For Charlie, hacking the data of the president’s tax attorney was definitely doable.

A Google search produced the name of the firm handling Stokes’s returns: Kane & Levin on West 57th Street in Manhattan. K & L’s website provided the names and emails of 110 members of their staff, from principal partners to the paralegals and receptionist.

But Charlie wanted a way into the firm. The answer was the Starbucks located just half a block away from K & L’s offices. It was a gathering place and coffee route for the firm’s lawyers and staff. Charlie had no problem taking over the Starbucks’ Wi-Fi, then pay-loading the laptops and electronic devices of everyone who logged on.

The next step was to program a tempting “clickbait” for unwary users. That came from Sarah: an alarming headline that appeared to be from the front page of the Wall Street Journal : “PC’s around the globe hit by new hack.” According to the breathless account, unknown cybercriminals had penetrated millions of Apple and Android devices with “a vicious new Trojan horse that, once activated, would encrypt all the contents of the victim’s computer.” The hackers then demanded four hundred dollars from each victim to deactivate that malware. Luckily, there was a new free fix to remedy the problem. All you had to do to get that patch was click on the link embedded in the article, and follow instructions on the screen.

At 7:00 a.m. the next morning, Sarah emailed that fake story to the entire list of 110 employees of Kane & Levin. By 8:14, the first musical alarm went off on his computer indicating a hit. “Show time,” yelled Charlie. The new Trojan horse instantly infiltrated the workstation of Geraldine Brail, a senior partner in the firm. She had, of course, been cautioned by K & L’s security maven never to click on a suspicious link, but this was an article from the Wall Street Journal. In the next hour, three more alarms went off. The malware was now embedded in four K & L computers. It was, the experts later agreed, a very elegant hack.

Linked in from San Francisco, Steve watched on his own computer screen, as Charlie focused on Geraldine Brail. It took only a few minutes to discover her login and password and obtain instant access to K & L’s general directory. Charlie then intercepted the two-factor authentication password required to enter the higher realm of security, supposedly protecting the client files. In the meantime, Geraldine Brail thought she had typed the challenge password required to login to the file-viewing application.

Charlie scrolled through the files in alphabetical order until he reached “Walter Stokes.”

“Bull’s eye,” he said.

“Let’s see what you got,” said Steve, following the action.

When Charlie clicked on “Walter Stokes,” the file opened to reveal hundreds of sub-files. One of them was labeled “IRS returns.” When he clicked on that, further sub-files appeared, each marked with a date going back twenty years.

“Pay dirt,” said Charlie. He clicked on the most recent file.

In far-off San Francisco, Steve held his breath. But instead of a tax return, a single notice came up. “For security reasons – no digitized IRS returns available. See M. Kane.”

“Shit,” said Charlie. “They’ve taken them completely off-line, probably on another computer not linked to the Internet.”

“Or stored in M. Kane’s safe,” said Steve.

Charlie continued to click on each of the other dated sub-files; they all produced the same infuriating message.

“It would have been too easy,” said Steve. “But there’s got to be something else we can work with, some kind of lead.”

“I’ll check through the whole goddamn thing,” said Charlie. He spent several hours prowling Stokes’s files. There were bills of sale and purchase, contracts, mortgages, entertainment expenses, even Christmas cards. There was also a file called “Businesses & Misc.”

“Could be interesting,” said Steve, as Charlie opened the file. It contained a three-page double-spaced list of 256 different names, apparently belonging to companies, some with Stokes’s name in one form or another; some that appeared to have nothing to do with Stokes. Nine of them had the name followed by an initial. Charlie and Steve copied the list.

“That may still give us something to chew on,” said Steve.

Charlie closed down the malware on all the Kane & Levin computers and instructed the intruding droppers and Trojans to self-destruct and wipe all network and system logs. The IT security folks in the firm would never realize they’d been hacked.

Over the next two days, Steve, Charlie, and Sarah ran through the list of 256 company names they’d copied. Eighty-nine of them no longer existed; they’d gone bankrupt or simply folded. Many of the others were U.S.-based, most of them connected in some way with Stokes.

Nine of them, however, didn’t show up on any list of anything to do with Stokes, nor were they incorporated or registered in the U.S. They each had an initial after the name: BSP-P, Highflyer-P, West End BV, Pyotr1C, Kalinka C, Krypto C, Styx C, Arbat C., and Rivka1-C.

“Any ideas where we go from here?” asked Steve after they’d looked over the list.

“Sleep on it,” said Sarah.

They did. Steve woke early the next day in San Francisco as dawn began to penetrate his bedroom. He prized these moments. He would lie there, running through events of the past day, going over ideas for the future, examining problems still unresolved. It was a time when his brain was sharpest. And then it was all so clear.

As planned, the members of Deep Strike held another encrypted call at 7:30 a.m., San Francisco time. “It’s simple,” Steve immediately began. “Those nine companies are all offshore. I should have realized it right off. P stands for Panama, BV for the British Virgin Islands.”

“And the last six companies are all C’s” said Sarah.

“Could be the Cayman Islands,” said Steve. “But I don’t think so.”

“Why?” said Sarah.

“Most offshore venues tell you nothing about who are the real owners of the companies based there. But at least they do publish a list of those companies. I’ve already checked Panama and the British Virgin Islands. Turns out that BSP, Highflower, and Westend are all listed there. They’ve also all got the same corporate officers. All of them are with the same Panamanian Law Firm – Rodriquez & Baltra in Panama City.”

“Those sleazebags!” said Sarah. “They’re money launderers for crooks all over the world. Not to mention the CIA. You won’t get anything out of them. But those last five companies – the ones labeled at the end with C’s. That C’s gotta be for Cypress.”

“That’s my bet,” said Steve, “particularly where Stokes is concerned. It’s THE center for Russian money laundering.”

“So then what’s the next step?” asked Sarah.

“I’ve been trying to figure that out,” said Steve. There was a reason he had undergone plastic surgery and adopted a completely new identity. It gave him the freedom to move around that the other members of the group didn’t have. But he needed to make each move count.

“One option,” he said, “is go to Panama and see what I can pry out of Rodriquez & Baltra.”

“Good luck on that,” said Charlie.

“Agreed,” said Steve. “On the other hand, the Russian-sounding names from Cypress are tantalizing. I could go there.”

“And run headlong into another wall of corruption and secrecy,” said Charlie.

“Exactly,” said Steve. “Why jet off to Panama or Nicosia when the question of Stokes’s ties to Russia is really our target? I think we can short-circuit the investigation if I go directly to Moscow. If that doesn’t pan out, then I’ll head for Nicosia or Panama. But Moscow comes first. I’m leaving soon as I can.”