1
Tuesday morning. I drive to Michigan State, park near the computer science building.
Tom Nakamura owes me a favor from three years ago. I helped him identify a problem before it became a breach.
Coffee shop on campus. He’s already there.
“Security work now?” he asks.
“Theoretical problem. Client wants to test their systems.”
Tom leans forward. “What kind of test?”
“Database misconfiguration. Needs to look accidental but exploitable.”
“Red team exercise?”
“Something like that.”
He pulls out his phone, sketches on a napkin. “Customer database. Admin error that creates access windows.”
“How obvious?”
“Obvious enough to find quickly. Subtle enough to seem unintentional.”
“Implementation?”
“Few hours work. But you’d need admin access.”
“That’s handled.”
Tom studies the sketch. “This is live?”
“Controlled environment.”
He nods, slides the napkin across the table.
-----
Wednesday evening. I sit with Tom’s notes.
The plan is clean. Create a vulnerability, make it look accidental, wait for Viktor to find it.
When he does - and he will - I’ll have intelligence about his methods.
But it has to look like another illicit opportunity. Another step into the dark world he wants to control.
Viktor thinks he will be making me more complicit, as if.
He’s actually walking into a trap.
2
Thursday evening. I sit in the basement of the university library, deep in the digital archives.
Academic papers on financial cybercrime. Case studies of database breaches. FBI reports on criminal psychology and operational methods.
But I’m not reading for education anymore.
I’m learning to imitate.
-----
The Patterson case, 2019. Insurance database compromise affecting 80,000 customers. Technical sophistication matched what I need. Perpetrator never caught.
I study the methodology. SQL injection through customer portal. Escalated privileges through admin oversight. Clean extraction over six weeks.
The communication patterns. How Patterson established credibility in forums. Word choices, technical language, operational timeline.
I take notes. Not on the crime itself.
On how to sound like someone who could commit it.
-----
Friday morning. I review forum posts from the Meridian Bank breach, 2021. Different scale, similar approach.
User “DataReaper” claimed responsibility. Posted technical details that checked out. Gained significant reputation in criminal circles.
His writing style. Confident but not boastful. Technical precision mixed with operational caution. References to previous work without specific details.
I practice mimicking the tone.
-----
Saturday afternoon. Emma’s at book club. Kids at friends’ houses.
I sit at my kitchen table, studying psychological profiles of white-collar criminals.
Pattern recognition has always been my specialty. But now I’m analyzing criminal personalities to copy their behavioral signatures.
The irony isn’t lost on me.
I’m using my expertise in reading people to become someone else.
Someone who belongs in Viktor’s world.
-----
Sunday evening. I draft my first forum post using Patterson’s methodology, DataReaper’s tone, and details from three other unsolved cases.
Corporate accounting breach, 2020. Healthcare database compromise, 2022. Municipal records exploitation, 2023.
I blend their approaches. Patterson’s patience, DataReaper’s technical precision, Healthcare-Phantom’s government connections.
Creating a criminal history that never existed.
Building credibility from other people’s crimes.
-----
Monday morning. I review the draft.
To anyone investigating, it would check out. Real breaches, accurate technical details, consistent methodological approach.
To Viktor, it would look like a serious criminal with escalating capabilities.
To me, it looks like evidence of how completely I’ve learned to think like the people I used to catch.
The transformation is complete.
I’m not mimicking criminals anymore.
I’ve become one.
3
Monday, 11:47 PM. I sit in my study, encrypted connection established, forum loaded.
My finger hovers over the submit button.
One click transforms me from someone studying criminals into someone pretending to be one.
I press enter.
CryptoVault Underground - Financial Exploits Forum
Thread: Regional Bank Opportunity - Time Sensitive
User: AnalystGhost47
Posted: 12 minutes ago
Found something during routine reconnaissance. Small midwest bank, customer database misconfigured. Admin left debugging access open on production server.
Database contains:
40K+ customer records
SSNs, account numbers, transaction history
Commercial accounts (local businesses)
Credit histories, loan applications
Access window appears stable but won't last long. Bank's quarterly security audit scheduled next week.
Looking for partner with extraction expertise. Revenue split negotiable based on contribution.
Previous work includes insurance sector (2019), healthcare systems (2022), municipal records (2023). Prefer systematic approaches, clean extraction, minimal exposure.
Not looking for amateurs. Need someone who understands financial systems and can move quickly.
PM if interested. Provide credentials.
I post it and lean back.
Now I wait.
Tuesday, 6:23 AM. Three responses overnight.
ShadowTrader91: What's the verification process? Too many honeypots lately.
VulnHunter_X: Your timeline seems tight. Michigan area?
DataGhost_2019: Interesting work history. The municipal breach - was that the Detroit parking authority?
Amateur hour. ShadowTrader sounds like a scammer. VulnHunter_X might be law enforcement fishing for geography. DataGhost_2019 is testing my knowledge of real cases.
I ignore them all.
Wednesday. Nothing.
Thursday. Two more low-quality responses I delete without reading.
Friday morning. Emma notices I'm checking my phone more frequently.
"Waiting for something important?" she asks.
"Client might call."
But nobody calls. Nobody bites.
Saturday afternoon. I review my post, wondering if I made it too obvious, too amateur, too eager.
Real criminals don't advertise on forums. They work through established networks, trusted intermediaries, years of relationship building.
I was fishing in a kiddie pool, hoping to catch a shark.
Sunday evening. I draft a different approach.
No direct offers. No obvious opportunities.
Instead, I post a technical question about database architecture. Something that demonstrates knowledge without advertising capability.
Then I wait again.
Monday, 3:17 AM. A private message appears.
From: Architect_V
Your recent posts show interesting perspective on system vulnerabilities. Academic background?
The bank opportunity thread was removed by moderators. Probably too direct for this forum. Most serious work happens through other channels.
Professional curiosity: your healthcare systems experience - consulting or internal access?
I stare at the message. Not a bite. A nibble. Careful, professional, giving nothing away while asking specific questions.
I type several responses, delete them all.
Finally:
To: Architect_V
Mixed background. Academic research, some consulting. Healthcare work was compliance-related initially.
You're right about direct approaches. Still learning the ecosystem here.
What other channels do you recommend for more sophisticated discussions?
Send.
Then I wait again.
Because this is how it really works. Months of careful positioning. Trust built over time. Each party revealing just enough to maintain interest without exposing vulnerability.
Viktor - if this is Viktor - won't reveal himself over a few forum posts.
But maybe, eventually, he'll reveal enough for me to find him.
Or maybe I'm just building a criminal reputation that will destroy whatever's left of my life.
The fish hasn't taken the bait.
But at least now I know there are predators in these waters.
And they're watching.