AGAH : So, Dan, what happened?
CI : Not much new to tell you. Someone set up our SWAT team and they walked into an ambush with all the firepower controlled remotely over the internet using the new security system that had just been installed. Plus some fancy computer hardware, automated guns, and home-made claymores.
AGAH : ‘Someone’? You have had this case for 3 months, this is your quarterly report of progress! Christ, the Director is all over my ass on this, we are scheduled to be in front of Congress again next week, I need some answers.
CI : Boss, don’t blame me for the fact that our intelligence guys don’t have a clue. I asked them if they had information about plans for such an ambush, they said they knew of at least 500 different discussion threads on different web sites talking about exactly that scenario. They knew who many of the people discussing them were, but none of them have done much beyond local patriot fan clubs, going to patriot rallies and gun shows, maybe meeting at a BBQ in the park with people they met doing all that. They said they have been run ragged keeping up with all that, but they haven’t found solid connections between any of that and any of these police entrapment situations that have been happening.
Their last analysis said the details of the hardware and code used in this case are common to at least half of those discussion threads.
AGAH : How did the informant come by the info?
CI : Actually, 3 different informants from different parts of the state. All reported normally as soon as they could. The first learned about the installation of the security system and the fact that it was professional grade and included good microphones with each camera from one of the installers in a conversation in a bar. We grilled both of the installers, they both had told friends about the nice equipment they had installed. The informant was there to meet someone else in the group he was working on, overheard a conversation at the next table. He didn’t even think it was important, just the kind of thing that makes it look like an informant is working.
Another heard about a mysterious installation team from out of state being on an ops site right then because she wasn’t supposed to have a password to decrypt a file from one of the drop boxes. She had gotten that months ago, nobody knew she had it, she thought. The third over-heard a conversation by a couple of loudmouth drunks at the the VFW two towns north to the effect that an action team was arriving Monday evening for a big op. We talked to them the day after the ambush, they claimed they couldn’t remember, everyone says those guys drink hard, make stuff up.
The last bit of info, one that tied it all together, came through the local police who got an anonymous tip (came from one of the GD burner phones texting) Monday night and passed it along. That one said a major operation was being staged at that house. The fusion center put it all together and ops started working it immediately. The house is outside city limits, so the county sheriff and police chief were part of the planning. Police chief knew the realtor, who said nobody was living there, but a security system had just been installed.
So everything seemed to fit. They scheduled the raid for 4 hours later.
AGAH : Someone pulled the trigger! Who was that?
CI : God might know, NSA doesn’t. The patriots have added more than 10,000 exit nodes to TOR in the last year. There are half a dozen new network technologies that run entirely encrypted de-centralized protocols as overlays on the Internet Protocol. NSA says it is working on reading that traffic — means they aren’t there yet. But I think their problem is getting worse faster than they can fix it, security paranoids are porting TOR to run on top of those overlays and act as a gateway between the different overlay networks.
Security guys say it is common knowledge in the hacker community how to be untraceable. It really works, everyone on Silk Road evaded the law, still does. In a lot of places, you can pay cash to someone at the local computer store and get a logon to a server in China, an under-the-counter way of moving cash out of China. Then you access it via TOR, link to one of the distributed peer-to-peer networks, and use that network to access yet another server, start a VM you installed there on some previous occasion. That VM can automatically start a program that connects back to your machine by any network and protocol you would like, including your own encryption on a link.
So you shut down the first link, accept the connection from a machine anywhere in the world, and you are certain nobody can tell who you are or even what country you are coming from.
The local controllers were running straight TCP/IP to a server in China, I guess they wanted good latencies for the video and command links. Anyway, that is all NSA knows, nothing past that server IP address and the fact the server was running an overlay network. Oh, also, they said it was nice code in the controllers that someone did to make all this happen. Real clean.
AGAH : No physical clues whatsoever?
CI : Forensics just about walked away when they saw all the hair everywhere. From the bags we found, the perps had collected hair thrown out by 20 different barbers in a 50 mile radius. There was hair from maybe 1000 people tracked everywhere. Signal-to-noise is the big idea in the patriot community these days. We can’t isolate perp-specific skin flakes or hair from all that, way too much noise. Even if the DNA analysis was free and we could do every hair or skin flake and identify all the individuals, 1000 people is too many suspects and all the perps have to do is get their hair cut at one of those shops, we can’t tell when or where their skin flakes were lost.
Forensics dusted the place and is taking all the hardware apart looking for more evidence, but says that a bad side-effect of CSI was the flood of people into forensics programs and the interest in the topic. Few of them got the expected jobs, are now outside our system. Too many people have learned how to defeat all the various forensic analyses, it is another widely-discussed topic on web sites. Forensic are still useful for normal crimes of passion, but anything planned, they don’t have much hope.
AGAH : ‘New security system’?
CI : Yeah, it had only been installed the week before. The home is owned by one of the big REITs that recently bought up a lot of foreclosed property around here. Their properties are managed by a local realtor. One of the local security companies, run by a good guy according to the police chief, showed him a work order to install a security system at that property, wanted to get the keys. Realtor had no reason to doubt him. Security guy had done work for them before, had the paperwork. It looked genuine to us too, but the REIT’s people says it is bogus, refused to pay.
Security guy said it was ordered by email, same as always with that REIT. It was a professional-level system, more and better cameras than normal and good stereo microphones, ethernet cabling rather than WiFI, and the ethernet switch had more ports than he would have expected. The house had a cable connection, someone paid for maximum bandwidth to the internet. But the installers said it was just another job, nothing out of the ordinary except for the number of cameras, the nice equipment and cabling.
All the ordinance was computer-controlled, the controllers used ethernet cables, so the SWAT’s jamming WiFi didn’t help.
About the only thing we got out of that was the time line : security system was installed by Friday at noon, the informant’s tip came Monday evening and the SWAT guys hit the place first thing Tuesday, 5AM.
AGAH : So where did the hardware come from?
CI : We made some progress here. Some of the computer boards, gun mounts and full-automatic guns had serial numbers. They were bought all over America for cash.
The gun mounts are standard internet designs. 3D printing and plastic or steel pipe, 4 stepper motors. Cost is less than 50 bucks each. The camera for sighting through the scope is another $30, just a webcam. They didn’t need much accuracy for this operation.
The guns had custom-mounted optics to mate with the webcams, not normal for those models. Cheap shit, but good enough for a few yards. You can buy those in any sports shop, or online, these didn’t even have the maker’s names printed on them.
Forensics had hoped that the claymores would give us more information, tho they are made to plans that are all over Youtube, use standard materials from the hardware store. They thought there would be skinflakes in the glue or a fingerprint on something, but nothing.
These used 12-gauge shells for propellant and 12-gauge powder as a fuse for firing them. The microcontrollers all had 12V pins that just sparked 2 wires to set the powder off in the fuse so all the shotgun shells would go off at once. Put 3 1/2″ inch slugs or 00 in one of those, it is damn near military grade.
Microcontrollers are now standard at local computer stores. ARM Single Board Computers with a lot of I/O pins. They run Linux out of their solid-state file system. Those cost about $10. Security guys said they make the connection to China as soon as they are booted, then that server can see everything through the security system and the gun platforms.
The microcontrollers connected to powered speakers. Those were all old, probably bought at garage sales. 5 sets can make a hell of a racket.
This was a cheap operation. The 4 guns are the most expensive part.
AGAH : No leads on the buyers? Someone must have security camera footage.
CI : Yes, we tracked 2 webcams and the microcontrollers. We found the clerks who sold them and they helped ID the buyers. They were kids, all part of those patriot-game clubs that got so popular last year. Their game was ‘Kiki’s Delivery Service’. They pick up instructions and packages, do what is instructed, most often quickly deliver a package or envelop to some other person, who probably gets instructions via his burner phone, etc. The older kids are given $ and directions for purchases. They bike and skateboard all over town, ride the schoolbus, Uber, avoid all of the license plate readers. Kid’s school and parent’s work places are sometimes switching points, other times they do geocaches, but most everyone cooperates with kids playing a game, will hold a package or envelop for a bit.
They are perfect cutouts : Package gets delivered and only the sender knows who it is going to or how. Doesn’t even know that unless he actually knows who the name is. The whole thing is directed by text messages on their burner phone network, numbers for their code lists. Standard security, they can use a cutout to redirect the package or one of the routers on their GD burner phone network.
One of the informants said he got a kid talking last week. Kid bragged that his team had moved a package across the US in 4 days. Peer-to-peer routing, just send it to the best person in the right direction.
Anyway, nothing to follow in that direction.
AGAH : What do we know about the people who installed the ambush hardware?
It looks like they came over the ridge behind the house. There is a park over there and hiking trails most of the way. Busy place, a lot of people coming and going all the time for jogging as well as people hiking with full backpacks into the wilderness area. There was a faint path from the back of the house up to the ridge, nothing we could use.
That is a .5 mile hike. So if they started as soon as the security system was installed, they had 3 days. One guy could have done it in that time, no problem. The biggest pieces were the sub-woofers for the powered speakers. The 4 guns and mounts folded, don’t weigh much. The claymores were heaviest, 2 pounds each. So he would have had to make 6 or 8 trips to pack the equipment in.
A smart guy would have set everything up at home and tested it, labeled all the wires, etc. Then just puts it back together on site, does a final test and walks away.
The house is on 10 acres, lot of trees on the property line, so the neighbors didn’t notice anything. They sure did notice the ambush, 911 got calls from the other end of the valley. Everyone in that end of town thought war had started.
AGAH : Do we have a profile of the kind of person who could have done this?
Two different sets of people, we think. Installation was a 1- or 2-person operation. So a standard sparkplug-loner profile or a couple of buddies. They don’t even need to be technical, anonymous forums answer questions and write code for people these days.
Anyway, a small team and no physical or signals evidence, we won’t find them unless one of them gets drunk and blabs. Bad thing about cannabis, stoners don’t blab so much.
It probably took 4 people to operate the guns during those 20 seconds of hell. A lot of the discussion groups talk about auctions for control in real ‘first person shooters’. We don’t know that has happened, but a lot of people have speculated the patriots could monetize events such as this one by sharing the real-time video feeds or letting people control some of the elements. Bitcoins make it inevitable, I think.
AGAH : So how are the men?
CI : Demoralized as hell. That ambush scared the bejesus out of every single one them. Two took early retirement, a few admit to being in therapy, half of the rest asked for reassignment to desk jobs even tho that means a pay cut. All are drinking a lot.
I have a lot of sympathy. Literally 2 seconds before they would have hit the front door, there were explosions everywhere and automatic weapons opened up, all right on top of them. The guys with military training knew they were .50BMGs. Claymores, explosions, and lots of noise, they were all hit almost immediately.
Every one of the 15 people near the home, front and back doors, was shot multiple times and hit by a claymore barrel at least once. The claymores were aimed up from ankle level, their armor doesn’t help that much for legs. Bunch of them were hit in the ass, least armored place.
Anyway, bad as that mixture of garish paint and glues were, they all knew they could have been killed just as easily as paint-balled. They would have all bled out from the claymores if they had been ordinary 12 gauge shells. Those gun mounts were designed for AKs, their body armor wouldn’t have handled many hits from that.
Even full-auto paintball guns are no joke. Those things were turned up to 400 fps at the muzzle and fired 25 balls / second. Most of the guys had serious welts somewhere. The Chinese bastards kept shooting them until they ran out of ammo, 20 seconds worth. 4 guns can deliver a lot of paint in 20 seconds at that rate.
The claymore circuits also set off strings of firecrackers, lots of strings of big firecrackers. Put the headphones on, crank the volume up, and watch that video again : the effect was really intense, it was the worst firefight/ambush you can imagine.
The claymores with glues were worse — they had muzzle-loaded paint, superglue or epoxies in condoms. There were 20 of those with 8 barrels each. Super-sticky marine environment paint. Glue and paint got into everything, all their SWAT gear had to be discarded.
The combination of glues was genius : the superglue tacked a lot of them to their clothes and equipment, the epoxy had time to set. 3 of the guys hit the deck on the sidewalk and were glued to the concrete. They had to be chiseled loose, and the chunk of concrete crushed and ground away. Took a long time and a lot of work.
It also took a lot of work to separate most of them from their gear and clothes, they all lost skin and hair. The EMTs say they will transfer if we expect them to dremel peoples’ clothes away from their anuses again — real delicate work under a lot of pressure and no appreciation at all. One of the guys who spent two days grinding concrete off a guy’s ass says he is applying for silicosis benefits, we aren’t sure he is joking.
10 minutes after it all stopped, that server in China posted the videos to one of the more civil of the patriot’s group’s Youtube channel. (Everyone knew the password, of course.) At the same time, twitters and text messages and emails were alerting all the news orgs, national state and local, all originating in that server. Then the server shut down, and the IP address has never appeared again.
But the stereo sound video feeds from the security cameras kept up, copies went everywhere, so the world watched and listened to us deal with the situation. It wasn’t pretty and we didn’t look good.
Three months later, the Youtube videos have 2.5 billion views. That patriot group did OK on ad revenue, and there were a lot of Kickstarter projects “to make an interesting video” started right afterwards. There are half a dozen online games that use the scenario, the footage, the sound. There are a couple of iconic clips in that, as searing as the naked little girl running from the napalm. Real bad publicity.
And it just keeps coming. The gamer video crowd is mining those HD video feeds to synthesize videos from individual’s POVs and DSP can extract from all the microphones what they heard. Mailing HD reminders of their individual experiences to the SWAT guys was a nice touch, will cost us a couple of $M in PTSD benefits. Every week, someone isolates another bit of audio from our on-site commanders as the ambush goes down. Their expressions of surprise and concern do not do them credit. Or us.
AGAH : So we think we did everything right, but the result was that half the people in the world have laughed at us and the Director and I have been on the news too many nights since trying to explain it. How do we avoid this happening again?
CI : Good question. Stop doing SWAT raids?