I stood up, slammed the door, and turned to the sidewalk. Rosalind Welsh was twenty feet away and smiled reflexively as I turned toward her. I said, feeling the rubber edges of the mask flapping against my lips, "Mrs. Welsh. Stop where you are. I have a gun pointed at you. Don't scream, just stop, and I won't hurt you."

As I said the words, I moved to block her; she tried to turn, but I said, sharply, "Don't," and when she saw my face she opened her mouth and shrank away, and I said, sharply, "Don't scream: I won't hurt you. I just want to talk."

She looked all around, and I stepped close, directly between her and the car and said, "I have to ask you to turn around. We're going to back the car out of the driveway and we don't want you to see the license plates. If you do. well, you don't want to see them. Just turn around and look straight ahead, and when your back is to the car, I'll walk around and face you."

I tried to keep talking quietly, in a nonfrightening way, explaining what was happening: giving her something to focus on. When she was turned, I edged around her and said, "Don't look at the car." LuEllen backed out of the driveway and turned at the corner.

"I'm one of the people the NSA is putting out rumors aboutI'm supposedly a member of Firewall, along with several friends. But we are not," I told Welsh. "We began researching the situation, trying to figure out what was going on. Are you aware of the source of the Firewall rumors?"

"Sir, we don't have much to do with trying to find Firewall. That's the FBI." She was scared, on the edge of bolting. Calling me sir.

"The Firewall rumors are coming from an ISP called Bloch Technology in Laurel," I said. "It's a private server whose clients are almost all NSA employees. We believe that the NSA is Firewall and will inform the FBI of our conclusions tonight."

The fear was receding; I could see it in her eyes. She'd become interested in what I was saying. "You think the NSA is attacking the IRS?"

"We think a group of European morons is attacking the IRS and jumped on the Firewall name because it was already notorious and it sounds neat."

She asked, "Have you ever heard of a man called Bobby?" I hesitated, but in hesitating, answered the question. "So you have."

"Yes."

"The FBI and our security people are debriefing him now," she said. An implied threat, showing a little guts.

Again I hesitated; but they'd find out soon enough what they had. "That would very much surprise me," I said, "since he's the one who got me your name. This afternoon."

Her eyebrows went up: "You're joking."

"I'm afraid not. The guy you picked up may be named Bobby, but he's not Bobby."

"What about Terrence Lighter?" she asked.

Now I had to make a decision, again, a tough one, but what the helclass="underline" "Have you heard the name Jack Morrison?"

"Yes." Nothing more.

"Then you know he was supposedly shot to death by a guard at one of your contracting companiesAmMath, in Dallas "

"He was definitely shot to death by a guard."

I held up a finger. "We don't think so. We think he was killed by the same people who killed Lighter. Look at Lighter's outgoing e-mail; he's on the Bloch server. Then look at Morrison's travel. He came to see Lighter twice last week, the last time, the night Lighter was killed. The Lighter and Morrison murders go together, and they were coordinated through an ISP that's basically a server used by your people."

She shook her head. "Why should I believe you?"

"Don't. Just investigate. You're a security executive. Do your job."

I glanced back over my shoulder: we'd been talking for two or three minutes, I thought, but it felt like an eternity. "I've got to go. I will call you, to find out if you're moving on the case. If you are, we won't have to. If you don't, we will, and we make no guarantees about who gets hurt. We will call the FBI, tonight, about the Bloch Technology server."

I took a step back, and she said, "Would you have shot me if I screamed?"

I looked down at the pistol in my hand, shook my head, and tossed it to her. She picked it out of the air as I jogged away "It's not loaded," I said as I went. "I didn't want it to leak on my pants."

She was still standing there when I turned the corner. She called after me, "Nice talking to you, Bill."

A little guts.

"So are you going to call the FBP" LuEllen asked, as we rolled away

"Absolutely. If we get two bunches of bureaucrats fighting over the server, it'll be harder to keep it hushed up."

I made the call from a pay phone, working down Bobby's list of FBI agents' names and home phone numbers. The first two weren't home. The third guy was named Don Sobel, and he answered the call on the first ring. He sounded like he was talking through a mouthful of shredded wheat; in the background, I could hear the Letterman show.

"Mr Sobel," I said "I'm a member of the computer community. I'm calling to tell you that this group, Firewall, which is supposedly attacking the IRS, was invented by the National Security Agency."

"Who is this?" The way he asked, I knew what he was thinking: crank.

"I'm calling several different people," I said, "So if you're interested in keeping your job, you should write down this name. Bloch Technology. B-L-O-C-H. The company has an Internet server in Laurel, Maryland, at the Carter-Byrd Center.

"Just a minute, just a minute, let me get this down," he said

I spelled the name again, and then said, "The server is the source of the Firewall rumors. If you check the client list, you will find that most of the clients are NSA people. You will also find that the first mentions of Firewall all come from this computer, several days before the name went public. The rumors were planted by an NSA contract company called AmMath, of Dallas, Texas. A-M-M-A-T-H. AmMath is also involved in the murder of an NSA official named Terrence Lighter. L-I-G-H-T-E-R. Are you getting this."

"Give me that name again, Lighter."

I spelled it again and then said, "NSA security people are on the way to Bloch Tech right now. There may be nothing left to discover if the FBI isn't there to watch them. You can call an NSA security official named Rosalind Welsh"I spelled her name and gave him her phone number"to ask about the server."

"What about." he began.

"Good-bye," I said. I hung up, and we took off.

"Now," I said. "Somethings got to happen."

What the European hacks were doing to the IRS was simple enoughthe programming could be done by mean little childrenbut their organization showed some good old German general-staff planning. They must have worked for weeks, getting into the computer systems of not only a lot of small colleges, but, as it turned out, into the computers of several big retailers.

Without studying the problem, I would have thought that getting at the retail computers would be almost impossible, without a physical break-in to get at security codes. I was wrong. It appears that several of the big online retailers spent all their security money on protecting credit-card and cash transactions, and making sure that nobody could fool with their inventory and sales records.

But they had other computers that specialized in routine, automatic consumer contactscomputers, for example, that would do nothing but send out standardized e-mails informing the customer that his order had been shipped. For these computers, no great security seemed necessary.

They were perfect for the hacks. They were optimized for sending outgoing mail, and once the hacks were inside them, they could easily be set up to ship the phony IRS returns. At the peak of the attack, the bigger online companies were sending out thousands of phony returns per hour.

That would have been bad enough, but the hacks had taken it a step further: they didn't have the returns sent directly from the retailer to the IRS, but rather bounced them off the customers. When the retailer sent an acknowledgment of a purchase, the IRS file was automatically attached, but would not show up on the customer's computer screen. What would show up was a legitimate receipt or other message, plus a message from the hacks that said, "For auditing purposes, and your shopping protection, please acknowledge receipt of this message by clicking on the 'Acknowledge' button below. Thank you."