on
Cutting Keys
Two minutes out.
Several streets away, three people were strolling around wearing bandoliers of cheap cell phones, GPS antennas humming. All of them were paid in crypto and told it was an art project.
At the surrounding intersections quadcopter drones patrolled in flagrant violation of city’s no-fly zones. Their GPS antennas had been removed making them belive they were at the charmingly named Null Island.
An onyx black self-driving estate car rounded the corner, having dutifully avoided the synthetic traffic congestion several streets away. Me and one other pushed aside the curtain from the pop-up shrine on the pavement and made to intercept the car. Using cheap white spraypaint, lifted from a chronically unattended council van, one of us painted glyphs on the road. Lidar on the car picked us up, slowed, while a front-facing camera tried to parse the new road markings and failed. Thinking.
Circling around the rear of the silent and confused car, I slung two spindled chocks under the back wheels. Home made smoke grenades popped and belched out gouts of foul smelling synthetic smoke.
The shrine had been registered as a religious place of worship with the city which, due to questionable legislation, forced them to deactivate the street cameras on privacy grounds. Both of us were wearing thin ski-masks printed with realistic looking lips, eyes and noses in configurations designed to frustrate facial recognition and automatic focus algorithms. The old industrial wasteland we had corralled the car into hadn’t been carved up by developers yet, so chances were low, but not zero, that good citizens were on the lookout.
The car’s back wheels spun futilely on the chocks, trying to escape from the fire it was certain was there.
Emergency call’s gone out from the vehicle.
Words scrolled by on our fashionably internet connected goggles.
Vehicle believes help is already here.
A femto cell-tower in the shrine, just behind the hanging scripture. Call intercepted, emergency services are negative one minutes away.
The front doors of the car popped open showing empty passenger and driver seats. Plumes of smoke billowed in. A sheet of thick, obscured plexi separated the front from back. One of us jammed an SD card into the armpit of the driver’s door and waited for the system update process to kick in.
We both wore baggy overalls and peculiarly corsetted trousers to make our movement difficult to trace with the totally-ineffective-and-definitely-not-in-service gait analysis.
Panicking as it tried to process several gigabytes of junk data, the car began to boot cycle before finally unlocking the rear doors. Inside was a portly, middle aged man in a sharp suit with a knock-off Rolex loose on his wrist. He was sweating profusely and stabbing ineffectually at his phone. Each one of us flanked a door before he could rabbit and spritzed him with an inadvisably high dose of aerosolised tranquiliser. The man sputtered something unintelligible before slumping forwards, torpid and drooling.
Actual emergency services have been called, someone spotted the smoke.
We shared a look. That shouldn’t have been possible.
Land line if you can believe that.
Peeling off, one of us pocketed the spent smoke grenades and began to fold up the shrine. I rifled through the man’s wallet, pulling out a skinny USB fob as well as all the credit and loyalty cards.
Sirens, close. Different traffic system to the public auto-drives. The angry wasp thrum of drones dopplered overhead as they returned to base. Chocks pulled, the firmware payload in the car finally deployed, shorting out the in-car entertainment system, overvolting the batteries and starting a chemical fire.
Ducking down an alley, masks off and overalls bundled, we made our way through the abandoned buildings until a suitable distance away for vehicle egress.
–
Her face didn’t exist. Not compared to the millions of head shots in the training database at least. It was just strange enough that the prosthetics she was wearing to make her look like that face didn’t stand out. She was meant to be there though, with a flawless academic record and spotless employment history it was natural she would have been picked for the audit team currently combing through this fintech startup’s office. All routine you see, definitely nothing to do with an anonymous tip lodged several days prior.
She slipped away from the five-strong party of innocuously dressed auditors poring over source code print outs and hard-copy transaction statements. Down the hall, past offices fronted by decorated glass walls - doors always open - and into the office at the end. Not a corner office, not with his performance this fiscal year.
The laptop sat there on the beech veneer standing desk. Next to it was a framed photo of a portly, middle aged man with a knock-off Rolex loose on his wrist, his arm around a cardiganned woman armoured in a rictus grin. He would have usually taken his laptop with him, toilet or restaurant it didn’t matter, but this was an event where even fitness trackers were frowned upon.
Pushing her thumb over the laptop’s power button, a thin sheath of latex just visible, the machine powered up. They’d taken a long-distance high-resolution photo of his hands weeks ago, 3D printed negatives then cast all his digits, just in case. Hubble telescope desktop wallpaper, various documents shoved into the corners, “filed”. Password manager open, thumb print accepted, one-time passcode from a recently duplicated USB fob.
She revealed just one of the passwords and snapped a photo. Before leaving, she set one folder of sites, all scandalously named, to auto-open; flesh tones flooded the screen while the tinny speakers began to moan. She made her way back to the auditors, all of them still transfixed by the boxes of printouts.
–
“Well I don’t think we can wait for Mr Ferns any longer, we’ll begin.” The ceremony lead had a nasal drawl that implied he knew exactly how long this entire event should take, and he was in no rush.
Mesh metal doors were locked and bolted as the secure enclave within the data centre was once more sealed from the outside world. Even if some of the participants had smuggled in cell phones, the faraday cage put paid to any signals they might try and send.
Inside the windowless, electromagnetically mute, bland office was everything needed to create and sign new root keys for every secure certificate the company and its chain of trust generated. Two safes, one with the tamper-proof hardware security module in it, the other with the boot media for the air-gapped computer. That computer was on a trolley that had been wheeled in by two on-site guards and had been checked - in front of a cluster of expectant witnesses - to contain neither a hard drive or any permanent storage whatsoever. Three crypto officers from unrelated companies held smart cards that together unlocked the HSM that contained the root keys. An analogue wall-clock was the only adornment in the room, and it had drifted even further from the correct time since last year’s ceremony.
Three crypto officers, two guards, one notary, one ceremony lead, and six witnesses. There would have been seven but Mr Ferns’ self-driving taxi had apparently caught fire.
Each step was logged and checked, every command entered was validated against the agenda, even the BIOS checksum of the forgetful computer was verified before the HSM was unlocked and plugged in with all the pomp and circumstance that could be mustered.
The fire alarm penetrated the event’s ruthlessly organised fug. A spike of fear and excitement gripped the witnesses. The guards tensed, night stick and taser at the ready.
It is exceedingly hard to make a fire alarm go off within a modern data centre. The cooling systems double as suppression systems, drawing corrosive smoke away from any other equipment. With so much electrical hardware in one place, shorts and burn outs are expected and swiftly contained. Most didn’t even register as out of the ordinary, just a line item on a report. When several hundred racks of servers start belching smoke and throwing out enough heat to melt the surrounding cabling though, someone notices. The coolant filters are overwhelmed and can’t draw enough of it out. The power distribution system should have caught any current spikes, but a steady increase?
Like if several thousand servers slowly started mining cryptocurrency.
You need a login key if you wanted to orchestrate those servers doing something like that, and if your key was important enough you’d keep it on a USB fob and its password something unguessable. But if you wanted the server hardware to do something it shouldn’t, like ignore temperature limits, you’d need to break out of whatever virtualised environment the operating system was in and change the microcode on the processor. A recently revealed, and as yet unpatched cache poisoning vulnerability would probably do that last part.
“All right everyone we need to evacuate to our designated zones. We haven’t yet begun signing the new keys so another ceremony will be organised!” He sounded more frustrated that his agenda had been rudely derailed than worried they might be trapped in an isolated room as far away from the outside world as possible.
Unbolting the cage and pushing through the multiple layers of physical security, all the participants began to file out of the enclave. The two guards handed back the smart cards to the correct officers, locked up the security module, then unplugged the computer from the power socket. The piercing klaxon throbbed in everyone’s ears.
Floor level lighting led the way out.
“Hey, you can’t take that!” The indignation was audible even over the alarm. It was a front-of-house security guard, shirt fresh from the pack and just enough stubble on his upper lip to put him at late teens. Peeking out from the crisp cuffs and collar were the tell-tale curlicues of tattoos.
Both guards turned and looked at the youth. They had stab vests on over dark blue uniforms with a tactical belt holding various tools. The rest of the key signing ceremony participants disappeared around a bend in the faceless corridor.
“Wherever you’re moving that you need to put it back, no transport during an alarm!” The overzealous guard moved to block the two pushing the computer cart, both of whom were much wider than the gangly teen.
“This goes back into secure storage, no exception.” Shouted one of the guards over the ceaseless alarm.
“Regulations state-” the baby guard reached for what was probably the company guidebook.
“This is part of the event today, never left unattended unless in secure storage.” The same guard, same dead level holler.
In that now empty corridor, the fire alarm strobing ear drums, two senior guards pushing a trolley with a computer without any permanent storage faced off against a brand new, bottom rung, glorified greeter. De-escalation seemed unlikely.
“Look I don’t know what you people think-”
“You people?” The other guard took a step forward, towering over the youth. The teen was foolishly undeterred.
Whatever caused the altercation was unheard by the other guard who used the commotion to slip a pen drive into the computer on the trolley, using the last couple of minutes of UPS battery power to pilfer every bit of information still in the computer’s volatile memory. The computer shut down safely afterwards and, eventually, delivered back to secure storage.
Human resources, when unpicking the incident, would hear that the junior guard - new to the position having only just finished his brisk induction - had received a phone call supposedly from the central security office about theft of property. Later, they’d find out about his affiliations with violently racist groups that had been inexpertly hidden during his suspiciously rapid background check.
–
“And you did all of that for what, 512 bytes? What can you even do with that?”
“That’s where it gets interesting…”