Chapter 87(nosex,setup)
“You’ve got to be fucking kidding me. X, did that phone have anything on it?” Carly asked, looking at the large black man.
“Yeah, locked and everything. Had a pic of an old dog on the lock screen.”
“You swear?”
“Absolutely. I followed correct procedures for bagging and tagging the evidence.” X said.
“Well how did this happen?” Carly navigated to the phone in the crime lab. It showed an Android phone, reset to factory settings.
“IT WAS NOT LIKE THAT WHEN I PUT IT IN EVIDENCE YESTERDAY!” X’s voice grew louder and louder as he forgot that he was inside and ignored his hearing aid.
“X, I’m just saying-“ Before Carly could say anything, three loud knocks on the door preceded Captain Janella Jenkins opening the door in a rush. The light skinned black woman in her early 60’s stuck her head in.
“We’ve got a problem guys, City’s crime lab got hit by a hacker.” Her voice had a hint of panic to it that was imperceptibly there. Something had her rattled, and she tried her best to keep things calm in front of her detectives. Janella left the room, telling them to follow her without saying a thing.
“What the fuck?!” George said, standing while pushing his chair back so fast it hit the wall behind him. X followed suit. Carly locked the screen of her laptop, grabbed her gear, and followed a few steps behind. The three of them made the quick walk down the hall to Captain Janella’s office. She was already on a conference call when the detectives entered.
“What’s going on? We muted?” George asked, and Janella nodded. Several voices talked over each other on the call, but eventually one of them took charge. It was Deputy Chief Cartier.
“Are our systems affected by this hack?” The Chief asked, no one responded for a moment until Carly motioned for Janella to unmute the phone.
“Chief, it’s Graspper. Can we get a sitrep? I was trying to access the City Labs when I kept getting error messages, then saw some weirdness on our side.”
“What kind of weirdness?”
“Well sir, we went to access the contents of a phone that a detective confirmed had information on it, only to see that it was wiped clean. Nothing on it.” Carly said.
“Chief, it’s Adam.” A different voice came on, that of the IT guy. “I’m driving in now. Just got off the phone with City’s IT team, it’s pretty bad. I locked down what I can remotely but want to be sure nothing’s happening, so I’m on my way in. I’ll be in there in about 20 minutes, can someone set up one of the conference rooms for me?”
Janella spoke up. “You can use our bullpen, what do you need?”
“A spare router, cables, some power outlets, Carly, and some coffee.” Adam said.
“Why me?” Carly asked.
“Cause you’re the only one there who has a slight inkling how this tech is supposed to work and I might need help. I’ll be there in 20 minutes. In the meantime, spread the word, don’t let anyone else connect to City’s computers. Be there in 20.” Adam said.
“10-4. Spreading the word.” Carly pulled out her phone and was already on two group chats around the precinct telling people not to connect to the City Lab site. Several responses back and forth confirmed, though a few were bitching about how things weren’t working right.
“Adam, when you said bad, how bad is it?” Deputy Chief Cartier asked.
“Real bad. East Oakville precinct lost everything for the past week. I mean everything. Looks like something got in to their lab system and jacked everything up. The whole server farm needs rebuilt, everything is deader than Disco. Their best most recent backup is from last Thursday. They shut down a lot of systems but a couple of laptops were affected as well, older ones that were behind on updates. Looks like a ransomware, but they don’t know how it got in. Once I get in and we lock down all our stuff, I can help them restore from their backups, hopefully they didn’t lose too much.”
The officers in Captain Jenkins’s office gave each other a look that could best be translated as ‘Computers suck.’
“We’ll be here.” Janella said before muting the call.
—————————————————————————————————————————————————————————————
It was close to 45 minutes before Adam was in the office, and another 20 minutes before he was up and running in the bullpen. He had his laptop hooked up to a router switch he dragged from his office, along with a few extra cables. After a lot of muttering to himself and swearing at his computer, he yelled out “It’s about fucking time, you cocksucker!” This was his clue to everyone else that he finally had the County’s servers safely protected from whatever shit was going on over at the East Oakville precinct. He projected his screen to the wall for everyone to see what was going on. George, X, and Janella stood along the back wall while Carly sat at the table on her laptop, following his instructions for testing.
“So, it’s pretty bad.” Adam said, turning around to speak to the cops behind him. Before anyone could ask the ‘how bad is it’ logical response, he kept going. “Basically, we’re lucky we didn’t lose everything on our end. Still trying to find root cause, but they accessed something that had a nasty virus on their side which pwned them pretty hard. Our security is a little better, but I had to sever all connections with the city’s crime labs until they fix their shit.”
“What caused this?” Janella asked, arms crossed taking in the scene in front of her.
“Best I can see, I guess they accessed an infected device or drive with a pretty nasty bug on it that spread to the rest of the crime lab server before they could shut it down. Mitch over at City’s sending over logs soon, that might answer what happened.” Adam said. As he said that, a new mail notification popped up on the screen. “Speak of the devil.” Adam clicked on the mail and opened a plain text file that looked like a bunch of gobbledygook to everyone else in the room. Carly could make out a little bit here and there, but everyone else was out of their element. “Hmm…. Oh, that’s not good.” Adam said, pausing as he scrolled through the logs.
“What?” George asked.
“Looks like it was something from that case you guys are working on. See right there? That is a command to run a script from one of the drives attached to the server which then called an encryption technique which locked up the entire drive. My guess is ransomware, if they can ever get in. Carly, I’m sending an IP for you to connect to. Tell me what comes up.” Adam said.
“One sec.” Carly opened the link he sent and a moment later, she saw a weird message on her screen. “Ransomware. There’s a QR code here and a URL to a bitly link. I can’t make this out. I don’t recognize the language.” Carly said. X walked over and looked at her screen.
“Persain. Saw this a lot in Afghanistan. Don’t ask me to read it, but I recognize the letters.” X said, his booming voice filling the room.
“Wait, are you saying the Afghanis did this?” George asked.
“No, not the Afghanis. Iranians did this.” Adam said. Everyone in the room gave him a look. “Hey, the Iranians have some really good hackers. Some of the best in the world.”
“So why did the Iranians hack the crime lab?” George asked.
“They didn’t. They wrote the ransomware that was sitting idle on a computer or hard drive, then when it was accessed on the city crime lab server, it pwned the server.” Adam said. “They took over control of the server with the software, encrypted it, and started to spread to other machines in the system to take over those. Once it stopped, it encrypted the drives it can. The way a ransomware attack works is that the hackers will have a link set up in bitcoin or other crypto to submit payment to. Victim pays, hackers release the drives, or are supposed to at least.”
“That assumes they’re trustworthy.” Janella said with a hint of suspicion in her voice.
“Precisely. Most of the times they’ll work nice, but you’re dealing with terrorists here. These guys work with Hamas and Hezbollah and the other groups Iran funds. Not much reason to be trustworthy. Plus, I think this is pretty old. Carly, can you send me that link?”
“One second… There.”
The link appeared on the screen and Adam clicked it. It went nowhere but to a 404 error. He dove into the command line to do an nslookup on the website followed by a packet trace. Searching through DNS went nowhere as well. “Just as I thought, it’s old. So old that the link to unlock it is dead. No one’s on the other end to fix this.”
George looked at the screen for a moment. “So East Oakville just lost their crime lab servers. How bad? How much did they lose?”
“One moment.” Adam composed a quick email and sent it to Mitch telling them what they know and asking how badly compromised they are. As they waited, Adam did a search of the Chester County servers. “Did anyone download anything from City today?”
“No, we tried.” Carly said. “We’re working with City on that SA case with a recently deceased John Doe that might have ties to a few other cases that have come our way over the years. I was trying to pull up what City had for his computer and drives when we hit some error messages. We also ran into an issue with his phone.”
“No phone image?” Adam asked.
“No, nothing on the phone. Everything was good yesterday, today, gone.”
“Can you show me?” Adam asked Carly. She sent him a link to the phone in the Chester County server. He navigated to it, checked out the stats on it, and made a noise that sounded like a mix between a cough and a choke. “Uh, guys, someone wiped the phone remotely. Last night around 3AM, there was a remote command to wipe a lost or stolen phone from an MDM system.”
“WHAT?!” All three of the cops said in unison, followed by shouting and yelling.
“Guys, guys, guys. I don’t know what happened, but either someone reported this phone lost to his employer and it was remotely wiped, or someone was able do so through a personal system. I’d need to look at it further.” Adam sounded exasperated, nearly scared at the response. Though it wasn’t unexpected, their freakout shook him. Just as he tried to explain what might’ve happened, Mitch from East Oakville replied to his mail. Adam read it, but so did everyone else in the room.
“Oh fuck. That doesn’t sound good.” Janella said. “The entire crime lab server is dead and needs reimaged.”
“Yeah, not good. They can wipe and reload from a backup but they lost everything since the last update on Friday. They had a handful of laptops get bricked. I’ll help them get through this mess, but they’re up shit crick without a paddle. Best case, they get the ass-chewing of a lifetime and find out how this happened to keep it from happening again. Worst case scenario, they’re all getting fired.” Adam said.
“They lost everything for the last 5 days? Was it the whole city or just East Oakville?” George asked.
“Just them. It didn’t spread any further. They’ll get a report of what was lost once they know how bad things are, but it looks like they got lucky with the timing. Holiday weekend, no murders in the town, a few drunk and disorderlies, and a couple thefts and a few DUI’s. Almost all of them still have physical evidence and backups to go to. There’s even a chance that this case you’re working on could still have the drives and laptop. Small chance, but still possible.” Adam said the last part trying to make the officers feel a little better. “Still, I want to make sure everyone’s security is up to date. Captain, I’d like to do some checks on everyone’s computers in the precinct, make sure we didn’t let anything in through the back door.”
“How long?” Janella asked.
“Not too long. Once I’m done with this, I can check everyone remotely. Anything that looks out of the ordinary, I can remote in and fix. Should be done either tonight or tomorrow.”
“Do it.” Janella replied, and Adam nodded. She knew that they’d have to tighten up computer security after this. She just hoped that whatever took down East Oakville didn’t hurt them, too. She was glad to have Adam on her staff.
—————————————————————————————————————————————————————————————
It took Adam most of the afternoon working with Mitch remotely to assess the damage and start a security scan of the Chester County Police Department IT landscape. Upon further review, not only was the server bricked but the router switch for the lab was pretty well fucked. The software that crippled and encrypted the server also transmitted something off but then destroyed the router and all logs after it. That’s what initially told them there was a problem. When the main switch for the server went down, the backup took a little too long to come up. Once Mitch had everything going on the backup systems, he did a quick assessment of Ray’s tech. It was all fucked. His laptop was bricked and wouldn’t even POST, the external drives were encrypted and couldn’t be unlocked, and even the cameras were wiped. All they had were the copies of the videos they saved on Pascal’s laptop and the copies sent to Chester County.
For the most part, everything was running good on Adam’s end. Some cops needed their antivirus packages updated or their firewalls tweaked, but for the most part everything was good. Carly’s laptop was the only one that directly interfaced with the infected servers, so he insisted on running an intensive scan. She would end up losing a couple files in her cache, but nothing that she didn’t have backups of on the cloud. Adam took a peek at Carly’s computer to see what she had on the Club. He knew George hated keeping his notes on computers and X never seemed to write down anything that he could trace down until it was time to submit a form, but Carly was the youngest member of the team and grew up using digital devices for taking notes. What she had shook Adam to his core. She had almost everything on Ray, Steve’s details, Sam and Bubbles’s info, and a solid working theory on what happened up at the cabin. Carly pointed out how Steve and Bubbles matched persons of interest in several open cases over the years, and how Bubbles looked like she just dyed her hair black, and that she was the doctor that administered a lethal dosage of morphine to Ray.
Adam was careful with his next actions. He changed a few key details around on her local copy of the notes and made sure they overwrote the copies on her phone and tablet. Nothing much, just transposing a couple digits on phone numbers or case files or addresses. Then he deleted the active files that she had open at the time they connected to the server, like the powerpoint she was working on and the local copy of the notes. Adam told her that they were infected but she could back them up from the cloud.
He also made sure to cover his tracks with Ray’s phone. It was still in the storage locker near where it was left, but under a different case file. The image they pulled up was actually from a different phone of the same make and model from a different case that was going nowhere. By the time anyone found Ray’s phone in that mess, they’d all be dead and buried. When the dust settled and no one was paying attention, he’d properly dispose of Ray’s phone.
When Adam got home, he’d have to see if his little program was able to get the raw footage from Ray’s cameras off of the servers and uploaded safely before it nuked the server and the switch. If he was good and lucky, they might still get something out of this yet.
—————————————————————————————————————————————————————————————
George, X and Carly sat in Captain Jenkins’s office while Adam did his IT stuff in their bullpen. Cappy had gone home long ago, asking her detectives to keep her informed of what happened. George sat behind her desk while X and Carly sat in chairs across from him. There was a defeated sense in the air. The silence was broken by one scream.
“FUUUCCK!!!” George yelled out before dropping his head into his hands. “We’ve been on this case for months, finally get a big break, and lose everything in one go. We’ve got a perp who’s got a fucking toe tag on him, a bunch of his friends that are hiding something but won’t say shit because what they did was way worse than him, a bunch of hard drives that are locked by some crypto bullshit, and a dead laptop. Even the phone is a wash. FUCK!”
“Got that out of your system, George?” X asked matter of factly.
The older detective nodded. “Yeah. It sucks, but sometimes ya just need to…”
“I know.” X said.
“So what do we got?” George asked. The three detectives looked at each other for a moment before Carly spoke up.
“Definitively? We got nothing. Dr. Park killed Ray, but that could've been an accident, or at the most medical negligence. Steve, Sam, and the doc took part in that gang rape up at the lake and Sam is balls deep in Bob’s business. But none of that happened here. Whatever proof we had of a conspiracy went up in smoke. And there just isn’t enough probable cause to even think about bringing any of them for the other cases we have on file.”
“So we need a witness that can tie one of them to another crime?” X said.
“Yeah. We need a witness or a victim that can positively ID either of those 3. Then we might have a chance at building a case. But tying them to the case won’t be easy. We could get them for one crime, but it would be an uphill battle. All we can do is just keep an eye out.” Carly said, slumping in her seat and rubbing her eyes. “God dammit. We were so close to proving that this crazy group of yours exists. Just one video from that laptop could’ve been enough to prove it’s existence. Just a little diving into the logs and BAM!”
“Instead, we get screwed by IT.” X said. “Leave it to some idiots not paying attention to how our systems should work. It’s not like it’s their job to know our computer systems.”
Something clicked in George’s mind. His head raised out of his hands and he had a look of realization.
“What did you say X? It’s their job to know.” George let his words hang in the air for a moment, waiting for his fellow detectives to catch up.
“Wait, are you saying what I think you’re saying?” Carly asked. X nodded and answered for George.
“They have to have someone that’s either a cop in their club or cop adjacent, and who’s more cop adjacent than the IT team?” X said.
“So what you’re saying is-“
George cut Carly off. “That our suspect pool just shrank for a couple hundred thousand down to a dozen, if that. We’re not just looking for a random cop, we’re looking for someone skilled enough to cripple a police server and make it look like an accident or a terrorist attack. This person also has the ability to cover their tracks for years. This person isn’t a new member, they’ve been at it for years. The risk to reward isn’t there for some random member who may or may not know Ray, but Ray could take everyone down if he talked or if he saved some videos. This person is deep in the club, like a senior member or leader. They knew about Ray being in the hospital. Hell, they…fuck, HE probably ordered a hit on Ray and somehow Dr. Park pulled it off. He nuked the East Oakville server, knowing what antivirus the city ran. He pulled this off to cover the club because he knows that none of them will go down for him because they either don’t know him or don’t like him. I’d say they don’t know him, and he keeps his identity a secret because if any of these perverts found out that the guy running their rape club was a senior IT member of the police force they’d think this was a sting.” He looked at the other officers as they nodded in agreement to what he said.
“How do we proceed?” X asked in his booming voice.
“This doesn’t leave this room. Not even Cappy for a while. Don’t trust your computers, because if he can nuke the server, he can do a lot worse to our digital records. We have to do this on the down low. First thing is gather what we can offline and find out what we know about our friendly neighborhood IT guy, Adam Finnegan.”