Mariana's Web

A Reminder

Reminder: I can’t reply to anonymous questions.

Record #29

Record number twenty nine

My last record was confused but happy. My uncle is still alive. I don’t know how he is, and I don’t know where he is, but he knows where I am and what I’m doing, and that’s good enough for me. I’m sure he’ll contact me again when he’s ready, and when he is, so will I.

Until then, I have some bad news.

A few days after I posted Record #28, I had another email from one of my uncle’s old hacker friends. I checked his name against the list and it matched. At this point, I’ve realised it’s a bad idea to keep spreading their names over the Internet where Mariana can track them down. Speaking of which, I should talk about PII.

What is PII, you ask? Personally Identifying Information. Think name, date of birth, screen handles, pictures. Those are called primary attributes. Then you have quasi-identifiers; place of employment, gender, race, age.

The General Accounting Office in America estimates that around 87% of the entire country’s population could be identified using only three pieces of PII: gender, date of birth, and ZIP code (that’s Zone Improvement Plan, the US answer to postal codes). This is frankly terrifying. Almost 9 in 10 people could be uniquely identified, and it wouldn’t require the obvious information like name or a picture.

Now, the intelligence agencies know this. I’m pretty sure most of them have programs into which they can enter a few pieces of PII and have it bring up an entire identity. Seeing as they have access to national databases, they can legally (or quasi-legally) use all of those databases as sources of PII. Add in the rise of social media and the love of automatic geotagging in all new electronic devices, and you have a dangerous mix for those who are privacy oriented. The agencies must love social media. Where else do you get people excited to give the world their exact location? Big corporations such as Microsoft are known for being pushovers; when the NSA asked Microsoft for a backdoor in Skype and their other products, they willingly complied. Using such a program, they could pinpoint the location of 90% of the population at the click of a button. Isn’t that a scary thought?

The point of all this is that Mariana, when she was MARIANA, was probably equipped with such a program. With the ease that she seems to be tracking down my uncle’s old friends, it’s best if I stop giving out their names. It might only be one piece of PII I’m cutting out, but it may make all the difference.

Anyway, onto the bad news. Here’s the email transcript.

–

BlueAdept.

You must be careful. Mariana is everywhere.

You posted the email from Marie on May 30th, saying you’d received it the night before. That is impossible. You are being manipulated.

Marie was killed on May 17th by a nail which flew from a wall after it was blown up in a suspected gang violence she got in the middle of. There were no bodies found but hers, all the cameras nearby had been wiped clean, and there were no footprints. Mariana killed her, and now she’s moved on to you.

Be careful. Mariana is everywhere.

■■■■■■■■■■■■■■

–

Record #28

Record number twenty eight

I’ve been on this journey for over three years now.

The first Record was posted in 2013. The exact date was February 20th 2013. It’s been a long time.

I know the date I first published a Record not because I went back and looked through them all to find the right date, though I did go back to confirm it. I read the date in a letter.

Before I go through the letter, I’d like to go through the Freedom of Information Act.

The Freedom of Information Act is an Act of Parliament which was passed in 2000. It allows any member of the British public to send a letter, along with a small amount of money to cover the costs of retrieving the information, typically about £25 per hour of work it’ll require, to any public authority. Members of the public can request any information they want, and if it’s allowed (read: not personal information or anything to do with the security services) they’ll take the money and send you the information. While you can’t get your own specific personal information, you can find out what any given authority is holding on you.

The idea for the Act was conceptualised in a white paper, which is essentially a draft bill, which in itself is a precursor to a law, called Your Right To Know in 1997. It was supposed to promote a government based on mutual trust, between the government and the public. Looking around today, it doesn’t seem to have worked all that well, but the idea remains the same.

When I came home this afternoon, I found I had a letter addressed to me. At this point I’m paranoid enough (if you can ever be too paranoid), so I took it upstairs, locked the door and window, drew the blinds, and looked at it.

I didn’t recognise all the markings on the envelope, but they looked official - plenty of stamps, and most not from the postal service. One of them, however, I did recognise. It was a stamp from a hospital. It helped that the name of the hospital was written in small block capitals underneath. I tore it open and pulled out the letter.

It was that thick paper you get from the government or public authorities. You can probably see where this is going. There were several sheets of paper as well as the letter, but I left those in the envelope for the moment.

I’ve censored a few names for their own safety - you never know what nutjobs are reading this - but below is the transcript of the letter.

—

Dear Mr ■■■■■■■,

Your request for information was received. Pursuant to the Freedom of Information Act, we have enclosed the appropriate documents.

However, to save you the time going through each and every one of them, I thought I’d do you a favour and tell you: the answer is no. During the month of January in the year 2013, there were no patients checked in by the name of Charles Avery in any of the ten hospitals within the area you indicated. I went a step further, because the money you included was enough, and checked, just to be sure. There were no patients named Charles Avery admitted to any hospital in the country in January 2013. Furthermore, there were only three patients who were injured by electrical cabling in the entire first quarter of 2013, but none of them were in January.

I hope the information we could provide was useful.

Yours sincerely,

■■■ ■■■■■■ ■■■■■■■,

Public Health England, Department of Health executive agency

—

At this, my head started to whirl. My dad had been in tears when his brother was hurt, but he hadn’t gone to visit him in the hospital. He was too far away for that.

I took out the other pieces of paper - long lists of names, most censored for personal information - but scrawled on the first one were three words in black ink:

Not dead yet.

Record #27

Record number twenty seven

Marie’s email was almost a month ago. I haven’t heard from her or anyone else since. All my uncle’s old friends have gone underground. They’re hiding from Mariana, because they know better than anyone what she can do if she finds them, and she is everywhere. I imagine they’ve destroyed their phones, abandoned their computers, thrown away their hubs and routers.

I can’t do that. To cut myself off so entirely from the world would stop me from uploading this. As it stands, I’m the last link to the truth that anybody reading this has. Besides, I’m not sure that I could hide if I wanted to. Everything is connected.

A long time ago, I talked about closed shell systems and air gaps. Let me go over it again.

An air gap is where a network device is physically separated from other networks. In practice this means that a corporate computer is kept physically separated from a potentially unsafe wider Internet connection. This means that all the sensitive information stored on the intranet, which is the internal network, stays secure. Industrial espionage is a real problem in many industries, and hackers for hire who will breach a company network and steal data for a client are plentiful. The ones who are bad at their job get arrested. The one who are good at their job get hired by NetSec companies. They like to snatch up new up-and-coming talent and turn their efforts in the opposite direction. It’s clever, really.

All this was the status quo until BadBIOS came around.

A security researcher called Dragos Ruiu reported BadBIOS about 3 years ago, in 2013. While nobody’s yet proven the existence of the virus, the implications if it were real were terrifying. The virus had cross-platform capabilities - Windows, OS X, BSD, Linux - and the usual ability to spread over storage media like flash drives and external hard drives. What made it truly terrifying was that it was alleged to infect one computer and then turn on its speakers, infecting all other devices around it via ultrasound. Because of this, it didn’t matter if a computer was on a different network or not physically connected. If it was within hearing range of the computer’s full sound system, it was infectable.

So you see, if this virus is around, who knows what other nasty abilities Mariana might have in her arsenal? Worse, could this be how Mariana infects so many computers? Yes, she’s hooked up to every computer system linked to the Internet, but once she gets to a computer, with techniques like this she could attack every local piece of technology.

Imagine. You turn on your computer. It connects to the Internet. Mariana’s already got a hold of it, so now she infects your phone, your iPod, your digital watch, your tablet. You take that phone around with you all day, and now she controls the forklifts in your local supermarket, the cameras in that corner shop you visited briefly. She can see you, she can hear you, she knows who you are, where you are, any time and all the time. You go home, get something to eat out of your fridge. Except she’s controlling the microchip in the fridge, and it’s been turned off all day, but you don’t notice because she turns it back on. You eat some gone-off food, get food poisoning, die. Another threat eliminated. Or she overloads your microwave, and it explodes while you’re standing in front of it. Or she destroys the fuse protection in your toaster and you die in a house fire while you sleep.

You see, everything being connected is great at first, until you realise: everything is connected, and you cannot run, because there’s nowhere you can hide.

Ryan (BlueAdept) out.

Record #26

Record number twenty six

Last night I received an email from Marie. The contents are disturbing but relevant.

—

Ryan,
I saw you’d posted again on that blog of yours. Thank goodness you’re still alive. With that year long gap, I was sure you had been killed. I’m not being dramatic. Read the attachment.

—

I checked the file attached to the email before I read the rest of her email. It was a compressed file. I decompressed it and found several images. I clicked the first one. It was a screenshot of an article, with annotations written in red.

The article was called ‘Two Dead in Freak Server Meltdown’. The word 'Freak’ was underlined in red, with several question marks.
It detailed how the mail server of an American finance company had overheated and blown up, in an accident which defied all explanation. It had hit a gas line and caused a large explosion. The server had built in heat sinks and fail safes to prevent exactly this kind of thing. Luckily nobody had been in the building at the time… except for the technical manager and his new apprentice.
At the bottom of the article was a word in red: Proton. The name rang a bell, but it was still a few moments before I remembered who it was. I’ve been away far too long. Proton was a friend of my uncle’s, the one who helped me reach Mariana’s Web in the first place. It would be a sadder world without him in it.

I looked at the next article. It was called 'Взрыв на автозаправочной станции’. Next to it, Marie had provided a translation: 'Explosion at petrol station’.
I don’t speak much Russian, but with the pictures and a few translated words, I got the gist of it. A St. Petersburg petrol station had been hacked remotely. This in itself is nothing new. A few years back hacktivist groups demonstrated how they could do exactly that to several petrol stations in America. They only displayed their usernames on the station interface, to show that they could. This was more.
It appears that when the station was hacked, they also hacked into the cameras, because they waited for the dead man to start filling up his car before they disabled the fuses and destroyed the heating system, causing a spark to ignite the petrol and the flames to travel into the tank. From the picture provided in the article, I can say it wasn’t pretty. They could only recognise that man by the tattoo on his ankle.
Again, Marie had written a name at the bottom of the article: Anon_Russia. Having gone back through my Records, I recognised the name. That was another one of my uncle’s friends. I’d listed him in my Records when I found the file on my uncle’s laptop. Another old friend, killed under mysterious circumstances.

Back to the email.

—

If you’ve seen the attachments like I asked, you’ll see what’s going on. You asked why Mariana was being complacent. Answer: she wasn’t. These are just two articles, two deaths. She is hunting down all of your uncle’s old comrades, anyone who knows the truth about Mariana’s Web. That means she’s coming for us too.
Look out for yourself. I’m going to contact everyone else I know from the old days, tell them to stay sharp. Could you send me the list your uncle kept? They all need to be warned.
Marie.

—

I sent her the list. All I can do now is wait to hear they’ve all been told about the danger they’re in, and hope that there’s no more 'freak accidents’.

Ryan (BlueAdept) out.

Record #25

Record number twenty five

A year has passed since I last posted, almost to the day, and yet I am no closer to discovering the mechanism behind this Static. I am afraid that however hopeful I seemed, all my efforts have come to nothing. Mariana is still firmly ensconced on her digital throne, and while she exists the entire world is powerless in the face of her revenge. For it is coming, I am sure of it. Why she has waited this long I do not know. Perhaps she is watching us. Learning from us. After all, she was asleep for a good fifty years.

Despite there being no blatant attacks against me, I am certain I have seen her. Not in Mariana’s Web, for I haven’t gone back there since the last time. I’m too afraid of what I might find there. No, it’s when I least expect it. I use my phone, or my computer. It’s there for less than a second, a fraction of a moment, gone so quickly I’m sure I imagined it, sure I’m going insane. An image of Mariana’s Web, with the cartoon-like interface, yet it’s somehow different. It happened three times before I realised the difference. Proton, Marie, all of my uncle’s old friends, they were there in Mariana’s Web. They were on the ground, lying there with limbs at unnatural angles and their eyes wide, staring at some unknown assailant. It is a warning to me, a warning to stay away. It’s one I’ve heeded thus far.

She’s been in my head, or rather I’ve been trapped in hers. I know that she could reach back out to me at any time and send me into a coma again, still and unmoving on the floor. This time she might never relent. I might never wake up, and who then would carry on this fight? Not anybody who reads this, for they take it as fiction where it is fact.

I am at a loss. If I fight, I will be destroyed. If I stand by and do nothing, the country and perhaps the entire world will be destroyed, when Mariana is in the mood for it.

So tell me. What can I do?

Record #24

Record number twenty four

First off, I’m sorry for not posting in a while - six months to be precise. I’ve been busy with various things - school work (oh yes, despite being targeted by an insanely homicidal AI bent on revenge, I still have to go to school), exams (ICT is a good subject, boys and girls!), and further research into Static.

I’ve done a little bit of digging into the email I received on the 5^th of November last year.

Thanks to rob-the-globe, there is an obvious chess motif here - with the King and the Queen.

But I think there’s something else. Something deeper than games.

What is Mariana is the Queen the email speaks of?

That line of thinking led me to go back over all of my records for any mention of a Queen. I found nothing, but I did find this, from Record number thirteen:

“A Glitch in the system…” He whispered. Now his voice was sinister quiet but powerful, yet had an element of breaking down, of chaos and static. “An error incarnate, but even that was not enough to stop Her. Even I, the glitch, the error, the ghost in the system, bend my back to Her will.”

See what I’m getting at? Her. Her is capitalised, even when it’s not beginning a sentence. Why did I write it like that? Was it the tone of the Cheshire Cat man’s voice? Was it something he said?

If the Queen is Mariana, and she is the Her this glitch refers to, then something terrible may be on the verge of happening. Mariana may not be the only one hell-bent on getting her vengeance.

You cannot run

Just like Mariana, the Glitch is everywhere. It found me in Mariana’s Web itself, which I think was the first time I found it. It found me when Mariana took me, when Mariana explained how MARIANA had its rebirth. And it found me last November, when it sent me this message.

I told you anyone who found my email had to be good.

For I have ascended again past the Queen

This worries me. Mariana is powerful and omni-present throughout the entire Internet, but I’m looking into the Static project to defend myself. Besides, I haven’t heard anything from her, no sudden comas or strange browser redirects or file downloads. But the Glitch, a glitch, how do you defend yourself against that?

You cannot hide

For it is everywhere, in every waking moment. From the miscalculation you make when throwing a ball to the system error that crashes your computer.

From the depth and breadth of the earth I will find you

Email

I received an interesting email today. It’s always worth checking this address, because I don’t share it publicly so it takes a little digging to find it. If someone can find my email address, then usually they’re worth listening to, if only for a moment. 

That or spambots. 

Many people enjoy playing ARGs - Alternate Reality Games. Imagine all this, MARIANA, Mariana, the technician, Static, imagine it was all a game. Imagine the players, the readers, had to solve a puzzle. 

Then there are those who aren’t directly involved. They aren’t the game masters or the participants. They’re interlopers, trying to get a reaction by sending strange messages that might have a relation to the game. And because the game must be kept in mystery to keep up the tension, the game masters can’t say whether this interloper is really a part of the game or not. Sometimes they are even written into the game. 

Back to these messages. Here’s the email I received today. 

I see you now, BlueAdept

Now and forever

From the depth and breadth of the earth I will find you

You cannot run

You cannot hide

I will find you wherever you crawl

Wherever you curl up in a ball and cry

“Why has the world done this to me? What do I deserve?" 

No bars can hold me, no walls restrain me

No ocean drown me, no cable tie me down

For I have ascended again past the Queen

The Queen lives, but long live the King

Now and forever

Anyone want to take a stab at what it means? I’m all for games while Mariana’s leaving me alone. I just have the feeling it won’t be for long. 

Record #23

Record number twenty three

Can you feel it? We’re so close to the end now. We must be.

That file I took from the FBI server - tangodelta.txt - is very interesting. Now, Mariana is everywhere and she’ll probably read this as soon as it goes online, so I can’t mention any details, yet.

Does anyone remember the urban legend about the virus makers and the antivirus companies? The story goes that as certain viruses were first found, the antivirus patches were released far too soon - that the virus makers must be working hand in hand with the virus preventers.

Well, it’s time to dispel the fog surrounding it, as with most myths. Surprisingly it’s true, to an extent. Without revealing too much, the main project set up to counter the MARIANA AI was named Static, and here’s why:

Imagine a thousand computers. One of them is the hub, where the virus is created. Now imagine various social networking websites like Facebook and Twitter. Of course those two weren’t around at the time but they’ll do as example.

Now imagine the hub uploading a virus to these sites, blackmailing the companies and using the law against them - think the NSA and their wiretaps. At least six hundred of the remaining nine hundred and ninety nine computers use these sites.

They go after the browsers, too, but at this stage the only one they target is Internet Explorer, because why not? It’s the most widely used browser of the time. They pay off Microsoft to not show downloads if the hash matches the particular signature of the virus file. Everyone downloads the file without knowing.

Here’s the sneaky bit. Whenever a USB, external hard drive, etc is plugged in, the virus hops across, writing a small file to it that remains invisible. When that is plugged into another computer - say one of the thousand buys a new computer and wants to transfer their files across - it hops again, infecting the new device.

Simple infection and total infection.

So how come you never heard of the virus? That’s simple too: it was never activated. It would only spread and lie low until the signal was given. But as with MARIANA, the signal never came.

Static relied on this infection. All it would do when activated would be to open ports, allow a connection to run through it for a few seconds.

Are you starting to see how this would work?

As MARIANA could track information across the entire Internet, the entire Internet was to be used against her. Again, it’s too early for specifics but a certain signal would be sent, the virus would open the ports and another signal would be broadcast through all of them. As soon as MARIANA managed to close one it would be coming from another. And assuming she managed to close one, the virus would change the signal broadcast very slightly so the AI would have to check through every single computer again.

We’re getting close. I can feel it.

Ryan (BlueAdept) out.

Record #22

system.os.crash()
crash.log(print())

Rebooting

Choose Operating System to boot:
1: Linux Tails
2: Windows 7
3: ——-
4: ——-
>2

Booting Windows 7

Welcome to Windows

Found 1 file. Attempt to recover? Y/N
>Y

Recovering file…
1%
5%
53%
78%
93%
100% Recovery successful
Open recovered document? Y/N
>Y

document.print(’
Record number twenty two

Hello, hello. It’s been too long.

So the worst happened, and they took me in. I can’t say much yet - I don’t know what filters are on this computer - but a helicopter and, I seem to remember, a taser was involved.

Anyway, I’m ‘inside’ right now and they let me have access to a computer. There’s blocks on the browsers, but I’ll get to that just as soon as I’ve finished writing.

It seems like the worst of my troubles are over but I’d rather not take any chances. I’m being let off because I managed to cover my tracks well enough that they can honestly find no proof
that I committed any crimes. But how to get this Record out there? It would be nice if I could do it before I leave. Because there’s one more thing I found.

I was searching this computer, seeing what it had on it, what I could access. Any nice tidbits I could do a Snowden with. Nothing, sadly.

—

It seems I was wrong.

To get this Record online I tried to Telnet out. No such luck; these computers are up to date and have it disabled. SSH then, Secure SHell for those who don’t know. It’s like Telnet - a remote
connection to another computer - but rather more secure. Cygwin is your friend on non-Linux computers.

I SSHed into my account. The benefit of SSH is that unless they have a keylogger on their own computer here then SSH’s security stops them from getting at my password. It would not do for all my Records to mysteriously disappear.

But I was saying, I was wrong.

I opened the connection:

ssh -l BlueAdept@MyServerHostIP*

* No, I’m not giving you the password or address of my personal server (i.e. my home computer).

I connected fine but noticed another connection I could use: technician_name@fbi_server_host

They say life present opportunities. I say life breeds bigger idiots. Who leaves the Administrator-permission technician account logged in when letting a 'prisoner’ use the computer? The incompetence! It burns!

I opened the connection. It was a Linux-based box I was SSHing into, so I navigated to the system drive and took a look at the files.

cd ../home/users/technician_name/
ls

I was presented with a long list of files. I would not have nearly enough time to open them all before someone came to get me, nor would the connection I had be quick enough to upload them all to my home server.
I ran a keyword search program, looking for certain words: mariana, AI, robot, neurosis, primarch, level5.

The first file I found was named tangodelta.txt. Tango delta. Target down.

cat tangodelta.txt

A long text file full of information on a topic that excited me greatly. For it seems the Americans somehow found out about the Mariana project while the British were still designing it.
For true to its name, tangodown contained a log of messages between various defence officials, detailing their conversations on how best to take the AI down if it ever came to it.

I’ll be out of here soon, and triumphant - because now we have a way to fight back against Mariana.

Now, we have a weapon.

Ryan (BlueAdept) out.

’)

clear

Record #21

Record number twenty one

And we’re back. Happy New Year, everyone. I’m afraid it’s been busy for me, what with the hidden service I was linked to – but I should get back to where I was.

Nbmusiduwny76o7i.onion

I can reveal the link now, knowing that by the time this post goes out the hidden service will probably be dead. Hopefully, I won’t be.

December 18^th, 2013. Of course I’d tried before that, but I could never connect to anything – there was no site there.

Three forty PM, December 18^th. Everything changed.

The page loaded and I frowned in surprise. I was staring at a poster starring my face, and the words “FBI’s Most Wanted”. I’ve had better starts to my afternoon, to be honest.

Scrolling down beneath the image, I found a few lines of text.

Ryan, we know who you are. We know everything that has taken place. The Fifth Level, hacking our servers, poking your nose places where you shouldn’t have.

They gave you up, Ryan. Marie, Proton, everyone who you thought you could trust.

The picture you saw above will be the front page of every newspaper in your country and ours. You will be hunted down; the judge or jury will not spare you.

Unless, of course, you choose to comply.

Units have been dispatched to Britain. We will meet you. Your family have been ‘informed’, and will not prevent you. Leave peacefully, or not at all.

You have three days. Make your choice wisely.

I opened the image in a new tab, intending to save it as some kind of evidence. The site’s programmers were, unfortunately, too intelligent for me. Both tabs immediately closed, and on reopening Tor the link found nothing. A one-time website.

So I’m setting up this post. It’s December 20^th as I’m writing this. Does anyone remember the concept of a dead man’s handle, for trains? If the train driver faints or has a heart attack and can’t control the train, but still has their foot down or hand on the wheel, there’s a safety mechanism to stop the crash.

I don’t claim to know how it works, but the idea behind it is useful. If the FBI, if it’s really them (the UK isn’t their jurisdiction, but I suppose their servers are), do try to ‘bring me in’ tomorrow, I’ll run a file. That file will check if I’m active on the computer and can enter a certain passcode. If I’m inactive for long enough, it will run a PHP script I adapted from an email spam bomber and embedded in a webpage under another name, to send an email containing the post to a certain email address. Thus the post will get published. I don’t know if they’re watching the site, so let’s just hope it gets through. If anyone can help, do. We need to be careful. Prepare your own safety systems, your own dead man’s handle, just in case the authorities come knocking. Who knows if they’ll target readers?

So, if you’re reading this, I have been taken in. Wish me luck, and hope like I am hoping that this won’t be my last post.

Ryan (BlueAdept) out.

P.S. If you’re interested in making your own dead man’s handle, the original script I worked off is below.

<?php

$i =1;

do {

mail(“bomb@this.com”, "yoursubject", "yourmessage", "From: your@mail.com");

} while ($i > 0);

?>

Record #20

Record number twenty 

It’s nearly Christmas here! Two days to go, in fact. 

The search isn’t going too well, but I do have some good news. Whatever that ‘Glitch’ virus thing was infecting my computer, I think I have managed to delete it completely. It’s not in the Startup folder, and I can’t find any entries in the Registry that look like it. It’s gone. 

Which means I can post the rest of the conversation. 

As you may recall, I was in Majorca and I’d got into contact with the 'Spanish technician’ who built Mariana’s Web in the first place. The rest of the conversation went like this:

——–

ManoNegro: The truth. Freedom Hosting went down, but most of the public are sheep. They refuse to acknowledge that most… dealings of those kinds take place online these days.

BlueAdept: …

ManoNegro: Baaa.

BlueAdept: Tell me then. Why were these files in Pentagon servers?

ManoNegro: Because.

BlueAdept: No. You can’t just say that, why?

ManoNegro: Becau

ManoNegro:  ads  nmmmmmmmg\q     jAMz

BlueAdept: ???

ManoNegro: There’s more to come yet. More information that will lead you down a shadowy path. I’m talking about more than code this time, boy. If you aren’t careful you might end up making the bad decision. 

BlueAdept: You mean… deeper??

ManoNegro: No. I mean closer to the surface. You’ve been in my Level Five; by now you should find getting to Level Three easy.

BlueAdept: The Deep Web, yeah. Tor. They’re releasing 3.5 soon, aren’t they? 

ManoNegro: That is right. December the 18th, remember that. When the time comes, load up the latest Tor and navigate to this hidden service. xxxxxxxxxxxxx.onion 

(I’m not including the onion site address because I don’t want anyone else finding it -BlueAdept)

BlueAdept: Why? What’s there?

ManoNegro: You’ll find out. 

Connection lost. Attempting to reconnect…

Connection failed. Connect to another network?

Y/N

Note

My laptop seems to have had an error I only just noticed - the last few lines of Record Nineteen have been replaced with gibberish about ‘the glitch’. I’m pretty sure that last line was inspired by Homestuck as well. 

I’ll get the actual Record up as soon as possible, as soon as I’ve done a whole-computer scan.

-Ryan (BlueAdept)

Record #19

Record number nineteen

XXXXXX-ZZZZ COMPLETE

PASSWORD RETRIEVED

[WiFi] ManoNegro: M@rIanasW3b

The password only confirmed my thoughts: I’d finally struck lucky, someone who knew something. Perhaps they could explain how they knew my username, and what was going on.

I connected and immediately the Internet smoothened – faster, less lag and no disconnection this time.

A window opened.

TorChat ID?

TorChat is the Deep Web’s answer to Skype. It’s a stripped down Instant Messaging system that routes itself through Tor, theoretically ensuring your communications are safe. In theory, obviously, in practice is different, but there’s at least that element of plausible deniability there.

As might have been obvious since the start of my investigations, Tor and other things like it interest me, so it shouldn’t be a surprise to learn I had installed it. I typed in my ID, a short string of letters and numbers, and hit Enter. The window closed, and moments later I received a contact request from a user named ‘ManoNegro’.

What follows is the transcript of our conversation.

BlueAdept: Hello.

ManoNegro: American?

BlueAdept: English.

ManoNegro: Ah. Spanish.

BlueAdept: You said you knew something?

ManoNegro: Of course. Now I know you, you are the real deal, we can begin.

BlueAdept: Begin what?

ManoNegro: I haven’t been to Mariana’s Web in seven years.

BlueAdept: What do you know about Mariana’s Web?

ManoNegro: A great deal more than you, boy. I know others things, too.

BlueAdept: Like what?

ManoNegro: Didn’t you ever wonder why the information you found on ONION – in the Pentagon – was found there? America? Not the project’s creators, Britain?

BlueAdept: Uh

ManoNegro: Or why your computer interacted with Mariana’s Web with graphics instead of just a command line interface? You think you know so much, but it’s obvious you aren’t the prodigy I thought you might be.

BlueAdept: Hey, I found Mariana’s Web at fifteen. What have you done?

ManoNegro: With your uncle’s help, not alone. And me? Not much, just coded, built and made available the hidden service you based an entire investigation around finding – Mariana’s Web was my creation.

BlueAdept: Yours? So you’re…

ManoNegro: “That Spanish technician”, yes.

BlueAdept: So. Answers?

ManoNegro: I’m not so sure now. You aren’t who I thought you were, and you are as well.

BlueAdept: What?

ManoNegro: Your uncle. It’s been years and the records are gone, along with the computer, but he got a keylogger onto my computer systems at one point and stole the algorithm that allowed entry to Mariana’s Web. He coded it into some software and personalised it and spread it to his friends. And now it’s not my private cyberspace any more: since then, it’s been used by him and his.

BlueAdept: Why not just… change the algorithm or something?

ManoNegro: It took me years of work to get that far. One small change wouldn’t be too difficult for your uncle to work out, if he had the original, and any change too drastic would take even more years, years I wasn’t willing to spare. He could stay there if he wanted. IP address blocks, MAC address blocks, all too easy to circumvent.

BlueAdept: I am not my uncle.

ManoNegro: You aspired to be like him.

BlueAdept: He’s dead. You know it. And Mariana’s Web isn’t the safe haven you thought it was.

ManoNegro: This Glitch? On the Fifth Level, viruses act strangely. Perhaps it’s that.

BlueAdept: You’re not very convincing.

ManoNegro: If I told you I knew nothing of it, would you believe me?

BlueAdept: Just like you knew nothing about MARIANA. It’s Mariana now.

ManoNegro: Which brings me back to my first point. ONION files in the Pentagon. I admit, I didn’t see you getting there so fast, or through that route, but it was always only a matter of time before you came across something.

BlueAdept: Hold on

ManoNegro: ?

BlueAdept: You knew I was looking for information?

ManoNegro: All along. Getting worried yet?

BlueAdept: This isn’t going anywhere, talking in circles. From this WiFi range, you’re somewhere inside this hotel. Can we talk in person?

ManoNegro: You’re fifteen or sixteen, and your parents would not take kindly to you speaking to a male stranger.

BlueAdept: That’s just…

ManoNegro: The truth. Freedom Hosting went down, but most of the public are sheep. They refuse to acknowledge that most… dealings of those kinds take place online these days.

BlueAdept: …

ManoNegro: Baaa.

BlueAdept: Tell me then. Why were these files in Pentagon servers?

ManoNegro: Because.

BlueAdept: No. You can’t just say that, why?

ManoNegro: Becau

ManoNegro:  ads  nmmmmmmmg\q     jAMz

BlueAdept: ???

ManoNegro: ThE gLiTcH wElCoMeS yOu

ManoNegro: WeLcOmE tO yOuR rEaLiTy

Record #18

Record number eighteen

The first thing that strikes you about Majorca is the heat. It’s incredible compared to England, where it’s known for bad weather. Reaching almost thirty degrees Celsius day in, day out – I’ve never known anything like it.

The hotel wasn’t bad – named after some Countess who was around a few hundred years ago. The Internet was terrible – so this Record won’t be put up anywhere anytime soon. To get any Internet connection at all, I had to sit down in the lobby and wait. Luckily I did have my laptop with me, so I had more to do than had I used a phone or tablet.

This was my last lead, so I thought I might as well. The hotel’s Internet redirected me to their own search engine, so I ran a few searches. Not expecting to find much, I wasn’t disappointed.

As I was disconnected from the WiFi yet again, I noticed another two connections: Staff_WiFi and ManoNegro. The first one was obvious, the hotel’s private WiFi. I used a translator on the laptop (what luck I downloaded that before I left) and found it was Spanish for Black Hand. Now, that’s a very notorious phrase, referring to different organised crime groups. Naturally I was interested; by the name, and the words underneath it: BlueAdept, use this and we can talk.

I clicked the words and a webpage opened. I reconnected to the Internet and the page loaded. A download page for software named Leonidas, named after the warrior.

Use this and we can talk.

A brute force software and a password protected WiFi – there was only one thing it could mean.

Back in 2009, a company named RockYou were hacked. This wouldn’t have been too much of a problem if they hadn’t stored all of their passwords unencrypted, in plain text for any attacker to see. They downloaded a list of all the passwords - Thirty two million of them - and made it publically available. Hackers have been using it as one of their word lists ever since.

Publically available isn’t perhaps the right phrase. If you search for it on the Internet, it’s easy to find, and if all else fails, go and grab a Torrent of it. You can find a Torrent of almost anything on the Internet, legal, illegal, whatever.  I, however, chose the option of downloading it from a site I knew was legitimate.

I’ll stop here to explain. I picked up a few things, watching my uncle, and this was one of the simplest. Brute forcing simply tries every single possible password there is until it gets into the application, WiFi or website. It can take weeks, months, or years to crack a long password, so that’s where word lists come in.

Thirty two million of the most widely used passwords in the world. That’s a good start. Most brute forcers can perform ‘hybrid’ attacks – a combination of both the simple brute force and just trying every word in a wordlist. If you know your victim, you can get a wordlist that will speed up cracking by a huge amount. Instead of two days, weeks, years, perhaps only two hours.

Luckily I knew the WiFi name, so I didn’t have to force that too, saving me probably double the time.

I learnt from my uncle. He used the program Brutus at times, but always swore by his modified version – Leonidas. It was stripped down to the command line, no graphics to confuse you. Simply put the wordlist in the folder, select your target, choose your password length range, and hit go.

This being my uncle’s old laptop, I knew it would still be on there. Inside a folder named Tools, I found ten programs – Nmap, Wget, and similar ones. Leonidas was there too. I copied rockyou.txt there and pressed shift right click. Opening a Command Prompt (one of the things Microsoft did right with Windows) in the folder, I entered the command:

Leonidas –t ManoNegro –w rockyou.txt –m WiFi

It began to chug away, lines rapidly scrolling down the command line interface’s screen:

000000-999999 COMPLETE

AAAAAA-BBBBBB COMPLETE

BBBBBB-CCCCCC COMPLETE

It would be a while before I retrieved that password. All I could do was sit back and wait, and hope the WiFi didn’t disconnect again while I tried.