key and noting its number. I began to get the impression that the eighth floor was reserved for the most special guests at the hotel.

I set down my bag next to my bed, stripped off my underlayers, and then pulled on thermal tights and a sweatshirt—the room was freezing, presumably on the assumption that any tenants would be (a) short-term and (b) engaged in vigorous physical activity. I plugged my laptop into the wall charger and then zipped it into my bag, climbed into the sleep-sack, and closed my eyes. For a merciful change, I fell asleep quickly.

 

I woke to find myself in the dark room, with the sense that there had just been a loud noise. I sat up, looking around, reaching for my bag, shucking swiftly out of the sleep-sack, trying to remember where the light was, where I’d left my shoes.

Then I heard a scream from the street below, and a car horn, and then more screams, and then a terrible, rending crash. I stopped feeling for the light switch and went to the window, opening the blinds from the edge, looking down.

It was a bad crash, one of the city’s Finecab subcompact autonomous taxis bent around an empty planter, and I reflexively snorted: the self-driving vehicles were an absurd source of national pride for Slovstakia, and if you’ve heard of Slovstakia, there’s a pretty good chance that this is literally the only thing you know about it: “Oh, that’s the country that was stupid enough to buy gen-one automatic taxis.” The Finecabs were notorious for getting into fender benders, and had become a symbol of how easy it was for foreign companies to sell garbage tech to the country’s ruling elite (see also: Xoth).

But this wasn’t one of the customary comedy-crashes. From the sounds filtering up from the road, someone had been hurt. I saw someone in hotel livery rush to the car and decided it wasn’t my problem anymore. I went back to bed.

I was just drifting off when I heard another crash, farther away, accompanied by blaring horns, then another, almost immediately after, and screams that didn’t stop. I looked out the window and saw that others were doing the same, some of them holding their phones, and then they were shouting excitedly at each other in Boris. I retreated to my bed and got out my phone, tunneled out to the free world, and started looking for Slovstakia in the feeds.

Even though it was all in Cyrillic, it wasn’t hard to figure out the night’s news from the pictures: first the massive protests in the central square, then a baton charge from the cops and a countercharge, blood and tear gas, and then more gas, pepper spray, and the crowd broke and ran for it. That much I’d seen before, but what came next was anything but the usual.

At first, it was just photos of car wrecks, all involving Finecabs, many with injuries. Judging from the clothing of the injured, they were all protesters. I started to get a bad feeling. I kept scrolling. More injuries, more crashes— then, a shakicam video, racking up views like a broken odometer: an autonomous taxi speeding toward a crowd of protesters who were standing on an empty street corner. The protesters noticed the cab as it drew near to them and broke and ran, and then—the cab chased one of them. It was a woman, in a puffa jacket and snow boots, and as she ran, her friends screamed in horror. She turned a corner and the view from the camera started to jerk as whomever was holding it raced after it, rounding the corner just as the car sped off. The woman was lying motionless in the street.

That’s the video you probably saw, if you saw any of them, but for me, it wasn’t the worst. Compared to the videos taken from inside the taxis, by passengers who were hammering at the emergency stop buttons, that video was relatively benign. The screams from inside the cars as their victims’ heads starred the windshields and left behind streaks of blood and hair were a thousand times more terrifying.

I knew I wouldn’t be going back to bed that night. I logged in to Aeroflot and booked a ticket on the next flight out, to Moscow the next morning. It wasn’t Berlin, but it didn’t have to be. I could get to Berlin from there. I could get anywhere from there.

Where should I go? I felt alone and small, and ashamed to have been fired. I was good at being alone, and scared could go into a compartment, easy.

Apparently I wasn’t the kind of person who worked for Xoth anymore. I didn’t want to be that kind of person. Chances were pretty high that Xoth had sold Litvinchuk and pals the exploits to take over those cars. I’d been complicit in some pretty terrible shit before, sure, but what if Kriztina had been thrown over one of those little subcompacts, or crushed against a building by one, or run down and driven over?

I messaged her, just a quick encrypted check-in, and then, because I was going to be leaving soon, I packed my bag and synched my sensitive files to an encrypted cloud store, then securely erased them off my laptop. Now I could comply with an order to log in to my laptop and enter my hard drive’s passphrase without turning over my most sensitive data.

Doing that took my mind off Kriztina, but it also focused my attention on what I was going to do after my flight landed in Moscow in a few hours. Reflexively, I looked at my calendar, though of course all my appointments related to a job I’d just been fired from with extreme prejudice. But looking also reminded me that it was Tanisha’s birthday, or it was in Europe and would be shortly in San Francisco. The reminder was smart enough to include my address book entry for her and that was smart enough to include her last social post, a selfie of her in afro-puffs, grinning in front of a huge crowd of protesters somewhere else—Oakland, of course.

Seeing her smiling out of my laptop weaponized my loneliness, making it physical, an elephant on my chest, so that I gasped and gasped before my breath came back. Tanisha was a remnant of another life of mine, one without so many compartments and so many contradictions to stuff into them. It had been years since we’d been in regular contact, but still, she was one of the few people whose birthday was still in my calendar, and I never missed sending her a note.

> Happy birthday, Neesh! Thinking of you

That was truer than I meant it to be.

> hope you have a killer Stay safe, stay weird, stay you. XO Masha

That was all, a message whose mere existence—still thinking of you—carried as much meaning as the words inside it. I sent it and went back to looking at connections from Sheremetyevo.

Then my phone rang.

My screen showed TANISHA, and an older pic, which dated back to the last time I’d seen her, which was at Burning Man, with her in a silver bathing suit and her afro all crazy around her head, playing an upright bass in a jam band that we’d wandered into.

Tanisha was calling my old number—I mean, my OG number, the cell number I’d gotten at twelve—which forwarded to a cloud asterisk call-server that had a ton of rules that allowed a very small number of people to forward onto whatever phone I was using at the moment. I was religious about updating the forward, even though (or because) it meant my mom could reach me whenever she wanted to, which was both more often than I wanted to speak to her and less often than I wanted her to want to speak to me.

“Yo.”

“Masha?”

“Hey, Neesh. Uh, happy birthday.”

“That’s tomorrow.”

“Not where I am.”

“Oh. Shit. Is it like three a.m. where you are or something?”

“Two a.m. Don’t worry about it, I was up.”

“Masha, tell me you’re not still partying. You’re too old for that.”

I laughed. “I’m not too old for it, but no, I’m not partying.” I looked around the terrible Soviet-era hotel room. “Packing for a flight.” Then I wished I hadn’t said that.

“Where are you flying?”

Maybe some part of me wanted to have this discussion with her. Otherwise, why would I have raised the subject?

“I’m still deciding that.”

There was a pause on the other end. “Uh, okay. You must be hella far away, though, the call sounds terrible.”

“I am, but I’m also putting the call through a bridge. Makes the logs harder to fingerprint.”

She sang a few bars of the Mission: Impossible theme, which was her traditional way of telling me that she wasn’t impressed with my paranoia. But she trailed off weakly. “Sorry, I’m in no position to be mocking you.”

Oh. I tried not to pay much attention to US politics—after all, most of what I hated about present-day America was stuff I helped to invent. But of course a call out of the blue from Tanisha was more likely to be soliciting professional advice and not catching up on gossip.

“Tell me about it.”

The long silence spoke volumes. I was sure she was thinking something like, Can I even trust this phone connection?

“Neesh, if you want to talk more privately, I can call you back. You still have that app?” We used to use Signal for phone conversations when I was in-country, and Tanisha said she was going to try to get her pals to use it too, but I knew that without active reminders of the threat model most people would default back to the standard way of talking.

“Uh,” she said.

“Thought so. Reinstall it, and I’ll call you in five.”

“Can you hear me?” Signal calls were a lot more jittery than regular voice or even Skype, prone to drop into Dalek-sounding interference and voice-ina-box-fan juddering, but my roaming SIM was pretty good and Tanisha had found a spot with good reception, so it was almost as good as a regular call—for now.

“I hear you.” She sounded exhausted and it was only late afternoon on the West Coast.

“What’s going on, Neesh?” I thought maybe the connection had been cut. “Neesh?”

“Sorry. Let me get my head straight. Just a sec.”

This wasn’t like her. Tanisha had the straightest head I knew—the Tanisha I knew was an iron woman.

“Okay, it’s like this: I’ve been going out for the Black-Brown Alliance meetings and rallies, the big ones in Oakland. I took precautions, we all did— phones locked and in airplane mode when we were on-site, no fingerprint unlocking, all our cards in Faraday pouches. We only talk in person with phones off or using encrypted disappearing chat. But I always remembered what you told me—”

“There’s a difference between mass surveillance and targeted surveillance.” “Right. So I’ve been extra careful. I use a burner for all that stuff, and I wear dazzle to the demos, watch out for kettles and get out fast when they start to form. But—”

“Come on, spit it out.”

“You’ll think I’m being paranoid.”

“Neesh, trust me, I will never, ever think you’re being too paranoid.”

I heard her sigh and waited. With Neesh, sighs always came in pairs, it was something we used to tease her about. I hadn’t thought of it in years, but my subconscious remembered. There it was.

“You were the one who taught me about binary transparency, right?”

“Yeah.”

Binary transparency was an exciting idea, but also a complicated one that almost no one could actually understand. First, you had to understand what a hashing function is: that’s a cryptographic algorithm that takes a long file (say, a computer program or an email or a software update) and generates a short “fingerprint” number from it that a human being can easily read aloud and compare with other fingerprints (for certain values of “easily”). If the hashing function is working well, it should be basically impossible to deliberately create two different files that have the same fingerprint, and likewise basically impossible to figure out what was in the original file just by looking at the fingerprint (for “basically impossible” think of all the hydrogen atoms being turned into computers that worked until the universe’s heat-death to guess the answer, and still running out of both space and time).

Next you have to understand public-private cryptographic keypairs. The short explanation: whatever a public key scrambles, only the private key can unscramble, and vice versa. So everyone shares their public keys as widely as possible and guards the secrecy of their private keys with their lives. If you get something you can decrypt with my public key, you know it was encrypted with my private key (and only my private key). If you encrypt something with my public key, you know that only someone with my private key can decrypt it. If you want to send me something that only you and I can read, you encrypt it with your private key and my public key, and then I use my private key and your public key to decrypt it—and now I can be sure that only people with my private key can read the message, and only people with your private key could have sent it.

When you combine hashing and keypairs, it gets cool: you can first hash a file, then encrypt the hash with your private key, and I can use that hash to check whether you sent the file, and whether the file was changed between you and me.

Got all that? No? Join the club. Almost no one understands this stuff, which is a pity, because now we’re about to get to binary transparency, which is awesome af, as the kids say.

Stay with me: hashing lets you create a short “fingerprint” of a file. If you have your own copy of the file, you can hash it again and make sure it matches the fingerprint. If it doesn’t, someone has altered the file since it was hashed. Keypairs let you scramble a file—or a fingerprint—so that you can be sure who sent it, and also make sure it wasn’t changed, and even make sure no one else can see what the file is.

Now let’s talk about software updates and backdoors: all the software running on all the computers you rely on is, approximately speaking, total shit. That’s because humans are imperfect, so they make errors, which is why every book you’ve ever read has typos in it. The difference is that you can usually figure out what the writer meant even if there’s a few typos sprinkled around, while tiny mistakes made by computer programmers lead to crashes, data-loss, and, of course, the possibility that other computer programmers—let’s call them “hackers”—break into the program, take over the computer, and destroy your life.

So we say “security is a process and not a product”—meaning that we’re going to be discovering bugs in the software you’re depending on forever, and we need a way to fix those bugs when we find them. That’s why every computer you use bugs you all the time to update it with a patch from the people who made it.

Now, cryptography works. If a programmer does her job right and doesn’t make mistakes, the messages that her program scrambles will resist brute-force attacks until the end of time and space (see above). When a government wants to access someone’s secrets, they need to find a way to get at them without directly attacking the crypto. I mean, why burn resources and time attacking the part of the lock mathematically proven to be secure? There are so many other angles for a government to use.

Like, they could send someone to your house and put a tiny camera, the size of a pinhead, in a position that lets them see your screen. Or they could wait until you leave your laptop in a hotel room and send someone to break the—inevitably shitty—hotel-room door locks and take over your computer, with BadUSB or by sticking a hardware keylogger in it or some other method. But physical intrusion is so pre-digital; it lacks the elegance of a software-based attack.

Which brings us back to “security is a process.” For software to be secure, it has to have a way to receive updates from the people who made it, because they’re always finding bugs, and will always find bugs, and so security is a process and not a product.

What about forcing a company to update its software with something that introduces a bug, rather than fixing one? Companies are not happy about doing this, but maybe you can bribe a low-level employee, or you can get your attorney general to threaten to put the CEO in jail unless he orders a flunky to write some spyware and ship it to the target(s) in the guise of a security update. As a bonus, paranoid people worried about government surveillance are also the people who are most diligent about applying security patches.

That’s where binary transparency comes in. Even if a company is willing to push spyware disguised as security, they probably don’t want to send it to all their users, not least because the wider things are spread, the more likely it is that someone will spot the switcheroo and blow the whistle. The best way to ship a targeted backdoor is to target it—at a user, a city, a region, possibly a country, but ideally not everyone, because “everyone” includes “bored, obsessive grad students who decompile every update from every company looking for a thesis subject.”

Which means that one way to spot a backdoor in your security update is to compare every update you receive with all the updates that everyone else receives. That’s binary transparency: programs ship with binary transparency modules that automatically take a fingerprint of every update they receive, and send that to one or more transparency servers, possibly with a fingerprint of the program before and after the update’s installation—sometimes there are different versions of programs based on language, so the English patch might not be the same as the Chinese patch because their error messages are in different languages. But when two Chinese users get two different patches, something might be going on.

Binary transparency is elegant and cool. It gets turned on before companies get deputized to spy on their users, which means that it’s already in place when the G-men show up at your door. If they force you to push out a backdoor, binary transparency will reveal it. If they force you to push out an update for everyone that turns off binary transparency, everyone will notice and their paranoid targets will stop using it.

This means that a rational government agency won’t even bother to ask for backdoors, because they’ll never work. Because binary transparency takes backdoors off the table, it takes asking for backdoors off the table too.

That’s the theory. But binary transparency is one of those things that’s exciting in theory and really messy in practice. First of all, nearly every binary transparency alert is a false alarm: maybe the company sends different updates to different customers as a way of live-testing an experimental feature, or the update or its fingerprint gets changed in some minor way by an ISP that’s doing deep packet inspection or some other dumb thing. Neither of these things happen very often, but they both happen a lot more often than binary transparency catching a real backdoor (in part because companies known to have binary transparency turned on understandably don’t get as many backdoor demands from spies). So almost no one knows what binary transparency is, and if you do, chances are that all you know about it is that it’s a thing that you can safely ignore because it only ever throws false alarms.

Which wouldn’t be so bad if government agencies were rational, but spies are by definition total weirdos. Think for a second about the kid you knew growing up who always wanted to be a spy someday—the combination of grandiosity, authoritarianism, and paranoia. In the 1960s, the CIA tried surgically implanting cats with listening devices—and training them to spy on America’s enemies. (This is real. Google “acoustic kitty.”) Think about this for a second: not only did the CIA think the veterinarians who insisted you couldn’t implant huge battery-operated recording devices in live cats were just not trying hard enough—they also thought you could train cats. Because when you give paranoid, grandiose authoritarians an unlimited budget and no oversight, things get fucked up.

So any assumption that the spies won’t come knocking on a binary transparency shop because it’ll only waste their time and yours drastically overestimates the extent to which spies are adverse to wasting their time and yours.

Which means some of those alerts from binary transparency checks aren’t false alarms. They’re just spooks betting on their ability to bull their way through stupid, uncooperative reality.

Binary transparency is still used, because it shows up on checklists of “things companies should do to resist spying,” but in practice, everyone ignores it. Except Tanisha.

“It’s Hushush. I got an update this morning and I was about to run it when I got a binary transparency error. I almost just tapped OK, but then I remembered you telling me about it, and how no one ever paid attention to it, which meant that bad guys might just try to chance it and backdoor stuff that has binary transparency turned on. But you know, I have things to do that don’t involve being a technology person, like fighting white supremacy, and . . .”

“Yeah. That’s how it goes for everyone. The radiologist who’s scoping your tumor wants to know if you’ve got cancer, and if the only way to find that out is to plug in the network cable that’s never supposed to be plugged in, then cancer wins one hundred percent of the time.”

“Yeah.”

Someone on my floor—maybe the commissar in the elevator lobby—let out a long, windy fart that was so loud I could hear it through the wall. I snorted.

“What was that?”

“You heard it?” Signal’s sound-processing was getting better, evidently.

“Are you laughing at your own farts, Masha?”

“No, someone else’s from the hotel here.”

“‘Here’ is . . . ?”

“Blzt.”

“Where?”

“In Slovstakia.”

“Where?”

“It was part of the USSR. I wouldn’t recommend it as a destination.”

“Damn, girl, you are an international jet-setter.”

“If you could see the dump I’m in, you’d be a lot less impressed. Are you going to tell me what happened next?”

“I’m working around to it. Impatient much? Okay. Well, that was a week ago. I was using it to stay on top of the Black-Brown Alliance, right? There are ten of us in my affinity group, all organizers from way back. Our target’s been the expansion of the Oakland Fusion Center, which you’d think would be a soft target after the leaks, but they’re vicious, because they’re fighting for their lives and they know it.”

I knew about the Oakland Fusion Center, of course—a war on terror boondoggle that absorbed tons of federal funding to help local cops coordinate all their surveillance gear with various feds, from the DEA to the NSA. And I half remembered that they’d had some kind of leaky scandal, but I couldn’t remember what it had been all about.

“Remind me?”

Tanisha sighed and that took me back, because it was the special sigh she reserved for alleged white allies who managed to pay zero attention to something that every brown person they knew was talking about nonstop.

“The dump last month? Hello?”

“I’ve been on a different continent, Neesh. Cut me some slack, would you?

How much do you know about the popular uprising in Slovstakia?”

“Wait, that Slovstakia? Shit, you were there? Did you see that Nazi kid get shot? Did you see the showdown?”

“You shame me. I suck. You know about all the struggles for justice in the world and I know about nothing that doesn’t affect me and my personal bubble of privilege. Now, are you going to explain, or should I go read the Wikipedia entry and call you back in twenty minutes?”

Tanisha snorted. “Wikipedia? That dump’s a whitewash. The redpill bros and the Blue Lives Matter folks have figured out that brigading Wikipedia gets them better bang for their buck than hitting social media. That’s where all the lazy journalists go for their backgrounders. The tl;dr is that the Fusion Center got hacked and dumped, which they’re blaming on Pakistan, of course, but everyone else says it’s an inside job, because that’s what the leaker said, you know, ‘I got into this job to help people but I found myself hurting people, blah blah,’ standard Snowdenisms.

“Anyway, the dump showed that the Oakland PD was dirtier than you could believe. Some of the narcs were running a protection racket and using the Fusion Center’s feeds to watch their victims, make sure they weren’t holding out, and these guys were sharing passwords and tips for erasing their traces in the logs. Another guy, a sergeant, was pimping underage girls and using the Fusion Center to track down his rivals and check out his johns to make sure they weren’t undercovers. It just got worse and worse—cops having affairs with each other and talking about killing their wives and husbands, really deep and detailed plans, not just tossed-off jokes.”

“Okay, this is ringing a bell.”

“Yeah. I mean, at first everyone was like, ho ho, boys in blue will be boys, and this is Oakland PD after all, everyone knows how dirty they are. But as the dump got mined and analyzed, it just got worse until the feds had to come in and start making arrests. They said they were going to close down the Fusion Center and everyone was like ding-dong the witch is dead, but I was all, hold up, this was way too easy, there’s something coming. I have burner accounts subscribed to fedbiz and the Federal Register, watching for sneaky procurement announcements and RFPs, and I spotted what looked a hell of a lot like a plan to make the Fusion Center much bigger, like ten-X, and I fed that through the Black-Brown Alliance to the Freedom of Information affinity group and they filed a bunch of public records requests, which all got denied, bringing in ACLU of Northern California. Then there was a leak—another dump, not as big as the first one—including a ton of the documents they were blocking us on, and then everyone could see that the cops and the contractors who’d built the center saw this as life-or-death, go big or get buried. Internally they called it a Super Fusion Center, with a whole unit dedicated just to hacking suspects’ devices to gather evidence.”

“Shit.”

“Yeah.” There was a long pause, that kind of phone silence you get with digitally compressed calls where small noises like breathing and shifting get edited out, leaving total flatline silence. “Masha, I never asked you too much about what you do, you made it clear that I wouldn’t like the answers, but these memos, they were talking about cops secretly activating the cameras and mics of all the phones in a ZIP code and listening in for a perp’s voice or a keyword.”

“And?”

“And, I was like, come on, that’s science fiction, it’s some vendor overpromising to get a big contract. But . . .”

“But is it possible?” “Yeah.”

I shrugged, even though she couldn’t see me. “Yeah, it’s possible. Baseband radios, the chips that talk to the phone towers, they’re garbage, no real security to speak of, and they can be used to man-in-the-middle all the traffic going in and out of the phone without the OS knowing thing one about it. If you had a trove of exploits for Android and iOS it wouldn’t be impossible to use baseband attacks to take over all the phones connected to a given tower, though that exploit would probably be discovered pretty quickly, and even the feds are going to run out of zero-days eventually. But if all you cared about was compromising most phones—the ones with out-of-date operating systems—then yeah, that wouldn’t be too hard at all. People might figure it out when their batteries started running down twenty-five percent faster, but shit, batteries suck anyway—”

“You’re ratholing, Masha.”

“Sorry, sorry. Yeah, it’s possible.”

“You said that.”

“I meant it.”

“Well, that was the thing that got everyone’s ears up, got the city councilors starting to sweat, got the press involved. It’s just such a special horror, the idea of your phone watching you, and it was like, everyone could imagine how the cops would take one look at this and say hell yes, we would like very much to turn every phone in the East Bay into a listening device, thank you very much. Once that got going, we were able to stage some really big protests, you know, not the usual pattern where a thousand people come on day one, and then five hundred and then fifty and then it’s just five sad losers with hand-lettered signs. This was like Occupy was, back in the day, got bigger and bigger, people bringing their kids down and all, and it was like, Oakland PD was caught between a rock and a hard place, anything they did to crack down on the protests would just prove our point, so it looked like we were gonna win.”

I needed to pee. I hit mute and sat on the toilet. I could guess where this was going.

“That’s when things started to get sketchy. Email’s always been a sewer of unreliability, but it got worse, and it sure felt like the messages we were sending to each other were going missing more than all the other messages. A bunch of people started organizing on Facebook because they are old, and then Facebook shut down their group for violating ‘community standards’ and yeah, that’s happened before too, but the timing was spooky. Then came the traffic stops, and the weirdly specific minor drug busts, and anyone who was late on a parking ticket or a library book was liable to get a visit from OPD. We figured they were going after the leaders, the organizers, like Cointelpro 3.0, and so we started to really bear down on our opsec, and also to make sure we were clean as whistles, everyone’s bills and fines paid up, no one leaves the house without ID, no one goes near anything bustable. One comrade went to a house party and it got raided fifteen minutes later, a hundred people arrested, and then we stopped going to house parties.”

“Now you’ve got a binary transparency alert. What is it for?”

“Openstreetmaps.”

I flopped back down on the sofa. Openstreetmaps was the fair-trade hippie-granola version of Google Maps, but it had the advantage of including static maps that were signed and mirrored all over the web, meaning that you could download a region’s maps and then navigate with them without the phone company, the government, and Google knowing about it. Poisoning the maps you sent to a group of protesters wouldn’t be that interesting—it’s not like you could get them to walk into the ocean by drawing a road that wasn’t there. But every protester would be downloading Openstreetmaps, and that meant that poisoning Openstreetmaps would be a good way to sneak onto protesters’ phones.

“It’s just you? Not any of your little gang?”

“My affinity group. No, just me. I called them before calling you.”

“Huh.”

“Masha.”

“Okay, here’s the worst-case scenario. They’ve looked at the encrypted communications going through your ‘affinity group’”—I tried not to pronounce the finger quotes but I’m sure I failed, because being irritated by cutesy jargon is my superpower—“and though they can’t see what you’re all saying to each other, they can see that when you say something, other people start talking, or acting—”

“This is information cascades, right?”

“Uh . . . right.”

“You explained it to me, girl. You were drunk as fuck, though. Kept talking about how you were the command-node for our little group, which is cute.”

The last couple times I’d seen Tanisha, it was at parties or Burning Man, big, crowded places where we could lose ourselves dancing and not have to talk too much about what I was doing and who I was doing it to. I didn’t like the idea that I’d gotten drunk enough to discuss tradecraft with her and then forget it had happened. I was accustomed to thinking of myself as more careful than that, or at least more compartmentalized.

“I guess I must have. Yeah, that’s information cascades, and it’s worst case because if they’re going after you, it’s because they figure that you’re a leader and they’re going to neutralize you.”

“That was what I was afraid of. What’s the best-case scenario?”

Best case? Software error—no one’s hacking anyone. But assuming you are being attacked, best case would be something like a drive-by, untargeted attack: someone’s broken into the Openstreetmaps server and they’re serving out malicious payload with every nth download, just to see what they got. Petty criminal dumdums, in other words—not sinister government forces.”

“Let’s hear it for petty criminal dumdums, then.”

“Don’t get your hopes up, Neesh. You should be treating this as a live fire exercise. If it turns out it’s just dumdums, then you’ll save yourself the embarrassment of being hacked by dumdums. If it turns out it’s the law, you definitely don’t want to wind up hacked, because they’ll use you to nail everyone you trust and love.”

“Including you, right? I mean, maybe they’ve already got me, right?”

“Even if they don’t, you reached me by calling my private number and it’s not hard to figure out who controls that. On the plus side, it’s also not hard to figure out that I’m an old friend of yours who’s been talking with you on and off since we were teenyboppers, so maybe the machine-learning system that’s ingesting all your phone records will discount me.”

“I hate this.”

“You chose it.”

Clearly the wrong thing to say. Long silence.

“Masha, don’t be an asshole.”

I knew exactly what she meant—I chose it, I’m the one who went to work building these systems, I’m the one who made them my life and filled my every waking hour with them. Choosing to be an activist wasn’t choosing surveillance: choosing to make surveillance was choosing surveillance. I knew what she meant because we’d had this argument before, which is one of the advantages to talking with old friends, all that shared history, all those old conversations in the data-bank. It was also the crisis of talking to old friends, because it liberated the fragments that had been compartmentalized years ago, let them stretch and breathe and remind you of all the ways you had disappointed yourself and everyone whose opinion you ever cared about.

One of us was going to have to speak to break the silence. She was clearly trying to control her temper. I was trying to reassemble my compartments.

“I don’t really think you’re an asshole, Masha.” Tanisha was a sentimentalist. A good friend. Someone who would back down. I wished I could be like her.

“I’m sorry too, Neesh. Let’s reboot this. You’re actually in pretty good shape, all things considered. If they’re trying to hack you, it means they haven’t hacked you yet. Plus, it’s not one hundred percent certain you’re being hacked by the cops themselves—maybe it’s one of the contractors in line for fat payouts if the plan goes ahead.”

“Why is that good news?”

“Because they won’t have a warrant, so they have to be a lot more cautious about getting caught, meaning they can’t be as aggressive. I think you should just make a lot of noise about this—the alternatives are to either ignore it and tighten up your opsec, or try to fake them out by letting them take over your device and then use that to feed them fake info, and I don’t think you’re sneaky enough to manage that.”

“Gee, thanks.”

“It’s a compliment. Sneakiness isn’t the same as smartness. To maintain the charade, you’d have to make zero mistakes, and they’d only have to find one mistake. But if you go public and make a noise, then people like you might be more careful about their own shit, which will help you, because if they can’t get to you, the next step would be to get to the people you talk to and intercept the messages they exchange with you.”

“And then what?”

“Then what what?”

“I go public and what happens next?”

“Next you’ll probably get some of the academic security researchers asking to analyze the update, which is harmless. If you hear from Citizen Lab, you should totally go for it, those University of Toronto types run a tight ship. The bad guys keep on trying to pwn you—but they’d do that anyway. Maybe some of them will take it personally when you out them, but do you really care if the war criminals trying to take over your stuff are doing so because of a grudge?” I thought of some of my former co-workers, the kinds of things they got up to when they had a grudge. “Okay, grudges could make things worse, but Neesh, you’re already plenty fucked.”

“You’re really good at pep talks, you know that?”

“Hey, join the club. I’m fucked, you’re fucked, everyone we know is fucked. At least we know it and get to steer our canoes on the way over the falls.”

“Are you drunk?”

I rewound what I’d just said. My compartments were breaking down. I was clearly overwrought and overtired. “Just dealing with my own shit. Sorry, Neesh, that wasn’t nice. You’re not fucked-fucked, just a little fucked. If it helps, you’re only fucked because someone thinks you pose a threat. So you’re doing something right?” I meant it as a statement, but it came out as a question, because in my line of work, if someone knows enough about you to consider you a threat, you’re doing something wrong and potentially fatal. “I’m sorry, seriously.”

“Yeah. Me too. But I’m not sorry I’m trying to do something.” Which was supposed to sting, I think, because if I was doing anything these days, it was something bad. I thought about Kriztina and her merry band.

“I’m glad you’re doing something, Neesh. Maybe I should come and join you.”

Her voice got soft. “You’d be very welcome, you know that, right? I miss you, Masha. We all do.”

I put that one in a compartment for later. “I miss you guys too. Uh, you know, I’m kind of thinking of heading back to the US sometime soon—”

“You’ll stay at my place.”

“Is that an invitation?”

“You don’t need an invitation with me, ever. I don’t know what you’re doing there, but we could use you here.” She swallowed audibly, a couple times. “It’s getting hard around here, no joke. It’s like every time things look like they’re at a breaking point, they don’t break, they just stretch, and we all get stretched out. Meanwhile, any time someone puts up any kind of fight, well, next thing we know that person’s getting arrested for some bullshit—and everyone else is just that little bit less willing to fight. No one knows what’s true, everyone might be an informer or an agent provocateur. You know how stuff works, you could make a real difference.”

Kriztina and her friends. My compartments strained and buckled. “Knowing things isn’t enough, Neesh. Trust me, I know. The reality is that you are outgunned and outflanked and outresourced. Sprinkling internet fairy dust on your political uprising isn’t going to change that fundamental truth.”

Another one of those total, compressed silences. It went on for so long I had to look at my phone’s screen to make sure the call hadn’t dropped.

“Hello?”

“I’m here, Masha.”

“I don’t want to discourage you—”

Her derisive snort was straight out of my teen years, a ghost from the past.

“What do you counsel, then, Masha? Should we use typewriters and couriers to organize our resistance?”

“Don’t be stupid. Couriers are easy to intercept and a camera can take a long-range photo of your typewritten memo.”

“Yeah, I figured that out for myself. So what should we do, Masha?”

This is where this discussion always broke down. We’d had versions of it for decades, and there was one time that it went so badly that we didn’t speak to each other for a year.

“Neesh, just because I don’t know how to solve your problem doesn’t mean that I can’t tell you that your solution isn’t making it better. I may not know why you have a headache, but I can tell you that beating your head against that wall isn’t helping any.” Thinking: please don’t give me another bunch of suicidal idealists to babysit while they destroy their own lives.

“I’ve heard you say that before, and I’ll tell you what I think: it’s bullshit. Every single change in the world has come from people trying to change things. That includes all the long shots. Yeah, I don’t know how we go from our little affinity groups and our protests to a better world, but I know that doing nothing sure won’t help. There’s every reason we could fail, but no reason we can’t succeed.”

When you compartmentalize really well, it can be like you’re outside of your body, watching it react to the things around it. A long way away, I noticed that part of me reacted to this “every reason we could fail/no reason we can’t succeed” with a surge of hope, wanting to rush home to Tanisha and join her at a barricade somewhere; another part of me wanted to shake Tanisha by the shoulders and say, Wait a sec, surely you should pay a little attention to “every reason we could fail” before you put yourself at risk of a beating, life in prison, maybe being killed?

That second part was fierce, flooding my body with adrenaline and making my hands shake. It was imagining Tanisha getting hit in the face with a tear-gas cannister and losing an eye, and right next to her, holding her limp and bleeding body, was me, eyes swollen and streaming from the gas. From far away, I heard myself breathing in my terrible hotel room, realized I was hyperventilating.

Somewhere, a computer was watching this call just as I was watching myself. Maybe neither of us had been compromised and all it could see was that Tanisha was talking to me and that I was talking to her, old friends linked by nothing more than shared history. Or maybe it had full access privileges to every word and every breath, ingesting feeds from our cameras and mics, rooting stealthily through our filesystems for stored credentials and logs.

This fact was something I had lived with on both sides, and I knew that the way to deal with it was to pretend it wasn’t there—to act as though everything were fine and normal, like phones were things to let you talk to your friends, not to let anonymous strangers watch and judge you. You had to pretend this because otherwise you became a terrible person, paranoid and angry all the time, and you made your friends’ lives terrible.

“I guess so, Neesh.” That was the voice of normal. Reassuring. “I’m glad you’re out there fighting. You’re my hero. Seriously.” It was a normal and good thing to say. Saying it made me a normal person, a good person. “There’s a good chance I’ll make it to California soonish, no reason not to. It’ll be so good to see you. Stay safe, okay?”

“I will. You too, Masha. We’re still your friends here, all of us. We love you. Any time you’re in trouble, you can call on us.”

I’d done that once, had them run interference for me while I did something stupid and no-reason-we-can’t-succeed, trying to get away from all the spook stuff with Marcus Yallow as my insurance policy (which he fucked up). Tanisha and Becky had gotten away clean then, but no thanks to me. Pure chance. They could have ended up in a world of shit. If the computer listening to us knew that fact, it would be paying a lot of attention to this call, walking our social graphs and looking for people to add to the “targeted surveillance” list—people whose every byte would be scraped and stored forever, cleartext and ciphertext alike. The cleartext would give you insight into the ciphertext, because you could use the conversations on either side of the black box of encrypted stuff to infer what happened inside that black box (I email you and ask you if you know any good lawyers, you have an impenetrably encrypted conversation with a lawyer, then you email me back and suggest that I get in touch with your friend, the lawyer—it’s a pretty good bet that the encrypted emails were about whether the lawyer would talk to me). Then there’s the very real possibility that the crypto we’re using has some kind of undiscovered flaw in it, and someday in the future that flaw will be revealed, and our black box will spring open.

I was ratholing again, deep-diving into my own paranoia.

“Thank you, Tanisha,” I said. Then I blurted, “I love you,” which isn’t something I say very often, and hadn’t planned on saying then.

The machine silence was unbearable. My armpits were suddenly slick. “I love you too, Masha. We all do.”

“Bye.” There was nothing else to say.

“Bye.”

I kept the silent phone to my ear for some time, feeling the warmth it had generated encrypting and decrypting our conversation. The hotel room felt suddenly cold.

I realized I was holding my breath and let it out. Set down my phone and breathed in. A chime.

I had a new message. From Ilsa.

> Take care of yourself.

I dropped the phone. The timing of the message was no coincidence. Ilsa was letting me know that the watchers I’d imagined were there. She had firsthand knowledge of them, which meant that either Xoth was watching me for its own reasons (I could do the company some real PR damage) or they had a contract to do so—maybe Xoth itself wasn’t worried about me blabbing, but one of its customers wanted to make sure I didn’t out them for their domestic spying.

Another chime. I didn’t want to pick it up, but I couldn’t not look. The message came in over an encrypted chat app I’d used with Xoth, one that signed in with an identity that was separate from my phone number.

> You can take care of your friends without exposing yourself, if you’re careful.

Did Ilsa know what Tanisha and I had talked about? Was she inside my phone? Or was this just a blanket warning? Had she done a quick check on Tanisha, seen the kind of shit she was into, and infer that Tanisha would have been calling me for opsec advice? This kind of analysis—figuring out who knew what and how they knew it and what else they’d be able to figure out shortly—had made me the rock star of Carrie Johnstone’s operations. Since then, I’d reflexively used it to examine my own life and circumstances, and if it wasn’t for the compartmentalization, I’d have a permanent case of the willies.

Go compartments!

I didn’t answer Ilsa and I didn’t block her either, because as much as that would have made me feel better, it wouldn’t help me figure out her next move and mine. Realistically, Ilsa didn’t want to hurt me—all she wanted was to ensure my silence. Of course she wasn’t going to buy that silence, because that would mean rewarding me for my shenanigans, and as a matter of principle, she wouldn’t do that.

Ilsa probably thought she was being friendly, doing me a favor. Because that’s the kind of person she was, and that’s what passed for a favor among people like her. People like me.

I was suddenly so, so tired. My eyes were scratchy and sore and when I stood to get a glass of water—every glass in the bathroom was dirty and the water ran so slowly it took a full minute to rinse and fill it—all my joints complained.

I needed to sleep. The flight to San Francisco from Moscow would take fourteen hours. I could have dinner, watch a movie, and snuggle down in a lie-flat bed and still get nine solid hours.

 

Excerpted from Attack Surface, copyright © 2020 by Cory Doctorow

citation

Back to the top of the page

This post is closed for comments.

Our Privacy Notice has been updated to explain how we use cookies, which you accept by continuing to use this website. To withdraw your consent, see Your Choices.