The Standards Blog

The Alexandria Project, Chapter 19: The iBalls Shall Rise Again

Alexandria Project (a Cyber Thriller)

New to The Alexandria Project?  Find a plot synopsis and guide to the characters here, find the earlier chapters here, and follow the Further Adventures of Frank on Twitter

Thanks to Sagyxil, GPL v2 or lateriBall.com CEO Chad Derwent sat alone in his office in Silicon Valley. Outside his open door, rows of empty, silent cubicles stretched from one end of the office floor to the other.  

For the last several minutes he had been staring down at the stack of papers on his desk, unable to deal with the reality of the title of the one on top: “Petition for Liquidation in Bankruptcy.” He couldn’t bear to look up at the picture on the wall where, he knew, Vinod and he were posed with their first half-dozen employees. Everyone was smiling, because iBall.com had just gone live on the Web. Back then, he’d never supposed it would end like this.   But it had, and there was nothing to be done about it. Nothing to be done but pick up his pen and begin to sign the papers in the stack, one by one.   The phone rang. Chad looked at it in surprise. Ever since it became clear that iBall.com could not survive, the stench of failure had descended upon him, and even his email had dwindled to a trickle. Was it his mother? 

With a sigh, he put down his pen and pressed the speakerphone button.

“Chad Derwent.”
 
“Good morning, Mr. Derwent. My name is Carter Columbo. I don’t believe that we have ever met, but my client would like to discuss a possible investment in iBall.com.”
 
Chad gaped in astonishment. Was this guy’s client insane?
 
“Is your client Nigerian? Don’t you guys usually send me email?”
 
“You have a fine sense of humor, Mr. Derwent. I can appreciate that under iBall.com’s current circumstances that an offer of investment might seem a little unusual. Still, my client’s interest is real, and they would like to make you a proposition that could save your company.”
 
For the first time in a week, Chad felt a spark of hope. After the disastrous meeting he and Vinod had had with Josh Peabody, they had sent cancellation notices to all of iBall.com’s existing customers, and pulled the page that allowed new companies to download iBall. But the passage of the ten day notice required under iBall.com’s customer license agreement had been excruciating. Hour by hour, he watched the company’s bank account plummet. Despite terminating all of the employees and every other obligation that could be broken, iBall.com’s bank account now stood at $0, while its outstanding payables exceeded $600,000.
 
“And who exactly might your client be?”
 
There was a long silence. Then, the formerly confident caller said sheepishly, “If I tell you, do you promise not to hang up?” 
 
The small spark of hope immediately winked out. Still, what have I got to lose, Chad thought. “Sure. Hit me.”
 
Another pause. “The Pangloss Game Company.”
 
Chad felt like he was in a dream. He had been pretty sure that what he remembered about his meeting with Josh Peabody had really happened. But now that he was sitting in iBall.com’s empty company offices thinking he was receiving a call from the game developer that had destroyed his company he wasn’t so sure.
 
“….Mr. Derwent? Are you still there?”
 
“Yeah, yeah, I’m still here. You know, though, it’s the funniest thing. I was pretty sure there I heard you say that the company that drove my company into the ground like a tent peg now wants to make an investment to save it. You are from Nigeria, aren’t you?”
 
“Mr. Derwent, of course this is all rather awkward. My client feels rather bad about the events of the last two weeks.   And as you can appreciate, if there are no more iBall, then there can be no more iBallZapper! games. So if you’re willing to listen, my client is willing to help you get iBall.com back on its feet. That is, if you’re willing to assist it in launching another game.”
 
Chad looked at the stack of unsigned bankruptcy papers, and then at the picture on the wall. For the second time during this strange call, he thought - what do I have to lose?
 
“OK. I’m listening.”

- 0000 - 0001 - 0010 - 0011 - 0100 - 0011 - 0010 - 0001 - 0000 –

 


“Jack Posner here to see you, Josh.”
 
“OK Lynne. Bring him down to my office.”
 
Josh Peabody swiveled his desk chair and looked out over Palo Alto.   Jack Posner was iBall.com’s outside counsel.
 
This was a meeting that Josh would have liked to avoid, and Josh wasn’t used to finding himself in such a position. His lawyer had advised him not to meet with Jack. Better to let iBall.com file for bankruptcy without any input at all from you, he had said, given that TrashTalk would profit so handsomely from its failure. Of course, his lawyer also warned him that iBall.com’s founders might try to sue him anyway for betting against the company and not disclosing it. 
 
So Josh figured the best bet was to meet with Jack. After all, he’d sent business to Jack before, and if Jack knew what was good for him, he’d want to stay on Josh’s good side for the future. It would be smarter to make that point in person than in an email that might look…awkward in the wrong setting. Like in front of a jury.
 
There was a knock at the door. As Josh swiveled around he put on his best salesman’s face.
 
“Jack! Great to see you, old man. How’s your golf swing doing these days?”
 
“Not bad. Funny you should mention that - my firm’s sponsoring a benefit tournament down in Carmel in a month – $5,000 per player. Maybe you’d like to join my foursome?”
 
“Absolutely! You’ve got a deal. Just ask Lynne on your way out to put it in my schedule. Tell her I said to move anything else to fit it in.”
 
Josh motioned Jack towards one of the two couches in the corner of his office.
 
“So what brings you here today? Have a new startup you want me to take a look at?”
 
Jack offered him a small smile. As if Josh didn’t know why he was there. “Actually, Josh, I want to discuss iBall.com with you.”
 
“Sure, sure. Anything I can do to help with the wind down, just ask.”
 
“Good. As you know, I have to act in the best interests of all iBall.com stockholders, and TrashTalk LLP is only one of them, so please keep that in mind. As you always say, business is business, so don’t shoot the messenger.”
 
“Of course,” Josh replied, sitting down. “That’s why I’m always so confident recommending you to our portfolio companies.” He looked at Jack carefully to see if the point had registered.
 
“And don’t think I don’t appreciate it, Josh. Anyway, yesterday I got a call from Chad Derwent letting me know that he and Vinod are planning to bring a law suit against you and each of your Board appointees for breach of your fiduciary duties as directors to the other stockholders of iBall.com. Of course, I pointed out to them that such a suit would be expensive to prosecute, and the way we left it was that if TrashTalk will cause all of its directors to resign, and also give up all of the special rights it holds under the investment documents, Chad and Vinod will execute a full and final release of you, TrashTalk and the other directors.”
 
Jack took two copies of a document out of his briefcase and handed them to Josh. “I volunteered to put together a brief Surrender of Rights and Mutual Release Agreement, and here it is. You’ll see it’s already been signed by Chad and Vinod.
 
"By the way," Jack added, "Chad and Vinod requested that I ask you one last time whether you would consider investing in iBall.com on any terms?"

That was an easy one.  "Absolutely not.  Not on any terms they could possibly offer me."

"That's what I assumed, so I added that in, too."
 
Josh pretended to skim the brief agreement while reviewing the situation to himself. iBall.com was doomed – no two ways about that. All he had to do was wait for the bankruptcy filing he knew Chad planned to file to become final, and he could cash in the policy brokered by TrashTalk’s new VC derivatives startup. If he was no longer a director, he couldn’t be personally be tainted by any actions Chad and Vinod took as the ship went down, and the release would protect him against liability for anything that had already happened. What wasn’t to like about this unexpected development?
 
Josh made up his mind. “Well, of course, the iBall.com story has been a great disappointment for us here at TrashTalk. We put a very large sum of money behind Chad and Vinod and now that money’s all gone. Still, we believe in supporting our management teams even when they make bad business judgments, so no hard feelings from our side.”
 
You miserable toad, Jack thought. He’d read Chad and Vinod’s original business plan, and knew how and why it had changed.
 
Josh continued, “I’m disappointed to hear that Chad and Vinod are having a hard time looking at things the same way, but I appreciate your role in helping them take a more professional approach in this difficult situation.   And if Chad and Vinod think they can do a better job back on their own, so be it.” Josh signed both copies of the agreement, and handed one to Jack.
 
Josh stood up, signaling the meeting was over. “Business is business,” he said, shaking Jack’s hand.
 
“Business is business,” Jack agreed, and turned to leave.
 
Josh was relieved to be feeling like his old, brash self again. Life should always be this simple. He called down the hallway after Jack, “Hey – be sure to tell Chad and Vinod I wish them much success, will you?”
 
Jack turned and gave him a broad smile. “I’ll be sure to,” he replied. He started to turn away again, but then paused and added, “You know, Josh, if I were you, I wouldn’t be too quick to count those guys out.”
 

- 0000 - 0001 - 0010 - 0011 - 0100 - 0011 - 0010 - 0001 - 0000 –

 


“All systems go.”
 
Frank smiled to himself as he read the three word email from Archie. The events of the past week had been profoundly satisfying. Archie had been delighted to have a new game to launch, now that the original supply of iBall was running out. He was even more delighted that Frank was willing to bail iBall.com out without asking him to contribute anything towards the investment. Even Chad and Vinod were on board after they learned that Frank was willing to underwrite their original iBall.com business plan as well as pay off the current bills. 
 
Frank’s new plan was straightforward, at least the part that he was willing to share with Archie and Chad. iBall.com wouldn’t pay people to download iBall anymore. From now on, site owners would have to pay a few cents apiece to get them. They would also have to give permission to iBall.com to gather and aggregate their traffic data.  Site owners would be happy to buy in, though, because millions of iBall fans were just waiting for the new game to begin. What easier way was there to attract thousands of new visitors to your site? 
 
Chad and Vinod were delighted. The coding needed to launch the new wave of iBall was trivial, and they wouldn’t have to pay a dime for marketing. The Pangloss Game Company would take care of that. 
 
The game that Frank had devised to drive the new wave of iBall downloads – and accomplish his real goal - was called the “Lotto iBall Challenge,” and the concept was simple. For the first five days, anyone could download as many iBall as they wanted to display at their site. After that, further downloads would be cut off, and the game players could begin the hunt. This time, the contest would be like a lottery, with the big prizes going to those who captured the code of the iBall with the winning numbers.
 
That was the elegant part of Frank’s plan, although it was Yoda who had provided the inspiration. Frank had puzzled for days over the last clue his mysterious mentor had shared with him:
 
> Your force will be with you if your crowd you let lead you to the source
 
And then it hit him – “crowd sourcing” was what Yoda had been nudging him towards. Frank would never be able to track back to the Project on his own. But why track back at all? If he could get the Project’s malware to unknowingly send an iBall back to its developers, he could use the millions of avid iBall gamers to find that iBall for him. 
 
How? The same way that DARPA’s Network Challenge had set off a national wave of innovative, social media-based search by promising a prize of $40,000 to the first team to report the locations of the ten red weather balloons it briefly displayed around the country at the start of its contest. The winning team, from MIT, had nailed all ten locations in under nine hours. 
 
So unbeknownst to Chad and Vinod as they pushed the new iBall download pages live, and to Archie as he triggered the new game marketing campaign, Frank was finalizing the new files that he would add to his honeypot once the game was well advanced. Those files would include embedded code that would simulate an iBall without displaying one. After all, it could hardly be assumed that The Alexandria Project maintained a web site. 
 
But the Project would have a server on which that iBall code would end up, and an internet connection by which it could be found. The most determined gamers would certainly decide to construct robots to hunt and kill thousands of iBalls automatically rather than locate and zap them visually, and they would know that firewalls would stand in their way that they would have to penetrate. 
 
Could they do it? Well, DARPA had offered only $40,000 in its contest, and that had been enough to set off a frenzy of successful activity. Frank was betting that with a prize of $1,000,000 for The Big iBall at least one of the teams would bring home the one that he was counting on The Alexandria Project removing from the honeypot. 
 
That iBall would be different, though. In addition to “looking” like an iBall to a Bot, it would have location-based capabilities that would allow it to determine where it was as well. Once its code was captured and returned to The Pangloss Game Company, it could be identified immediately as being different from all the other iBall being turned in. When Frank personally analyzed that code, he’d learn where The Alexandria Project – and hopefully the second mystery intruder as well – could be found.
 
But first he would have to wait. It was going to be a very long week.
 
- 0000 - 0001 - 0010 - 0011 - 0100 - 0011 - 0010 - 0001 - 0000 –
 
Josh was feeling good. TrashTalk was getting close to launching a new $600 million fund, and he was looking forward to the new influx of management fees it would generate.  They'd really pushed the envelope this time, asking the limited partners to swallow an extra percent on the management fee - that meant almost another $5 million a year for him and his two fellow managing partners to split up, after sharing some crumbs with their underlings.  Cashing in the $50 million insurance policy on iBalls.com would provide the kind of proof of their exalted status that should seal the deal.
 
Josh punched the button on his buzzing phone with a flourish.  "W'sup, Lynne?"
 
"A reporter from The Register, Josh.  Want me to tell her you're tied up?"
 
"That's OK, Lynne.  Go ahead and put her through."  Josh felt like gloating to someone - even a reporter.
 
"Josh Peabody."
 
"Hi, Josh.  Lydia Sparrowhawk.  Any comment on this morning's press release from iBall.com announcing their relaunch and the cramdown of TrashTalk's investment?"
 
"I beg your pardon?"  Josh was thunderstruck.  He madly punched "iBall.com" into Google News.  Sure enough, there was a press release from iBall.com - and The Pangloss Company as well.
 
"Gosh, Lydia, I beg your pardon.  Somebody just handed me an urgent message.  I'll call you back."
 
Josh read the press release with increasing horror:
 
The Pangloss Company joins with iBall.com to Create World-Class Gaming Partnership
iBall.com to be recapitalized as gamers anticipate new game
 
Palo Alto, California - The Pangloss Company (TPC), the world's leading provider of prize-based game apps, and iBall.com, the leading provider of down-loadable, graphics-based market data collection software, today announced they have entered into a strategic partnership that will set the stage for a new level of on-line gaming.  Under the partnership, TPC will acquire 85% of iBall.com in the form of a new class of super-priority preferred stock.
 
TPC and iBall.com also announced the launch of an innovative new global contest called the Lotto iBalls Challenge, featuring a $1 million prize for the lucky gamer that captures the winning iBall.
 
"We're unbelievably excited here at iBall.com," said iBall.com CEO Chad Derwent.  "Unlike TrashTalk, TPC truly gets our vision.  And with the unlimited financing that TPC brings to the table, our long-term success is assured."
 
Josh quit reading as his blood ran cold.  An 85% investment, plus, he was sure, a new option plan would mean that TrashTalk's stake must be down to maybe 5%.  And if TPC had really received a super-priority stock, TPC would get several times it's money back before TrashTalk would see a dime.  TrashTalk had just been crammed down so hard its $50 million stake was currently worth almost nothing.
 
Josh quickly dialed up the CEO of VC/Derivatives, the TrashTalk portfolio company he was counting on to bail him out on the iBall.com investment.
 
"Hey, Jeremy, Josh Peabody.  How are you?"
 
"Great, Josh.  What's new?"
 
"Well, you know, somebody just asked me how the terms would work if we cash in on one of your VC policies.  If we ever had a big write down, we could just call you up and get paid, right?"
 
"That doesn't sound right to me, Josh.  But Jack Posner happens to be right here in the conference room with me, and he wrote the claims language.  Let me put him on."
 
Josh struggled to make his voice sound normal, but he could feel the noose tightening around his neck.  "Hey Jack, small world.  I'd forgotten I lined you up with VC/Derivatives.  So to repeat my question to Jeremy, all we have to do is show VC/Derivatives the basis for a write down and they'll pay up, right?"
 
"Of course not, Josh," Jack replied in a measured voice.  "We'd never do such a poor job of writing a policy for a startup you invested in.  The company that you buy insurance on would have to declare bankruptcy and be liquidated first.  Otherwise, how would you know that you would end up losing anything?  As long as the company's still alive, it could turn out to be the next Google some day."
 
Jack thought he might be hearing a faint gurgling sound from Josh's end,  but that was it.  He could have left it at that, but hey, life was short.
 
"Bummer about iBall.com and The Pangloss Company, huh Josh? 
 
Silence.  Why not give the knife a final twist?  After all, this couldn't be happening to a nicer guy.
 
"I guess it's just like you always say, though.  Business is business."

Carl can't follow Frank on the run, but you can, on Follow
Adversego
on Twitter

          Email this chapter to a friend

Email the first chapter to a friend

Read the `last chapter

       Read the first chapter

 

 

Comments

Permalink

"As Josh swiveled around he put *o*n his best salesman’s face."

 

You tripped the filter again:

"Josh was relieved to be feeling like his old, *censored*y self again."

 

I am still trying to figure out how Frank's application is intended to work ;-)

 

Rob

Winter,

 

Thanks for catching the glitches.  On the location side, i thought of providing some clues about how that might be done, and then decided to leave it to peoples' imaginations.  Here are some clues, though:

 

-  the iBall couldn't be an actual GPS receiver, because while the work of such a device is done by software, it still needs an antenna, which of course would be missing.

 

-  that said, the iBall payload wouldn't necessarily have to be able to identify it's location, so long as it could locate other local resources that have a location, and know what that location is.

 

You should be able to figure something workable out from there.

 

  -  Andy

Very smart to leave things up to our imagination. Cory Doctorow advised as much in an interview in the Command Line podcast.

 

The finder (bot) of the document has accessed the store. The finder will run the iBall (javascript?) code. Most likely in on their personal machine. If you are REALLY lucky, the iBall code is run on the actual machine with the file. However, this would require the finder to be logged in on the target machine. Not really necessary.

What the finder, and thus, the iBall code, can see is:

- IP address of the store and/or URL

- Directory name

- Directory path upto the server root?

- Server software name and version (http/ftp/ssh/telnet), language setting, character settings

- Other files in the store

 

You can track IP addresses to an ISP, and then to a location.This can be done with whois (not very informative), but also by traceroutes of connections. In this you get map out the complete path to a certain IP address. The intermediate servers tell you something about the network connections of the target computer. The idea is, that any computer will be reached from gateways nearby. Where "nearby" will often be geographically close. For instance, your blog is hosted by inmotion (both from whois and traceroute).

 

We cannot assume that the Alexandria Project will draw back the stolen documents directly to their home servers. Especially when they use a botnet themselves. They must have thought about tricks like Frank is performing.

 

So, like other botnet operators, they could store copied documents in caches on public and hacked computers. These caches will then be accessed anonymously by the operators to look what they caught.

 

This actually increases Frank's chances. The main computers of the Alexandria Project are bound to be heavily guarded and protected. However, caches on public or hacked computers will be less protected out of necessity. (heavy cryptogtaphic protection will interfere with the stealth needed to hide the operator on the hacked host)

 

A (very) public server, like Facebook, Google, or Yahoo is even better than some lone zombie computer. It is possible to track all those who try to access some hacked computer as there will be few (or only one) link trying to acces it. However, any account on Facebook can draw massive numbers of visitors who are very difficult to track all. Like you showed with the hidden messages from Frank to his daughter.

 

On the other hand, Frank might be lucky, if it fits your plot, and get hold of the IP address of one of their computers ;-) You can make this as complicated as you like.

 

Winter

 

 

 

In reply to by Winter

Permalink

Winter,

 

I'm thinking that the hackers might not be well defended on their home servers at all.  Instead, they may just assume that the cookie crumbs would be hard to trace back through intermediate way stations. 

 

Also, note that the danger they would anticipate would be something planted in a file they brought back trying to send back a message - and not a file that instead could be found using hacker, as compared to forensic, means (i.e., they wouldn't expect hundreds of different bots searching for that file).

 

Note also that there are other extra-network ways for the iBall to figure out where it is, either in a general or more specific way.  For example, what's the local time for that server?  What language are some of the displays written in?

 

Perhaps also there's a WiFi router as part of the system, with laptiops logging in to them.  More opportunities to be found.  Perhaps there's an iPhone, with location based apps communicating with it.  What city is that pizza parlor in that it just accessed?

 

And so on.  And Frank is a very clever guy.

 

  -  Andy

In reply to by Andy Updegrove

Permalink

I found some papers on how to measure Round Trip Times and modeling connection related delays. Obviously, none have used it to estimate geographical distances. But that is the genius of Frank :-)

 

The first paper reports below 0.01ms resolutions, ie, <2 km fiber lengths. Impressive!

 

Sorry, the spam filter refuses URLs, use Google to find the links.

 

Network Radar : Tomography from Round Trip Time Measurements
Yolanda Tsang, Mehmet Yildiz, Paul Barford, Robert Nowak

 

New Methods for Passive Estimation of TCP Round-Trip Times (2005)
by Bryan Veal ,  Kang Li ,  David Lowenthal

 

Variability in TCP Round-trip Times
Jay Aikat Jasleen Kaur F. Donelson Smith Kevin Jeffay

 

Variability in TCP Round-trip Times
Jay Aikat Jasleen Kaur F. Donelson Smith Kevin Jeffay


Modeling TCP Latency
Neal Cardwell, Stefan Savage, Thomas Anderson

 

Winter

In reply to by Andy Updegrove

Permalink

Winter,

 

As always, thanks for all of the very helpful ideas and technical information.  Here are some responses:

 

>if the collectors would simply store the files in a computer without an active web server connected to them, this would not work. You might have reasons to think they actually DO put them on-line on an active web-server. Then, all your other options are indeed possible. I simply did not get more than read-only access.

What I had in mind was that to a game player-designed crawler, the bait iBalls would look like a normal iBall.  But after that, they'd be entirely custom, designed for the purpose of determining the location of Alexandria Project.  My assumption, perhaps erroneous, was that a crawler would go for the server on which the Web site was hosted, and that it would find its way there looking for the code, whether there was actually a Web site associated with the iBall in question.  Perhaps that's not a technically reasonable assumption.

 

>Note that Frank can break into the server later on anyway. If he has the IP address, he can get into the computer and dig up all the information himself. He does not need to restrict himself with what the iBall sends back. He only needs the IP address to get into the server himself.

 

The goal may or may not be to find the Project's computers (i.e., to disrupt them).  Eventually, the CIA, of course, wants the Project people themselves.  So from that assumption, the home-base location of the laptop in the lap of the ringleader is the really important information.



>5 The iBall code requires the server IP address (this is a rule of the game if you want the price). Note that Java(Script) execution does not allow access to client side files or media, but does allow access to the originating server. The script will be able to reach back into the server that stored the file.

 

As noted, Frank may be less interested in the IP address of the computer than the street address.  As you note, finding that street address with precision from an IP address may be tough.  But what your comment makes me think of, which is really useful, is this: why not put the geographical answer out there to the crowd as well, and say that it's needed for confirmation, since someone could also randomly generate numbers trying to guess the winning number?   That sounds like a keeper, and I'll work that in

 

  -  Andy