#no proof reading. i sit down and hash this out and send it into the world to get it out of my head and then spend hours in regret.
Explore tagged Tumblr posts
zephyrchama · 5 months ago
Text
A New Game
It must get boring playing the same mundane games, like rock-paper-scissors, for millennia. The Obey Me cast would probably jump at the opportunity to try something new. Something introduced from the human world. (This fic is not explicit in nature but repeatedly uses a word some people consider naughty.)
---
You received a message from Lucifer.
"My brothers are studying in the library. I have to step out for a while, will you supervise them until my return?"
The RAD library was busier than usual with students rushing to cram before the next big exam. The usually serene room had demons occupying every nook. Some sat on the floor with their back to a bookcase, some perched on the ladders leading up the shelves, and few were lucky to have a table seat.
Six of the seven brothers sat around one such coveted table. Lesser demons shied away from approaching them and even the more powerful students felt uneasy walking by. You were the only one with both guts and permission to approach.
The atmosphere was strange. They looked focused and were completely silent, so you greeted them with a wave and slid into the last open chair. Must have been Lucifer's. You leaned forward against the table edge and took a peak at Satan's advanced curse notes.
Things were too still. It felt wrong. At a glance they appeared to be studying, surrounded by book stacks and messy note sheets, but the brothers stared blankly at the material in front of them them without actually interacting with it. Something was up.
Leviathan made a barely perceptible sound. You looked at him, but brushed it off as your imagination when you realized he hadn't moved. It could have been someone nearby turning the page of a book.
At least they were all behaving. You couldn't force them to study, you were just there to supervise. You took a moment to enjoy the rare sight of the grand library being full. It was weirdly inspiring. A minute later you saw Mammon's lips twitch. He definitely said something under his breath.
"What?" you whispered, leaning his way.
Mammon dismissed you with a wave of his hand, shaking his head. You gave him a confused look.
Another mumble came from the opposite direction. You swung your head towards Asmodeus but he was fixated on a blank potion worksheet. He didn't so much as flinch when you narrowed your eyes suspiciously and waved a hand in front of his face.
"Ok. What's going on?" you asked. If this was a new way to study, it sucked.
Beelzebub coughed. It was so obviously fake. The way he covered his mouth made it hard to discern what he said.
"Lucifer's not here, you know. You guys can tell me." Would you rat them out if they were doing something malicious? That remained to be seen.
Feeling that someone was going to try again, you abandoned any hope of studying and focused all your senses towards the brothers. Who would be next to move?
It was both Satan and Belphegor. Being across from each other, you couldn't pay attention to them both and missed what they each said. They broke the stillness to make eye contact with each other and clenched their jaws in frustration.
Asmodeus took advantage of the moment to act next. The boys were getting a little louder each time, and this time you could almost make out what was said.
"...nis." Leviathan briefly shrunk behind a stack of books to say his piece.
Realization began dawning on you.
Beelzebub pretended to clear his throat. You were ready this time, and caught the word clear as day. "Penis."
By goodness, they were playing the human game you told them about. The Penis Game.
"What are the stakes? What are you playing for?" You had to know. They were doing this in the school's library, of all places? The brothers eyed each other with distrust.
"Winner gets to have you sit in their lap when Lucifer gets back," Leviathan explained, throwing a quick "penis" onto the end of his sentence.
You wondered if Lucifer would even allow that while Mammon said "penis," plain as day. A passing gaggle of students looked over.
Up on the second floor, a random demon stumbled and almost fell off a ladder, sending the books they carried crashing to the ground. Satan took advantage of the noise to say "penis" in a louder-than-average tone. The stakes were rising.
You were supposed to be supervising these guys, to make sure they studied properly to pass their exams. You should have put a stop this game. But it was funny and you were too curious how it'd unfold.
Belphegor shut his eyes. After a few deep breaths, he snorted a noise that resembled the word.
"That doesn't count," Asmodeus pouted. "It wasn't clear enough. Penis."
Belphegor furrowed his brow and cracked an eye open. "What? Yes it does. I said penis, didn't I?"
Satan clicked his tongue. "That's debateable. Penis."
The table was now speaking rather loudly and attracting stares from every direction. Nobody would dare shush the rulers of the Devildom without a death wish, but they could observe them in silence.
"I-I don't know how much longer I can do this... P-penis." Leviathan was at his limit. He didn't like the stares. Maybe if you had told them this was the "anime game" he would have stood a chance.
"What? We're just saying penis." Asmodeus had no reservations at all.
"Penis." While Mammon called out, students noticeably began trickling out of the library.
"Maybe we should wrap this up, you guys are disturbing everyone," you gingerly suggested.
"That's not fair, penis. Are you saying you want to sit in Mammon's lap?" Belphegor scowled.
Beelzebub, newly determined to beat his older brother and spurred on by his twin, bellowed "penis."
The yelling caused more students to pack up their belongings and scurry out. You cringed a bit. All remaining eyes in the library were on your table. "No! I'm not favoring anyone, but this is getting out of hand."
"Penis! They're just jealous! Come over here, I'll take good care of you." Mammon patted his thigh.
"Absolutely not! Mammon, get away from them! Penis!" Asmodeus shouted and grabbed your shoulder. Uh oh.
The physical altercation began. Satan growled, "don't touch them," and shoved Asmodeus into Leviathan's textbook stack. "Penis."
"H-hey! Watch it! Ugh, penis!" Leviathan scrambled to avoid Asmodeus' fist.
"Wow, Satan! Rude! What if I got scratched? Penis!" Asmodeus lurched at Satan, who ducked and sent the former crashing into Beelzebub.
Beelzebub didn't really care, but he still wanted to win. "Penis."
"Yeah, penis. You said it Beel." You didn't really get what he meant, but Belphegor was upset in his twin's place.
"I'm winnin' this thing! Penis!" Mammon nearly toppled the table over.
Everyone was straining to shout as loud as they could, a rowdy chorus of "penis" chants. You watched the insanity of the scene unfold in front of you, hoping demon forms would not get involved.
Something made you shudder. An ice cold, low rumble of a voice from the library entrance that cut through all the arguing and screams.
Lucifer had returned. "You're not studying."
He was followed by Lord Diavolo and Barbatos who both remained quiet, letting Lucifer deal with his family.
"You disrupt our meeting for this?" Lucifer's eyes could have had flames in them. A black mist emanated from his shoulders. He was furious. "Do you know how many complaints we received? Half the student body showed up, knocking at our door."
Diavolo was beside himself trying to maintain composure befitting a royal. He wanted nothing more than to laugh. Lucifer was not going to hear the end of this incident.
Barbatos had a cold smile plastered to his face and a hand on his chest, implying that one wrong move would result in unfathomable punishment.
The brothers shifted uncomfortably back into their chairs, dragging textbooks towards them and guiltily sticking their noses back into piles of notes. They didn't dare utter a single word.
"Don't think any of you are getting off scott free." Lucifer loomed over them. They could already feel the impending rope burn on their skin.
"If you wanted extra duties so badly, there are many sites on school grounds that can use improvement. You could have just asked." Barbatos was happy to take advantage of their suffering if it was beneficial for Diavolo.
Lucifer looked at you. He wasn't mad, just disappointed, which felt worse. "Don't think you're innocent, either. You were supposed to be supervising them."
You nervously averted your eyes, slumping your shoulders while picking at the corner of some notebook paper as he continued, "come with us back to the council room. You're giving us a detailed report on exactly what happened here, and what this 'penis game' malarkey is all about."
1K notes · View notes
elliesguitarstrings · 4 years ago
Text
Silence (Part 4)
Masterlist//Series Masterlist
Peter Parker x Stark!reader
Summary: You and Peter have been best friends ever since he stepped foot into the avengers compound. After a year of being friends you realize you’ve developed a crush on him, but he doesn’t feel the same way… at least, you don’t think he does.
A/N: This is the second to last part I think! I was gonna do just one more long part but I want to keep this series going for a little longer so I decided to split it into 2 more parts so this one is kinda short. Please keep sending requests bc I’ve really enjoyed writing them and I’m hopefully gonna post more of them soon <3
Warnings: language, little bit of angst
~~~~~~~~
It’s been three days since you last spoke to Peter. Three long, antagonizing days.
The fact that Peter kept ignoring you for MJ just pushed you to your breaking point. Plus, your chance with Peter is slim to none at this point, and it would just hurt more to stay so close to him knowing that he would never love you as much as you love him. Despite all the shitty things he’s done in the past few days, you still love Peter, which makes ignoring him all the more painful. But you had no other choice.
You hadn’t had a proper conversation with him since the dreadful events of your “friendiversary,” which for you and Peter was practically unheard of. You passed him in the halls of the compound and occasionally shot him a glance at team meetings, but other than that you ignored him completely.
Sitting on your bed, you pick up your phone.
14 New Messages from Peter
P: Y/N?
P: Y/N can we please talk
P: why are you ignoring me  
P: what did i do wrong can we please talk
P: Y/N why won’t you respond
P: how long are you gonna ignore me for
You stop reading after the sixth text. He’s been texting you constantly, but you never respond. To be honest, you don’t actually know how long you plan on ignoring him for. Obviously, you have to hash it out at some point, but you don’t think that will be anytime soon. Well, at least you hope it won’t be anytime soon.
Suddenly, FRIDAY announces, “Miss. Stark, Mr. Stark has requested you in his lab.”
You sigh, “What for?”
“Official Avengers business, so I would hurry.”
That peaks your interest, so you quickly leave your room and jog downstairs to your dad’s lab. You scan your fingerprint on the keypad, and the glass doors automatically side open, granting you access.
“Y/N, great, you’re here. I’ve got some big news,” your dad states.
“Really? What is it?” you ask excitedly.
“I’ve talked it over with the rest of the team, and we’ve all decided that you’re ready.”
“What!? Like ready to be an Avenger?” at this point, you’re practically shaking with excitement.
“Yes. You’ve had plenty of training, and we could use some extra help, so I’ve decided to make you an official part of the Avengers. Congrats honey.”
You rush to hug your dad, squeezing him tightly, “Thank you thank you thank you! You’re the best!” You pull away, “Does that mean I get to go on missions now?”
“Not just yet Y/N, you’ll just be starting off with patrol right now. I want to make sure you’re really ready.”
Normally, you would be opposed to this, begging him to let you go on a real mission, but at this point any excuse to get out of the compound and away from Peter was good enough for you.
“Okay! Can I go today?”
“Actually, that works out great! Peter has patrol in Queens tonight, so you can go with him. He can give you the lay of the land, tell you how stuff works and all,” he smirks.
“No, absolutely not,” you answer sternly, “I am not going with him.”
“Then I guess you won’t get to be part of the team.”
“WHAT? THAT’S NOT FAIR!”
“Y/N, now is not the time to be raising your voice at me. You can’t pick and choose who you fight with, just like you can’t pick and choose who you fight against. If you can’t figure out how to work out your stupid teenage problems, then I can’t have you on the team. I don’t want you jeopardizing a mission because you can’t work out a stupid problem with a boy.”
“But dad-“
“No buts. You either do your job or you’re not a part of the team. Understand?”
“Fine.” You storm out of the room, upset that yet another exciting thing is ruined by Peter.
As you hurry back to your room, you glare at Peter who is sitting on the couch watching TV. He starts to get up to talk to you, but is stopped by Nat, who follows you upstairs. Before you get the chance to slam your door shut, she catches it and slips into your room after you, shutting the door behind her.
“Okay, what’s going on with you and the kid?”
“Nothing.”
“Come on Y/N, it’s obviously not nothing. Everyone’s noticed that you’ve been ignoring him. Even Clint commented on it this morning, and he doesn’t give a shit about anything that goes around here.”
“Why does it matter?”
“Because I know you have feelings for him.”
Taken aback, you stutter, “W-what? No I don’t. You have no proof.”
“Oh please, I see the way you act with him, or well, how you used to act around him before you decided to start ignoring him for no reason.”
When you don’t respond, she sits down next to you on your bed. “Look Y/N, I know we’re not best friends, but you can talk to me. Just tell me what’s going on and maybe I can help. You can’t just keep your feelings bottled up like this. Trust me.”
“Fine,” you huff, “I do like him, but he doesn’t like me.”
“Is that why you haven’t been talking to him?”
“Sort of. But there’s more to it. He likes this girl from his school named MJ, and he’s been choosing her over me for a while now. And then the other day I had this whole day planned out for us because it was our one year anniversary of first meeting and becoming friends, and he invited MJ and one of his other friends to come with us,” tears start to roll down your cheeks, “And he spent the whole day with her, like he was purposefully avoiding me and rubbing it in my face that he doesn’t like me like that, that he’ll only see me as a friend.”
You scoot closer to Nat, and surprisingly, she pulls you into a short, but comforting hug. It actually means a lot to you, given that she’s not really the hugging type, and it makes you feel a but better knowing that she’s willing to comfort you.
“I’m sorry about that Y/N. It doesn’t seem like something Peter would do.”
“I know, which is why I’m even more pissed at him.”
Nat stares at the wall for a few seconds, seemingly deep in thought.
“I think you should tell him how you feel, tell him that you like him.” she states pointedly.
“What? Why would I do that?” you exclaim, taken aback.
She stands up off the bed and starts to walk out of the room, “Trust me. I have a hunch about it.”
She smirks and swiftly walks out the door, leaving you completely and utterly confused. For the time being, you decide to ignore it, ruling out the idea of confessing your feelings to a boy who doesn’t even like you, and who you are extremely mad at. That would be insane, right?
~~~~~~~~
Taglist: add yourself to my taglist here!
Strikethrough means I couldn’t tag you :(
All: @pxkajesus @hollanddolanfangirl @roseke @agentsofparker @lifeasjazzz @damnrancidchicken @loopyolivia @iwannabekilledtwice @rafehogwarts @non-eexistent @rosiexx8 @nearlydanger9 @realityisabitch07 @midgardassassins @jbreenr @cap-marvxl @ellesmythe @deepestcolorgiantopera @that-one-person @clandestine-nerd @nevertrustapanda16 @ohabbyoh @rxmanxff @bubbleskz @quinn-spn58 @baby-pogue @strangebouquetqueen @thatforgottenangel @pjmjams @tiredstudenttrinity @isabella-bby @i-will-take-care-of--you @hollandprkr @ladykxxx08
Peter Parker: @blizzardbabe @ifyouwereanybraveryoudbealioness
Series: @t-hollanderr  @allycat449-blog @haley-talks-too-much​
208 notes · View notes
karajaynetoday · 4 years ago
Text
ours, for the rest of forever | ashton irwin
Tumblr media
Hello friends! Here is a godparent!Ash one shot, based on this blurb about being godparents with Ashton and also inspired in part by that scene in Season 5 of One Tree Hill when Brooke is randomly looking after a baby but has to also finish fashion sketches so Lucas comes to her rescue with babysitting and it is overall very soft and cute. You know the one! Lol. 
A very big thank you to Jex @sadistmichael​ , Anna @cheekysos​ , Jae @jae-writes-fanfiction​ and Hailey @talkfastromance4​ for proof-reading and providing feedback on this when it was in its draft stages. You’re all absolute gems! 
Anyway, enjoy the softness and as always, please let me know what you think! I’ve got some thoughts for a potential part 2, so we’ll wait and see how part 1 goes :)
(This is a fem reader insert)
Word count: 3.3k words
Warnings: none
More writing here | send feedback/thoughts/suggestions here
When your best friend Alice told you she was having a baby, you were over the moon. She was honestly one of the most kind-hearted people you knew, and the amount of love in her heart for others would only bloom more for a little baby to hold and cherish. Her partner James had been by Alice’s side since your university days, and their relationship was one that was literally #goals. They’d moved over to Los Angeles because James had an opportunity to work at an indie creative agency working with music artists, and when you followed a year or so later to pursue a consulting job, they’d welcomed you with open arms into the little community they’d formed of Australian ex-pats, LA creatives and generally good quality, salt of the earth people. 
In the early days, there were lots of late nights (that became early mornings) running amok in West Hollywood, going from one house party to the next, but as you grew older, it became more likely to be a quiet Sunday sesh in someone’s backyard, with a barbeque cooking and someone playing their favourite tunes on a portable speaker while you floated in the swimming pool or lounged about on the grass with everyone’s various pets in attendance. When you met Ashton, he was drumming shirtless at his own house party, and then doing shots with James and their friend Calum. You were more than a little intimidated, although he had a kind face and welcoming nature, Ashton was forthcoming his opinions. On the other hand, you were always more reserved, and it took you  time to feel like you belonged with their crazy crew of friends. One night, you and Ashton ended up alone in the kitchen sharing some chicken nuggets and potato gems tater tots after a wild night on the house part dancefloor, and from there you could feel a solid friendship starting to take hold. 
A few months after Alice and James told you they were expecting, they’d invited you and Ashton out to brunch at one of your favourite spots. It was a little hole-in-the-wall café in Studio City that you’d first come to after Ashton wouldn’t stop raving about how good their iced coffees were. You all ordered your favourites (avocado smash with a side of smoked salmon and a hash brown for you, raspberry hotcakes for Alice, a breakfast burger for James, and pulled pork eggs benedict with a side of halloumi for Ashton) and were chatting away about your weeks at work when Alice reached down and pulled two envelopes out of her tote bag and handed on to you and one to Ashton. You took them, looking confusedly at Alice and James, who had big goofy smiles on their faces.
“Well, go on! Open them!” Alice half-shouted excitedly, squeezing James’ hand on top of the table. You and Ashton glanced at each other, perplexed, before tearing open the envelopes and finding a card inside. Yours read, “Will you be my godmother?” in gold writing on the front, and inside was an ultrasound photo with a handwritten note from Alice that made you tear up when you started reading it. You could see in your peripheral vision that Ash had a corresponding card in his envelope too, and he was standing up to give James and Alice a hug with an enthusiastic “Fuck YES! Of course I will!” that garnered some disapproving looks from the middle-aged women sitting near you. You held it together just enough to stand up and exchange hugs and choke out a “Y-y-yes” to Alice and James, before basically bursting into full blown tears of happiness and apologising profusely as your brunch was delivered to the table. As you wiped away your tears and managed to begin eating your avocado smash, you felt Ashton squeeze your hand reassuringly under the table, and when you glanced towards him he was grinning at you with a smile that was as bright as a thousand suns. 
It was a normal June day at the office a few months later when your phone pinged with a text from Alice in your group chat with her, James and Ashton that 
 read “It’s go-time. We’ll keep you updated!”. You replied with lots of exclamation points and crying emojis, and for Alice and James to let you know if they needed anything, and a few minutes later Ashton had penned a full paragraph about the beauty of the creation of life, how he knew that Alice and James would be incredible parents, and that he couldn’t wait to meet the little one once they made their way into the world. Ashton was frustratingly eloquent sometimes. Later that night, you received a photo message of a small, pink baby snuggled up on Alice’s chest, with James’ arm thrown around her shoulders, and the caption “Charlie Rose, ten fingers, ten toes. Come visit tomorrow, she can’t wait to meet you x” and you could barely sleep from the anticipation of meeting your darling goddaughter for the first time.
Ashton insisted on meeting you at the hospital so you could visit Alice, James and Charlie together (“Dude, we’re a godparent team here! A package deal! A dynamic duo! Can’t have you getting in there as the favourite from day one!”) and you’d never seen him more gentle or smitten than when the small, wriggly bundle of blankets that was Charlie Rose was placed in his arms. Ashton rocked her gently, kissing her head, and whispering to her about how incredible she was and how excited he was to see her grow. James was snapping away with his camera, and he asked you and Ash to stand together for a photo holding Charlie, which would later be stuck on your fridge for years to come (and possibly be your phone lockscreen, but no need to mention that to Ashton). 
Charlie was a tricky baby at first, resisting sleep and struggling with colic, but Alice and James were incredible and persistent and by the time she was 6 months old, they basically had the hang of this parenting thing. They didn’t want to christen Charlie in a church, but instead decided to hold one of your cherished backyard barbeques as a naming celebration for her. All of your nearest and dearest were there, and Alice’s mum had even flown in from Australia to meet her newest granddaughter. Despite it being an incredibly informal affair, Ashton insisted on making a speech about how he felt to be in Charlie’s life, to love and support her through every milestone and challenge she might encounter along the way. Charlie was happily gurgling in Ashton’s arms as he spoke, and she reached up to grab at his cheeks when he told her he loved her. Alice’s mum insisted on getting photos of everyone, including you and Ashton holding Charlie, and you tried to ignore the butterflies you felt when Ash slid his arm around your waist and pulled you into his side for a cosy photo pose. Were you actually starting to fall for him, or was it just the baby fever talking? Because damn, that man looked good with a baby in his arms.
When Charlie was almost 12 months old, Alice decided that she wanted to go back to work a few days a week. Charlie would be in childcare for most of the days, but you’d recently adopted a flexible working arrangement with your own office, and you insisted that you would love to look after Charlie for one day a week. The older Charlie got, the more adventurous she became, so what you’d originally envisioned as nice, quiet days of baking and craft activities and napping soon became full of visits to the playground and the beach and the zoo. Once Ashton heard about your regular babysitting day, he insisted on clearing his schedule as best he could, and joined the outings you and Charlie went on. It’s so much easier to cope with her boundless energy (and occasional temper tantrums) when you and Ash are together, and you have to admit it’s just as nice on the quieter days as well, when you snuggle in on your couch to watch a Disney movie, or do some puzzles with Charlie on the lounge room floor. 
When Ashton was back out on tour, he’d insist on FaceTiming with you and Charlie on your babysitting day so he didn’t miss out on all the fun. Sometimes he’d read her a story or sing her a lullaby before naptime, and sometimes the timezones wouldn’t work out and he’d end up calling during naptime, so the two of you just spent a little time catching up on each other’s lives from your opposite sides of the country or the planet. Ashton also loved collecting little souvenirs for Charlie on his touring travels, and your group chat with Alice and James was regularly filled with photos of snow globes or little soft mascot toys he’d found in one city or the next. It was so cute how excited Ashton got when he found a new souvenir for Charlie, and you couldn’t help but imagine how adorable he’d be when he had his own children and carried on little traditions like this for them too. 
One particular weekend, Alice and James were going away overnight to attend a friend’s wedding nearby, and despite their anxiety and nerves (and admittedly, your own), they decided to leave Charlie with you for the night as your house is the main one besides their own that she spends time in. They dropped Charlie off just after lunchtime, and after a teary goodbye, she’s soon happily playing with her toy cars and trains on the lounge room carpet (including making broom-broom noises, what a cutie) when you get an unexpected call from your boss. They’re rambling about a client needing an urgent rewrite on something that you’d submitted the previous day, a pretty sizeable project, and you could feel yourself starting to fill with dread at the idea of having to rework the entire thing while also keeping Charlie happy and entertained. After managing to jot down the gist of the rewrite on the back of a colouring in page you found on your coffee table and ending the call with your boss, you took a deep, calming breath before looking over to where Charlie was still playing on the floor. Sure, she looked content and adorable now, but nap time was fast approaching, and then dinner, and then eventually bedtime, and there was nothing Charlie liked more than stomping her feet and putting up a fight where sleep was involved. It was time to call for help, and your fingers found Ashton’s contact in your phone and hit “call” before you realised what you were doing.
“Hey, how’s it going with my favourite girl?” Ashton answered cheerily, and your heart stopped beating for a moment before you mentally face-palmed when you realised that he was talking about Charlie, not you, being his favourite girl.
“Hey Ash! All good so far, but um… I think I’m going to need some help. My boss is having a crisis, so I need to smash out some edits and new content in the next three hours, but Charlie’s due to go for a nap and you know that she -” You could feel yourself starting to sound more panicked with each word that you spoke, but Ashton quickly cut you off with his soothing voice.
“That she likes to pick a fight at nap time, yes. A truly assertive future world leader on our hands, I reckon. I’m just finishing up a demo, but I’ll be there in 20 minutes. I’ll sort dinner as well, spaghetti sound okay?” He mused, sounding as calm as ever.
“That… would be amazing. Thank you. You’re actually the best human to exist, you know that?” You gushed, feeling some of your anxiety immediately begin to disappear. 
Within half an hour, Ash was in your lounge room handling Charlie’s nap time negotiations while you were furiously typing away at your laptop at the kitchen counter and fielding more frantic phone calls from your boss. Another 20 minutes passed before Ash proclaimed victory as Charlie lost her battle against sleep, and he came to see you in the kitchen and make a start on dinner. You were so lost in your task that you didn’t hear him come in, and you jumped a mile out of your seat in fright when he gently touched your shoulder in greeting.
“Jesus christ, Ash! Don’t sneak up on me like that!” You huffed, taking your glasses off and rubbing your eyes in exhaustion. 
Ashton leaned on the counter opposite you and raised his eyebrows in concern. “Sorry love, didn’t realise you didn’t hear me come in. You good?” 
Damn it, why was he always so nice to you these days? Remember the days when you were scared of him because he used to argue with you about politics and the state of the world? Why did those seem somehow easier because fear was more natural to you than whatever this other feeling was that you were starting to have whenever Ashton was around you. 
You sighed and put your glasses back on, frowning briefly at the screen before hitting save one more time (just in case your bad luck took a turn and fucked you over with lost documents). 
“Yep. Sorry. It’s just been a bit of a day. Did Charlie go down okay?” You forced a smile as you glanced up at Ashton over the top of your laptop screen. 
“Yeah, she gave in once I offered another bedtime singalong. And maybe, juuuust maybe, I might have mentioned something about some sweets after dinner…” Ash looked at you guiltily, licking his lips nervously. You rolled your eyes and shook your head at him, but you couldn’t keep the small smile off your face.
Ashton got started on making spaghetti while you tapped away at your computer, and soon enough you heard Charlie calling out for Ashton in her little sing-song voice on the baby monitor you had set up on the kitchen counter (“Asht-aaaaa! Where are youuuuu! Asht-aaaaa!”). The spaghetti smelled incredible, and when Ashton brought Charlie into the kitchen from her nap and she’d had a little while to play a bit more, you settled at the kitchen table to tuck into some dinner. Well, Charlie was more interested in playing with her food than actually eating it, but yours was delicious and for the third or fourth time that day, you thanked Ash profusely for being such a gem (to which he just gave you one of those dazzling smiles in response).  
After dinner, Ashton took Charlie for a bath and read her a bedtime story while you powered through the final part of the project edits you needed to finish before your boss burst a blood vessel. You could hear Ashton reading to Charlie on the baby monitor, doing all of the different character voices, and her little giggles in response were both breaking and warming your heart. Warming it with the cuteness and how much you loved that little girl and her cheeky soul, and breaking it with the guilt about how it was supposed to be you snuggled up reading to her, but instead you were frantically typing about key messages, marketing strategies and budget lines. You were doing your last section of re-writes when Ash came back into the kitchen, and this time you didn’t jump when he gently placed his hands on your shoulders. In fact, you leaned into his touch, and moaned quietly in relief as his thumbs began to work into the tension in your muscles.
“How’s it going?” Ashton asked quietly, continuing to press his hands into your back and shoulders.
“Almost there. Mostly just proof-reading now, and then I can send it and not fucking think about it for another second until at least Monday. Ash, I’m so sorry again, I know this isn’t what you had in mind for your Friday night and I should’ve been more organised but I just didn’t think that -” You began to ramble, feeling the guilt wash over you.
“Hey, hey. Stop. It’s fine. We’re a team, remember? The dynamic duo? Gotta stick together. We’ve got a whole lifetime of dealing with Charlie meltdowns and milestones ahead of us, love. It’s our job and our blessing, for the rest of forever. Don’t feel guilty over one night.” Ashton said softly, squeezing your shoulders and pressing a soft kiss to the top of your head. There were those butterflies again, and your skin was almost burning from where his hands had touched you. You simply nodded at his words, before returning to your laptop and the task at hand. Ashton stepped away and quietly began washing the dishes (honestly, is there anything this man didn’t do?) as you began typing again. 
Finally, about twenty minutes later, you hit send on the email to your boss with the completed rewrites, and shut your laptop with a deep sense satisfaction, letting out a triumphant whisper-yell, mindful of the sleeping child down the hallway from you. Ash looked up from where he was sat on the couch, scrolling on his phone, and rushed over to high-five you when he realised that you’d shut your laptop.
“Right. You go shower and I’ll put the kettle on, then it’s one episode of Sons of Anarchy and then off to bed with you.” Ash began, tugging you out of your seat and pushing you towards your bedroom before you could protest.
“Wait… how did you know I was watching Sons of Anarchy?!” You turned and asked, with one hand on the door to your bedroom.
“I was stalking through your Netflix earlier when you were lost in editing land. Plus, I know you can’t resist a charming male lead who has a killer smile and looks damn good in a leather jacket.” Ash chuckled, shooting you a wink and one of those goddamn smiles. 
You hated to admit it, but you felt so much better after your shower, and having Ash pull your feet up over his lap and absentmindedly run his hands softly across your legs from time to time wasn’t exactly bad either. You stuck to your promise of only one episode of Sons of Anarchy, and after pulling your groaning self up off the couch and jokingly half-carrying you to your bedroom door, Ashton bid you goodnight with a hug and a kiss to the forehead before disappearing into your guest room. 
As you settled into your own bed, alone, and pulled the blankets up over you, you couldn’t help but think how nice it was to have Ash so present with you and with Charlie, and how sweet it would be in the morning to wake up together in the same house and go for breakfast at your favourite little brunch spot down the street, before waiting for James and Alice to return in the early afternoon. It was all your own little family unit, and as you felt yourself being lulled into sleep, you also felt a deep sense of content in your heart about the loved ones in your life. And then also there were those butterflies, just slowly but surely making their presence known, and getting a little bigger every time you thought of Ashton, and how much he loved Charlie, and how much she loved him and you, and how much you loved them both.
Shit. Did you actually love him? Were you falling in love with Ashton Irwin? Before you could panic too much, the need for sleep won out, and you slept peacefully knowing two of your favourite people were also sleeping calmly in the rooms either side of you. 
More writing here | send feedback/thoughts/suggestions here
91 notes · View notes
arfox158 · 3 years ago
Text
5m Mathmrs. Mac's Messages
Tumblr media
TLDR: With a bit of research and support we were able to demonstrate a proof of concept for introducing a fraudulent payment message to move £0.5M from one account to another, by manually forging a raw SWIFT MT103 message, and leveraging specific system trust relationships to do the hard work for us!
5m Mathmrs. Mac's Messages App
5m Mathmrs. Mac's Messages Message
5m Mathmrs. Mac's Messages To My
5m Mathmrs. Mac's Messages For Her
Before we begin: This research is based on work we performed in close-collaboration with one of our clients; however, the systems, architecture, and payment-related details have been generalized / redacted / modified as to not disclose information specific to their environment.
A desktop application for Instagram direct messages. Download for Windows, Mac and Linux.
Have a question, comment, or need assistance? Send us a message or call (630) 833-0300. Will call available at our Chicago location Mon-Fri 7:00am–6:00pm and Sat 7:00am–2:00pm.
5m Mathmrs. Mac's Messages App
With that said.. *clears throat*
The typical Tactics, Techniques and Procedures (TTPs) against SWIFT systems we see in reports and the media are - for the most part - the following:
Compromise the institution's network;
Move laterally towards critical payment systems;
Compromise multiple SWIFT Payment Operator (PO) credentials;
Access the institution's SWIFT Messaging Interface (MI);
Keys in - and then authorize - payment messages using the compromised PO accounts on the MI.
This attack-path requires the compromise of multiple users, multiple systems, an understanding of how to use the target application, bypass of 2FA, attempts to hide access logs, avoid alerting the legitimate operators, attempts to disrupt physical evidence, bespoke malware, etc. – so, quite involved and difficult. Now that’s all good and fine, but having reviewed a few different payment system architectures over the years, I can’t help but wonder:
“Can't an attacker just target the system at a lower level? Why not target the Message Queues directly? Can it be done?”
A hash-based MAC might simply be too big. On the other hand, hash-based MACs, because they are larger, are less likely to have clashes for a given size of message. A MAC that is too small might turn out to be useless, as a variety of easy-to-generate messages might compute to the same MAC value, resulting in a collision. WhatsApp Messenger is a FREE messaging app available for iPhone and other smartphones. WhatsApp uses your phone's Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) to let you message and call friends and family. Switch from SMS to WhatsApp to send and receive messages, calls, photos, videos, documents, and Voice Messages. WHY USE WHATSAPP. Garrick Hello, I'm Garrick Chow, and welcome to this course on computer literacy for the Mac. This course is aimed at the complete computer novice, so if you're the sort of person who feels some mild anxiety, nervousness, or even dread every time you sit down in front of your computer, this course is for you.
Well, let's find out! My mission begins!
So, first things first! I needed to fully understand the specific “section” of the target institution's payment landscape I was going to focus on for this research. In this narrative, there will be a system called “Payment System” (SYS). This system is part of the institution's back-office payment landscape, receiving data in a custom format and output's an initial payment instructions in ISO 15022 / RJE / SWIFT MT format. The reason I sought this scenario was specifically because I wanted to focus on attempting to forge an MT103 payment message - that is:
In this video I will show you where to locate the serial number on a Western golf cart. Ebay Store: Please SUBSCRIBE. Western golf cart serial number lookuplastevil.
MT – “Message Type” Literal;
1 – Category 1 (Customer Payments and Cheques);
0 – Group 0 (Financial Institution Transfer);
3 – Type 3 (Notification);
All together this is classified as the MT103 “Single Customer Credit Transfer”.
Message type aside, what does this payment flow look like at a high level? Well I’ve only gone and made a fancy diagram for this!
Overall this is a very typical and generic architecture design. However, let me roughly break down what this does:
The Payment System (SYS) ingests data in a custom - or alternative - message format from it's respective upstream systems. SYS then outputs an initial payment instruction in SWIFT MT format;
SYS sends this initial message downstream to a shared middelware (MID) component, which converts (if necessary) the received message into the modern MT format understood by SWIFT - Essentially a message broker used by a range of upstream payment systems within the institution;
MID forwards the message in it's new format on to the institution's Messaging Interface (let's say its SAA in this instance) for processing;
Once received by SAA, the message content is read by the institution's sanction screening / Anti-money laundering systems (SANCT).
Given no issues are found, the message is sent on to the institution's Communication Interface (SWIFT Alliance Gateway), where it's then signed and routed to the recipient institution over SWIFTNet.
OK, so now I have a general understanding of what I'm up against. But if I wanted to exploit the relationships between these systems to introduce a fraudulent payment without targeting any payment operators, I was going to need to dig deeper and understand the fundamental technologies in use!
So how are these messages actually 'passed' between each system? I need to know exactly what this looks like and how its done!
More often than not, Message Queues (MQ) are heavily used to pass messages between components in a large payment system. However, there are also various “Adapter” that may be used between systems communicating directly with the SAG (Such as SAA or other bespoke/3rd party systems). These are typically the:
Remote API Host Adapter (RAHA);
MQ Host Adapter (MQHA);
Web Services Host Adapter (WSHA).
Having identified that MQ was in use, my initial assumption was that there was most likely a dedicated Queue Manager (QM) server somewhere hosting various queues that systems push and pull messages from? However, due to SWIFT CSP requirements, this would most likely - at a minimum - take the form of two Queue Managers. One which manages the queues within the SWIFT Secure Zone, and another that manages queues for the general corporate network and back office systems.
Let's update that diagram to track / represent this understanding: Now I could research how this 'messaging' worked!
There are multiple ways to configure Message Queues architectures, in this case there were various dedicated input and output queues for each system, and the message flow looks something like this: Full disclosure, turns out it’s hard to draw an accurate - yet simple - MQ flow diagram (that one was basically my 4th attempt). So it’s.. accurate 'enough' for what we needed to remember!
5m Mathmrs. Mac's Messages Message
Now I had a good understanding of how it all worked, it is time to define my goal: 'Place a payment message directly on to a queue, and have it successfully processed by all downstream systems'.
This sounds simple, just write a message to a queue, right? But there are a few complications!
Why are there few indications of this attack vector in the wild?
How do I even gain “write” access to the right queue?
What protects the message on the queues?
What protects the messages in transit?
What format are the messages in?
What is the correct syntax for that message format at any particular queue (0 margin for error)?
Where does PKI come in? How / where / when are the messages signed?
Can I somehow get around the message signing?
What values in the messages are dependent / controlled / defined by the system processing them (out of my control)?
What is the maximum amount I can transfer using Straight Through Processing, without alerting the institution / requiring manual validation?
But OK, there's no point dwelling on all of that right now, I'll just clearly define what I want to do! The goal:
Successfully write a payment instruction for 500,000 GBP;
Inject that message directly onto a specific queue;
Have the message pass environment-specific validation rules;
Have the message pass sanctions and AML checks.
Have the message successfully signed;
Have the message pass SWIFTNet-specific validation rules;
What I was not interested in doing for this research - yet needed to understand nevertheless for a full attack chain was:
How to compromise the institution's network;
How to gain access to the MQ admin's workstation;
How to obtain the pre-requisite credentials.
What I wanted to 100% avoid at all costs:
The attack involving SWIFT payment operators in any way;
The attack involving SWIFT application access in any way;
A need to compromise signing keys / HSMs;
A need to compromise SWIFTNet operator accounts or certificates or any type of PKI;.
Now I had an idea of what to do, I needed to make sure I could write a raw MT103 payment instruction! Typically, even when operators write payment messages using a messaging interface application like Alliance Access, they only really write the message “body” via a nice GUI. As raw data this could look something like:
I'll break this down in the following table:
NameFieldValueTransaction Reference20TRANSACTIONRF103Bank Operation Code23BCRED (Message is to 'credit' some beneficiary)Value Date / Currency / Amount32A200102 (02/01/2020) GBP 500,000.00Currency / Original Credit Amount33BGBP 500000,00 (£500,000.00)Ordering Customer50KGB22EBNK88227712345678 (IBAN) JOHN DOE (Name) JOHN'S BUSINESS LTD (Line 1) 21 JOHN STREET, LONDON, GB (Line 2)Beneficiary59KFR20FBNK88332287654321 (IBAN) ALICE SMITH (Name) ALICE'S COMPANY (Line 1) 10 ALICE STREET, PARIS, FR (Line 2)Remittance Information7012345-67890 (essentially a payment reference)Details of Charge71ASHA (Shared charge between sender and receiver)
Now as this is a valid message body, if I were targeting a payment operator on SWIFT Alliance Access, I could - for the 'most' part - simply paste the message into SAA's raw message creation interface and I'd be pretty much done. With the exception of adding the sender / recipient BIC codes and most likely selecting a business unit. However, these values are not stored in the message body. Not stored in the message body you say? Well that complicates things! Where are they stored exactly?
The message “body” is referred to as “block 4” (aka the “Text Block”) within the SWIFT MT standard. As suggested by the name, there is probably also a block 1-3. This is correct; and these blocks are typically generated by the payment processing applications - such as SWIFT Alliance Access - and not necessarily input by the operators. A 'complete' MT103 message consists of 6 blocks:
Tumblr media
Block 1 – Basic Header
Block 2 – Application Header
Block 3 – User Header
Block 4 – Text Block
Block 5 – Trailer
Block 6 – System block
So it looked like I was going to need to learn how to craft these various “blocks” from scratch.
Block 1 (Basic header)
Reading through some documentation, I crafted the following “Basic header” block:
A breakdown of what this translates too is as follows:
NameValueContextBasic Header Flag1Block 1 (Not 2, 3, 4, or 5)Application TypeFFIN ApplicationMessage Type0101 = FIN (I.e not ACK/NACK)Sender BICEBNKGB20EBNK (Bank Code) GB (Country Code) 20 (Location Code)Sender Logical TerminalATypically A, unless they are a significantly large institution and require multiple terminalsSender BranchXXXAll X if no branch neededSession Number0000The session number for the messageSequence Number 999999The sequence number of the message
Taking a step back, I already identified two potential problems: the “session” and “sequence” numbers! These are described as follows:
Session Number – Must also equal the current application session number of the application entity that receives the input message.
Sequence number – The sequence number must be equal to the next expected number.
Hmmm, at this point I was not sure how I could predetermine a valid session and/or sequence number - considering they seemed to be application and 'traffic' specific? But there was nothing I could do at the time, so I noted it down in a list of 'issues/blockers' to come back to later.
Block 2 (Application Header)
A bit more dry reading later, I managed to also throw together an application header:
Again, I’ve broken this down so it makes sense (if it didn’t already; I’m not one to assume):
NameValueContextApplication Header Flag2Block 2I/O IdentifierIInput Message (a message being sent)Message Type103103 = Single Customer Credit TransactionRecipient BICFBNKFR20FBNK (Bank Code) FR (Country Code) 20 (Location Code)Recipient Logical TerminalXAll General Purpose Application Messages must use 'X'Recipient BranchXXXAll General Purpose Application Messages must use 'XXX'Message PriorityNNormal (Not Urgent)
Awesome! No issues crafting this header!
Note: At this point I should probably mention that these BIC codes are not 'real', however are accurate in terms of in format and length.
Block 3 (User Header)
The third block is called the “User Header” block, which can be used to define some “special” processing rules. By leverage this header, I could specify that the message should be processed using “Straight Through Processing” (STP) rules which essentially attempts to ensure that the message is processed end-to-end without human intervention. This could be specified as follows:
However, this was not yet a valid header! As of November 2018 the user header requires a mandatory “Unique end-to-end transaction reference” (UETR) value, which was introduced as part of SWIFT's Global Payments Innovation initiative (gpi)! This is a Globally Unique Identifier (GUID) compliant with the 4th version of the generation algorithm used by the IETF standard 'RFC4122'. This consists of 32 hexadecimal characters, divided into 5 parts by hyphens as follows:
where:
x – any lowercase hexadecimal character;
4 – fixed value;
y – either: 8, 9, a, b.
This value can be generated using Python as seen below:
With an acceptable UETR generated, this is how the third block looked:
And as before, a breakdown can be found below:
NameValueContextUser Header Flag3Block 3Validation Flag119Indicates whether FIN must perform any type of special validationValidation FieldSTPRequests the FIN system to validate the message according to the straight through processing principlesUETR Field121Indicates the Unique end-to-end transaction reference valueUETR Value8b1b42b5-669f-46ff-b2f2-c21f99788834Unique end-to-end transaction reference used to track payment instruction
Block 5 and 6 (Trailer and System Blocks)
I’ve already discussed “block 4” (the message body), so to wrap this section up, I'll be looking at the final 2 blocks: Block 5, aka the “Trailer”; and block S, aka the “System” block.
Before going forward, let me take a moment to explain the pointlessly complicated concept of input and output messages:
An “input” message (I) is a message which is traveling “outbound” from the institution. So this is a message being “input” by an operator and sent by the institution to another institution.
An “output” message (O) is a message which is traveling “inbound” to the institution. So this is a message being “output” by SWIFTNet and being received by the institution.
OK, moving swiftly (aaaahhhhh!) on.
For Input messages, these blocks were not too much of a problem. The headers only really seemed to be used to flag whether the message was for training / testing or to flag if it was a possible duplicate, which syntactically took the following form:
Where “TNG” indicated “training” and “SPD” indicated “possible duplicate”.
However, with Output messages, it got considerably more complicated. An example of what the trailer and system block could look like on an Output message is the following:
A breakdown of these various values is:
Trailer ((5:) MAC – Message Authentication Code calculated based on the entire contents of the message using a key that has been exchanged with the destination bank and a secret algorithm; CHK – This is a PKI checksum of the message body, used to ensure the message has not been corrupted in transit; TNG – A flag to indicate that the message is a Testing and Training Message.
System ((S:) SPD – Possible Duplicate Flag SAC – Successfully Authenticated and Authorized Flag. This is only present if:
Signature verification was successful.
RMA (Relationship Management Application) authorization and verification was successful.
COP – Flag indicating that this is the primary message copy; MDG – The HMAC256 of the message using LAU keys.
However, these seemed to only be values I would need to consider if I was to try and forge an “incoming” message from SWIFTNet or an 'outbound' message on the output of the SAG.
So.. I'll stick with crafting an “input' message trailer:
Now, having said all that, it turned out the trailer block did seem to sometimes hold a MAC code and a message checksum (sigh), meaning I actually needed to construct something like:
So that was +2 to my 'issues/blockers' list. However, issues aside, I now understood the complete message format, and could put it all together and save the following as a draft / template MT103 message:
Highlighted in bold above are the areas of the message I was - at this point - unable to pre-determine. Nevertheless, a summary of what that the message describes is:
Using the transaction reference “TRANSACTIONRF103”;
please transfer 500,000.00 GBP;
from John Doe, (IBAN: GB22EBNK88227712345678) at “English Bank” (BIC: EBNKGB20);
to Alice Smith (IBAN: FR20FBNK88332287654321) at “French Bank” (BIC: FBNKFR20);
Furthermore, please ensure the transaction charge is shared between the two institutions;
and mark the payment with a reference of “12345-67890”.
To wrap up this section, i wanted to take a moment to explain some logic behind the target of 500,000 GBP, as it is also important.
Aside from the many reasons it would be better to transfer (even) smaller amounts (which is an increasingly common tactic deployed by modern threat actors), why not go higher? This is where it’s important to understand the system and environment you are targeting.
In this instance, let's assume that by doing recon for a while I gathered the understanding that:
If a message comes from SYS which is over £500k;
even if it has been subject to a 4 eye check;
and even if it is flagged for STP processing;
route it to a verification queue and hold it for manual verification.
This was because a transaction over £500k was determined to be “abnormal” for SYS. As such, if my transaction was greater, the message would not propagate through all systems automatically.
OK, so now that I understood:
how the system worked;
how it communicated;
the fundamental structure of a raw MT103 payment messages;
and how much I could reliably (attempt) to transfer.
And with that, it was time to take a break from MT standards and establish an understanding of how I would even get into a position to put this into practice!
To place a message on a queue, I was going to need two things:
Access to the correct queue manager;
Write access to the correct queues.
Depending on the environment and organisation, access to queue managers could be quite different and complex. However a bare-bones setup may take the following form:
An MQ Administrator accesses their dedicated workstation using AD credentials;
They then remotely access a dedicated jump server via RDP which only their host is whitelisted to access;
This may be required as the queues may make use of Channel Authentication Records, authorizing specific systems and user accounts access to specific queues;
The channels may further be protected by MQ Message Encryption (MQME) which encrypts messages at rest based on specific channels. As such, even if someone was a “super duper master admin” they would only be able to read / write to queues specifically allocated to them within the MQME configuration file (potential target for another time?);
The MQ Admin can then use tools such via the Jump Server to read/write to their desired message queues.
So, in this scenario, to gain access to the message queues I - as an attacker - would need to compromise the MQ admin’s AD account and workstations, then use this to gain access to the jump host, from where I could then access the message queues given I knew the correct channel name and was configured with authorization to access it.. and maybe throw some MFA in there..
That is understandably a significant requirement! However, when discussion sophisticated attacks against Financial Market Infrastructure (FMI), it is more than reasonable to accept that an Advanced Persistent Threat (APT) would see this as a feasible objective - We don't need to dig into the history of how sophisticated attacks targeting SWIFT systems can be.
Next, it was time to finally identify a feasible attack vector for message forgery.
Now with an idea of how to gain the right access, as well as an understanding of the various technologies and security controls in place; I update my diagram:
You may have noticed I've added something called “LAU” around the SAA-to-SAG adapter, and another “LAU” to the MID-to-SAA MQ channels, which I have yet to explain. “Local Authentication” (LAU) is a security control implemented by SWIFT to authenticate messages using a pair of shared keys between two systems. These keys are combined and used to generate a SHA256 HMAC of the message and append it to the S block. This can then be validated by the recipient system. Effectively, this validates the origin and authenticity of a message. As such, even if an attacker was in position to introduce a fraudulent payment, they'd first need to compromise both the left and the right LAU signing keys, generate the correct HMAC, and append it to the message in order to have it accepted / processed successfully.
But LAU aside, I now just needed to figure out which queue to target! There were a lot of queues to work with as each system essentially has multiple “input” and “output” queues. With that in mind, it was important to note that: an incoming message would require being in the format expected by the target system (from a specific upstream system) and an outgoing message would need to be in the format “produced” by one target system and “expected / ingested / processed” by its respective downstream system. So to figure this out, I worked backwards from the Gateway.
Targeting SAG
This was the least feasible attack vector!
I hadn't really looked into how the SWIFT adapters worked - If only I could research literally everything);
SAA and SAG implemented LAU on messages sent between them - An excellent security control!;
The output of SAG was directly on to SWIFTNet which would entail all sorts of other complications - this is an understatement)!
Next!
Targeting SAA
So what if I wanted to drop a message on the “outbound” channel of SAA?
LAU and the SWIFT adapter aside, remember those session and sequence numbers? Well, messages which leave SAA are in the near-final stages of their outbound life-cycle, and as far as I understood would need to have valid session and sequence values. Given I didn't know how to generate these values without gaining access to SAA or how they worked in general (and lets not forget the LAU signing) this didn't currently seem feasible.
Next!
Targeting SANCT
This solution didn't actually transport messages back and forth; it just reads messages off the queues and performed checks on their details. Not much I could wanted to leverage here.
Targeting MID
To target MID, I could try and inject a message onto SAA’s “input” queue, or the “output” queue of MID. This would only need to match the format of messages produced by the Middleware solution (MID). Following this, in theory, the (mistial) message session and sequence number would be added by SAA, along with the UETR. This was promising!
However, MID was a SWIFT “message partner”, which are typically solutions developed using the Alliance Access Development Kit that allows vendors to develop SWIFTNet compatible software, and consequentially, implement LAU. So again, in-order to forge a message here, I’d need to compromise the left and right LAU signing keys used between SAA and MID, manually HMAC the message (correctly!), and then place it on the correct queue.. This also no longer looked promising..
Targeting SYS
OK, how about the input of the next system down - the 'Payment System'?
5m Mathmrs. Mac's Messages To My
As described previously, the inbound data was a custom “application specific” payment instruction from the institutions back office systems, and not a SWIFT MT message. This would be an entirely new core concept I'd need to reverse - not ideal for this project.
But how about the output queue?
Although SYS received custom format data, I found that it output what seemed to be an initial SWIFT MT messages. This was perfect! Additionally, SYS did not have LAU between itself and MID because (unlike MID) SYS was not a SWIFT message partner, and was just one of many-many systems within the institution that formed their overall payment landscape.
Additionally, because SYS was esentially just one small piece of a much larger back office architecture, it was not part of the SWIFT Secure Zone (after all you cant have your entire estate in the Secure Zone - that defeats the purpose) and as such, made use of the Queue Manager within a more accessible section of the general corporate environment (QM1). Konica minolta bizhub c352 driver mac os xcompubrown recovery tool.
With this in mind, and having - in theory - compromised the MQ admin, I could leverage their access to access on the corporate network to authenticate to QM1. I could - in theory - then write a fraudulent payment message to the SYS “output” queue, which we will call “SYS_PAY_OUT_Q” from here on.
OK! It seems like I finally had an idea of what to do! But before I could put it into practice, I of course needed to create a diagram of the attack:
I think it’s important to take a minute to refer back to the concept of “trust” which is what lead to this attack diagram. My theory behind why this may work is because the MID application, implicitly trusts whatever it receives from its respective upstream systems. This is intentional, as by design the security model of the payment landscape ensures that: at any point a message can be created, a 4 (or 6) eye check is performed. If there was a system whose purpose it was to ensure the validity of a payment message at any point upstream, the downstream systems should have no real issue processing that message (with some exceptions). After all, It would be next to-impossible to maintain a high-throughput payment system without this design.
And with that said, the plan was now clear:
Leverage the access of a Message Queue administrator;
to abuse the “trust relationship” between SYS, MID, and SAA;
to introduce a fraudulent payment message directly on to the output queue of SYS;
by leaning on my new found understanding of complete MT103 payment messages.
It was finally time to try to demonstrate a Proof-of-Concept attack!
So at this point I believe I had everything I needed in order to execute the attack:
The target system!
The message format!
The queue manager!
The queue!
The access requirements!
The generously granted access to a fully functional SWIFT messaging architecture! (that’s a good one to have!)
The extra-generously granted support of various SMEs from the target institution! (This was even better to have!)
Message Forgery
I needed to begin by creating a valid payment message using valid details from the target institution. So before moving on I was provided with the following (Note: as with many things in this post, these details have been faked):
Debtor Account Details – John Doe, GB12EBNK88227712345678 at EBNKGB20
Creditor Account Details – Alice Smith, GB15EBNK88332287654321 at EBNKGB20
Some of you may have notice that the sending and receiving BIC’s are the same. This was because, for the sake of the research, I wanted to send the message back to the target institution via SWIFTNet so that I could analyse its full end-to-end message history. Furthermore, you may have noticed we are using 'test & training' BIC code (where the 8th character is a 0) - this was to make sure, you know, that I kept my job.
But yes, with access to these 'valid' account details and the knowledge gained during the research so far, I could now forge a complete Input MT103 messages:
Note: Field 33B is actually an optional field, however, the MT standard stated that “If the country codes of both the Sender’s and the Receiver’s BIC belong to the country code list, then field 33B is mandatory”. As such, if 33B was not present in the message, it would fail network validation rules and SWIFTNet would return a NAK with the error code: D49.
Optional / Mandatory fields aside, it was not quite that simple! There were a few minor changes I needed to make based on the specific point in the message's its life-cycle I was planning to introduce it!
As I list these changes, remember that the objective is to introduce the message to the output queue of SYS (Which exists before MID, SAA and SAG)
The first 3 blocks needed to be placed on a single line;
Remove field 121 (UETR) from the User Header, as this would be generated by SAA during processing;
Remove 1 character from the transaction reference as it needed to be exactly 16 characters (classic user error);
Add decimal point to transaction amount using a comma - otherwise it would fail syntax validation rules;
Ensure the IBAN's were real and accurate, otherwise it seemed the message would fail some type of signature validation on the SWIFT network. The IBANs are fake here, but during the real PoC we used accurate account details in collaboration with the target institution;
Remove the trailer block (5) - as this would be appended by SAA during processing;
Remove the System Block (S) - as this would be completed by the SAG.
And the final message was as follows:
Note that the location in which I introduce the message has resolved all of the 'issues / blockers' I'd tracked whilst researching the message structure! It would seem the further upstream you go, the easier the attack becomes - given MQ is still used as a transport medium.
Message Injection
Now I had my raw MT103 message, I just need to save it to a file (“Message.txt” - sure why not) and place onto the “SYS_PAY_OUT_Q” queue using one of the admin's tools:
With access to a sole MQ Administrator's AD account;
We connect to the MQ admins machine;
Log into the Jump Server;
Open our MQ tools of choice and authenticate to queue manager (QM1) where the output queue for SYS was managed;
Connected to the 'SYS_PAY_OUT_Q' queue;
Selected my forged “Message.txt” file;
Invoked the “write to queue” function;
And it was off!
Loggin in to Alliance Access and opening the message history tab, we sat awaiting for an update. Waiting, waiting, waiting… waiting… and..
ACK! It worked!
That's a joke; did we hell receive an ACK!
See, this last section is written slightly more 'linear' than what actually happened. Remember those 'tweaks' used to fix the message in the previous section? I hadn't quite figured that out yet..
So roughly seven NACKs later - each time troubleshooting and then fixing a different issues - we did indeed, see an ACK! The message was successfully processed by all systems, passed target system validation rules, passed sanctions and AML screening, passed SWIFTNet validation rules, and SWIFT’s regional processor had received the message and sent an 'Acknowledgement of receipt' response to the sending institution!
Tumblr media
For the sake of completeness, I’ve included the ACK below:
And of course a breakdown of what it all means:
NameValueContextBasic Header Flag1Block 1Application TypeFF = FIN ApplicationMessage Type2121 = ACKInstitution CodeEBNKGB20AXXXEBNKGB20 (BIC) A (Logical Terminal) XXX (Branch)Sequence and Session No.19473923441947 (Sequence No.) 392344 (Session No.)Date Tag177200103 (Date) 1102 (Time)Accept / Reject Tag4510 = Accepted by SWIFTNet
Excellent! WooHoo! It worked! .. That took a lot of time and effort!
Closer Inspection
But the ACK wasn't enough, I wanted to make sure I understood what had happened to the message throughout its life-cycle. From the message I placed on the initial queue, to being processed by SWIFTNet.
Thankfully, as we sent the message back to the target institution we could see its entire message history. I already knew what the raw message placed on the queue looked like, so I wanted to focus on what became of the message once it had been processed by SAA:
The end-to-end tracking UUID had been generated and added (b42857ce-3931-49bf-ba34-16dd7a0c929f) in block 3;
The message trailer had been added ((5:(TNG:))) where I could see that - due to the BIC code used - SAA had flagged the message as 'test and training'.
Additionally, an initial System Block segment had been added ((S:(SPD:))), tagging the message as a possible duplicate. I wonder why - *cough* 7th attempt *cough*?
OK, so that was SAA. Now let’s see how it looked it once it passed through the Gateway and regional processor:
OK, we can see a few changes now.
The session and sequence numbers have been populated (1947392344);
The I/O identifier in block 2 has been updated to track that it is now an 'Output' message;
The additional data within Block 2 is a combination of the input time, date, BIC, session and sequence numbers, output date/time, and priority;
The trailer has been updated with a message authentication code (MAC) calculated based on the entire contents of the message using a pre-shared key and a secret algorithm;
Additionally, a checksum of the message body has been stored within the trailer’s “CHK” tag. This is used by the network to ensure message integrity.
I also took a look at the entire outbound message history, just to see all the “Success” and “No violation” statements to make it feel even more awesome!
So that's that really..
With a bit of research and support I was able to demonstrate a PoC for introducing a fraudulent payment message to move funds from one account to another, by manually forging a raw SWIFT MT103 single customer credit transfer message, and leveraging various system trust relationships to do a lot of the hard work for me! https://arfox158.tumblr.com/post/655263262721638400/wireless-external-hard-drive-for-mac.
As mentioned briefly in the introduction, this is not something I have really seen or heard of happening in practice or in the 'wild'. Perhaps because it clearly takes a lot of work.. and there is a huge margin for error. However, if an adversary has spent enough time inside your network and has had access to the right documentation and resources, this may be a viable attack vector. It definitely has its benefits:
No need to compromise multiple payment operators;
No requirement to compromise - or establish a foothold within - the SWIFT Secure Zone;
No requirement to bypass MFA and gain credentials for a messaging interface;
No generation of application user activity logs;
No payment application login alerts;
No bespoke app-specific and tailored malware;
And all the other things associated with the complex task of gaining and leveraging payment operator access.
All an attacker may need to do is compromise one specific user on the corporate network: a Message Queue administrator.
The industry is spending a lot of time and effort focused on securing their payment systems, applications, processes, and users to keep - among other things - payment operators safe, Messaging Interfaces locked down, and SWIFT systems isolated. But the reality is,; the most valuable and most powerful individual in the entire model, might just be a single administrator!
As always, a security model is only as strong as its weakest link. If you're not applying the same level of security to your wider institution, there may very well be many weak links within the wider network which chain together and lead to the comrpomise of systems which feed into your various payment environment.
I think the main thing to remember when reflecting on this research is that it did not abuse any vulnerabilities within the target institution's systems, or even vulnerabilities or weaknesses within the design of their architecture. It simply leverages the legitimate user access of the Message Queue administrators and the trust relationships that exist by design within these types of large-scale payment processing systems.
So the harsh reality is, there is no particular list of recommendations for preventing this type of attack in itself. However, the main point to drive home is that you must ensure the security of your users - and overall organisation - is of a high enough standard to protect your highest privileged users from being compromised. Things such as:
Strong monitoring and alerting controls for anomalous behaviour;
Requirements for Multi-Factor authentication for access to critical infrastructure;
Segregation of critical infrastructure from the wider general IT network;
Strong password policies;
Well rehearsed incident detection and incident response policies and procedures;
Frequent high-quality security awareness training of staff;
Secure Software Development training for your developers;
Routine technical security assessments of all critical systems and components;
The use of 3rd party software from reputable and trusted vendors;
However, in the context of Message Queues, there is one particular control which I think is extremely valuable: The implementation of channel specific message signing! This, as demonstrated by SWIFT's LAU control, is a good way in which to ensure the authenticity of a message.
As discussed, LAU is - as far as I know at the time of writing - a SWIFT product / message partner specific control. However it's concept is universal and could be implemented in many forms, two of which are:
Update your in-house application's to support message signing, natively;
Develop a middleware component which performs message signing on each system, locally.
This is a complex requirement as it requires considerable effort on the client’s behalf to implement either approach. However, SWIFT provides guidance within their Alliance Access Developers guide on how to implement LAU in Java, Objective C, Scala and Swift;
Strip any S block from the FIN message input. Keep only blocks 1: through 5;
Use the FIN message input as a binary value (unsigned char in C language, byte in Java). The FIN message input must be coded in the ASCII character set;
Combine the left LAU key and the right LAU key as one string. The merged LAU key must be used as a binary value (unsigned char in C language, byte in Java). The merged LAU key must be coded in the ASCII character set;
Call a HMAC256 routine to compute the hash value. The hash value must also be treated as a binary value (unsigned char in C language, byte in Java). The HMAC size is 32 bytes;
Convert the HMAC binary values to uppercase hexadecimal printable characters.
An example of how this may work in the more flexible middleware solution proposed is where the original service is no longer exposed to the network, and is altered to only communicate directly with the custom 'LAU-eqsue' service on its local host. This service would then sign and route the message to its respective queue.
When received, the core of the recipient payment service would seek to retrieve its messages from the queues via the 'LAU-esque' signing middleware, which would retrieve the message and subsequently verify its origin and authenticity by re-calculating the signature using their shared (secret) keys. Key-pairs could further be unique per message flow. This design could allow for the signing to be used as a way to validate the origin of a message even if it had passed through multiple (local) intermediary systems.
As a final bit of creative effort, I made yet another diagram to represent what this could perhaps look like - if life was as easy as a diagram:
If you made it this far thanks for reading all.. ~6k words!? I hope you found some of them interesting and maybe learned a thing or two!
I'd like express our gratitude to the institution who facilitated this research, as well as specifically to the various SMEs within that institution who gave their valuable time to support it throughout.
Fineksus - SWIFT Standard Changes 2019
https://fineksus.com/swift-mt-standard-changes-2019/
Paiementor - SWIFT MT Message Structure Blocks 1 to 5
https://www.paiementor.com/swift-mt-message-structure-blocks-1-to-5/
SEPA for corporates - The Difference between a SWIFT ACK and SWIFT NACK
https://www.sepaforcorporates.com/swift-for-corporates/quick-guide-swift-mt101-format/
SEPA for corporates - Explained: SWIFT gpi UETR – Unique End-to-End Transaction Reference
https://www.sepaforcorporates.com/swift-for-corporates/explained-swift-gpi-uetr-unique-end-to-end-transaction-reference/
M DIBA - LAU for SWIFT Message Partners
https://www.linkedin.com/pulse/lau-swift-message-partners-mohammad-diba-1/
Prowide - About SWIFT
https://www.prowidesoftware.com/about-SWIFT.jsp
5m Mathmrs. Mac's Messages For Her
Microsoft - SWIFT Schemas
https://docs.microsoft.com/en-us/biztalk/adapters-and-accelerators/accelerator-swift/swift-schemas
SWIFT FIN Guru - SWIFT message block structure
http://www.swiftfinguru.com/2017/02/swift-message-block-structure.html
Tumblr media
2 notes · View notes
phaltu · 6 years ago
Note
How about Doctor/hospital/vet AU? Whether you do this prompt or not - you are amazing and talented and beautiful and none of us deserve you! Thank you for doing this prompt-a-thon!
prompt-a-thon, day 1 out of 7
Ahhh thank you so much sweetheart!! I’ve never had as much fun in a fandom as I have in this one ;_; I’d like to thank everyone for sending such lovely prompts AND so many kind words in as well! I really do appreciate it and appreciate every single one of you so much, this fandom has been a bottomless well of support and love!! My apologies if I couldn’t get to your request but know that if I could, I’d do each and every one of them!!
without further ado here’s a Doctor AU!!! ….kinda…
900 words, rated T or S for stupid, read the rest of the prompts here
Keith doesn’t believe in divine intervention, not to the degree that others do. Not normally anyways. Divine intervention might have prevented him from ending up at Denny’s at 3 A.M with Lance as they try to stuff hashbrowns into their face. They’ve sobered up from a shitty house party, and Keith’s never been this hungry in his life.
He chugs down some of his orange juice while Lance says something about having forgotten his mickey of Cuervo at the house party, and the door rings as two new patrons step in. One of them flies right over Keith’s head; he’s lanky and tall with sandy hair and what looks like an ever-present smirk. The other one is proof that maybe divine intervention is what brought Keith to this diner to begin with.
He’s tall and big. The first two are generally all that one needs to get onto Keith’s radar, but his face looks like God spent a little extra time on him. Keith’s never seen kinder eyes nor a sturdier jaw, and he doesn’t know what to do with either piece of information. The tequila might still be in his system but Keith knows that even sober, he’d be going googly-eyed over this white-haired man that’s asking for a table for two in a low, luxurious voice.
“Keith?” Lance waves a hand in front of his face. “Hello?”
Keith nods and Lance narrows his eyes, looking over his shoulders.
“Oh, for Christ’s sake,” he says, turning back to Keith and looking pointedly unimpressed. “Are you still drunk?”
“What?” Keith says absent-mindedly, watching the man. He’s wearing dark grey scrubs, matching the shorter man, and has a small logo on his side that matches the local university hospital. He watches as the two take a seat three tables down from Keith. The waitress takes their order, and Keith ignores Lance’s indignation in favour of hearing the man’s low rich voice ask her for a Santa Fe skillet.
“What about your diet, Dr.Shirogane?” The other man says, and Keith thinks he’s ready to ascend. He’s hot and a doctor. Dr.Shirogane chuckles, and Keith goes a little cross-eyed.
“Hey ugly,” Lance snaps his fingers in front of Keith’s face. “I’m talking to you.”
“Don’t care,” Keith deigns to give Lance one flat look, sticking his tongue out at him. Lance gives him the middle finger, and Keith ignores him, looking back to the current object of his still-slightly-tipsy desire.
And the man looks up while Keith sticks another hash brown into his mouth, and catches him staring. Keith’s eyes widen, and he sees the corner of the man’s mouth tick upwards.  Two things happen.
First, the man winks. Keith’s never had a man this hot wink at him before which leads to the second thing. The hashbrown Keith swallowed has decided to go down the wrong way, probably too overwhelmed by the wink.
Keith starts making a choking sound, and gestures wildly towards Lance. Lance looks unaffected.
“If you’re making noise then you’re fine,” He says, and for a good measure, adds a “Bitchass.”
Keith gives him the middle finger, but the act of it makes the hashbrown lodge itself even weirder down his throat. Keith goes silent and he grasps his throat, and Lance finally realizes that something is in fact going wrong.
“Fuck,” Lance says, eyes widening. “Fuck oh fuck oh fuck dude, what the fuck?”
Keith flails, and out of the corner of his eye he sees a large figure darting towards their table. He thinks it’s perhaps the grim reaper, eager to pull Keith into an early end, but said large figure yanks Keith up and thwacks his back five times, hard. Keith would be into it, if he wasn’t dying. Well-muscled arms wrap around him and clasp into a fist over his abdominals, and Keith feels the hands pound into his gut.
He chokes again, and on the third thrust, the hash brown spills out of his mouth, tumbling onto the ground like the pathetic piece of shit potato it is. He coughs, and it takes him a second to register that he’s on his tip toes before the large figure lets him down and turns him around. Keith finds himself getting pushed back until he’s sitting on the counter top of their table and is face-to-face with the unreasonably hot doctor from before.
“Holy shit,” Keith breathes, and he feels a large hand placed on top of his shoulder. He looks up, and notes that Hot Doctor’s face up close is significantly hotter than it was from a distance. “I almost died.”
“Not quite,” the man smiles kindly, and Keith can see his dinner companion try to get a glimpse of Keith over the man’s shoulders.  The man elbow him out of the way, and his friend makes a noise of protest.
“He choked because you’re hot,” Lance supplies helpfully from where he’s still seated and munching on his peameal bacon. “Just to let you know.”
“Maybe it’s better if I did die,” Keith grimaces, and the man goes a little pink around his ears. “Give me another one, let it finish the job.”
“Hey now,” the man’s hand is still on his shoulder, Keith realises. “Maybe you should try eating something that goes down a little better.”
“Yeah?” Keith asks, crossing his arms over his chest in a defensive manner. He’s going to kill Lance barehanded when they get back to their dorm. “Like what?”
“Why don’t I take you out to dinner and show you?” the man asks, his friend snorts, Lance makes an ooooh noise,  and Keith decides that just this once, revenge can wait another day.
351 notes · View notes
verynotseriousperson · 8 years ago
Note
Except, I'm not a Harry, zayn or 1D fan..just a POC calling you out on your bs. Saying "oh no zayn, don't do that, bad boy" and then continuing to buy his music & a supporting him makes you no better than harry fans. The kid showed his true colours, why are you still supporting him? you're either a big fucking racist (therefore a piece of shit) or a supporter of someone who's racist (also a piece of shit. You fall into this category). Sit your ass down with your "were critical" bullshit
So you're not a 1d/Harry or Zayn stan, yet you apparently stalk my blog or follow me or something of the sort. Why? And I'm curious to what BS you're calling me out on? It's not like I'm being hypocritical or racist or engaging in unfair double standards like the group of people you claim not to be a part of, so what's really your issue? It's really cute that you come in my inbox acting like you're spilling tea about me or Zayn or whatever but if you're really bad then why don't you send me an ask off anon then? Support how you feel openly since you're so confident and bold. I'm really so curious where you're getting this slap on the wrist bullshit because it wasn't like that at all and I'll tell you like I tell everyone else who comes in MY inbox trying to ask me for proof or trying to tell me what's on my blog: Scroll bitch. I really don't know why you picked me to hash this issue out with because what you're talking about doesn't apply to me and it never has and the fact that you don't even understand that I was talking about racist double standards in the first place lets me know you lack reading comprehension skills (one hint that you're actually a 1D fan or maybe a m*xer) and don't actually know what I'm talking about or the context. And you just keep throwing this "he's racist!" Shit around and talking about he "showed his true colors" but refuse to answer the why and how. And TBH the way you're trying to police my feelings on Zayn bothers me a whole lot as you're probably not going around to any white bloggers or stans of the whites inbox questioning them. You're pulling that bullshit a lot of those trash ass bloggers did last year but you've already proved you're trash so I don't know why this was a surprise. The audacity of your dumb ass telling me to sit down while you're on MY blog on anon in MY inbox like the coward bitch you are.
16 notes · View notes
another-writer · 8 years ago
Text
Your Choices
A/N: This is the first one shot I’ve ever published so fingers crossed that you like it! I’ve proof-read it but apologies for any mistakes! Aside from that, I hope you guys like this, I had fun writing it Warnings: angst, a few curse words, slight teeny-tiny allusions to smut?  Word count: 2,569
You and Bucky had been dating for about four months and you had yet to take any big steps in your relationship. Your date nights consisted of long walks at night when it was quiet (and Bucky had the excuse of draping his jacket over your shoulders), binge-watching films and TV shows until the early hours of the morning (you had yet to introduce Bucky to Stranger Things, holding off because Eleven’s history might hit a little too close to home for him), and near-fancy dinners in restaurants or in the compound (for the sake of everyone’s safety, you cooked, Bucky watched). Things were simple but stable and so comfortable with Bucky and you trusted him with your life, as did he. 
Which is why it seemed odd to some people (your co-workers) that you and Bucky had yet to sleep together. The Avengers themselves knew better than to get involved with your affairs or concern themselves at all. Yours and Barnes’ relationship was out of their spheres and they were more than happy to stay out of your business or prod for answers.
Unfortunately, the same could not be said for your colleagues in the office. Although they thought they were being subtle, you could tell whenever you walked into the room that they had been talking about you and the infamous Winter Soldier (their words, despite Bucky breaking off all affiliation with his former alias). You knew that Bucky heard them as well because rumours spread fast in any office, even that in the Avengers compound; every time you both would be walking past one of them, he would hold your hand a little tighter, or drape his arm around your shoulders as if to say We don’t need to do anything you think we have to. Your co-workers’ words never got to you, and you were glad they didn’t get to Bucky either.
Or, so you thought. 
It was nearing eleven o’clock at night when you and Bucky were walking back into the compound after dinner. Usually, he would walk you to your room a couple of floors below his and kiss you goodnight. This time, you noticed, he hit the button for his floor.
‘I was thinking you could stay the night? With me?’ he asked nervously. ‘Only if you want.’
And dammit he was so endearing you couldn’t say no. The Bucky Barnes you knew held few similarities to Steve Roger’s best friend from the twentieth century. Sure, Barnes had charm when he was brave enough to use it, and he had wit and a killer smile, but he was shy sometimes and the ease he felt around you was never instantaneous. It took a lot of reassurance that Bucky could trust you to enough to open up to you.
You weren’t quite sure how it happened, but you ended up with your back pressed against his bedroom door, Bucky completely molding your bodies together with one hand against the door, trapping you, and the other cupping your jaw as he pressed his lips languidly against yours. You laced your fingers through his hair, kissing back losing yourself in his warmth and he hummed appreciatively, allowing you to slip your tongue in his mouth. 
You felt his other hand trail to your waist and then down to your hip, sending shockwaves through your bones and you moaned quietly, which only encouraged him to slip his hand under your shirt, fingertips grazing over the soft skin of your stomach.
Immediately, your eyes fluttered open. You turned your head to the side, breaking the kiss. 
‘Bucky,’ you murmured, as his hand cupped your breast.
But Bucky only began pressing kisses along your jaw and down your neck, nipping the base playfully with his teeth. You could feel a lump in your throat.
‘Bucky, stop,’ you repeated softly,pushing slightly against his chest, not wanting to turn this into an argument. 
He leaned back; slightly enough to look you in the eyes and it was so annoying because he looked adorable, but you weren’t ready. 
‘Something wrong, doll?’
Oh shit, his voice is all husky.
‘I - I’m not,’ you found it difficult to speak with Bucky looking at you like that. You knew he wasn’t doing it intentionally, you simply got uncomfortable when someone was focusing all their attention on you, looking at you, when you were being vulnerable. The nights when you would pour your heart out to Bucky, you would be wrapped up in his arms where you couldn’t look him in the eye, simply because you found it easier to talk without eye contact.
Bucky stroked your cheek with his thumb soothingly. ‘What’s wrong?’
‘I’m not ready,’ you managed, looking away at the ceiling.
‘Hey,’ Bucky murmured, cupping your face gently, making you look at him. ‘It’s just me.’
You blinked, shy demeanour melting away. ‘Um … No, I know, but, I’m not - …’ Why was he being weird? ‘Is everything okay?’ Why did it feel like he was suddenly shutting you out?
‘Yeah,’ Bucky replied, but it sounded like he was lying and wasn’t doing much to cover that up.
‘You’re being weird,’ you frowned, as he backed away by a couple of steps. ‘I’m sorry if I’m not ready and don’t want to force myself into doing something I don’t want to,’ you added, a slight edge to your voice. You didn’t care how good your relationship with Bucky had been so far; there was no way you were going to feel guilty for this. 
Bucky ran a hand through his hair. ‘It’s just that -’
‘Just what?’ You folded your arms curtly.
‘I mean … we’ve been together for four months.’
‘I’m aware.’
‘And …’ He seemed to be struggling to find the right words.
Then it dawned on you.
‘Are you kidding me right now?’ you scoffed.
Bucky looked at you. ‘What?’
You shook your head. ‘I can’t believe you!’ you cried. ‘This about what my co-workers are saying, isn’t it?’
‘But they’re -’
‘They’re not right, Bucky,’ you said firmly. ‘They’re not. Since when are we supposed to care about what anyone says about our relationship? My co-workers don’t dictate when I’m ready to do anything with you.’
‘Doll, if you’d just -’
Is he trying to rationalise me?
‘Could you not call me that?’ you asked rhetorically and Bucky’s demeanour softened. 
‘[Y/N] …’
You didn’t have anything else to say to him. You ignored him, swiped your heels from the floor and let yourself out from his room. ‘I’m going to bed.’
The next morning you found yourself without your phone, realising you had left it in your jacket in Bucky’s room. You weren’t in the mood to see him so you took the lift down to the office floor, your bag on your shoulder, a stack of paperwork in your hands tucked to your chest and your blazer draped over your arm. At least you would be kept busy. 
Around eleven, after almost three hours of work, you heard a gentle knock on the glass of the communal office and looked up, your stomach dropping.
Bucky stood outside the office with your jacket from last night over his arm and your phone in hand. Deciding to be civil, you stood up, closed the glass door to the office behind you and waited. You could feel the eyes of your colleagues boring into the two of you.
‘You left these last night,’ Bucky said quietly, handing you your things. His cheeks were tinted red with what you guessed (hoped?) was shame and he couldn’t seem to hold your gaze, instead breaking eye contact every now and then. ‘Your phone was dead so I charged it before … yeah,’ he finished lamely, when he realised he wouldn’t be getting a response from you.
You nodded. ‘Thanks.’
Bucky sighed. ‘[Y/N], please, just talk to me.’
’I have work to do, Bucky,’ you said. ‘But if you want advice, you’re apparently more than welcome to take it from them,’ you gestured to the people inside the office.
‘Doll, I’m sorry.’
‘Not now, James.’
The amount of audio files you had to type up and documents you had to send totaled up to roughly three days’ worth of work, but you adamantly stayed past your office hours because you knew the moment you stepped out of your office, or onto your floor, or outside your bedroom, Bucky would be there waiting for you. The man was a puppy when he was lost, but you were so irritated by his behaviour, that you weren’t ready to hash things out. Bucky could afford to suffer a little longer like you were. You thought you were worth more than office gossip.
Your eyes started to ache after two more hours and around eight, your stomach was growling so much that you couldn’t ignore it. You gathered up your files, your bag, and your blazer, turned the lights off, and braced yourself for Bucky’s next attempt.
As you suspected, Bucky was sitting on one of the sofas of the living room on your floor of the complex that you shared with four other office workers and two lab technicians. When he heard the elevator, Bucky looked up and watched you walk out but made no sudden attempt at a desperate speech. 
‘Can I talk to you?’ he asked quietly. ‘I know you just got out of work but, please?’
You carried on walking.
‘[Y/N], please, I didn’t mean to upset you.’
‘And what did you think your behaviour last night would achieve?’ 
You studied him with a stone expression, your calmness making him uneasy. He opened and closed his mouth several times, like all the words in the English (and Romanian, and Russian) language(s) had left his mind.
‘Is this what our entire relationship was leading up to?’ you sighed. ‘You just put up with our dates until you felt you waited a reasonable time to make a move?’ You knew it wasn’t true, but it seemed that the only way you were going to get your answers was by provoking him.
Bucky’s eyes widened. ‘No!’ he cried, completely shocked.
‘Then what was it?’
Bucky sighed and rubbed his face with his hands. ‘It’s just …’
You recognised where this was going. Bucky was starting to shut down, close off from you. It was one thing to make him guilty for what he had done, but by instinct, he had started walling himself off from you which was the last thing you had intended.
‘Bucky,’ you said a little gentler (you were still mad at him), ‘you can tell me.’
‘You don’t hear everything they say,’ he said quietly. ‘And I know I shouldn’t take it to heart but it hits really close to home and I let it all get to me …’
You softened slightly. What were you missing? ‘What else do they say?’ you asked quietly.
Bucky’s cheeks were red. ‘That we haven’t slept together because you don’t trust me,’ he muttered, ‘and that you’ll think I’ll hurt you and that this relationship is temporary.’
You narrowed your eyebrows, a new irritation at your colleagues. ‘None of that is true,’ you said, setting your things down on the sofa and stepping closer to him. ‘I’d hope that after four months you would know that.’
Bucky looked at you sadly. ‘I’m so sorry if I made it seem like I was guilting you last night but when you said you weren’t ready it sounded like what they said was true and the last thing I want is to lose you and then after you left I realised I might have after how I acted -’
‘You haven’t lost me,’ you said, wrapping your arms around his waist, Bucky immediately reciprocating, his arms going around your shoulders and holding you to his chest. ‘I’m upset about last night but that’s not because I don’t trust you.’
‘I acted like an ass last night, doll, I’m so sorry,’ Bucky said again, nuzzling your hair. 
‘Yeah, you did,’ you said truthfully, making Bucky laugh slightly. ‘I thought we were pacing ourselves, y’know?’
‘I do,’ he said. ‘I got scared by what I heard and I thought I had to -’
‘So you weren’t ready either?’ you murmured, stomach dropping. Bucky was prepared to give himself to you because he thought he was going to lose you? ‘I’m going to kill them.’
Bucky chuckled and squeezed you tighter, and you happily accepted his warmth. ‘I’m sorry if that sounds like I don’t trust you. I should’ve known it was all bullshit.’
‘Bucky you’ve spent a lifetime following everyone else’s orders. What do you want?’
‘I want to be with you,’ he said without missing a beat. 
‘Okay, so trust me,’ you implored. ‘I won’t steer you wrong.’
‘I know you won’t.’ Bucky nodded. 
You pressed a kiss to his chest and sighed nervously. ‘Bucky?’
‘Yes, doll?’
‘The reason why I said no,’ you began, ‘it’s … it’s that we haven’t …’
Bucky ran his hand soothingly slowly up and down your back, coaxing you to take your time wordlessly.
You bit your tongue and then ran it over your lips. ‘You haven’t told me you love me,’ you said, voice slightly muffled by his chest. ‘And I’m not … I don’t - I can’t do it if it’s not with someone that … yeah. I mean, it’s partially that, as well as just … I’ll know I’m ready when the time comes?’ you finished lamely. ‘
And it’s not that you saw an expiration with Bucky, you knew you loved him. You just didn’t want to rush him into things. And you felt like he loved you every time he carried you to bed, or draped his arm around your shoulders, or even looked at you. You were just waiting for him to say it.
Bucky leaned away from you slightly, bringing a hand to cup your face so that you were looking at him. His eyes were shining with that familiar look he had been giving you for the past couple of months.
‘Doll, I … I do love you,’ he said and your heart beat wildly because you could tell he meant it. ‘I’m not saying that now just to ease you, I mean it. I love you so much, it makes my head spin.’
You blushed and stood on your tip toes to kiss him chastely. ‘I love you too,’ you mumbled against his lips. ‘And I felt like you loved me, but it’s … it’s different to -’
‘I understand,’ Bucky granted you the luxury of not having to finish your words which was lucky because you thought you were going to explode. ‘I’m sorry I upset you.’
‘I accept your apology,’ you said smoothly, grinning as he pressed several chaste kisses to your lips. ‘But can we please go and get dinner? I might’ve skipped lunch because I was avoiding you.’
Bucky ran his thumbs over the shadows under your eyes, frowning. ‘You’re too tired to go out.’
‘I’m too tired to cook and don’t you dare offer, Barnes, there are still scorch marks on the kitchen ceiling upstairs and it’s only a matter of time before Stark finds out it was you.’
Bucky laughed, placing his arm over your shoulder and guiding you to the elevator. 
‘We’ll order in then, okay?’
‘As long as you don’t set fire to the phone by accident,’ you muttered, grinning wickedly as Bucky elbowed you lightly in your ribs.
211 notes · View notes
ronaldmrashid · 7 years ago
Text
The Benefits Of A Revocable Living Trust
Every parent’s responsibility is to try to give their children as many opportunities in life as possible. As a result, we get life insurance, set up a 529 plan, establish a will, invest for their future, and spend as much time with them as possible. What I haven’t touched upon yet is setting up a revocable living trust, something I plan on eventually doing, especially after reading this post. 
I’ve invited Tom, a doctor, a FS reader, a father of five, and the founder of HighIncomeParents.com to tell us why setting up a revocable living trust is a good idea. Most living trusts are “revocable” because you can change them as your circumstances or wishes change. Revocable living trusts are “living” because you make them during your lifetime.
Origins Of The Revocable Living Trust
Trusts may have originated in the 8th century but became more common during the times of the crusades. Knights would travel to far off lands, fighting for their church and king. These men left their families for months if not years with little communication back home.
They left wives and children to tend to the home not knowing if they would return until they either showed up at the front door or the other knights came home and told their families they didn’t make it home from the battle.
If there was no trust in that day, the Crown could claim any property belonging to the knight under royal rights and the wife and children carry on penniless.
Fortunately, we aren’t as archaic today but there are still benefits of a trust, especially for those with a high net worth.
Key Definitions
In order to know what we are talking about, we need to define some terms.
The basic goal of a trust is to provide a responsible person (or firm) for the assets of someone else. The settlor (also sometimes called trustor, grantor or donor) is the person with the assets. The trustee is responsible for those assets. The trustee acts for the benefit of the people receiving the assets once the settlor is dead or incapacitated. The beneficiaries are the people receiving the assets.
High income earners with a large net worth and especially those with children should look into the benefits of a revocable living trust to see if it’s right for them.
Differences Between A Will And A Trust
A will only kicks in after you die. A trust can help transfer assets before and after you die.
A will requires probate. Probate is a process in which the court proves that a deceased person’s will is valid. It can be pretty simple or a real pain in the you-know-what depending on the estate.
A will is public. A trust is private.
A will completely distributes your assets to your beneficiaries after your death if they are of the age of majority. If you have minor beneficiaries the guardian of the beneficiaries (children) don’t get anything to help raise your kids from the inheritance.
With a trust, your assets can stay in the trust and the trustee can distribute assets as your instructions dictate. That means you can give money to the children incrementally to help the guardians care for them.
Privacy Benefits
If you don’t want some busybody knowing your assets and worth, a trust can help keep that confidential. It isn’t 100% full proof because disgruntled family members can still challenge the trust in court and then the assets of the trust become public record. It’s still more private than a will since the will becomes public knowledge automatically.
Some people get pissed off when their attorney includes personal information in a will. This could include social security numbers, birthdays and children’s names.
Related: Adopt Stealth Wealth Into Your Life
Lower Potential Cost
When the settlor dies, all his assets transfer over to the trust. All assets should be titled in the name of the trust while the settlor is alive but if you include a “pour over” will, even those titled in the settlor name should eventually end up in the trust.
For example, the pour-over will could cover a car not titled in the name of the trust, but the settlor name.
The assets covered by the pour-over will are still public and they still have to go through probate, so if privacy is a big concern, make sure you transfer title to the trust.
In Henry Abts III’s book The Living Trust, he estimates the cost of probate between 5-15% but this is highly situation specific. Fees include court filing fee, personal representation fee, posting a probate bond, publication of legal notices, tax preparation fees, property appraisal fees and attorney fees.
If the family starts a heated legal battle over a will’s legitimacy, the heirs might be left with very little once the courts get their cut. Just look at how Elvis’ estate was fleeced.
Fees will vary by state but some states have standardized fees. Just check out California:
Probate fees are ABSURD if you don’t have a revocable living trust
This is a handy probate calculator for Californians. Talk about a ridiculous amount of money in fees. So who gets the fees? Attorneys, accountants, the court costs, a probate bond fee, paperwork, filing taxes at the end of the year, brokerage transfer fees. it all adds up. The government only gets you if you are about the estate tax limit. as long as the estate is below 10.98 million you are good there. Some states might have different estate tax rates so you have to watch that.
When we set ours up it cost $1500. That was about 5 years ago. The estate planning attorney I used streamlined the process. We had an initial hour consultation that if we decided to proceed with the trust, he included in the overall price.
Then he forwarded us a long worksheet that helped my wife and I think through the process and convey our wishes. I bet we spend four or five hours going over that worksheet. It was a long discussion but also very good for us to hash out all our wishes if the worst happens.
He then gave us another 20-30 minute phone consultation to review our wishes and clarify any questions he had. A few days later he had all the documents emailed to us for review. After we reviewed everything, he sent us the documents for notarization and witnessing. We did that and the document should be legally binding after all that.
Trusts Are Also For The Living
If you become incapacitated and unable to care for yourself, without a trust, your heirs are sitting around waiting for you to die before they can receive your assets. Depending on your family relationships, that might cloud some judgment on whether or not they want to continue medical care or other life changing decisions.
On the other hand, if you have a trust your beneficiaries might be clamoring to have you declared incompetent if they can request information from the trustee and see what they are due to get from the trust.
The bottom line is hopefully your beneficiaries like you for more than your money.
Deciding How Much to Give to the Kids
Here is where a trust has an advantage over a will. There are a million and one ways to decide how much and what to give to your kids. It’s situation specific but here is the train of thought on how and what I decided to give to my kids.
1) Figure Out Your Estate’s Value
This could include a life insurance policy, investment accounts, real estate, commodities, basically everything of value. Remember to factor in the costs to sell real estate and other poorly liquid assets. You might not need to sell the assets, like rental property or stocks. The trustee can manage these until the time comes to fund other expenses of the beneficiaries.
2) Prioritize your Goals for your Beneficiaries
What do you want first for your heirs when you’re gone? Topics I thought about were basic needs of life, first home purchase, education, life experiences, and wedding costs.
3) Decide on Guardians
My wife and I figure out who we wanted to take care of our kids. Our primary choice is my brother and sister-in-law. Our second choice is our best friends. Of course, we asked these folks if they would take that responsibility. We also discussed how we planned to compensate them for caring for our kids. That is a must.
4) Pick a Trustee
We decided to use a family member as our trustee. We are fortunate that we have a trusted brother, knowledgeable in personal finance, willing to take on the responsibility. Being a trustee of a large estate is no easy task. Make sure your trustee know what he is getting into when he agrees.
Others will choose a lawyer or other professional. The trustee is entitled to compensation and depending on the complexity of the trust or the needs of the beneficiaries, fees due to the trustee could be equivalent whether it’s a family member or lawyer fulfilling the duty.
5) Make Goals For Your Beneficiaries
Then you have to make some assumptions and the goals you want for your beneficiaries, in my case, our kids.
Our assumptions include the yearly cost of raising a child to age 18. As of right now between our 5 kids, we have 35 more kid raising years to get them to age 18. If the average cost to raise a child is ~$233,610 then that is about $13,000 a year.
$13,000 X 35 = $455,000
Depending on the cost of living in your area or where your potential guardians live, you can adjust this up or down.
6) The Cost Of Education
Some of you may send your kids to private school. Remember to factor in tuition costs. We homeschool our kids. They would go to public school if our selected guardians took custody so we haven’t factored in this cost.
If I’m not around I would still like to give them the advantage of getting a head start on their financial independence. This includes paying for college. The average state tuition with room and board in my location is $26,322 per year.
If I wanted to fund a full ride for each of my five kids I would need 4 x 26,322 indexed to inflation. You could also only fund a percentage.
For my 6-year-old projected college cost for the average state school are $203,742 at a 5% inflation rate. Here are the rest:
6 year old $203,742
10 year old $167,619
12 year old $152,035
13 year old $144,796
16 year old $125,080
Total = $793,272
Here is the calculator I used to find those tuition costs.
Along with basic living costs, we are up to  $1,248,272.
Another consideration was helping with their first home purchase.
We instructed the trustee to distribute $100,000 for each child toward a downpayment on their first homes.
Add another $500,000 in my case.
We didn’t want to distribute all the funds as soon as they turn 18 and decided to delay it to when they turn 30 years old. We felt that was old enough for them to establish a career or start a business. In addition to my financial education, we hope that the delay in the distribution of any other assets from the estate will encourage them to become productive members of society and not depend on Mom and Dad’s money to support them.
You can include tolerance bands as well for the various expenses you want to fund. For example, you could fund the average state university tuition but add an extra 10-20% as needed for the situation.
Related: Everything You Wanted To Know About The 529 College Savings Plan
Putting it Together
If I want to do all these things, I need $1,7248,272 to get my kids through college and buy a decent home in Texas.
My net worth isn’t quite there yet plus a lot of my assets are illiquid. I don’t want my trustee scrambling to sell everything to fund my beneficiaries’ lives.
What About Life Insurance?
I don’t want my wife to worry about finances when I’m gone. I bought enough life insurance to cover her ability to invest and live off the profits. She and I are the first beneficiaries of the trust but if we both die, we want the kids covered financially. If that requires more life insurance, then you should buy enough to cover the greater set of expenses.
Related: How Much Life Insurance Do You Really Need?
Getting Creative
Of course, you don’t have to do anything I did, but I figure if I can guide my kids to adulthood and encourage higher education even after I’m dead, I’ve done my job. Hopefully, I’ll give them a lot more than that by living a long life.
You could get really creative and put in a provision that any child who wins a Nobel Prize automatically gets a $100,000 bonus. Maybe you want to inspire physical fitness and give a yearly $10,000 bonus for anyone that can maintain a sub 90-minute half marathon.
You could also disincentivize behavior. For example, if your beneficiary fails a drug test, he gets nothing. The options available through a trust are only limited by your imagination.
Updating The Trust
There’s no standard time interval to make changes to your trust documents. You should review it every year or so but here are some things that could trigger a need to revise the documents.
Divorce (you or your beneficiaries)
New Marriage (you or your beneficiaries)
Birth of another child
Death or incapacitation of a beneficiary or trustee
Moving to a new residence
Financial windfall or setback
Tax law changes that impact assets classes within the trust
Advantages Of A Trust Owning Multiple Properties
This is where you real estate moguls eyes light up. One of the huge advantages of a revocable living trust is owning multiple properties in multiple states. If you create a trust and actually take the time to title each property to the trust, you could avoid probate through multiple states.
This depends on the state because different states have different rules, but if you are developing a real estate portfolio, this may save some time and money if the properties were ever transferred to your beneficiaries through the trust.
Related: Buy Utility, Rent Luxury: The Key To Real Estate Wealth And Happiness
Minimizing Taxes
This depends on what kind of trust we are talking about but a revocable living trust doesn’t avoid taxes. The main concern a lot of us could have is the estate tax. Right now if your estate is worth more than $5.49 million per parent you have to pay a progressive levels of estate taxes depending on how much you go over the $5.49 million.
There is an unlimited transfer of wealth to a surviving spouse but you have to file a special form with the IRS. It’s not a simple task so if you don’t need to do it, I wouldn’t. Some people get in trouble when the second spouse dies by not filing Form 706.  It’s 31 pages long the instructions are 54 pages. This form has to be filed the year the first spouses passes to take advantage of the exemption, otherwise, you don’t get the combined amount.
For example, let’s say your estate is worth 9 million dollars. You can transfer all your wealth to your spouse. Then she/he can file Form 706 and have 10.98 million available for transfer to heirs without paying tax.
Related: How To Pay Little To No Taxes For The Rest Of Your Life
Other Trusts
If you have an estate worth more than that, you could separate out your life insurance into an Irrevocable Life Insurance Trust (ILIT). This entails placing your life insurance into this trust. As long as you don’t die within three years of establishing the ILIT, it’s not considered part of the estate.
Upon death, the ILIT receives the insurance money and the beneficiaries can get distributions. While alive, you must transfer enough money to the ILIT to support the insurance premiums and that money is subject to the gift tax rules. (maximum $14,000 per person per year) 
>Other trusts such as Qualified Personal Residence Trusts, Grantor Retained Annuity Trusts, Charitable Remainder Trusts and Charitable Lead Trusts can also help you reduce the estate tax.
If you find that you’re swimming in more money than you know what to do with, you could always give $14,000 per beneficiary per year to reduce your estate tax while you’re alive.
Between my wife and I we could give $140,000 a year to our kids. If each child has a spouse, double it to $280,000.
Over 10 years that’s another $1.4 million-$2.8 million I could shelter from estate taxes saving up to $560,000-$1,120,000 if tax laws remain the same. That is also assuming the yearly allowable gift amount doesn’t rise.
Unless you’re certain you’ll end up above the lifetime exemption, all these hoops may not be worth jumping through. If we retire with several million dollars in our 40’s or 50’s it’s entirely possible to be bumping up or exceeding the exemption level if we live another 40 or 50 years.
The Bottom Line
If you have people you care about that could inherit your wealth, a trust could be the best way to allow your wealth to transfer constructively with relatively low costs. With our trust, if anything ever happened to my wife and me, we would have the kids covered financially and give them a head start toward adulthood.
Tom – HighIncomeParents.com
Readers, anybody set up a revocable living trust? If so, why? How much did it cost for you to set up the trust? Any funny conditions you have in your trust for your beneficiaries? Isn’t life insurance an easier way to make sure your surviving depends are taken care of? When do you tell your kids, if ever, they have a trust fund? How much financial security is too much? This will be a topic of a new post. 
from http://www.financialsamurai.com/revocable-living-trust-benefits/
0 notes