This news made no sense to them at all, but there was one thing they were sure of immediately: Mohammed would not be pleased.

Jack walked into the office at ten after eight in an especially foul mood because he’d missed the team run, scheduled today at five-fifteen. It always was a chore for him to get out of bed in the morning, especially when working late the night before. But he did it almost every day because he knew he always felt better after getting some exercise.

This morning, however, his willpower had completely faltered. He’d stayed up working from home till after midnight, then he’d slept through three alarms, and woke with a start at seven forty-five, with barely time enough to take a quick shower. Then he dressed and walked to work, mad at himself all the way for his show of weakness.

The rest of his morning run group had already exercised, showered, eaten, and begun their workday when Jack passed them on the third floor, gave some tired and gruff greetings, then poured coffee for himself, grabbed a Danish from a box by the pot, and shuffled directly into the conference room.

Clark and his two trainees were on their way out of the building to do some shoot-house work at a private range complex in Leesburg, and Dom and Ding were still writing up after-action reports on Jakarta, putting together as much information for Mary Pat Foley as possible that might help her team identify just who in North Korea had been behind the operation against America.

As soon as Jack passed through the door into the conference room he was sharing with Gavin, he saw that the older man had beat him to work. This was one last kick in the rear that told him tomorrow he would not sleep through his alarms.

Jack pulled up a chair in front of his work laptop. “Morning, Gavin.”

Gavin looked at the Danish in Jack’s hand. “You know… you should start watching what you eat. You won’t be nineteen forever.”

“Not today, Gav. Woke up on the wrong side of the bed.”

“Well… I hope that’s because a new girl was taking up the right side.”

Jack did not answer for a moment, but finally he just repeated himself. “Not today, Gav.”

“Okay. Well… am I, at least, free to discuss work matters pertaining to this intel leak?”

Jack sipped his coffee, willing the caffeine to take the express route to his bloodstream today. “Of course you are. Anything new from NSA overnight?”

“Nope, nothing. And that just means they are going to be more sure of themselves that there has been no breach of their data.”

Jack sipped scalding-hot coffee as he looked over his laptop at Gavin Biery. “But you are not dissuaded by the fact they haven’t found anything.”

“Nope.”

“Okay. So… how do we find out if the government missed something? How do we know if there was a data breach on the OPM?”

Gavin shrugged. “We don’t. We take it as fact that I’m right, they are wrong, and we go from there.”

Jack almost spit out his coffee. “What?”

“It’s the old Sherlock Holmes philosophy. Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. If the government hasn’t found evidence of the intrusion, I won’t be able to, either, not from here. Send me over to OPM with carte blanche to tear apart their network, dig through code line by line, and look through every record of every remote access of every transaction that has taken place for the last couple of years. Then, eventually, I’ll find you something. But that isn’t going to happen, and even if it did, a lot more good people are going to be compromised in the interim. I have no doubt that two weeks from now, two months from now, or two years from now, the federal government will realize they’ve been breached. But we don’t have that kind of time. You have to trust me, and we have to move ahead, fully on board with the theory that some bad actor has access to the full SF-86 data on everyone in the U.S. who has ever applied for classified access.”

“That’s nuts, Gavin. Everyone? Even if I were to take this giant leap with you that someone got into the OPM without anyone in the government knowing about it, why the leap that everything was copied and exfiltrated?”

Gavin replied calmly. “Because once you are onto the network, once you have admin access and have built yourself a back door, taking all the files is no more complicated than taking a single file. In fact, it’s easier to take it all and then sort through it later on. You can’t just presume they went to all this trouble and just exfiltrated a small percentage of the data.”

Jack leaned back in his chair. “How many files are we talking about?”

“The system went online in the early two thousands, but the OPM went back and put a range of old files online as well. Going back to 1984.” He paused for effect. “We’re talking about well over twenty-five million files.”

“Jesus, Gavin.” Jack put his head in his hands. “Let’s hope you’re wrong.”

Gavin said, “Hope all you want. But I’m right.”

Ryan said, “I’ve been giving this a lot of thought. Having your old application in the OPM database wouldn’t be enough to compromise you, not in the way these events have taken place. Whoever is exploiting this data to make real-time targeting packages has to do a lot more work to connect the dots than just pull names off an application. Just because Joe Blow’s name is in e-QIP doesn’t mean he works for CIA or FBI. Somebody had to take the raw data from the SF-86 and fill in a thousand blanks.”

Jack pulled up the Commander Scott Hagen incident. “Take this first guy — Hagen. He’s in his mid-forties. His SF-86 has to be twenty years old. You can’t tell me there is something in that application that is going to tip off a gunman that Hagen will be eating a burrito at a Mexican restaurant in Princeton on a particular night twenty years later.”

He continued. “An application for security clearance is a snapshot of that person’s life at one point in time. It isn’t going to have a tenth of the data on it that the terrorists would need to target these guys. Especially when you are talking about the military and intelligence community. Their application says they want a security clearance, so here is all their info as of the date of the app. It doesn’t say they are now a CIA NOC in Minsk undercover with the Russian mob, and they live at a particular address.”

Gavin Biery was already nodding his head. “Ryan, you are exactly right, but that only helps us narrow down the culprit. The question we should be asking isn’t ‘Who could steal all this data?’ It’s ‘Who could steal all this data and also possesses the ability to exploit it?’” He pointed to the monitor on the wall. CNN was playing a story about the attack in Italy the day before. “This is tier-one targeting information.” Now he pointed to his laptop, with all the cases of intelligence leaks of the past few weeks. “These, as well. It isn’t that somebody knew Scott Hagen and Jennifer Kincaid and Stuart Collier and all the others. It’s that they knew Hagen was going to be in New Jersey on this date with his sister at his nephew’s soccer tournament, and Kincaid was in Minsk on a CIA op, and a compromise to her husband at State at the embassy in Jakarta. Somebody managed to get fingerprint data to the Iranians and the Indonesians, for Christ sakes! This is high-level shit, Ryan, and it was done through a high-level cyberattack and high-level research and high-level social engineering.”

Jack said, “Look… I’m an analyst. I have to take in all the possibilities. I can’t put all my eggs in one basket and work under this unproven assumption of yours that we’re dealing with a breach of OPM data. All the OPM data.”