How much should my fictional hacker charge to deactivate a government tracking device?
January 7, 2011 1:24 PM   Subscribe

How much should my fictional hacker charge to deactivate a tracking device?

So I'm writing a story (I know, I know *eye roll*) that's sort of crime/intrigue based (Ocean's 11, James Bond, White Collar type stuff), and I need to know how much my hacker character is going to charge the protagonist to remove a government tracking device. I can't find any online evidence of this sort of practice, so I'm totally in the dark on how much the asking price should be. I would love for it to be a big number so that the stakes are higher, but I don't want to go off writing in $50,000 if it's realistically only $500. Any ideas?
posted by baronessa to Computers & Internet (31 answers total) 8 users marked this as a favorite
Price: favor to be traded later in the sequel. Characterization > money!
posted by gregglind at 1:27 PM on January 7, 2011 [7 favorites]

I'm with gregglind. A favor or some other unquantifiable MacGuffin that only the protagonist can acquire.
posted by The Winsome Parker Lewis at 1:28 PM on January 7, 2011

First, a ridiculous price that your protagonist can't afford to pay...then in a change of heart, he'll do it for free, just for the challenge, because he's never run across a tracking device wired this particular way before.
posted by infinitywaltz at 1:29 PM on January 7, 2011 [3 favorites]

Is there any reason you need to name a specific sum? I mean, money generally plays a red herring function anyway, so you could just have a briefcase full of cash or something.

Also, I don't see a reason this can't be a Super Secret NSA Encrypto-Trackbot 9000 which would cost more to deactivate than an Acme Valu-Track.
posted by nasreddin at 1:30 PM on January 7, 2011 [1 favorite]

"I asked him how much it would cost. He gave me a figure I could live with."
posted by Etrigan at 1:31 PM on January 7, 2011 [2 favorites]

Oh, finally, a chance to use my screenplay auditing hobby in AskMe.

First of all, what kind of tracking device? Embedded in his skin? Five figures, for sure. An ankle bracelet? Couple hundred. A box hidden in his car? Five hundred. You can make whatever number you like realistic by writing backstory about why your hacker happens to need that specific amount. Perhaps a new expensive device he wants to buy, or something noble, like a gift for his girlfriend.

You can make the fee higher by changing your goal from "deactivating" to "spoofing" or "hijacking", so that instead of just dying, the device continues to send out FALSE information, either randomly or because it's attached elsewhere (taxi cab?).

Or if you wish to be really sneaky, your hacker could add a receiver to the device that waits for data to be sent, then echoes that data by its usual transmission method. Then the protagonist (or hacker) can "tell" the device where it is whenever he wishes, remotely. He could lead law enforcement on a ridiculous chase across the state/world by just drawing lines in Google Maps. This service is definitely worth $50K.

Obviously such a change will impact your plot, but it might open up some new directions, too.

Pardon the pun.
posted by rokusan at 1:31 PM on January 7, 2011 [6 favorites]

Whatever the actual number turns out to be, I wouldn't put it in the text. I'd do something like this:

I asked how much it would be to deactivate the tracking device.

H. Acker named a very reasonable sum / an astronomically high figure.

"How reasonable / insane!" I said.

He shrugged and said that's just how much it costs.

posted by Lentrohamsanin at 1:32 PM on January 7, 2011 [1 favorite]

"Well, do you want them to know it's been deactivated, or not?"
posted by TheWhiteSkull at 1:33 PM on January 7, 2011 [1 favorite]

A ridiculous some of money for popping it in the microwave.
posted by Artw at 1:39 PM on January 7, 2011 [2 favorites]

What's that movie with the crazy old guy in the faraday cage, and the hip young black attorney who accidentally gets caught up in some evil CIA/NSA plan for world domination and has to have all his tracking devices removed?

To go the whole hog, the cost of a new set of clothes, new computer and phone hardware, a carefully planned journey across town to a new apartment or hotel room, maybe some kind of full body scan and some dental work to get the stuff out of his/her teeth, and some basic image modification measures (contacts, hair dye and cut, break nose sideways, cheek pads, grow/shave mustache). Then the (very expensive) cost of a solid new ID.

Or are we just talking running Clam AV and Chkrootkit here? Maybe just reinstalling an OS?
posted by Ahab at 1:41 PM on January 7, 2011

Listen kid, I can smash it with my own hammer for free.
posted by i_am_joe's_spleen at 1:47 PM on January 7, 2011

A ridiculous some of money for popping it in the microwave.

"You just charged me $x to put it in the microwave?!"

"No, I just charged you $(x-y) for knowing the microwave would kill it, and $y for a new microwave."
posted by Adridne at 1:51 PM on January 7, 2011 [3 favorites]

Ahab - Enemy of the State?
posted by Busmick at 1:52 PM on January 7, 2011

I'm a bit confused couldn't pretty much any tracking device be deactivated with a big rock and some elbow grease? What is the hacker doing exactly?
posted by bitdamaged at 1:53 PM on January 7, 2011

A couple of months ago a redditor brought his car in for service, and the mechanic discovered a government tracking device the mechanic removed it for free and asked him what he wanted to do with it.

But realistically, it all depends on negotiation between the hacker and the car. Of course you would never pay more then the cost of a new car to do it ($50k), with this kind of thing you would charge by the hour. Maybe $200 an hour, given the risk?
posted by delmoi at 1:53 PM on January 7, 2011 [1 favorite]

The amount should depend on a couple of factors. Task oriented factors might include difficulty of the task, the rarity of the tools/software needed, the risks involved, the time it takes, etc. Also consider hacker-centric factors: skill, experience, whether he/she has a legit rep to maintain, etc.

If uberhacker is a member of the social elite with a lot to lose, like a six figure salary at a government connected corporation and uses his specialized access to unique tech, it might cost a pile - think, "how much would you have to pay me to make it worth losing my current existence." How much does it take to tempt someone like that? Probably a lot. Perhaps more than a million.

The drop-out college kid who hates the system/government/cops/corporations? A lot less so, especially if he can do it with his old 486, a parellel cable, and insight gleaned from nights misspent reading comments in the Linux kernel source code. The figure drops dramatically if your cracker has a drug habit and happens to be in need of a fix....

There's no menu for this sort of thing. Ask instead about the hacker's character and his current circumstances, then figure out what would motivate him to do this. Possibly, she even does it for free.
posted by Hylas at 1:56 PM on January 7, 2011 [1 favorite]

This is incredibly helpful, everyone! Thanks for the input.

Just to clarify: 1) The reason I need a ballpark price is because my character needs to extort the money from another person, and the amount is sort of crucial to that relationship. 2) No, the government can't know it's been removed. Which is why I really love rokusan's idea! Do you really think I could put in $50K for that?

From what I've been able to learn from hacking sites, the JTAG interface on the device could be rewritten to mislead authorities, OR the system it's connected to could be hacked (maybe I'm wrong about this, my tech knowledge is minimal). Either way,
posted by baronessa at 1:56 PM on January 7, 2011

Oh wait, you didn't say car. Yeah, we need more details. Is this an ankle bracelet? A chip under the skin?

If it was under the skin, it would make the story more dramatic to go to a mafia doctor, or a tatoo parlor/"body modification" shop to have the work done. this chick put EM sensors into her skin at a very low cost.
posted by delmoi at 1:58 PM on January 7, 2011 [1 favorite]

If secrecy is critical, and there's no one else the protagonist can trust, the hacker's got him in the palm of his hand. Since he knows his client is both desperate to have the tracker removed and unable to go to anyone else, he can charge a ridiculous sum for the job. Call it a "convenience fee." That's black-market economics for you.
posted by The Winsome Parker Lewis at 2:02 PM on January 7, 2011 [2 favorites]

Consider this:

People rarely need money for money.

They need money to buy stuff.

In other words, I don't charge my employer X number of dollars because I like the sound of "X." I charge him the going rate for my time, which I balance against my needs, which can change from year to year and even day to day.

They say you can buy a car the cheapest on the final day of the month. Why? Because that's the last day to make a monthly sales quota, and a salesman may need to make a sale right now, and it won't matter to him if it will make him an extra hundred dollars or two, just please oh please don't let my boss get mad at me again because I can't take it anymore and I'm a drunk that needs this job or I'll fall off the wagon again and my wife will leave me and I'll never see my son again and the best part of my day is throwing the baseball with him in the backyard which my own father wouldn't ever do for me because he was a drunken workaholic and I turned out to be just like him even though I dreamed of being a superhero.

This is what they call DRAMA. Characters that have reasons for doing what they do.

Your imaginary hacker should have a reason to charge what he does. Hell, maybe he'll do it for free if only your main character will do something else for him...
posted by Cool Papa Bell at 2:07 PM on January 7, 2011

Ahab - Enemy of the State?

Yes. That's the one. Thank you. It helped to define my limits of paranoia re govt surveillance and is distinctly relevant here.

I had to work in a faraday cage to send some cables once. In the light of having seen Enemy of the State, it was one of the weirdest experiences of my life. "You mean I have to go into the concrete vault and metal cage so that no-one can read my computer as I input this stuff, but then you're going to beam it out from the satellite dish on the roof anyway?" type thing.
posted by Ahab at 2:08 PM on January 7, 2011

If secrecy is critical, and there's no one else the protagonist can trust, the hacker's got him in the palm of his hand. Since he knows his client is both desperate to have the tracker removed and unable to go to anyone else, he can charge a ridiculous sum for the job. Call it a "convenience fee." That's black-market economics for you.


What's the hacker's character? Is it a young gun making a name for himself? Is it an older hacker with a reputation? My favorite idea: It's someone who works for the government but does freelance work on the side. If she get's caught, she loses everything: Her job, her family, possibly even her freedom or her life. $50,000 goes a long way towards creating an "Escape the Country" fund.
posted by muddgirl at 2:12 PM on January 7, 2011

Just another thought. There are companies that do this. First google result.

Now if you're in the US, any US licensed company is probably a risk for telling the government if they find a govt device.

But if (real example) you're running a mining company in Vietnam and you don't want the government to know what your plans are, you use a US company to do the bug sweeps and computer checks for you. And they tell no one when they find the Vietnamese government bugs.

So maybe, if your character is in the US, they can get a Chinese company to do it for them. And maybe they charge actual rates, minus a discount for any bugs they find that are new technology for them

Answer, ring a commercial bug sweeping/industrial counter espionage firm and ask what they'd charge?
posted by Ahab at 2:18 PM on January 7, 2011

I can't imagine that there is anything like a going rate for this sort of service. It's not as though there's an open market in surveillance-device-disabling services. If this hacker is a professional "security researcher" type they might choose to charge an hourly consulting rate, which would likely be somewhere in the $100-$200 range.

Alternately, since this is unlikely to be the same sort of work the hacker does to make a living, they might jut pull a number out of a hat based on whatever they think they could do with a little extra money. This will really depend on how interesting the hacker thinks the work is likely to be. Hackers, generally speaking, really like to solve new puzzles, but find repetitive grunt work to be unbearably boring. If the tracking device is somehow novel, the hacker might happily offer to do it for cheap or even free, because the challenge involved in figuring out how it works and how to disable it might be reward enough. It doesn't sound like that would work for your story, though, so perhaps your hacker can be a bit more of a mercenary.

You will need to have some solid reason to explain why the device cannot be disabled mechanically (aka "smashed with a rock"). Think carefully about what exactly it means to hack this device. Presumably there is some reason the device needs to appear to still be functioning. How deep an inspection does it need to withstand? Who does it need to fool, and how are they going to discover that the device has been hacked?

If all you need is a physically intact device that no longer does anything, the hacker can simply take it apart, find the battery, and cut the power supply wire. But perhaps the device needs to look like it is powered up - maybe it has an LED that glows - without actually transmitting data. Ok, now the hacker can find the radio and disconnect the antenna.

The really big challenging job would be to alter the device so that it continues to do whatever it does that allows tracking, but sends out bogus data. This would require the hacker to do quite a lot of work figuring out how the device is built and reverse-engineering its firmware, then writing new spoofed firmware that appeared to do the same job. This could easily take days or weeks of work and might even require the hacker to buy specialized debugging hardware (hundreds of dollars) or an expensive proprietary compiler (several thousand dollars). There are at least a dozen different major families of microcontrollers, each with its own architecture and toolchain; this hypothetical firmware hacker certainly has tools for working with a few of them, but nobody has all of them.

No, the government can't know it's been removed.

Aha! Critical point. So, how is the government going to determine that the device is still active? How do they get data back? Does the device have a radio, or do they need to plug something into it to download? Does the radio broadcast all the time, or does it wait for commands? What is its range? Is it based on a cell phone or some other technology?

A very simple tracking device would simply send out a "blip"; the Men in Black could discover its location by sending out vans with antennas to perform triangulation. This would be very hard to hack; you'd have to physically change the location of the broadcasting unit. A more sophisticated device might have a GPS receiver, and would then broadcast its own GPS coordinates. The hacker could spoof this by sending out fake GPS data.

The problem with continuous long range broadcasting is that it takes a lot of power, and is easy to detect. A more subtle device would keep quiet most of the time and simply keep a log its location, then send out a burst of data every now and then. For extra subtlety, this could be a short range radio; the MiB could send out an anonymous panel van which could park near the device, then quickly download all of its data.

All of this really depends on your story: why are the MiB after this character, and what is it that they want to know? Are they looking for patterns of movements, in order to identify associates / drop locations / secret hideouts, or are they just trying to keep tabs on location so they can do a snatch-and-grab at the appointed moment? The characteristics of the tracking device depend on their goals, and the difficulty of hacking the device depends on what it is made to do.

From what I've been able to learn from hacking sites, the JTAG interface on the device could be rewritten to mislead authorities,

JTAG is an interface used to program or debug microcontrollers. The hacker would have a JTAG interface (such as the TI MSP-FET430UIF sitting on my desk here) which they would use to connect their computer to the chip inside the tracking device. A microcontroller is basically a single-chip computer, with built in storage; JTAG lets you inspect all of that storage and optionally modify it. Basically it is the hand of the almighty inside microcontroller-land. There would still be a lot of work to do but this is definitely where your hacker is going to start.

Right, so, I sort of do the opposite of this for a living, in that I write firmware for embedded microcontrollers; whatever gizmo your hacker is trying to hijack would have been programmed by someone like me. Feel free to metafilter-mail me if you want more technical data than you can probably use.
posted by Mars Saxman at 2:38 PM on January 7, 2011 [7 favorites]

Yer classic hacker character is driven more by an interest in the work, as Mars describes, and charges money just to pay the bills, or keep the riffraff out, or whatever. This is pretty different from the (also classic) government/contractor employee who's doing this work on the side to pay off their loan shark / blackmailer / mistress / leave-the-country-fund. Or the ideological spy (or ideological hacker) who's doing it for completely non-monetary reasons.

If you want a side plot, a sequence of events that would sound plausible to me is: Character approaches hacker asking him to disable the device. Hacker says, why are you bothering me, just hit it with a brick. Character says no, I need the government not to know it's deactivated. Hacker says hey, that's interesting, I'll do it for $reasonablesum. Oh wait, I'll need another one of the devices so I can reverse-engineer it enough to figure out how to make it emit spoofed locations. Character (or hacker) contacts the disgruntled employee who might sell them a device for $unreasonablesum. Or they might blackmail your character before or after doing it, or might be a sting. Or might not be willing to sell at all until you, or concidental events, find their loanshark / mistress and cause them to put pressure on Disgruntled, which lets you convince Disgruntled to sell Device to Hacker, etc.

Of course each link in the chain can cost whatever amount of money you need to make the main plot work.

I like the inclusion of the JTAG port as a detail. Not every device will have a JTAG interface, but if it does happen to have one, it'd be the obvious way to reach in and start messing with the device's function. (Normally they're used for post-manufacturing test, debugging, and initial factory programming, that kind of thing.)
posted by hattifattener at 5:18 PM on January 7, 2011

baronessa: "From what I've been able to learn from hacking sites, the JTAG interface on the device could be rewritten to mislead authorities, OR the system it's connected to could be hacked (maybe I'm wrong about this, my tech knowledge is minimal). Either way,"

As I understand (mostly from reading threads about Assange incarceration) it most GPS ankle bracelet systems are easy to dupe with "GPS testing" equipment since they latch on the strongest signals. Generating a strong signal is pretty easy, given GPS satellites are in space.

The real challenge is going to be walking around with a bracelet and GPS faking equipment attached to your ankle. They're tamper resistant, meaning there's some kind of sensor that determines when it's attached to you or not.

More importantly, while knowing and doing the hack may be simple, there's the matter of lawyer retainers when it all goes south and of course, the NDA agreement ain't free.
posted by pwnguin at 6:40 PM on January 7, 2011

How about he charges a lot, and later your protagonist finds out it was really easy to do and gets into a friendly / unfriendly / feeling swindled kind of conversation with the hacker, only to find that the hacker didn't just remove it, but placed it on a government vehicle (e.g., the mail van that delivers the mail each day to the protagonists house, or something even cleverer), that guaranteed the government would be very confused for a very long while.
posted by blue_wardrobe at 7:18 PM on January 7, 2011

Very expensive or free. Hackers don't work for low wages. It's either cynical money or for fun.
posted by pmb at 7:52 PM on January 7, 2011

Going back to the OP's original question, there are commercial-off-the-shelf "bug sweeping" services offered by many PI firms, which can be had for (relatively) cheaply. (Think a few thousand dollars.) What you do if/when you FIND a listening device is when the pricing can get tricky or astronomical. Many of the guys offering these services commercially are ex-law enforcement and are probably not "hackers" in the sense that you're thinking of. They're cops who know how these devices are used in the field, and they're willing to sell that expertise to companies worried about corporate espionage.

As has been stated very comprehensively upthread, the "spoofing" part is what makes this a very hacker-ish problem. Many trackers are just GPS devices that record the lat/long with a timestamp.

If your tracker is NOT one of the ones that broadcasts this information, after disabling the tamper-proof seal, a hacker might try to access the memory where that information is kept and alter those logfiles. Many consumer systems use a plain old FAT32 filesystem on a micro SD card so it's not necessarily something that has to be fancy (to a techie audience), but I suppose you could always run into encryption or something more customized. (I saw a very interesting presentation a few years ago about forensic exams on the file system on a handheld receiver, but delving into the ins and outs of recovering deleted data from previous logfiles is probably not interesting to a general audience!)
posted by QuantumMeruit at 9:36 PM on January 7, 2011

case of beer
posted by maloon at 9:43 PM on January 7, 2011

He charges very little, but after it's done, he blackmails the guy. Maybe he even installed a tracker of his own.
posted by Obscure Reference at 7:55 AM on January 8, 2011

« Older Confronting Recruiting Agency About Shady...   |   What e-reader should I buy? Newer »
This thread is closed to new comments.