I sat and stared at the computer monitor. My DEC Alpha workstation sits atop a card-table in the living room of my apartment. Under the card-table is a second machine, a Pentium-133 with four large SCSI disks, that serves as my file-server. Both of these machines run Linux. I have a third machine in my bedroom, also atop a card-table, that run Windows95; it is a Pentium-90. Sharing space on the card-table in the bedroom is a another Linux box --- a 486-66. All four machines are networked via Ethernet. I use a dial-up PPP connection to connect to the Pentium-100 at my office. Or, I connect to my ISP and connect to the office over the Internet from there.
After changing to the directory holding all of the EFT traffic from July 11th, I located the file that contained the full set of transmissions sent out by Bendix of St. Louis and destined for First Chicago Trust on that day. I quickly did a grep for `Cryer' and found three entries. Lisa said that there should only be one. I extracted the three EFT's into a separate file, and then printed them out on the laser printer. I carried the printout over to the kitchen table and laid out the pages side by side.
There was a transfer of $25.32 to the power company. This was the gas bill Lisa had mentioned. It seemed a bit high for an apartment gas bill in the middle of the summer... but Lisa said this payment was legitimate. The next EFT was a payment of $1021.33 to an account owned by Jonathan Rogers, whoever he was. This was one of the EFT's Lisa denied. The other, the last of the three transfers involving her account, was a deposit of $18120.11 into her account from an account at Bendix. That account was in the name of Anthony R. Lee. This is the transfer that had Lisa in hot water, for although both of these last two transfers had gone through when I replayed the file, the second one was a deposit into Lisa's account and more than cancelled out the losses of the payment to Mr. Rogers. While she claimed the EFT was bogus, the bank couldn't help but notice that Lisa gained $17098.78. Not a fortune, but more than spare change. I, of course, knew that she had benefited only because I had replayed the messages; I knew she was innocent, but the bank didn't.
I picked up the printouts and walked back to the machine. I sat down, jiggled the mouse to activate the screen which had automatically gone blank due to inactivity, and pulled the EFT log into a text editor. I scrolled through the file absently as I tried to guess what had occured on that night.
Had somebody appended the bogus EFT's? Who? Why?
It seemed strange to illicitly deposit money into somebody else's account. Could it be that Lisa really was up to some shenaigans? I shook my head in disgust. I had already ruled out that possibility; not only did I trust her, but she couldn't possibly have known I was recording and replaying messages. Even if she had been monitoring the EFT traffic over several months and therefore would have observed my earlier experiments, she still would not have known I'd be experimenting on any given day. I don't keep a regular schedule; even I would not have known ahead of time that I'd be tinkering on that particular day.
I browsed through the other files in the same directory. My line-surveillance program was designed to log all the traffic on the leased line. The one file I had already reviewed was seperate from the main log; I had seperated the set of initial messages from Bendix to First Chicago so that I could prepare the replay. Now I turned my attention to the main log. This file would contain all the messages from the session, including my replays.
I wasn't sure what I was looking for so instead of running search utilities as I had in my earlier post-mortem analysis, I scanned through the file haphazardly with a text editor. It was a good thing too, because as I scrolled through the file I noticed something that had escaped my initial review. The log showed that following the original transmission from Bendix to First Chicago --- the transmission that I recorded but let pass --- a bunch of error messages were returned by First Chicago. These messages were different from the class of messages that came later in the log, after my replay. These early error messages indicated that some of the EFT's were too badly garbled for First Chicago to process.
There were a lot of these errors. Too many. I typed in search-and-count `grep' commands to see how many. There were 893. Hmmm. Next I counted the number of EFT's in the original transmission from St. Louis. Yup; 893. Every single one of the EFT's had been rejected without any processing in Chicago.
This was strange. Had I done something to scramble the messages in transit? While an occasional bit-error over a phone connection is not unheard of, such glitches are rare with modern modems. Each EFT would have been processed seperately by the recieving bank, so an error in one EFT would normally be confined to only that EFT, leaving the others intact. Any line glitches should be isolated to a single EFT, or at worst a small number of consecutive EFT's. Yet each and every one of the EFT's in the log was rejected by First Chicago Trust on the grounds that each one was garbled beyond recognition. Strange.
I scrolled down further in the log and eventually reached the end of the error messages and the beginning of my replays. Following my 893 replayed messages were the responses from First Chicago. The bank accepted all of the replayed EFT's. And why not? Since the EFT's had not yet been recieved in uncorrupted form, this was the first time the bank was seeing them. By replaying the messages I had inadvertantly corrected the situation! The appropriate action following a catastrophic communications failure where all of the messages are garbled is to wait a short time and then resend all of the messages. I had done that for them.
So why had the people at First Chicago been in such an uproar over extra copies of the messages? What extra copies? And what did my tinkering have to do with the illegitimate payments? How had I enabled those?
Puzzled, I leaned back in my chair, an old wooden straight-back chair in desperate need of glue. It creaked loudly and the legs wobbled with more play than they should. The bare 60-watt lightbulb in the socket over my head was burning with a dirty yellow color, reminding me that I should replace it soon. The room was gloomy, with only that one light-bulb and the computer monitor to illuminate it. I stared at the information glowing from the screen. The folding card-table upon which the computer sat was littered with old notes and printouts, most of which I had long since forgotten the purpose for making. There where two mugs, each half filled with cold coffee. One sat precariously atop a slanted stack of papers while the other occupied one of the few spots of bare table surface.
Aha! Suddenly the events that must have transpired clicked in my head. The St. Louis bank would have recieved the error messages from First Chicago. Therefore those EFT's would have been resent by the St. Louis bank. It stands to reason that the bank would have taken corrective action after getting the error messages. I couldn't confirm this with certainty because I had neglected to record any traffic subsequent to the one session, but I had no doubt now that the sending bank must have resent the messages at a later date, probably the next day. So both Bendix and I resent the EFT's. Hence the extra copies. Since my copy got there first, the Bendix replay must have been rejected by First Chicago... except for the two mysterious EFT's on Lisa's account.
I sighed and pushed the keyboard away. I had come full circle. What was so special about those two EFT's? Lisa said they weren't legit. Fine. I would have to assume that they were forgeries.
What reason could there be for First Chicago to reject each and every EFT? Could they all really have been garbled? How?
No, the more likely explanation was deliberate interference by some individual. Hardware glitches and electrical storms would not cause such systematic corruption. Or, another possibility was that First Chicago chose to reject the EFT's for some reason and claimed that the messages were garbled as an excuse. Why a bank would do this I could not fathom. I suspected that the answer to the strange goings-on of the week before lay with the error messages from First Chicago; if I could explain those, then perhaps I would be able to explain the special treatment of Ms. Cryer's transactions.
I yawned and rubbed my eyes. The chair creaked some more. The clock over the kitchen table read 11:55. Tired and confused, I decided to call it a night. I ran the screen-lock but left all the windows open so I could resume where I had left off. I left all of the printouts on the kitchen table as well. Perhaps after some sleep and with a fresh start in the morning I would be able to make more sense of the strange symptoms I was seeing. What happened on July 11th? After listening to voice conversations at the bank, reviewing recorded EFT traffic, and talking to the prime suspect in the case, I was still baffled.