“I’ll need to take a look at these files and see what I have to work with. But it sounds like something I should have no trouble with.”
Vasilescu said, “I am giving you a month to go over the macro data of the files, just to find out what all is included, and to build a template of how to go over this data and exploit it in keeping with our client’s wishes. You can build tables, databases, and such, and you can have access to anyone and any resource we have here at ARTD. Then I want you to choose a team of researchers to work for you on this project. They will follow your orders on how you want them to exploit the data. We’ve informed the client that we anticipate having a first package of goods to deliver to them in three months.”
—
Dalca spent the rest of the day clearing other items on his desk, and that evening he took control of all the files exfiltrated from the Indian cybersecurity firm. The raw data was only here, in the hands of ARTD, and kept on a special machine in a room with no Internet or other devices. There was no offsite server, and the client did not even have access to it.
Dalca was given the code for the room and he accessed the data for the first time at eight p.m., and by nine, he was aware of the full scope of what he, and no one else outside the American government, had access to.
—
Dalca worked through the night and was seated in Dragomir Vasilescu’s office the next morning when the director of the company arrived at work.
As he placed his briefcase on his desk, Vasilescu looked over his twenty-nine-year-old researcher. “Shit, Dalca. You’ve been here all night, haven’t you?”
“Yes.”
“Well . . . What’s on your mind?”
“The SF-86.”
“What’s that?”
“It’s a one-hundred-twenty-seven-page form that the United States government makes everyone fill out if they are applying for a security clearance. It has all the raw data on the applicant at the time the application was made. We have every single application processed by the U.S. government from 1984 until a point about five years ago, when the Indians exfiltrated the data. Do you realize what we can do with all that information?”
The director said, “Of course I do. You can use it to obtain the information asked of us by our clients.”
“It’s bigger than that.”
“No, Alexandru. It’s exactly that, because that is the wish of the Seychelles Group.”
Dalca said, “They aren’t thinking very big, are they?”
“What do you mean?”
“Using this data to find their own traitors? Small potatoes compared to the information’s real worth.”
“I’m sure they’ll identify America’s spies in China, too.”
“Yeah, but why not identify every American spy, everywhere?”
“One, twenty-five million records. Ninety-nine-point-nine-nine percent won’t be spies. Two, clearly the Seychelles Group are Chinese intelligence. Why do they care about a spy in Romania, or Iceland?”
Dalca shrugged. “Just seems like we’ve discovered a potential gold mine here. Working this data the right way could be very profitable for us.”
“Yes, well, working it the right way, in this case, means doing exactly what our client asks of us, and nothing more. Alexandru, we have a clear job with this. Let’s focus on Chinese contacts of these Americans, and let’s get to it. If we start exploiting this in other ways, then we just might open our client up to exposure. They’ve paid us a lot of money for our abilities and our discretion. And they’ll pay us a lot more money to crunch the data to get them what they want. If we do a good job for them, maybe they will want something else. They are China, after all. ARTD can help them in ways that go beyond fishing out some American spies.”
Dalca nodded, and said, “Sure. Of course.”
Alexandru Dalca left his boss’s office, already formulating a plan. What he could do with this information was much bigger than his assignment. Hell, it was bigger than ARTD. Bigger than the Chinese, even.
Dalca went to work, aggregating the data and cross-referencing it with medical records, insurance forms, property records, and the like. Much of this was done by isolating disparate data points, looking for clues through the analysis of the digital data.
Also included in the pulled sweep of the American server was something called clearance adjudication information. Potential negative information such as deviant sexual behavior, risk of foreign exploitation, and even information tied to interviews with the subject by background investigators.
And fingerprints.
Alex knew these files were a fucking gold mine.
True, a gold mine surrounded by a lot of thick rock, but Dalca was the best in the world at getting into this data and pulling out the important bits with OSINT.
There were hundreds of actors in the world who would love to find detailed targeting information on American soldiers, spies, politicians, and diplomats.
And Dalca would introduce this data to those seeking the information.
Dalca would process all this information himself, and he would sell intelligence off to the highest bidder.
Of course, this was something he had never done before. Sure, he could build the files on these individuals, out them as spies or other types of holders of classified intelligence. But then what? He had no way to reach out to the Russians, the Cubans . . . whoever the hell wanted this stuff, and sell it to them. Not without the wrong people finding out about him.
Well . . . Maybe there was a way.
The dark web. After doing some research, he realized he could set up a commercial enterprise on the dark web, and then reach out to those who might be interested in his product on offer.
It took him a few months to study this, and more time to build it, and all the while he was doing the work asked of him by the clients, the Seychelles Group.
But as he did this, he was also finding a way to test his plan to gain financially from the exploitation of the pilfered American files.
In all Dalca’s work on social engineering information from people, he found himself spending a lot of time on the news networking website Reddit. This was an aggregation of discussion forums where community members discussed virtually every major topic on earth. Dalca knew the members of the site did not shy away from controversy, so he began looking for a test case to use the OPM data he had stolen. This was just a few months after the American land and naval attack in the Baltic region, and there were hundreds of bulletin boards on Reddit about the fighting. While many were in Russian, there were some English-language anti-American boards, and Dalca found himself drawn to these.
He knew what he was looking for, a low-risk proof of concept. He found this, after weeks of false starts and waiting for the right moment, in the guise of a Reddit user who claimed to be the brother of a mechanic on the Kazan, a Russian submarine sunk in the battle. The man was beyond distraught about his brother’s murder; he railed against America and let it be known he was actually in the United States on an expiring student visa. Over days and days, in public forums, the man expressed his rage.
Alexandru Dalca watched a linked news piece that mentioned the name of the captain of the American destroyer given credit for sinking one of the subs and helping the Poles sink the other. Dalca heard the name of the ship, the USS James Greer, and that the captain was a man named Scott Hagen. He looked online at a Department of the Navy website that listed all the ships and their captains, and confirmed Hagen was a forty-four-year-old U.S. Navy commander. He accessed the Office of Personnel Management files and, sure enough, found a twenty-one-year-old application for classified intelligence from then twenty-three-year-old Lieutenant Junior Grade Scott Robert Hagen, straight out of the U.S. Naval Academy at Annapolis, Maryland.
He checked several real estate and property records, and found Hagen had a home in Virginia Beach, Virginia,
and a rental property in North Carolina. Both homes were also in the name of Laura Hagen, who Dalca assumed was Hagen’s wife. Dalca made note of the addresses and then, knowing that a naval commander wasn’t any sort of a covert position in the United States government, he used Google to look for references to Hagen from before the action in the Baltic. He found articles, images, and videos of the naval officer, going back fifteen years, saw that he coached his son’s baseball team and scooped ice cream for his sailors and their families at an event in Italy a year or so earlier.
Dalca looked at a picture of Hagen with his wife at a ball, and studied the wife’s face for a moment before checking Facebook.
First, he looked to see if Scott Hagen had an active account. He did not. Hagen’s wife, Laura, did have an account, but it had been locked and unused since the battle in the Gulf seven months earlier.
Undeterred, Dalca went back to the OPM files.
While twenty-one-year-old information might not have seemed relevant to locating a man in the present, Dalca looked up the names of Hagen’s family, settling on a sister who lived in Indiana. She had been unmarried at the time, but the application contained her Social Security number. Dalca looked into a database he used regularly in his open-source research that showed all U.S. marriage licenses.
Susan Hagen had married a man named Allen Fitzpatrick in Bridgeport, Connecticut, in the 1990s, and there was no record of any divorce on file.
Once he had Hagen’s sister’s information, Alexandru simply went back to Facebook. He had been ready to do a number of customized searches on all her page traffic to see if there were any mentions of her brother, Scott, but he needed only one. He typed the name “brother” into a search of all her posts, took just one simple glance at the second post brought up by the search, and he smiled.
Susan Fitzpatrick mentioned how excited she was for the opportunity to go to Princeton, New Jersey, to her son’s soccer tournament over the summer, and she was doubly excited that her niece and nephew would be meeting them there with their parents, because she hadn’t seen any of them in some time.
A little research showed Dalca that Susan Fitzpatrick had two brothers: Scott, who was his target, and Raymond, who lived in Winter Haven, Florida. A minute’s research into Raymond Hagen revealed two children, but they were both teenaged girls.
Case closed. Commander Scott Hagen, captain of the USS James Greer, the man who orchestrated the sinking of the Kazan off the coast of Poland, would be meeting his sister in Princeton, New Jersey, in six weeks’ time.
It took an hour of deep research into Susan Fitzpatrick online to find she stayed at Hampton Inns regularly when she traveled. Dalca called the Hampton closest to where the soccer tournament was scheduled to take place, said his name was Scott Hagen, assuming the family would stay at the same hotel. In his best American accent he inquired about adding Monday to his Friday-to-Sunday stay.
The clerk corrected him immediately; he was booked Friday and Saturday night only, and she asked him if he’d like the rate for Sunday and Monday.
Dalca smiled, told the helpful hotel agent that he needed to speak with his wife first, and then he hung up.
Dalca reached out to the Russian Reddit user, and over the course of a few e-mails told him he could give him the name of the hotel the commander of the James Greer was staying at on a specific day, along with pictures of the man, his wife, his sister, and his brother-in-law.
Dalca added that, if something should happen to Hagen, it would serve the bastard right.
The Russian was intrigued, clearly, but claimed to have little money. Dalca told him he’d give him the information for free. The truth was, in this rare instance, Dalca wasn’t looking for money. He was looking to see his system in action. He was looking to show that he could use the OPM hack, bringing up classified applications that could be more than twenty years old, to create real-time targeting data in the here and now.
Dalca sent the Reddit user the complete package, then created a Google Alerts search for the name Scott Hagen, which would e-mail him every time the man’s name came up in new stories.
And then he promptly forgot about it, because he had other work to do.
—
Six weeks later Dalca saw a story online about a maniac shooting up a Mexican restaurant in New Jersey. The article came into his inbox because Naval Commander Scott Hagen had been one of the wounded.
Vadim Rechkov, clearly the Reddit user, had been killed in a shoot-out that also took the lives of three other people. Dalca didn’t care about the dead or wounded.
By now he had his pay site on the dark web, and he’d already used it to secretly sell specific intelligence to the governments of Indonesia, North Korea, and Iran.
And he also had a new fish on the line. He’d been contacted through the e-mail address of a terror group he’d reached out to in Lebanon, and notified that his messages to them had been monitored by a group with interest in what he could offer.
While Dalca was initially frustrated that his plan to reach out directly to different actors in the market for U.S. targeting information seemed to have backfired due to the poor security of one of his marks, he wasn’t concerned himself. He’d used unbreakable security to reach out to the Lebanese group, as evidenced by the fact this shadowy entity coming to him had to do it through the means he’d established, instead of contacting him directly.
No, they didn’t know who he was, he could back away and never make contact with them, but their offer was enticing. They clearly wanted to do business, and they were talking about purchasing vast amounts of targeting info regarding U.S. military and intelligence personnel.
Dalca soon began dealing directly with the group via encrypted e-mail and text messages. And within weeks he was in business with the group he now knew as “the ISIS guys.” He’d given them that title because they were interested in targeting information on Americans involved in Syria and Iraq. Who else could they possibly be? With the wide-ranging targeting requests he began getting from them, the “good faith” payments they sent to prove the seriousness of their interest, he’d all but forgotten about dealing with other actors out there. He had ignored further requests for intelligence from North Koreans and Iranians in the past few weeks; he could tell they weren’t ready to come through with big money and large quantities of targeting packages.
But “the ISIS guys” had deep pockets and, it was clear to Dalca, they had big plans to kill a lot of American soldiers and spies.
He’d cultivate this relationship, he’d milk these guys for every penny they had, and in return he’d give them a gold mine of targets. Dalca wanted the money, and he also wanted to watch a lot of Americans die on the news.
22
Bartosz “Midas” Jankowski and Adara Sherman met for the first time at five a.m. in the underground parking garage of the Hendley Associates building, on the corner of North Fairfax Street and Princess Street, in Alexandria, Virginia.
John Clark introduced the two new operational trainees to each other, and when Chavez, Caruso, and Ryan Junior pulled into their respective parking spaces and climbed out, all dressed for a morning run, he introduced Midas to the other members of the team.
Five minutes later, all of them, Clark included, were running along the Mount Vernon Trail, a jogging and bike path that followed the western bank of the Potomac River. They kept an easy pace and did five leisurely miles together, chatting away for the duration, although John Clark grew silent for the last mile, partially because running five miles at his age was some work, but mostly because he wanted to listen in to the others and get some early impressions about how they all jelled.
It was clear to Clark that the conversation was a little stilted, but he knew this had nothing to do with how well Adara and Midas would fit in with the crew. No, early the previous morning the three Campus operatives had returned from Jakarta, and they were all still sickened by
the fallout of their mission there.
Jack was the worst of the three. He was quiet today, save for speaking when spoken to, and Clark knew at any other time he would have been the most hospitable and welcoming person in the building on a new employee’s first day.
Clark knew he’d have to watch Jack carefully, do what he could to help him process his guilt, and make sure the death of the CIA officer in Minsk didn’t hamper Jack’s ability to continue to do his job.
Back at the office at sunup, Midas pulled his gear bag out of the back of his pickup and followed the others inside, where he was shown to a locker room to shower and change for the day.
Jack, Dom, and Ding showered as well, then went to breakfast at a nearby coffee shop before heading into work. Adara showered in the women’s locker room of the gym, then went straight up to the third-floor conference room, where she knew coffee, fruit, and cereal would be waiting.
When she got there, Midas had already finished his first cup of coffee and was pouring himself a second.
Adara said, “Uh-oh. Hope the fact it took me longer to get ready than you doesn’t make me look too high-maintenance.”
Midas stirred in some milk and laughed. “Not at all. My ex-wife would have taken exactly five hundred percent the time it took you to get ready for the day after a five-mile run. I’m a drip-dry kinda guy myself, so I don’t fault you running a brush through your hair before coming up.”
Adara got her breakfast and then Clark came in the room, himself showered and ready for the day. “Midas, I’ve got to explain something about this morning.”
“It’s okay, Mr. C. I’ve been places where nobody liked me before. The guys will warm up to me when I prove myself.”
“It’s not you. Twenty-four hours ago they returned from an operation. Doubt you’ll ever have need-to-know on the specifics, but let’s just say that while the guys did everything exactly right, the fallout from their mission had some very, very negative second-order effects. No fault of anyone at The Campus, but the operators are going to be a little quiet for a couple of days. Jack, especially.”