Tweet

Cory Doctorow (@pluralistic@mamot.fr)

Apr 20 • 46 tweets • 10 min read Twitter logo

@latimes

My next novel, *Red Team Blues*, is nearly here! I start my tour on Saturday, with two appearances at the @latimes #Bookfest:

events.latimes.com/festivalofbook…

1/

If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

pluralistic.net/2023/04/20/lin…

2/

To kick off, I'm serializing chapter 1. Meet #MartyHench, a 67-year-old, hard-charging #ForensicAccountant with 40 years' experience busting Silicon Valley's most eye-watering scams, and learn about his last case - recovering a billion dollars' worth of crypto secrets.

3/

Here's the previous installments:

Part one:

pluralistic.net/2023/04/17/hav…

Part two:

pluralistic.net/2023/04/18/cur…

Part three:

pluralistic.net/2023/04/19/wha…

4/

Here's where US readers can pre-order the book:

us.macmillan.com/books/97812508…

Here's pre-orders for Canadians:

services.raincoast.com/scripts/b2b.ws…

And for readers in the UK and the rest of the Commonwealth:

uk.bookshop.org/p/books/red-te…

And now, here's today's serial installment:

5/

"We built the system to be secure. You know me, I’m a paranoid old creep with a dirty mind, so everything I did, I did right.

6/

"The keys were on an air gap system. I bought that system myself off a pile of boxed HP laptops at Fry’s just a couple of weeks before they closed their doors for good.”

“Rest in peace.”

7/

“It was time. But back when you could go into Fry’s, you could pick up a laptop sealed in shrink-w rap, carry it yourself to the cashier, pay cash for it, and walk out, stopping only to show your receipt to the poor door-checker.

8/

"Then you could take it to the data center, badge into the clean room, lay out your workbench, unscrew that sucker, and remove every single network interface with a pair of pliers, not just snipping the traces but ripping them right off the board.”

9/

“Lucky you didn’t snap the board.”

He grimaced. “I did. I bought three of them so I could take a mulligan or two if I needed it. I only needed one spare, as it turned out. Then it went into a safe, a good safe, rated for three hours.

10/

"There’s a watchman who makes physical rounds of every safe room, every two hours. And I locked up the BIOS with a hardware token. Steal that laptop, you’d still need my token.”

“And yet . . .”

11/

“You know how they say anyone can design a security system that he himself can’t figure out how to break?”

“Schneier’s law.”

“Schneier’s law. Yeah. Someone smarter than I am figured it out.”

“The watchman?”

12/

“No, though he might have been in on it. They fired him. The safe was opened, the laptop was gone.”

“And the hardware token?”

“You’ll love this.”

“I can’t wait.”

13/

He tugged his forelock and adopted a broad Cockney accent that would have embarrassed Dick van Dyke. “Guv’nah, I was pickpocketed, so I was.”

“I don’t believe it. Pickpocketing is supposed to be a dead art. Who was working the scam, Apollo Robbins?”

14/

He shrugged. “I don’t reckon so. But yeah, there’s plenty of Vegas acts that do pickpocketing stuff, and there’s a pretty big YouTube competitive pickpocket scene with tutorials. Plus, there’s the European talent, a lot of it, never really died out there.

15/

"Covent Garden is like a plague reservoir for the pathogen, and you get an outbreak every year or two.”

“You had the hardware token on your key ring?”

16/

“That day, I did. I’d been in the data center. Then we went to dinner. Hydra. The prix fixe. The chef’s table is nice, but the taster menu gets you the octopodi. Someone bumped me between the data center and my front door.”

17/

“Oof,” I said. “Did you have to ring the downstairs neighbor’s doorbell and climb out on their balcony?”

“Don’t be stupid,” he said. “In the first place, Sethu has her own keys. In the second place, the outside doors here are locked and armed when we’re AFK.”

18/

I’d noticed the locks on the outside doors, and the break sensors, and the cameras—both the covert and overt ones. There were probably some I’d missed.

19/

I wouldn’t put it past Danny to have a lidar rig in the shrubs, something to help the system distinguish between cat burglars and house cats.

20/

“The watchman from the data center,” I said. “That’s your guy. Probably not the mastermind, but he’ll be the key to it all.”

“Looks like they socially engineered him.

21/

"Matched him on Tinder, messaged him, *Oh, is that where you work? I’m just around the corner—want to meet me for a quick boba tea?*”

“Catfished. Honey trap.”

He sighed. “Yeah. It was a good one.”

22/

“You reported the theft?”

“The insurance company will pay for a new laptop, which, frankly, I don’t need, because I already have the spare I bought when I was going through the whole rigamarole to set up the air gap. But that’s not the valuable part.”

23/

“No, it isn’t. How about the keys?”

“Yeah, how about them?”

“First, have you warned your source that you lost them, so they can tell Apple and Samsung and all the other manufacturers that rely on those secure enclave chips?

24/

And second, have you warned your users that their money isn’t safe?”

He looked over at Sethu, at Palo Alto, at his lemonade glass, and at the clouds in the sky. Long looks. The silence spoke volumes.

25/

“How much money is the Trustlesscoin ledger worth, Danny?”

He looked me dead in the eye now. “About a billion.”

We’d already been talking about trillions, so I shouldn’t have been shocked.

26/

But tech founders are always throwing around big numbers, and I’ve developed the mental habit of knocking a few zeroes off any claims about “total addressable markets.”

27/

Trustlesscoin was the new crypto on the block. My unconscious estimate of its value was in the low tens of millions, which is also a big number, but not a billion.

“A billion here, a billion there—”

He cut me off. “Pretty soon, it starts to add up to real money.

28/

"Yeah, I know, Marty. Don’t joke, you’re not good at it.”

“When did you lose the keys?”

29/

He checked his watch—a mechanical one, not ostentatious, a wartime Rolex, from when men’s Oysters were the size of a nickel, not giant tourbillon monstrosities that cost a million bucks and looked like a poor man’s idea of a rich man’s watch. “74 hours and 30 minutes ago.”

30/

“Give or take.”

“You’re not good at comedy, Marty. We’ve established that.”

“What fallout has there been?”

“Not much,” he said.

31/

“In fact, maybe none. We have a pretty good statistical picture of what normal Trustless transaction activity looks like, and nothing has rung the alarm bells yet.”

“Yet. But maybe not ever. Maybe they can’t figure out how to exploit what they got.”

32/

“Or maybe they’re biding their time. Or running an old- school salami-slice grift, shaving a lot of pennies, getting ready to cash out.”

“Can you block that? They have to convert Trustlesscoins into fiat to get away with it, right?”

“They do, but we can’t stop them.

33/

"We’re on every major exchange, not just to other tokens but also a bunch of different kinds of fiat and stablecoins. How do you think we got to a billion dollars so quickly? Trustless is both highly liquid and highly efficient. That’s why it’s the future of finance.”

34/

“And money laundering.”

For a second, I thought he was going to throw his lemonade glass, dash it to the cool flagstones of his roof garden. He took a deep breath and then another and then set the glass down.

35/

“And money laundering. Marty, stop fucking with me. I am keenly aware that there are money launderers using my service. That has been apparent since the start.

36/

"Some of these money launderers are very far away and would struggle to reach me if my technology did something to upset them. Some of them are closer.”

He shook his head violently. “Marty, I am shitting bricks here.

37/

"There’s another shoe getting ready to drop, and when it does, I’m going to go down with it. Hard. I’m not just talking about losing my reputation and my fortune, I’m not just talking about ruining the life of that woman over there who dragged me back from the brink.

38/

I’m talking about being targeted for physical violence by unreasonable, sadistic, powerful criminal men who amassed their fortunes by spilling an ocean of blood and who cannot be placated. Nor can they be fended off, not unless I want to live my life inside a bunker.

39/

“I don’t know who stole those keys, Marty. I shouldn’t have had them in the first place. I am now in a position where everything I hold dear is on the line, and so I called you.

40/

"You and I go way back, you’re my friend and I trust you, but I didn’t call you to cry on your shoulder.”

“You called me because you think I can get the keys back.”

“Bullshit. I called you because I’m desperate. I don’t think anyone can get those keys back.

41/

"I think that inside of a month, everything I care about will be in ruins. Major technology platforms that depend on secure enclaves for things way beyond Trustlesscoin will be exposed because of my recklessness, and they will be fucked.

42/

"Secure enclaves are designed to be tamper- proof. You try to take one off a board the way I did with those air gap laptops’ network interfaces and you render them permanently inoperable. They can’t be field updated. They have no flashable BIOS.

43/

"A vulnerability in a secure enclave is permanent.

“But the trillions of dollars in damage that I will do to the largest tech companies in the world will not worry me, because I will either be on the run or dead. Not a good death, either, Marty.

44/

“So I called you because before that happens, I plan on exhausting every avenue of mitigation available to me.”

“If I recover them?”

45/

He snorted. “You do that, you might save my life and rescue a third of the top performers on the S&P 500 from their worst earnings call since the Great Financial Crisis.”

eof/

• • •

Missing some Tweet in this thread? You can try to force a refresh