Going to California

Life by the Valley — 9.4

Radar, our vulnerability-scanning project, still slogged along. But as the news began to spread internally about the impending buy-out and take-over and break-up, the slow-downs we’d already experienced were only amplified. We started spending more time talking about what might happen, or whether or not something was going to happen, than we did doing work. And in the face of uncertainty, when one of the possibilities was the whole thing closing down and everyone losing their jobs, a lot of people left.

Pretty soon, I realized it’d been a few weeks since I’d seen any of the Lear jet pilots in the kitchen. They’d all gone. One of our smartest guys, the lead on our work for Yahoo, actually moved on to work there with Arturo. To be fair, anyone who can glance at a slew of encrypted messages and realize that the crypto is super-weakly implemented probably deserves more money than we could pay. My team quickly lost its UI developer and our main back-end hacker. We had more and more empty offices.

It seemed like every day, just a little bit, the composition of our adventuring party changed — first by attrition and then, a month later on the other side of the deal going through, we began changing again as we brought on board the people who would help us grow out into the tech start-up it seemed we were destined to be. That is, provided Taher could scare up the money.

“Oh,” said Phil, who’d moved his office upstairs and started wearing nicer shirts, “he’ll get the money. For years, people have been begging to give Taher tens of millions of dollars. Look: the man did SSL at Netscape. The question is, what do you want to do with tens of millions of dollars, beyond spending it?”

“Pay us to do cool things?”

“Naive. But I like your style. Unfortunately, in order to get tens of millions of dollars, you need to be able to express your value very crisply, preferably in a story ending with the delivery of large, fresh stacks of real paper money.” He winced slightly. It wasn’t much, but it wasn’t an expression I associated with him.

“What?” I asked.

“We have several internal projects, but we’re probably going to have to pick one to make a company out of. It may not be ours.”

“What? No one wants to care about how to run a scanner. Most people don’t even want to know their security profile.”

“You ain’t selling me on our chances, mate.”

“But if we let people know we can do it for them, and what good it’ll bring them, they’ll pay for it.”

Phil nodded.

“Does this have anything to do with Brad?” The Packet Storm manager was back out in Hong Kong again, partying with the detectives, last I’d heard. As we pressed forward into future plans, it would’ve been great to have had good help, and the Packet Storm team could clearly help, but Brad wouldn’t let us disturb them with anything. We saw them every day, hanging out in their dark little lab, speckled in disco-ball light, doing whatever.

“You’re friends with them,” he said. “See if you can get them to step up.”

“I did, actually. I got them all in a room to talk about projects we could work on together, and whether they had any good ideas about cool ways to move Packet Storm forward.”

“Promising. And?”

“They had a great idea: get a bunch of young people, over-excited college-age kids, and get them to recategorize all the files on the site. I told them I thought that was a good idea.”

“They didn’t realize that was the idea we already had, which is why they were hired in the first place?”

“They seemed to genuinely fail to understand that.”

“Pity,” he said. “Do they actually do any work?”

“Two of them do. The other two, I’m not sure.”

“Can’t you get them to do anything?”

I sighed. “You heard of Nessus?”

Now Phil sighed. “Yeah?” he said. Nessus was a new open-source scanner that had just launched. It was free, and not many people had heard about it yet, but if they could keep up delivering vulnerability data then it could seriously threaten the chances of Radar ever launching.

“One of the Packet Storm guys asked me why we were still working on Radar. I asked him what was so great about Nessus, so now he wants to set it up and see how it works. He doesn’t think there’s any real value in running scans anyway since the good vulnerabilities all take way too long to be made public, so people already would’ve been exploited —”

“I get it. So you got him to look at the competition. Let me know how it goes.”

I usually got to work before most people. I was working more slowly than ever, and showing up early at least let me appear more diligent. A scan would have shown me to be vulnerable.

It wasn’t too surprising to hear the oonce-oonce pounding out of the Packet Storm lab, as it’s easy to stay up all night on that much Red Bull, but it was curious-making when I saw one of our young Chicago hacker dudes slumped down in his office chair, the very picture of dread and regret.

“What’s up?” I asked.

He kept staring off into space.

“Hey,” I said. “What’s up?”

He looked up at me. “Ran that scanner, man.”

“Uh huh?”

“We’ve got eight IPs in a half-rack at one of our little colos.” A colo was a co-location facility: one of many large warehouses with fat data pipes and backup power and a lot of air-conditioning. Think of these places as where the Internet actually lives. An IP is an address that uses the Internet Protocol to receive sprays of data from other addresses, likely sending their own sprays of data in response.

“Now, because I helped set them up,” he said, “I know that we’re only using four of those IPs. But when I scanned, I got responses from five hosts.”

“Does one of the machines have more than one interface?”

“No. Nessus reported the domain name lookup results for each host.” He pointed at his screen. “It’s not one of ours.”

On the screen was list of five hosts. Quick warning: These weren’t the actual hosts on the screen, but this is what the information looked like. One of those things really did not look like the other. packetstormsecurity.net mail.packetstormsecurity.net incoming.packetstormsecurity.net xxx4uuu.com files.packetstormsecurity.net

“Holy Jesus,” I said.

“I don’t know what that box is doing,” he said, turning back to a terminal window, “but it’s nasty.”

“You really don’t have to show me.”

He kept typing. His phone rang. “Hello? Yeah. No, Derek’s here. Uh huh. Okay, so what do you got?” Covering the phone’s mouthpiece, he told me, “Lineman just got to the colo. It’s super loud in there so we have a hard time hearing each other. He just got to our rack, there’s an extra machine there.”

“Okay,” I said.

“What?” he called into the phone. “Nothing? No open sessions? What kind of bandwidth is it using, any idea?” His mouth fell open. He looked at me and said, “Motherfucker.”

“What?” I said. He pointed back toward his terminal window, where he’d run his own quick lookup of the host, which can also return such useful information as the name of the person who owned that domain name.

It was Brad.

“Probably set it up last month when he was back out for a couple of weeks,” he told me. “Dude has access to the colo, he could’ve done it.” He turned back to the phone. “What kind of machine was it? 3com? No way it that one of ours. Way too rich for our blood. Pull the plug, man. Totally, it’s not one of ours, unplug it.” He twiddled on his keyboard. “Yep, it’s down. Yeah. Okay, see ya.” He kicked back in his chair, steepling his hands over where his belly might have been had he been eating more than individually packaged cheese sticks. “So you’re right,” he said. “That Nessus thing — it’s pretty good.”

“You’re back to using cell phones?”

“For some things.”

“For this?”

“Sure. It’s just Brad. He’s an asshole, fuck him.” He pointed at me. “You guys, you’re cool. We like you.”

“You should tell Phil everything when he gets in.”


I thought about it. “What kind of machine was it? A 3com box?”


“And what did the Nessus report say?”

He scrolled down in a window. “Clean. Tight. Locked-down.”

“For all his talk of being a hacker, could Brad have done it?”

“No way. It’d have taken one of us to do it.” He narrowed his eyes and said as if correcting himself, “Well, it’d take either me or Lineman.”

“Or Tom,” I said.

“I guess Tom could do it, yeah.”

“A little while back when Tom got back from Hong Kong, Brad had a server sent to him from our client, 3com, with instructions to nail it down tight.”

“You’ve got to be kidding.”

I stepped away from the door frame on which I’d been leaning for too long.

“Tell Phil,” I said.

Later that day, I swung by the Packet Storm lab but it was locked and quiet.

“Hey,” I said, sticking my head into Phil’s office.

Phil radiated what I saw for a moment as a sort of yellow, sparkling energy. I think it was the purest expression of joy I’d seen up to that point in my life.

“Come in,” he said. “Close the door.”

I sat down.


2 thoughts on “Life by the Valley — 9.4

  1. Theo Posselt says:

    very cool!  Your corporate hijinks are much more exciting than my.  Tales of people getting fired for expense abuse don’t really match people putting up porno servers in the colo while the company melts down…


Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s