Our bed-and-breakfast looked like it was out of a goth comic book: a shadowy, midsized Victorian on top of a steep hill, in forced perspective. A blood-red “vacancy” sign glowed overbright in the parlor window.
My son and I had taken Amtrak to upstate New York for a weekend of cheap skiing. Before we went, I should have shown him Flirting with Disaster, which has an instructive B&B scene that shows how they’re different from Airbnbs: the clutter, the pancakes, the eccentric proprietors. Indeed, the instant we arrived we met the first of two odd women, fellow travelers not entirely unlike Big and Little Edie of Grey Gardens. Over the course of the weekend, they unfolded twisting stories of personal ingenuity and foul cyber deeds that were as Victorian as turrets and spindles.
Virginia Heffernan (@page88) is an Ideas contributor at WIRED. She is the author of Magic and Loss: The Internet as Art, a cohost of Trumpcast, an op-ed columnist at the Los Angeles Times, and a frequent contributor to Politico.
Angela Hart—a penname—fit the B&B bill. I liked her. Her stories were expectedly relentless, but vivid and detailed. Day one she stuck to divorce trauma and tales of her shrewdness bartering for hutches perfect for Hummel figurines. Day two things got weirder.
Angela had written a book about her experience of having her identity stolen some 15 years ago, she told us, when she had signed up over the phone for fraud website-building software and classes to the tune of $10,000. That’s the kind of lapse in judgment people rarely confess, but Angela was a good sport about having squandered her hutch money.
But then the tale took a turn for the heroic: She launched into freestyle cyber-counterintelligence, first as a victim of identity theft and then as a government source in what was, at the time, the largest computer-crime case ever prosecuted. She’d become a soldier in Operation Firewall, a sting that was eventually orchestrated by the Justice Department and US Secret Service. A year later, Operation Firewall ended up nabbing Shadowcrew, the notorious ring of hacker blackhats who stole over 40 million credit and debit card numbers from people like Paris Hilton. And Angela.
Angela’s tale of derring-do included: a ghostly and menacing visitor to the B&B who spoke in code and was obsessed with the Alamo; a shoe bomber; a sting operation that involved webcams and trickery; and one actually genuine hacker, Albert Gonzalez. Some of these things I couldn’t verify but Gonzalez is indeed serving a 20-year sentence in federal prison. He was the carder kahuna, using SQL injection to create backdoors at companies like Dave & Busters and OfficeMax to steal and resell credit card and ATM numbers.
Examining first the dust jacket of Angela’s book and then her liberal use of exclamation points, Ben mouthed “self-published” to me. Was she another of life’s cracked Hummel figurines? I can’t say it didn’t cross my mind, but later I ran her story by E. J. Hilbert, a security expert who had been part of Operation Firewall, and he confirmed she had supplied the investigation with “cool details,” though he hadn’t worked with her directly. Angela was indeed the Catskills queen of cool Operation Firewall details, and she made perfect pancakes.
Because Ben and I didn’t have a car, Angela gave us the number of a local one-woman car service to give us a lift to the train station. The area’s bad cell service doesn’t sustain rideshares, we were told. (Or does it? There were lots of confusing explanations for why we shouldn’t call Uber.)
Our goodbye was warm. Dawn, Angela’s recommended driver, was less warm. We loaded into the car and Dawn asked Ben something perfunctory, and then abruptly suggested a search string. “Dawn. Kojac. U-S-I-S.”
I put it into Google, as Ben picked up a book. I wasn’t up for another meandering farrago, but curiosity was hard to resist. And there it was: Dawn in The Wall Street Journal. Her story was another doozy.
Several years ago, Dawn worked at a sketchy joint called the United States Investigations Services, a private contractor that did security investigations for government jobs. Seems the place was a background-check boiler room, with a Glengarry Glen Ross corporate M.O., which incentivized rushing through checks at a lunatic pace.
As Dawn explained from the driver’s seat, I read her words in the Journal: “It was a never-ending nightmare,” she said of USIS. “Every day you had that pressure.”
According to a 2014 audit by Michael Esser, who was then the Office of Personnel Management’s assistant inspector general, USIS conducted background checks too hastily to get them right. Fast work is dangerous work, and the result was a miserable staff at USIS, including Dawn. She eventually sued USIS for unpaid overtime under the Fair Labor Standards Act.
According to federal filings, USIS in its haste made grave mistakes. In 2007, they evidently overlooked multiple reports of misconduct and violence in the history of Aaron Alexis, a Navy Reserve officer, and cleared him as a military contractor. Six years later, he killed 12 people and wounded four when he shot up the Washington Navy Yard in one of the deadliest mass murders on a military base in American history.
And then, in 2011, USIS glossed over some problems on the background check of one Edward Snowden. Snowden slipped into the NSA, where he, to put it decorously, leaked state secrets.
In 2013, Patrick E. McFarland, inspector general for the Office of Personnel Management, said in a Senate hearing about USIS that “we do believe there may be some problems” with Snowden’s clearance.
The government agreed. After OPM conducted a reinvestigation of Snowden and found irregularities, they launched a civil case against USIS. By 2014, the Justice Department had joined it, alleging that, under the direction of Bill Mixon, the company had rubber-stamped at least 665,000 background investigations that had not been thoroughly vetted. The civil case had been filed by the original whistle-blower, onetime USIS employee Blake Percival, in 2011; according to The Washington Post, he said he’d been fired from USIS for refusing to order his underlings to submit incomplete background checks to the US government for payment.
Percival walked away with $3.3 million of the government’s $30 million settlement, money that USIS had been ordered to forfeit. Dawn’s lawsuit was settled. (USIS admitted no wrongdoing, and one of her claims was dismissed.) “Only the first whistle-blower gets money,” Dawn told Ben, whom she was still addressing in the rear-view mirror. He nodded.
(Dawn’s story brought to mind Tricia Newbold, a longtime member of the White House Security Office who was suspended without pay in December, just after protesting the office’s decision to give top-secret security clearance to presidential son-in-law Jared Kushner. Kushner’s legendary troubles with his SF-86 far eclipse Snowden’s.)
Subscribe to WIRED and stay smart with more of your favorite Ideas writers.
Since leaving USIS, Dawn told us that she’d applied for thousands of jobs in her field, but has settled on freelance work: peddling nutritional supplements at a multilevel-marketing company; waiting tables at a P.F. Chang’s; and now working as a rideshare driver.
The epilogue to Angela’s story is upbeat. Gonzalez is in jail. Shadowcrew went down. And no one will ever be conned quite the way Angela was on the internet. As for Dawn, the epilogue is bleaker. Aaron Alexis is dead. Edward Snowden is hiding out in Moscow. William Mixon, who led USIS but seems to have paid no price for background-check churning, is described on LinkedIn as “Currently CEO at National Seating & Mobility (NSM), North America’s most experienced provider of complex rehabilitation seating, mobility and positioning systems.”
I highly recommend traditional B&Bs, especially the far-flung ones. The voluble owners are not for everyone, but the whole thing is an antidote to chic Airbnbs or lonely self-service boutique hotels. Linger after breakfast amid the knick knacks, and ask for war stories. Ask about the hutches, the divorces, Edward Snowden. You can find a great, affordable, weird B&B with just a little sleuthing on the internet. Just don’t advance anyone $10,000.