“I know,” Rawls said, staring at the homepage of the cellular phone company whose server he had to break into.

There were two obvious methods of testing a company’s perimeter defenses. Low-and-slow port scanning was one way. Data packets, small enough to be missed by most intrusion-detection software, were sent to the corporate network over a period of days. Entry was accomplished by flying under the radar and taking a long time-low and slow. Eventually all open ports would be identified, and a skilled hacker could map the network.

The alternative was to bombard the target with data packets-an NMap FIN scan, in hacker argot. There was nothing slow about this approach, but unfortunately it wasn’t clandestine either. An all-out scanning attack would trigger an immediate security alert.

Rawls needed to get in fast but surreptitiously. Tall order, but there was always a way.

His fingers moved across his keyboard and pulled up a program that allowed him to launch a null session-a NetBIOS connection established with a blank user name and password. A null session could get him into any vulnerable server and allow him to read some of its contents.

“You can’t get to Nolan’s account that way,” Brand said, watching over his shoulder.

“I’m aware of that, Ned.” Rawls heard testiness in his own voice. Well, it was after 2:00 A.M. He had a right to be testy.

The null session got him into the corporate server and gave him read-only access to the registry. “They’re running NT 4.0,” he said, “service pack five, option pack four.”

“Outdated,” Brand observed.

“That’s what I was hoping for. You remember the problem with this build of NT?”

“There were lots of problems.”

“The big one.”

“You mean the i-i-s-hack thing?”

“You got it.”

“There’s been a patch for that since last year.”

“But if the sysadmin hasn’t upgraded his OS, he may not have kept current on the patches either.” Rawls was already searching his hard drive for a file named “ncx. exe.” He uploaded it to the Baltimore field office’s Web site, then typed a telnet command, sending a 500-byte file-a small program called “iis-hack”-to port 80 of the cell-phone company’s Web server. The port was open, as it had to be in order to receive Internet traffic. The question was: Would it run the program, or had the server been upgraded with a security patch that would reject the file?

“No way they didn’t patch it,” Brand said.

“There are hundreds of holes in NT,” Rawls countered. “No one can patch them all.”

“Don’t even need a patch, really. Sysadmin just has to disable script mapping for. HTR files.”

“Well, let’s hope he didn’t.”

They waited. The “iishack” program would instruct the server to find the “ncx. exe” file at the Baltimore field office’s URL. It would take a couple of minutes for the file to be downloaded and run. Or the request might already have been denied.

When two and a half minutes had passed according to Rawls’s wristwatch, he entered a new telnet command and reconnected with port 80 of the victim server.

“Moment of truth,” Brand said, leaning closer to the screen.

The corporate homepage vanished, replaced by a black screen with the copyright notice for Windows NT. Below it flashed a DOS prompt.

“We’re in,” Rawls breathed. The flickering C:\ looked beautiful to him.

He was past the firewall. He had access to the corporate server.

Quickly he scrolled through the directory, then went to accounts, entering the Read command followed by Adam Nolan’s account number, which was probably the filename.

A request for log-on identification came up.

“Shit.” Brand sighed. “I guess their security’s not as lame as I thought.”

“We can crack it.” Rawls returned to the directory and located a list of user names. No passwords were shown, but he didn’t think he’d need one. He scanned the list until he found the user name backup. He tapped it with his fingertip. “Sounds like a back door.”

Brand agreed. “Give it a shot.”

Back doors were simple means of access left in place by maintenance and diagnostic personnel who didn’t want to be bothered with memorizing complicated user IDs and passwords. Often they left the manufacturer’s default settings intact. Even when they modified the settings, the changes were usually easy to guess.

Rawls went back into Accounts and typed the user name backup. A password request came up. He retyped backup. He knew how a lazy person’s mind worked. It was easier to remember one word than two.

A moment later the screen filled with lines of text. Adam Nolan’s account in detail.

“Man, you are on a roll,” Brand exulted.

The most recent cell-phone activity came at the end of the list. Nolan’s last call began at 19:54 Pacific Standard Time and continued for three minutes twenty-three seconds. The terminal cell site was given as a string of figures-the cell tower’s latitude and longitude.

Rawls wrote down the numbers, then stood and pulled out his cell phone. “I’m calling LA. Can you clean up?”

“No prob,” Brand said, settling into Rawls’s seat.

Rawls pressed redial and heard the long-distance call go through. Behind him, Brand went about the business of covering their tracks. He would schedule the deletion of the ncx. exe file from the phone company’s server, and for good measure he would go into the server’s log file and erase all references to the intrusion. He would delete “ncx. exe” from the field office’s Web site, as well. It wouldn’t be a good idea for anyone to find it, since what Rawls and Brand had just done was highly illegal.

“Walsh.” The familiar voice from three thousand miles away.

“We’ve got the cell site.”

“This fast?”

“What can I tell you, Morrie? We’re bona fide federal agents. We’re the best of the best.”

In the farthest corner of the office park, C.J. found the warehouse.

It was a large metal shell of a building with hangar doors and two smaller doors, all padlocked. Cut into the side wall was a casement window four feet square-intended, presumably, for ventilation.

She peered at the window, looking for evidence of security wiring-a magnetic contact sensor or a sound-activated glass-break detector. In the dim light, with the moon hidden behind the roof of the warehouse, she found it hard to be sure.

There.

Strands of wire, barely wider than individual hairs, ran up the sides of the glass and connected to small black nodules.

Pressure sensors.

Break the glass, and the alarm would go off, even before she had a chance to reach inside.

Well, that was all right. Might even be helpful, in fact. The noise of the alarm would add to the confusion and urgency she was counting on.

The window faced an alley that ran between the warehouse and the complex’s perimeter fence. Fig trees grew outside the fence, and their leaves, shed in winter, had blown over the loops of razor wire to lie in dry drifts along the alley. C.J. knelt and touched them, heard them crackle under her fingers.

Perfect.

Elsewhere in the complex, the two alarms-one from each building she had violated-must still be ringing, though she couldn’t hear them from this distance. Couldn’t hear the BMW’s engine either, but she knew the car was out there, circling like a shark, trolling for its prey.

Adam would find her before long.

She kicked the leaves into a thicker pile not far from the window, making a nice firm bed. It was all part of her plan-a dangerous plan, but she would risk it. She was through hiding. She had wriggled into her last crawl space. She had played the victim long enough. Now it was time to go on offense.

Adam thought she was weak. Well, let him find out how weak she was.

She expelled a breath of pure rage and saw it turn to frost in the night air, chillier than before.

He had tried to fumigate her, for God’s sake. Like a cockroach.