An Open Door

architecture-daylight-door-239853

Whereupon we get introduced to our main characters, reflect upon the ease by which skids could cause trouble, and ruminate on the morality of ethically motivated gray-hat hacking,

I texted 8bit as soon as I arrived at the front door of his apartment; the bottom floor of a creaky blue two-family house between Harvard and Alewife. He often wore noise-cancelling headphones while coding, and both knocking and shouting had proven ineffective at getting his attention. Fortunately I’d only had to climb in through his window once, when a cold New England winter day had depleted my phone.

“Hey Marcus!” 8bit greeted me with enthusiasm as he opened the door and waved me inside.

“Alan, how are you?” I replied. Using his real name in public was part of the Opsec cadence he’d insisted on, even though he preferred his hacker name for our private conversations. I humored him, even though it was a bit of a joke since I was sure he used an entirely different, and secret, hacker name for his gray hat work.

“Did you find parking?” he asked me with a smirk.

“Yeah, I used your fake visitor’s pass in a residents-only spot.” 8bit only had one legitimate visitor parking pass, so he’d forged multiple copies and distributed them among his friends. “You do know that I only use it when I visit you, Alan, not anywhere else in Cambridge.”

“I’m sure that’s the truth, Marcus.”

I nodded, but moved on. 8bit and I had slightly different moral compasses.

“So 8bit, have you read about this VPNFilter malware? Looks like FancyBear is at it again, and this time it’s using an interesting combination of ways to reach its C&C…”

“Yeah, I’ve read about it. I don’t know why they’re going to so much trouble.”

“What do you mean?”

“There are tens of thousands of home routers with default creds, all easily accessible. I’ve been working on a project around this”.

Now I was curious; 8bit’s “projects” were usually technically interesting although ethically dubious. I raised my eyebrows and opened my hands, palms up.

“Do tell!”

He smiled, and guided me over to his workstation, where we sat down.

“I built a bot that, um, encourages people to change their home router password”

I looked over his shoulder at the screen, trying to make sense of it.

“ShodanFogelberg? Jeez 8bit, that’s the corniest codename I’ve seen since ‘Dark Blockchain’, and that one was invented as a joke!”

8bit waved me off.

“You know I have retro taste in music. Let me tell you what it does. My bot is running on a, uh, server in Thailand, and..”

“Thailand?”

“It’s actually a webcam, but look, I’m keeping my CPU utilization on it to less than ten percent. Anyway, my bot finds home routers on Shodan, and then iterates on them trying out default credentials based on router model.”

“OK….” I started.

“So then I temporarily change their DNS settings to the webcam, where I’m running my own recursive server. For 3 minutes I point all their requests to a warning page, telling them to change their router password. Then I change their DNS settings back to what they were. Oh, and I include a link to their router’s step-by-step instructions. Cool, huh?”

“8bit, this is pretty illegal. You’re using a hijacked webcam and modifying people’s home routers without permission…”

“Marcus, how can you argue with this? This is a demonstrably positive outcome, and I’ve got data to prove it! Forty percent of these people change their password within ten minutes. In two weeks of limited tests I’ve gotten over three hundred people to change their router passwords from the default. Even your goody-two-shoes nature can’t argue against this!”

“Alan, I agree that the outcome is positive. But this is blatantly illegal!”

“Yes, it’s illegal. But so is speeding when you drive someone to the emergency room! Three hundred people are now safer online, and no one got hurt. I feel very good about this, even if you think I’m a lawless vigilante.”

I moved away from the computer, and sat down on 8bit’s worn leather sofa.

“Alan…I respect you for your goals. And your technical skills of course. But I don’t agree with your methods.”

“Are you going to turn me in to the FBI?” he asked, but not seriously. He already knew the answer. I laughed and shook my head, then frowned.

“No. Not for this.”

8bit turned and put a hand on my shoulder.

“Don’t worry, man, I’ll never cross that line, I promise you. But anytime you want to work together, I’m ready. Remember our slogan? ‘Always Do Good. Never Do Harm. Vigilante Hackers Unite!’ Hey, I have a present for you!”

8bit retrieved a small white package from the other room, and handed it to me. I carefully unwrapped it, and like a reverse magician pulled a hat out of the paper. It was a black baseball cap, with white lettering stitched onto the front: Pr0tonFlux. My old hacker name. I held it in my hands, feeling the deep warmth of our friendship in my chest. But I didn’t put the hat on.

“Alan – 8bit – thanks for this, it means a lot to me.”

Then I handed it back to my friend.

“But keep it here. I’ll let you know when I’m ready for it.”

# # #

As a writer, I like both both these characters for different reasons. 8bit is one of those super-smart but slightly arrogant (and slightly lazy) people. He’s also less encumbered by ethical constraints than is Marcus, which will lead us to some dark and winding pathways in future stories. While Marcus’ technical skills and work ethic are stronger than 8bit’s (one minor source of contention between the two), he’s also more ethically grounded, which will be a significant source of conflict in our stories about these two. And yet, this story asks a question – will Marcus wear his black hat again? And if so, why?