Bricked

My heart crashes when I see the villainous barista behind the counter. It’s not the kind of crash where my heart simply abandons its duty. It’s the crash of a toddler who's just learned that skipping exists and promptly trips and bashes their head into a piece of furniture. This barista is not my barista. My barista is Gary. That slightly overweight brown-haired guy is not here and this is a sign that my life is likely in very real danger. Gary and his extremely punch-able face are not behind the counter waiting with my usual. Gary’s not here to deal out an overenthusiastic greeting, hand me my coffee and send me on my way. I’m frozen, like a computer weighed down by too much input. The petite brunette behind the counter is either going to serve me a delicious handcrafted coffee based beverage or pull a Ruger 1911 and blast me into the afterlife.

It’s best not to freak out in this kind of situation, but it’s difficult not to imagine myself taking my last sputtering breath on the grimy floor of a coffee shop in Boston. The rain drumming on the windows is like static. I scan the room. I’m the only customer. She couldn’t ask for a better opportunity if she begged for it. Everything else is the same as it has been for the past 360 days that I’ve been coming here. I’d know because I keep track of every cup, pillow, and overly violated magazine in this place. Nothing stands out as being unusual or out of place, except for the girl behind the counter. She’s patiently waiting for me and I’m standing here clutching a dripping umbrella and stupidly examining the coffee shop as if it’s the first time I’ve ever seen such a thing.

“What can I get started for you?” Sonja asks. I expertly deduce that this is her name. Also, she’s wearing a nametag.

“Umm. I’m not… Where’s Gary?”

Did this diabolical barista notice the quiver in my voice? I can tell from the look on her unusually beautiful face that this wasn’t the response she was expecting.

“Gary?”

“Yeah the barista that–”

“Oh, Gary!” She says with a smile. “Sorry. I’m new here and I’m just getting to know the names–”

“He knows you’re new dear.” It’s Susan, an older lady who’s been working here with Gary everyday that I can remember.

“He’s a regular. Here.” She reached across Sonja and punched her fingertip against the screen of the till several times. I couldn’t see precisely what she was doing from my position. For all I know she could be entering in my usual order. Or those muffled thuds against the screen could be an encrypted message that’s sent to her superior stating that the job is about to be… executed.

Sonja and Susan. Could they really be working together? I mean, as assassins, not baristas. Susan has been here every day for the past 360 days and I never once suspected a thing. It’s not possible. I have to relax. Play it cool. This is merely a bug in my faultless programming. My daily routine that’s entirely consistent.

“We’ll get it out to you in just a minute.”

Susan starts whatever sorcery she does that makes the best coffee I’ve ever tasted and the reason why I come here every day. Under my plain clothes is an abdomen holster that grips my stomach as I take a seat. It’s custom made for holding something much more valuable and dangerous than a firearm. I face the counter, sinister Sonja specifically. She makes threatening gestures by wiping down the countertops, refilling napkin dispensers, and completely ignoring me. Am I overthinking this? Could this young woman simply be a barista? I’m second guessing my gut instinct that’s kept me alive. That instinct is telling me not to lose grip on reality. Not to forget about my contract that’s ending in just fifteen days.

Now is not the time to get lazy. Laziness is humanity's greatest security risk. It's what makes ‘123456’ the most commonly used password, followed closely by ‘123456789’ and ‘12345’. Laziness is also what allowed the launch code for US nuclear ballistic missiles to be ‘00000000’ for two decades. Yes, for twenty years the most destructive weapons imaginable were secured with a password your grandmother could crack. The codes were supposed to be changed on a regular basis in order to prevent any unauthorized entities from initiating launch. But they weren’t. In fact, the launch crews were instructed, via an internal checklist, to double-check that the control panel in their underground bunker showed no other digit than zero. True story. Look it up if you don’t believe me.

We’ve all had to come up with a password at one point or another. It’s an inevitability of our digital age. And out of slothful stupidity, most people use the same password that they’ve always used across multiple accounts. Hopefully not ‘qwerty’ or ‘password’, the fourth and fifth most commonly used passwords. Those with a little more aptitude go along with the required format that most platforms deem necessary. You probably know it. It’s usually a certain number of characters, typically eight or twelve and it has to include a number and a capitalized letter. This makes sense. If you have an eight character password that’s made up of only lowercase english characters there are 13,884,156 possible combinations. By adding uppercase letters and numbers you bump up the possible passwords to 8,361,453,672. Throw in some special characters and presto, you've got yourself quite the password.

Over eight billion possible combinations sounds pretty good. There’s no way a malevolent actor could reach into a hat, pull out a random combination, try it and do that all over again eight billion times to log into your bank account and steal your pathetic balance. It's pathetic because you're lazy in this scenario. What most don’t understand is that they actually could do that very thing with the processing power of today's computers. But they don’t have to. You likely chose a human readable password.

Slacker.

You used whole words because it's easier to remember, and lazy, and that means it's way easier to hack and it's way easier to hack because of a now defunct company named RockYou. RockYou made a bunch of crapplications for your favorite social media platforms. They also stored all of their 32 million users' passwords in plain text. Bad move. Also lazy. It hurts just thinking about it.

That meant that anyone with access to their database had access to actual usernames and passwords. This isn't usually the case because it's such an unbelievably bad idea. Did I mention lazy? Most databases like these are encrypted. But the RockYou database wasn’t and it was downloaded and shared around faster than acid at a rave. Soon, the hackers realized that they had something much more valuable than access to photos of random people's lunch, selfies, or their cats. They possessed in their grimy little hacker hands a stupidly huge sample set of passwords. It was a list of millions upon millions of actual passwords that actual people use. Passwords that they could use to brute force their way into any account they wanted, given enough time. True story. Don't believe me? Look it up.

After all that they could simply wait for you to give them your password. Hackers have a device commonly referred to as a drop box, which they plant near your home or office that can perform a man-in-the-middle attack. It's pretty simple. Imagine that in order to log into a bank account you would have to mail a letter with your username and password to the bank. That's kind of the way we do it in reality, but it's through the internet. You place your mail in your mailbox and pop that cute little red flag up letting the mailman know he's got some work to do. That's when I, the dropbox in this scenario, snatch the mail from the mailbox, open it up and write down the information it contains. I then seal up the mail and deliver it to the bank and you're none the wiser.

How do I know all this? It was my job to know. In the early 2020s my daily workout routine consisted of consuming excessive amounts of caffeine and reading up on the most recently discovered zero day exploits for everything from uranium refining facilities to your wifi connected coffee maker. I’d also include a bit of light reading on the latest developments in the narrow field of psychological deception. I know how every lock is picked, how every coding bug is manipulated, and how that fat gray blob of gnarled tissue inside our skulls lies to us every day. It was my job to know the theoretical cheat codes for everything and that’s because I worked as a penetration tester. It isn't as dirty as it sounds.

It's a pen testers job to attempt to gain access to a client company's sensitive information in order to find flaws in their security. To find where people have been lazy. While working the best and unfortunately rare jobs I was given free reign and a preemptive pardon by the owners of the client company allowing me to do whatever a malevolent actor would do. And I mean whatever they would do. I could and often would break into their buildings, steal company vehicles, and in even rarer cases, do things that could interrupt their money making operations. Those jobs, the best jobs, were meant to be as realistic as possible and it was an adrenaline rush every damn time. But the most common jobs were mindless and I could only glean a certain amount of excitement from tricking yet another middle-aged divorcee into clicking on a phishing link disguised as ‘hot young blondes in your area’ and I needed more.

So I took the logical step of becoming an authenticator. Not many people know what an authenticator is and that's kind of the point. No one's supposed to know that we exist or at least who we are. My own family and friends think I'm a successful freelance programmer living in Boston. They think the wealth that I possess came from selling homebrew software to big corporations. Whenever they'd ask how business was going I'd tell them that even the super wealthy like saving money. This isn't a lie. I do save the super wealthy a lot of money but not how they think.

I open up a tor browser on my phone. Tor stands for The Onion Router. My tor browser allows me to visit any website anonymously by routing all communications through a web of interconnected computers around the globe. Anyone watching the traffic today will think that I'm operating a computer in Vienna. This side of the internet is commonly referred to as 'the dark web'. I head over to Stuxpatch.net. It's a little known forum that people in my unique profession can join. The discussions focus on operations security. We trade insight and information. While we don’t necessarily care for one another, it’s helpful. My handle is TheDeliverator, based on my favorite book about a katana wielding pizza delivery driver. The title for the most recent post is BrokeBroker is GONE.

Floofy: This is wild. BrokeBroker's contract was ending in just two days. Now he’s bricked.

Floofy linked to a news article about his suspected murder.

GaMbIt: Anyone know if his football was with him?

Floofy: No clue.

Neon_Ninja: Heard through the grapevine that it wasn’t. Possibly boosted. Keep quiet ladies and gentlemen. Change up your routines boys and girls.

That’s messed up. BrokeBroker had a two year contract as an authenticator. In two days he would have been free of his football and loaded. He’d have enough money to live the rest of his life in luxury but instead he’s been ‘bricked’. This usually refers to a piece of computer hardware that’s been made inoperable. In this case it means that BrokeBroker is dead. Neon_Ninja may be right about changing up our routines but that was never my style. Most authenticators change their schedule every day. They mix it up so that no one knows their next move. Me on the other hand. I like to think that keeping it as fixed as possible is the best method. If you do the same things every day, go to the same places, drink the same coffee, you can more easily detect anomalies. Bugs in your system. Like this barista that’s walking up to me.

“Here you go!”

Sonja strides over, cup in hand. She slides it onto the table.

“Is that tor you’re using?” She asks.

I fumble to turn off the phone. How could she know what tor is? She’s seen the look of utter panic on my face.

“Sorry… I didn’t mean to look. I just recognized it.”

“No worries.”

“Are you into something shady?” She says sarcastically, a hand on her hip and a smirk on her face.

I laugh but it’s fake. My heart is pummeling its way out of my chest. I force out as cool and calm of a response as I can manage.

“Thanks for the coffee.”

I hurry out the door into a Boston that’s drenched in misery. The coat pulled over my head is my only shield from the downpour. An empty space in the brick sidewalk trips me up as I turn to look back. She isn’t following me. My favorite coffee shop is now bricked. The coffee is great, but not great enough. There’s only a couple of weeks left on my contract. I’ll be free and on my way to opulence if I don’t end up like BrokeBroker. I place my hand on the small bulge under my shirt. My football is there, humming along smoothly in the holster, unlike my heart which feels like it’s going to burst the veins in my neck.

The football isn't pigskin. It’s the key to preventing unauthorized entities from transferring wealth out of my clients possession. The super wealthy are people too and that means they’re lazy. They don’t want to put a lot of effort into creating, remembering, and securing passwords for their various accounts. Bob the multi-trillionaire can have the password to his monstrosity of a bank account be ‘password123’, the 20th most commonly used password, and not have to worry about an unwanted transfer to a guy named Rajni in India pretending to be a guy named John Smith from Virginia. This is all because of me, the authenticator for their accounts. No one can access the account or transfer money out of it without my express permission. There’s some pretty technical stuff behind it all, but it works in similar respects to how the nuclear launch system was supposed to work had they not been lazy.

Wherever the president goes, an object called the ‘football’ goes with him. It’s not actually a football, but an aluminum case in a leather satchel. The general public likes to believe that it contains a big red button that says ‘LAUNCH’ in bold lettering. What it actually contains are tools for confirming the president's identity and equipment that allows him or her to communicate with the pentagon directly. He doesn’t need to push the launch button himself, but what he does need to do is command the necessary people to do it for him and those necessary people need to make sure it’s actually the president making the command.

My clients have a football of sorts. A specially made and encrypted smartphone that is ultra secure. I designed and made them myself because I am not lazy. They can log into their accounts via their football and make transfers in the same manner that they normally would, but the transfer isn’t actually completed until I myself allow it. I authenticate and allow or deny the transfer with my own football. The one currently snug to my abdomen. Why have a human being authenticate transactions like this? Because computers are vulnerable. They are vulnerable because they have to be. The most secure computer in the world would be one that couldn’t accept an input or produce an output. It would be one that couldn’t be used. It would be an infinitely secure paperweight. A brick.

The footballs are not paperweights. The information transmitted between the footballs is encrypted and ultra secure thanks to Secure Hashing Algorithm 256. SHA256 was developed by the NSA in the 90's. It's an unbreakable digital lock that owes its strength to math and thermodynamics. The math part makes the number of possible combinations nearly as numerous as the number of atoms in the universe. The thermodynamics part is even more nuts. Generating and testing a single key uses a miniscule amount of energy. If a hacker were to attempt to use brute force to try every possible key, it would require as much energy as a billion suns produce in their entire lifespan. That's not hyperbole. It's physics. In other words, it's impossible to break. The footballs, admittedly, have one vulnerability and that's called a five dollar wrench attack.

We are fallible beings in fragile bodies. Our temples can be destroyed. A threat doesn't need to harness the power of a billion suns. All it has to do is purchase a five dollar pipe wrench, know who and where you are, and persuade you to give up your key using a different kind of brute force. I’ve done everything in my power to ensure that this doesn’t happen. I am a ghost in every facet of my life, especially my online presence. BrokeBroker slipped up somewhere. That’s the only way he was bricked and his football boosted.

What am I going to do about coffee? I don’t even own a coffee maker. I make my way to my apartment, a very expensive loft with a great view. Oversized windows framed in dark metal stretch from corner to corner. It's décor is minimal and bright juxtaposed by rustic tones here and there. It would fit into an interior design magazine. Not all hackers live in their mom's basements.

I sit down at my desk to do some deep research on the dark web into the mysterious and supernatural art of coffee making. Truth be told, I head on over to the social media page of the coffee shop and scroll through their photos. After only a few minutes of digging I find it. A photo of Gary and his stupid face. In the background is the espresso machine that my coffee prescription is filled with. Written across the front is the brand, Velocitta.

The Velocitta espresso machine and other necessary implements are delivered to my loft a few days later. My kitchen is in disarray, packaging all over. I’m scratching my head while trying to translate the instruction manual. Some would call me pretty astute but no amount of smarts makes me able to translate Italian on a whim. You’d think that instructions for a $15,000 espresso machine would be in multiple languages but you’d think wrong.

There’s a knock at my door. I’m not expecting anyone. I carefully lay the manual on the countertop. I don’t want to make any noise that could alert whoever is on the other side to my presence. The football is safely in its holster. I don’t have to worry about retrieving it if I need to run. Slow and steady I make my way to the door. It’s steel, but not very thick, with keypad entry. The light on the handles' baseplate is red, which means it's locked. The person knocks again. Through the peephole I can see the top of their head. Brunette and short. They step back. There’s some lag in my brain's processing. I do a double take. It’s Sonja, the barista. How in the living hell did she find me? Better question, why is a barista following me? With a trembling hand I take a breath and open the door.

“Hi.” She waves timidly. “Sorry to bother you. You probably don’t remember me, but you came into the shop a few days ago and you forgot this.” Sonja held up my stupid umbrella.

“Oh… Th… Thanks.”

I take the umbrella and examine her body language. There’s nothing to set off any alarms. She’s thin but not lanky like a model and she’s stunningly beautiful. I didn’t notice in the shop, but there’s no reason a woman this attractive should be working as a barista. My mind was too focused on the interruption of my perfectly designed schedule.

“How did you know where to find me?” I ask.

“I actually live in the building and I’ve seen you before so I asked some of the other tenants and they directed me here. They said ‘Apartment 828’, ‘Leaves and returns at the same time everyday’.”

“You live here?”

“Yeah, 617.” She points down at the floor as she says it.

“No offense but isn’t it kind of expensive for a barista?”

“I did pretty well with some bitcoin I bought a while back.”

“Oh… Right.”

“Anyways, there’s your umbrella.”

She starts to leave. I have to know more about her. I have to gain more data. There’s a million thoughts swirling around and it’s hard to compute.

“I know it’s weird, but I have a quick question.”

She turns.

“Shoot.”

“Feel free to say ‘no’ if it’s strange, I won’t be offended.”

“Okay…” She raises an eyebrow at this.

“I have an espresso machine that I’ve just bought and it’s the same model as in the shop.”

“And?”

“And… I have no idea how to use it and the instructions are trash.”

“You want me to teach you how to use it?”

“I’m not a murderer. Swear.”

She silently examines me.

“You have a boyfriend. I should have known. Sorry, I wasn’t meaning it–”

“No, I’m not seeing anyone.” She peers around me into my apartment. “Sorry, I do have to go.”

With that she left and I was once again left dumbfounded by this woman. Not much intel gained. I placed the umbrella in the stand next to my door. Something is not right about this.

I log into stuxpatch.net to see if there's any update on BrokeBroker. The post, BrokeBroker is GONE, is not gone. It's still at the top of the forum with hundreds of more comments added. I click on the post and there at the very bottom of the thread is a name I recognize.

TheDeliverator: You won't be hearing from me until my contract is up. Do yourselves a favor and reset your passwords.

That is my username. My handle, but not my words. Panic is delivered to my extremities by my heart knocking around inside my chest. I dive under the desk, kicking my chair out of the way and pull each and every plug from it's socket. Standing, I feel around my abdomen. The football is there. I scan my apartment, breathing heavily and attempting to steady myself. I have to leave. I have to get out of dodge. Get out of Boston. Go dark. Disconnect. Pull the plug. That's my only option. I don't need to bring anything. I can get anything I need wherever I'm going. I walk to the door and notice the umbrella planted in it's holder. Could it have been... I have to know. It's worth the time.

I grip the ebony handle and lift the umbrella as if it's a valuable artifact. A fragile creation lost to time. Slowly turning it over in my hands, I examine each fold of fabric. I slide my thumb up the smooth lacquered wood to the button. It's black, with a bit of texture. I hold it out in front of me like a wand. Like a lightsaber. Like an extremely dangerous implement that should never be activated indoors. Squinting, I push the button and the umbrella billows out into shape.

I see it. A small collection of plastic and metal taped to the stem with black electrical tape. The tape sticks to my fingers as I rip it off. It's a prepaid smartphone wired up to a StrawberryPi circuit board, a lithium battery, and a small antennae. It's a dropbox. I've been man-in-the-middled. I've been bricked. I throw it on my floor and stomp with everything I have. It's shattered to bits.

She spoofed my wifi router. She was able to gain access to my computer and to my–. My phone. There's a buzz in my pocket. I pull it out.

There's a text from a restricted number. It reads; 'Reset your password yet?'.

I hear hurried footsteps in the hallway. They're getting louder. Several silhouettes pass and come to a stop at the door. There's some shuffling and whispers. Beeps emanate from the keypad. The light on the handle turns green.