Next Biery tried to trace the e-mail address from Center, but very quickly it became clear that the mysterious benefactor of the Libyan cell was using a complicated spoofing system that bounced his connection from one proxy server to another around the world. Biery tracked the source of the e-mails back through four locations, finally making his way to a node at the South Valley branch of the Albuquerque/Bernalillo County Library system in New Mexico.

When he announced this fact to Jack, Ryan said, “Nice work. I’ll talk to Granger about sending a couple of operators there to check it out.”

Biery just looked at the younger man for a moment before saying, “Don’t be naive, Ryan. The only thing I have managed to do is rule out Albuquerque’s South Valley branch library as Center’s base of operations. He’s not there. There are probably another dozen relay stations between him and us.”

When that did not pan out as they hoped, Jack and Gavin began going through Kartal’s financial software, tracking the wire transfers Center sent to the Libyans as payment for their footwork in Istanbul. The transfers came from the Abu Dhabi Commercial Bank Ltd. in Dubai, and at first they looked like they would be a solid lead as to the identity of Center. But one of Biery’s computer geeks hacked into the bank’s account-holder data. A trace of the owner of the account revealed that the money had been illegally transferred out — electronically stolen — from a Dubai-based hotel group’s employee payroll fund.

While this was a dead end as far as identifying Center, it did provide a clue. To Biery, the computer network expert, this was evidence that Center was himself a skilled hacker.

Scanning through the systems file folder, Gavin found something interesting. “Well, hello there,” he said as he began clicking open files, moving around windows, and firing his cursor all over areas to highlight lines of text at a speed that Ryan found impossible to track with his eyes.

“What is all that stuff?” Jack asked.

“It’s a pretty nice attack tool kit.”

“What does it do?”

Gavin did not slow his manipulation of the windows and files on the screen. Jack guessed he’d looked at about twenty different files in the past forty-five seconds or so. As he clicked and, Jack assumed, absorbed all the data on the screen in front of him, he answered, “The Libyan could have used this stuff to break into computers and computer networks, steal passwords, get hold of personal information, change data around, clean out bank accounts. You know, the usual bad stuff.”

“So… Kartal was a hacker?”

Gavin closed all the windows and turned around in his chair to face Jack. “Nah. This isn’t real hacking.”

“What do you mean?”

“This is a tool kit for a script kiddie.”

“A what?”

“It’s the term for someone who can’t write malicious code themselves, so instead they use a ready-made package like this, created by someone else. This attack tool kit is like a Swiss Army Knife of cybercrime gadgets. User-friendly hacking materials — malware, viruses, key loggers, password-breaking code, stuff like that. The script kiddie just sends this out to a target computer, and it does all the work for him.”

Biery’s attention returned to the monitor, and he began looking at some more files. “There’s even an instruction manual for him here, and special tips on how to gain access to computers run by network administrators.”

“If he gains access to a single computer run by an administrator, he can see other things on whatever network the computer is part of?”

“Right-o, Jack. Just think of yourself. You come into work, light up your node, put in your password—”

“And then do whatever the hell I want.”

Biery shook his head. “Well, you have user-level access, so you do whatever the hell I let you. I have administrator access. You can see a lot of data on our network, but I have a lot more access and control at my fingertips.”

“So this Libyan had the tools to slip into certain networks as an administrator. What kind of networks? I mean, what type of companies, industries? What could he get into with these scripts?”

“The type of industry doesn’t have anything to do with it. He could target any industry. If he wanted to steal credit card numbers, for example, he might attack restaurants or retail point-of-sale or something like that. But if he wanted to get into a university system, an airline, a government agency, a federal reserve bank, he could do all that just as easily. The tools to break into networks don’t discriminate by industry. The tools will do whatever they can to find a way to root into the network via different attack vectors and vulnerabilities.”

“Like?”

“Like passwords called ‘password’ or ‘admin’ or ‘1234’ or ‘Letmein’ or something else easy to guess, or ports left open that would allow access, or information that is not behind the firewall that might reveal information about who has access to what info, so then the attacker can target those people via social media and the meat space, so that he can make an educated guess about what their password might be. A lot of it is the exact same social-engineering stuff you spies do.”

“Back up a second. What the hell is the ‘meat space’?”

“The real world, Jack. You and me. Physical stuff. Not cyberspace.”

Jack shrugged his shoulders. “Okay.”

“Haven’t you read any William Gibson?”

Ryan confessed that he had not, and Biery gave him a look of utter bewilderment.

Jack did his best to get Biery back on the task at hand. “Can you tell who he used the attack tool kit on?”

Biery looked it over for a moment more. “Actually, nobody.”

“Why not?”

“I don’t know, but he never launched any of this stuff. He downloaded it one week to the day before you whacked him, but he never used it.”

“Where did he get it?”

Biery considered this for a moment, and then he opened the drive’s Web browser. Quickly he scanned through the history of the webpages Kartal visited, going back several weeks. Finally he said, “Script kiddies can buy these tool kits on the Internet on special underground economy sites. But I don’t think that’s where he got it. I’d bet money that this Center character sent it to him via Cryptogram. He got it after the e-mails between them ceased and Cryptogram was launched, and the Libyan didn’t go anywhere on the Internet that would have these tools for sale.”

“Interesting,” Jack said, but he wasn’t sure what that meant. “If Center sent it to him, maybe it was part of a bigger plan. Something that never got off the ground.”

“Maybe. Even though this stuff isn’t the highest-level hacking known to man, it can still be pretty damaging. Last year the computer network of the Federal Reserve Bank of Cleveland was hacked. The FBI spent months and millions on the investigation, only to find out that their culprit was a seventeen-year-old operating out of a karaoke bar and cybercafé in Malaysia.”

“Damn. And he used a tool kit like this?”

“Yep. The vast majority of hacks are done by some flunky who only knows how to click his mouse. The real malicious code is written by what are called black-hat hackers. They are the bad guys. Kartal may have the attack tool kit on his machine, but I have a feeling Center is the black-hat who sent it to him.”

After all the documents were mined by Jack for intelligence value, Gavin Biery began hunting through the device’s software, looking for any clues as to how Center had been able to remotely operate the camera. There was no obvious application to do this present on the drive, and no e-mails between Kartal and Center discussing Center’s access, so Biery concluded that the mysterious Center had probably hacked the Libyan’s computer without his knowledge. Biery decided he would take as long as required to ferret out the hacking tools Center used in order to learn more about Center’s identity.