My guest (Holmes went on) began to pace, though I don’t think he realized he was doing it, so far away in memory was he.
“The problem for the brain-boys was that these kids never said anything on their secret phones of any kind of interest. It was just a continuation of their online chat: talking trash, telling jokes, making fun of whoever wasn’t on the call. I wasn’t surprised, of course. I’d been reading their chat logs for months. They were just idiot kids. But for the spooks, this was just proof that they were doing their evil work using their apps. Damned if they do and if they didn’t: since it was all dirty jokes and messin’ on the voice chat, the bad stuff had to be in text.
“These boys were playing secret agent. They bought their burner phones following a recipe they found online and the next step in the recipe was to download custom ROMs that only used encrypted filesystems and encrypted messaging and wouldn’t talk to the Google Play store or any other app store whose apps weren’t secure from the ground up. That meant that all their mobile comms were a black box to the smart boys.”
“I imagine that’s where your checklist came in, then?”
He grimaced. “Yeah. That OS they were using was good, and it updated itself all the time, trying to keep itself up to date as new bugs were discovered. But we knew that the NSA’s Tailored Access Operations group had some exploits for it that we could implant through their mobile carrier, which was a BT Mobile reseller, which meant they were running on EE’s network, which meant we could go in through T-Mobile. The NSA’s well inside of Deutsche Telekom. By man-in-the-middling their traffic, we could push an update that was signed by a certificate in their root of trust, one that Symantec had made before the Certificate Transparency days, that let us impersonate one of the trusted app vendors. From there, we owned their phones: took their mics and cameras, took their keystrokes, took all their comms.”
“I suppose you discovered that they were actually plotting some heinous act of terror?”
My visitor startled, then began to pace again. “How did you know?”
“I know it because you told me. You came here, you handed me that extraordinary document. You would not have been here had the whole thing ended there. I can only infer that you exfiltrated data from their phones that caused our American cousins to take some rather rash action.”
He dropped down on my sofa and put his face in his hands. “Thing was, it was just larking. I could tell. I’d been there. One of these boys had cousins in Pakistan who’d send him all sorts of bad ideas, talk to him about his jihad. It was the sort of thing that they could natter about endlessly; the things they’d do, when they worked themselves up to it. I’d done the same, you understand, when I was that age—played at Jason Bourne, tried to figure out the perfect crime.
“They’d found their target, couple of US servicemen who’d had the bad sense to commute from the embassy to their places in the East End in uniform, passing through Liverpool Street Station every day. I suppose you know the station, Mr. Holmes, it’s practically a Call of Duty level, all those balconies and escalators and crisscrossing rail and tube lines. I can’t tell you how much time my friends and I spent planning assaults on places like that. That’s the thing, I recognized myself in them. I knew what they were about.
“We must have been terrors when we were boys. The things we planned. The bombs. The carnage. We’d spend hours—days—debating the very best shrapnel—what would rip in a way that would make wounds that you couldn’t suture closed. We’d try and top each other, like kids telling horror stories to each other around the fire. But I know for an iron-clad fact that my best friend Lawrence went faint at the sight of actual blood.
“The exploit we used to own their phones was American. It came from the NSA, from the Tailored Access Operations group. We had our own stuff, but the NSA were, you know, prolific. We have a toolbox; they’ve got a whole DIY store.
“Do you know what’s meant by third-party collection?”
“Of course.”
“Well, I don’t, Holmes.”
“Watson, you need to read your papers more closely. First-and second-party collection is data hoovered up by GCHQ and NSA and the Five Eyes, the so-called second parties. Third parties are all other collaborating nations that GCHQ and the NSA have partnerships with. Fourth-party collection is data that one security service takes by stealth from another security service. There’s fifth-party collection—one security service hacks another security service that’s hacked a third—and sixth-party collection and so forth and so on. Wheels within wheels.”
“That all seems somehow perverse,” I said.
“But it’s undeniably efficient. Why stalk your own prey when you can merely eat some other predator’s dinner out from under his nose, without him ever knowing it?”