The Candidate Chapter 14: Digital Inquiries, a mass effect fanfic

The Candidate

Disclaimer: I don't own Mass Effect. I am merely playing in the world. It belongs to Drew Karpyshyn and Bioware.

Digital Inquiries

Berengere Shepard had been greatly disquieted by what her son had discovered. She returned to her office, with her son in tow. As Johann Shepard was scheduled to fly back to the Citadel the next day, during the remainder of the day, he had decided to aid his mother with the investigations of who had accessed his codes. As the overall head of the Science Projects carried out by the Alliance Intelligence wing, Berengere had full access to almost all of its files, and had temporarily granted her son security clearance to check who had accessed his files.

A few hours later, Johann Shepard had set up his own procedures for avoiding any suspicions about checking who had accessed the old records. He sat down at a terminal in his mother's office, and began checking his files. The Spectre had decided to begin his investigations at the beacon that had broadcast the false distress signal. He accessed the binary1 that he had originally created, and his fingers danced on the keyboard at his console. A long cryptographic key appeared on the screen. Berengere questioned, "What is that?"

"The cryptographic key of the distress signal of the 2nd company, 5th battalion, 103rd Marine Division – the company that signalled for help, leading those marines into the thresher maw death trap. I generated it from the program I wrote originally." He gestured towards the code that he was running on the terminal. He inserted the beacon core that Charn had given him into his omni tool and hit a few more keys. Another long cryptographic key, quite different from the one that had previously been generated, appeared on the screen of the omni tool. "And what is this?" inquired Berengere, pointing at the new key. Johann's voice was barely more than a whisper when he replied, "The key of the 2nd company, 5th battalion, 103rd Marine Division – the company that signalled for help."

Berengere's voice was sharp and clear, "Excuse me?!"

When her son made no attempts to answer her remonstrance, she spoke, "Can a company distress signal have multiple keys?"

"No," answered her son, facing her finally. His eyes were troubled and worried.

"So what happened?" Berengere's voice was cold, grim and hard.

Johann replied, "The binary which was created here and the one on the beacon are generating different cryptographic keys." He typed more keys on his omni tool and the beacon began transmitting the distress signal. Hastily Johann killed the distress signal.

"What did you do?" demanded Berengere.

The Spectre replied, "The beacon seems to be reacting to my key as well."

Berengere put together the information her son had thrown out. "So – the distress beacon is working with two keys?"

The Spectre was hitting more keys. The binary on the terminal threw up an error message. He turned to face his mother, "My program here," he nodded towards the screen, "does not react to the new key that the beacon generated!"

"So – someone modified your binary to accept the new key?"

Johann nodded, his eyes still focussed on the terminal. "It looks that way."

"So who modified your files?"

Johann Shepard typed a few more commands and found the log files where the times when his finalised codes had been accessed were stored. All the computers in the records section were on an entirely different network and were not connected to the outside world at all, so it could not be hacked from the outside. Alliance Intelligence Science Projects Records had a policy whereby, every access to any restricted file was logged in three separate computers, each behind its own firewall and complete security, with regular audits to prevent their being tampered with. There was special software to monitor the files, and to check for modifications and deletions of entries, and the timestamps of access. The idea that anyone would be able to modify all of them without anyone being the wiser was most unlikely. For the time being, Johann Shepard discounted the possibility. Looking at the log files, he spoke to his mother, "The software source codes and original keys have been accessed only by three groups of people, Mutti2. The testers, the implementer and the auditor. All people who had every reason to access the files."

Berengere leant back in her chair, she answered, "While this was not entirely unforeseen, this means one of the two things – that someone outside broke the code, in which case, it will be harder to find him, or else, the identities of one of those who accessed the files was forged by someone else. The latter possibility bears much easier investigation – so let us try that first."

Accordingly, her son began looking at the times of access, and announced to his mum, "The auditor had accessed the files about an year ago – unless the first two attacks by thresher maws on marines were coincidences, this person is unlikely to be the mole. Let us put him aside for the moment. That leaves us the other two possibilities – the implementer and the tester. Both of them had accessed the files more than five years ago. The tester accessed the files thirty two times over three days. The implementer accessed the code eight times over a period of two days. Let us check them."

Johann Shepard knew the two testers – Ajay Chauhan and Keigo Hosokawa – both of whom had interacted with him when he had explained the software to them, what they were looking for and what the inputs and outputs represented. They had accessed the files two and thirty times in a space of just three days, the seventh, the eighth and the ninth of July, 2177 – after all, testing the files with the given inputs for the expected outputs did not require many accesses. The implementer had accessed the source code even fewer times – it took very few accesses to compile the source code, strip it of the debugging information and generate the final executable file, and compare the results of two compilations to make sure that the builds were identical when compared against each other. There had been only one implementer – Alessandro Sanguinetti, and he had accessed the codes , twice on the fourteenth of July, 2177 and six times on the eighteenth of August, 2177. Johann Shepard requested his mother, "Mutti, first, we need to check if the three had indeed been in the building on the days mentioned."

Alliance Intelligence Science Project Records had a system in place where any person not working in the department would be issued a one day pass by the Department on the authorisation of either the head of Alliance Intelligence Science Projects, her deputy, or the head of the Records section. The identification of the visitors was stored in the central computers. The project they were working on would be mentioned, and the corresponding files' access granted to them.

Berengere, sitting at her terminal, called up the desk signature logs, checked the identities of those who had visited on the days. The identities were the standard Alliance identities and they were very hard to forge – the data had to be entered in several different networks and systems to be validated. She found the three names her son had mentioned. She replied with some relief, "Yes. They were here."

Johann murmured, a touch deprecatingly, "Say, rather, that their IDs were here."

"Meaning?"

"Mutti, how do you know it was truly them who entered their IDs? Call up the closed circuit holo footage for the days. Let us check at regular intervals, if the people were indeed there."

His mother looked thoughtfully at him for a long moment, and then acquiesced. She called up the footage for the three days and they checked that the two testers were indeed at their seats the entire two days. Similarly, she checked the implementer and found that he was indeed at his seat on both the days. The first time, he had been there for just one hour, and the second time, he had been at his terminal three times, each time nearly an hour. Relieved, she answered, "It seems that you were indeed mistaken, Johann. Someone outside has broken your code."

Johann looked sceptical. "The first attack was barely three months after the implementer got my code. There would not have been sufficient distress signals to break my codes so comprehensively that someone could generate a new key. Even if someone had stolen a beacon from the manufacturer, it would be very hard to generate new keys exactly for the divisions."

Berengere looked stolidly at him, but her son was peering closely at the times at which his file had been accessed by the implementer, "Mutti, look at the access times the second time – the eighteenth of August – the implementer was here. It looks like the code was compiled and compared thrice, at different times. Why?"

"Why what?"

"The code was running fine and the testers had verified it. The first time the implementer was here on the fourteenth of July, he complied and compared it only once, produced the binary, and took it with him – that is why there were two accesses, one for the compilation pass and one for the comparison pass. If there was a bug, if the binary were defective, or he was unable to compile it properly, he would have been back here immediately – the next day, informing us there was a problem with our code and that he was unable to produce the needed binary. But he did not do that. Instead, he waited for over a month, and then came here, compiled and compared the code three times on the same day, and once more left without telling us why he needed to do it."

Berengere was quite for a moment, digesting what her son had said. She spoke slowly, "Do you think the implementer did something to modify your binary?"

Her son looked at her at last. "I don't know. But without a full analysis of the computer's solid state drives that existed at the time, we cannot say any more."

But Berengere had had another idea. She typed a few keys on her terminal. Two names appeared on her console – Gal Steinberg and Ellie Rickman, showing a few entries next to each. Her lips thinned, "You were right, Johann, about the implementer taking away multiple binaries on the eighteenth of August." Seeing her son's questioning glance, she explained, "We don't allow external storage devices inside, Johann, and indeed, no one can hook an external storage device to any terminal here. If this implementer needed to take the binary for the manufacturer away from here, he would have needed one of our storage devices. When he wanted to copy the binary, he would have requested the administrator at the time to do it for him. She would use one of the department's storage devices to copy the file that he had authorisation for on to it. And when he takes the department's storage device out of the building, he would have needed the administrator to sign off on it. Hence this record," she pointed to the holo-screen. She hit more keys. "The implementer took away the binary three times on one of the department's storage devices. Gal signed off on his first two binaries and Ellie signed off on his last one."

Johann's mind was racing. So they had created three binaries. Why? Was there any difference between the binaries? He spoke quietly, "Mutti – log in with administrator's privileges and let me connect my omni tool the machine the implementer used! There is something I need to check."

Eight hours of hard work had yielded Johann several snippets of files. It was past midnight when he explained to his mother, "Mutti – when files are changed, the actual data often does not go away – the magnetisations still remain. The file deletions ensure that only links to the actual data – or the magnetisation changes, in hardware terms – are lost. I have been trying to scavenge up the logs for the implementer's three different compilations. Since it is the same log file for the three compilations, when the final binary was done, many parts of the old compilations logs would be overwritten, but if they are different, the differences might be still around as variations in the magnetisation changes. I wanted to see if the build patterns3 for the three compilations were different. No one would compile the same program three times to generate the necessary binaries, unless there was a reason. I think the three binaries compiled were different. The implementer only left us my original, final binary to make us think that my binary had been implemented!

"So what did he really do?"

Johann glanced at his omni tool and answered, "Mutti, the build pattern in the implementer's first and final compilation logs and the tester's compilation logs are the same as mine. The build pattern in the second compilation logs are different though!"

"What does that mean?"

Johann did not even hesitate as he replied, his voice was grim, "Another file was compiled along with my files in the implementer's second compilation of the three compilations of the code and was linked to the binary." He pointed to the screen, which showed the way the binary had been compiled and explained to his mother, "Someone inserted a new file called 'Marinesids' to be compiled with my code to generate the final binaries!"

"What did the file do?"

Johann answered quietly, "Someone used this `Marineids' file to be compiled with my code to generate an additional key for all the companies in every battalion, brigade or division in the Alliance Navy! No wonder they were able to fool the marines with the false distress beacons! And no wonder they needed my source codes to generate false distress beacons!"

"Why so?" questioned Berengere.

"My program generates unique IDs for all the companies, and then there is an inbuilt verification against the last known position of the unit with Alliance HQ to see if it is a true signal! Also, once inserted into a hardware, my code makes it impossible to use the same key again for a different hardware. Just stealing a beacon and planting it near a thresher maw nest would not work if the company was either too far away, or else, the company signalled again, from another location nearby. Nor would simply duplicating the key work, since the same key cannot be inserted into more than one hardware. Someone has gone to great lengths to create this second key. They had to use this fake distress signal, and keep the real company nearby and unable to signal for the distress signal to be taken seriously."

"Is this `Marineids' file here?" asked the head of the Science Projects.

Johann nodded, "It was deleted, but most of it is here. It is hard to say with absolute certainty, but I am almost sure that it causes my program to generate two keys for every company in the Alliance instead of just one as I had originally designed! Since the binary allows two keys and generates them itself, it would allow the second key to be accepted in every transmission!"

"But why the second time?" inquired Berengere. "Why not do it the first time and replace it with the real binary the second time?"

Johann returned slowly, "I don't know."

Berengere Shepard's face was blank for a long moment, and then a slow smile blossomed on it. She hit more keys on her console. She explained, "I am calling up the Closed Circuit holo for every terminal in use that day between the arrival of the implementer and the Gal's signature for his exit with the second binary. Let us see what we can make from that."

She first called up the desk logs to see the number of guests passes that had been issued for the day. Three passes had been issued. She then began scanning the entire hall with the terminals from the arrival of the implementer.

At first, only the terminal with Alessandro Sanguinetti was in use. About fifteen minutes after the implementer had arrived, another person – a tall blond woman in a naval uniform – entered the hall. Berengere's lips parted in surprise. "Who is she and how did she get in?"

"She is not of your staff?" inquired Johann.

His mother shook her head in denial. "Nor one of the other visitors?"

"The next permitted visitor is not due for another forty five minutes," snapped his mother, pointing to the times at which the permits for the three visitors of the day had been signed.

The newly arrived woman authoritatively strode to a secluded terminal in a corner, and began to work without any preamble. She worked quietly, efficiently for two hours. In the meantime, the implementer had finished making his binaries, and under Gal Steinberg's supervision, copied the binary on one of the department's storage devices and left the building. Roughly two hours after the woman had entered, she rose from her terminal, and with no more ceremony than when she had entered, exited the room.

Mother and son exchanged glances quietly. The Spectre whispered, "Let us view the footage for the entire day quickly!"

They continued skimming the footage. The implementer arrived a second time, built his binary, and then left with the department's storage drive once more. After the implementer had left the room, the mystery woman came a second time, and worked for a few minutes on a secluded terminal and then left the room. Having seen the woman leave for the second time, Berengere switched off the closed circuit holo footage.

"I think we can guess what happened," murmured Berengere. "The woman came in here – probably with this implementer's ID somehow duplicated, added the file and modified the build pattern, and left, allowing the implementer to make his second binary which was implemented. Then, she returned after the second binary was taken, undid her changes, and allowed the implementer to make the third binary. After all, the door card readers only check the ID while entering, you don't need one to leave the room. So, she could have come in using his duplicated ID and since he was registered, she could get in as well."

"Why didn't she forge a new Alliance ID for herself?" asked Johann Shepard.

"Too dangerous," returned the head of Alliance Intelligence Science Projects. "When we issue a pass for someone to enter the records section, the person is thoroughly vetted. Trying to build a complete background for someone who is clean as a whistle is not easy to accomplish. The best way is to do what the woman has done – duplicate the ID of someone who has entrance to this place!"

The Spectre nodded, but had another question. "How did she get in to the building itself? Everyone coming in is accounted for."

But Berengere was already calling up the desk logs at the main entrance to the building. She announced, "Only two groups outside my staff were here during that time. One was Captain Calhoun and his deputy – they were here to meet with Dr. Amit Mitra, the head of the genetics lab. The other was Rear Adm. Sonia Hudson and her staff – they were here on an inspection of some gadgets that were to be delivered to her group."

The Spectre's lips had gone white. He whispered, "Sonia Hudson, the head of the Alliance Black Ops?"

"The very same," nodded his mother grimly. But let us check the desk holos at the times they arrived." Mother and son swiftly scanned the footage. About five minutes after the implementer had arrived, another group had arrived – a group containing the mystery woman. In the centre of the group was a very famous personage. One that could not be mistaken. Rear Admiral Sonia Hudson, the head of Alliance Black Ops was not one to be forgotten. Mother and son exchanged a horrified glance.

There was a long, awkward silence, and then, Johann broke it, "I think we should speak to this implementer."

But his mother shook his head. "No, Johann. You and I have done all we can for the moment. Now we know that the binaries implemented on the beacons are compromised, and all Alliance distress beacons can probably be hacked at will by someone with the second key. This is a very huge problem and every regiment and company will need to be alerted about the dangers."

"Can't we just write another code to blacklist the second binary and upload the patches to the beacons?" inquired Johann Shepard.

But his mother shook her head. "You are thinking in small blocks, Johann. There is an urgent need to launch a full investigation now and this investigation is something more than you and I can handle quietly. There are too many wide open questions as well. First, if someone broke into your code and recompiled it with other files, there is no telling what other projects have been compromised similarly. Second, it is Adm. Kahoku's marines that were killed – he is the only one with an authority to start an investigation at that end about what happened there and how they could have been lured into the thresher maw nest. Third – why was this drive core left behind? If someone lured the marines into the thresher maws, why didn't they take the core with them, rather than leave behind this evidence for us to find out. Finally, what was the reason for luring the marines into the maws? All this requires a full investigation."

Johann bowed. His mother was right. "So what do we do?"

"I will talk to Shuka tomorrow. We'll begin a full investigation at this end, and find out who and what have been compromised. And coordinate with Adm. Kahoku, to see what he can discover about this affair."

Johann Shepard rose to his feet, and kissed his mum on the cheek, "Viel Gluck, Mutti! Gib Acht auf dich!" (Good luck, mum! Take care of yourself!)

-(Scene Break)-

While Shepard and his mother were investigating the broken Alliance beacon, Tali, sitting at the C-Sec headquarters, picked up two more messages on her receiving device. Both of them were burst transmissions, and both the messages were terse and brief. The first one read, `Shepard met Tela Vasir in the Flux. Talked with her over supper. Shepard's Batarian assistant Charn caught in the attack on Terra Nova. Shepard is leaving with Williams and Adm. Anderson to Terra Nova. Message ends'

The second message was just as Spartan in its brevity. `Shepard claims that his Batarian assistant is innocent. Circumstances point to said Batarian being Shepard's double agent. But Mikhailovich is still holding Charn. Charn had found a bunch of Adm. Kahoku's missing marines lured into a thresher maw nest using a fake distress beacon. He gave the beacon to Shepard and Shepard analysed it. I think he found something in the beacon. He's currently in Arcturus station, meeting Adm. Barzilai. Message ends.'

The young Quarian was horrified. Who could be keeping such close tabs on Shepard and the team? And more importantly, who was being kept in the loop this way? There were no answers and Tali was determined to discover the traitor

-(Author's Notes)-

I hope this part is not too technical. I tried to pare it down to something everyone could follow. But computer based investigations are always involved in both hardware and software conventions and limitations, so it is not easy to make the chapter light on the readers.

Do guess who the traitor is, by the way. That little bit is going to play a very vital role in the whole saga.

The `Central Committee for Batarian Resistance' is based on `Operation Trust' launched by the NKVD (early Soviet Intelligence). The operation created a false anti-communist group running under the auspices of the Soviets themselves, and was used to funnel false intelligence to the true anti-communists and also to lure in anti-Bolshevik bigwigs into traps in Russia. The anti-communists outside Russia thought that they were going to Russia to meet with the Monarchists and the Whites, but were trapped by the Bolsheviks and eliminated. Prominent captures include Boris Savinkov and Sidney Reilly (the spy on whom James Bond is based).

As usual, all comments and criticisms are welcome.

1A binary is the executable code that is actually run when the program in question is run.

2German for `mum'.

3A build pattern lists the way in which the different files are to be compiled and linked (and in what order) to obtain the final executable code (binary).