Then she went right in to the firm’s offices and told the receptionist that she lived just down the street and was looking for temp work, and asked what agency they used to hire their temps. She spun a story about having a young child at home and needing to find work in the neighborhood. The receptionist gave her the name of an employment agency but apologized that there was nothing available at the time, so far as she knew. Mandy thanked her, and that was that.

Now Dorothy examined the photos on Mandy’s phone.

“Okay,” she said, “this is good. They’re using an HID system like just about everyone else uses. Almost certainly a low frequency 125 kilohertz system. Like eighty percent of the keycard users in the world.”

“Why is this good?” I asked. When it comes to technology, I long ago stopped worrying about sounding stupid. I ask, and Dorothy explains. This kind of technology is her forte. She enjoys being smarter than me, and I don’t mind it a bit.

“Because a couple years ago there was an interesting talk at Black Hat USA about how to defeat it.”

“How involved is this? You think we should bring in Merlin?”

Merlin’s real name was Walter McGeorge, an old army buddy who’d been a commo sergeant on my Special Forces team and later became a TSCM specialist, an expert in technical surveillance. He lived in the area, in Maryland. When I lived in DC I used to bring him in frequently to help me on jobs.

“You don’t need Merlin for this,” she said. “I promise. I can set it all up for you myself. Plug-and-play. Easy.” She tapped at her laptop. “Here we go.” She turned her laptop’s display toward me. It was an eBay page with a lot of listings, pictures of what looked like square boxes.

I recognized them. They were proximity readers, also known as badge readers. They’ve become ubiquitous in the corporate world. They’re the little black boxes mounted next to office doors at which you wave your plastic keycard to gain entry. You also see bigger versions of prox readers at the entrances and exits to parking garages. They allow drivers who have the right keycard to pass right through.

“I know what a prox reader is,” I said, “but I don’t see how that gets us in.”

“Okay. I buy one of these long-range RFID readers and do a trivial amount of futzing around to weaponize it. Stick in a PCB, a circuit board, and twelve double-A batteries. Like that. This thing can read a badge from three feet away, normally. So pay a visit to Norcross and McKenna, and you bring it in, in a backpack or briefcase, and just make sure to be within three feet of someone who’s got a badge around her neck or on his belt.”

“Then what?”

“You don’t need to know how it works. It’ll read any Wiegand protocol card that gets close enough. It captures the data on the keycard. When you get back here, I download the data and write it to a blank keycard, and that’s all she wrote. We’ve cloned the key to their front door.”

“Hold on,” I said. “Those things beep when they read a card. Am I going to be beeping audibly whenever I get near someone’s keycard?”

She smiled. “You do think ahead. Good question, and thanks for mentioning it.”

I shrugged. “Just another accidental flash of brilliance.”

“I’ll toggle a dipswitch in the thing to turn off the beep sound. Anything else?”

“Foolproof?”

“Well, idiot-proof. You should be okay.”

She placed an order through eBay with a company in South Carolina and one in Eagle Mountain, Utah, and requested overnight shipping, and the next day several large boxes arrived at the hotel, and we were in business.

Now, Dorothy took the briefcase, unzipped it, and pulled out the badge reader. It was about a foot square by an inch thick. It was a long-range 125 kilohertz MaxiProx proximity card reader manufactured by the HID Corporation, the Texas-based company that makes most of the keycards and readers used in corporations around the world.

She turned the thumbscrew on top of the box and removed the front cover. She popped out the micro SD card and stuck it in her laptop.

She blinked a few times. Then she smiled. “You captured four separate cards.”

“The receptionist, the partner — Ashton Norcross — and probably a couple of employees I was next to in the elevator on my way out,” I said.

She nodded. “I don’t know if there are levels of access, but Norcross is a partner, and he’ll no doubt have the highest level. We’ll clone his.”

Dorothy and I went through everything I’d observed on my visit to the firm — the placement of the CCTV cameras, which areas appeared to be separately locked, and what kind of security protected the vault, which they called a strong room. “The vault is locked separately with a Kaba Simplex mechanical push-button lock,” I said.

“Know anything about them?”

“Come on. This is why I want Merlin now. It’s at least a two-man job.”

She shrugged. “Okay. Now here’s an extremely cool piece of hardware called a Rubber Ducky.” She handed me something that looked like a thumb drive.

“A Rubber Ducky.”

“Correct. I know it sounds silly, but it’s dead serious. You plug this into the USB port of any of their computers and it goes to work.”

“I’m going to need you to come along and help me deal with this thing.”

“That’s the beauty part, Nick. It’s fire-and-forget.”

“What happens when I plug it in and some antivirus program comes up? Which is likely.”

“Someone’s been paying attention in class. But that’s not going to happen. This is configured to be an HID, a human interface device, like a mouse or a keyboard. The computer will detect that it’s an HID and trust it.”

“Okay. So I plug it in — then what?”

“It immediately injects code at a thousand characters a minute. It creates a shell on the network, and pretty soon it’ll give us root-level access. It runs something called Metasploit that looks for weaknesses in the software. It creates a username and password. And then... I’ll be able to get onto the Norcross and McKenna server from here.”

I picked it up, toyed with it, and put it down. “If you’re right, this really is cool. Just plug-and-play, huh?”

“Well, I’ve got to do a bunch of programming on it this afternoon to deploy the payload. But it will be.”

Merlin — I never called him Walter — was short, maybe five feet seven, and lean. His physical type was surprisingly common in the Special Forces. He had a black buzz cut with some gray starting to move in, a pushed-back porcine nose, and a thin black mustache. The vertical lines carved into his forehead between his eyes made him look angry.

He had no family, as far as I knew, and one singular devotion: sport fishing. He lived in Dunkirk and kept a boat in the Harbour Cove Marina, in Deale, and was always out on the water. I reached him onshore, though, and told him about the job. It was a simple black-bag job of the sort he and I had worked several times before. I offered him a couple thousand bucks, double if we encountered any surprises, and he quickly agreed. His TSCM business was slow, and evenings he was never busy.

In the afternoon I did a bunch of errands, picking up everything we could possibly need. We rendezvoused at a dive bar in a strip mall in Leesburg around midnight. He’d chosen it because it had a separately ventilated smoking section, which was permitted because of some loophole in Virginia law. Neither one of us had anything alcoholic to drink; wanting to keep sharp for the job, we both had Cokes. We sat at a booth. He smoked continuously.