took twenty minutes. “No more motel charges, but the day they checked out I’ve got half a dozen—souvenir shops, McDonald’s, Starbucks ... Just incidentals, and just that one day. I’m e-mailing the details and a Google map.”
“Why the map?” Jack asked.
“All the charges were inside a square mile of one another.”
Jack hung up and brought Clark up to speed. “They switched credit cards, switched names,” Clark said. “Good sign.”
“Good how?”
“Stand-up citizens don’t do that, Jack.”
Jack’s phone e-mail chimed, and he checked it. Clark asked, “Where’re we going?”
“Virginia Beach.”
Okay, guys, we gotta make a decision,” Sam Granger said. “Plain text or encoded?”
Granger, Hendley, and Bell had been arguing over it for an hour: With Hadi and his team having gone to ground after the Paulinia attack, and with the URC changing its onetime pads every day, did Hadi have the ability to decrypt messages? Better question: Did they have the ability to “de-stego” the images in which the OTPs were embedded? Granger and Bell didn’t think so, but Hendley was worried.
In the past, the URC had run its big operations by the dead-man switch rule: Once the execute order is given, there’s no turning back and no pulling the plug. This change had come after the failed URC bombing of the Berlin U-Bahn, when, shortly after the go-signal had been given, the URC’s cell leader in Munich was captured by the BfV and persuaded to reel in the attackers. Of course, in the larger context, none of that mattered: Dead-man switch rule or not, either Hadi would get the message or he wouldn’t. If he had the ability to decrypt, a plain text message would spook him and their chance would vanish.
“Listen, we have to risk it,” Bell said. “We use our message to spook him but in our favor. Get him worked up enough and he might not even question the plain text.”
Hendley considered this, then looked to Granger. “Sam?”
“Okay, let’s do it. We’ll move Hadi just once and tell him it’s dry-cleaning, then we’ll move him to the Rocinha, and Chavez and Dominic will grab him up.”
Bell stood up and headed for the door. “I’ll get it uploaded.” He left.
A minute later, Hendley’s phone rang. It was Gavin Biery. “You guys upload the message yet?”
“Rick just went to do it.”
“Shit. Stop him; get him back. I’m on my way up.”
79
BIERY WAS UPSTAIRS and walking into Hendley’s office two minutes later. “I found a pattern,” he announced. “You send that thing in plain text and Hadi will know it’s bogus.”
His last-second interception of Rick Bell had been the result of a marathon night of watching his newly written algorithm chew on the URC’s onetime pads. Though by their very nature the letters within an OTP are meant to be random and therefore unbreakable by anyone not working off of the current pad, it was in Biery’s nature to look for patterns where none seem to exist. It was, he’d once explained to Jack, sort of like the SETI (Search for Extra-Terrestrial Intelligence) project: “There’s probably nothing out there, but wouldn’t it be cool if there was?” In this case, what Biery had found was a pattern to the URC’s onetime pads.
“OTPs are great, probably the simplest form of ‘unbreakable’ encryption in the world, though nothing’s truly unbreakable,” he’d explained once Rick Bell returned. “It’s all a matter of probabilities, really—”
Granger cut him off. “Another time, Gavin.”
“Right.”
“Well, like you figured, the Emir, or whoever came up with this, was probably worried about their people in the field. Kinda stupid to carry an OTP on you, or have it on a laptop you’re carrying around, so they came up with a system to re-create the day’s pad while you’re on the go. It’s time-consuming but doable.”
“Let’s hear it,” said Bell.
“They’re using a formula called the middle-square method. It was created by some Hungarian mathematician named von Neumann in 1946. Essentially, what you do is take a seed number—length doesn’t matter, as long as it has an even number of digits—then square it, then take the middle part of the resulting number—again, however many digits you want—and use it for your new seed number. Since these guys would probably be doing it on paper, they’d use small numbers and build on them. Here ...”
Biery grabbed the legal pad on Hendley’s desk and started writing:49 × 49 = 2-4-0-1. New seed number = 40
“Since you can’t use zeros, you round up. So your new seed number is 41. Then you square that, and so