The plan was to walk in on Mr. Levinski unannounced, make it known that we were aware of the stalling tactics used by his bank to delay processing of EFT's, and use that as leverage to learn whatever it was that he knew. It took quite a bit of coaxing on my part to convince Lisa to go along with this plan. She argued that I was in no position to accuse others of tampering with bank transactions. Nonetheless, she did eventually acquiesce and agree to take the necessary time off work (I don't have that problem).
The plan worked well. Immediately upon being confronted, Mr. Levinski conceded that the bank did deliberately falsify the error messages on July 11th. He hastened to add that stunts of this sort were not as uncommon as one might think. Other banks generally turned a blind eye to this sort of thing, so long as nobody abused the unwritten privilege. In the banking world, this was the equivalent to claiming that ``the check is in the mail.''
Mr. Levinski went on to explain that it did not take the FBI long to uncover the scheme and to interrogate all of those involved. One of those people was Rudy Levinski himself. He was the one that actually implemented the scheme. He wrote the programs and his boss had him monitoring reserve levels and EFT amounts to determine when the bank needed to stall. It was Rudy Levinski that ran the program to generate the error messages on the 11th. My wire-tap caught the output of his program and recorded it.
Fortunately for Mr. Levinski, he was able to claim that he was little more than a pawn caught up in a corporate policy over which he had no control. To hold his job he must carry out the bank policies, irregardless of any improprieties he may find therein. Rudy explained to Lisa and me that it is his boss, Mr. Lampley, that will pay the largest price for that policy. The FBI has stated that it will prosecute Mr. Lampley and possibly some executives. This was one of the reasons that those same executives were treating Lisa as roughly as they were. I could only imagine what would happen if those men got there hands on me. Up to this point nobody at the bank was aware of my involvement. As far as they were concerned the forgeries and my replays were part of the same attack by some unknown hacker.
Lisa asked if Rudy thought that the people outside my apartment had been hired by his bosses. Rudy was adamant in insisting that the delay scam was not a major conspiracy. It was a common ploy used by banks and did not justify a major cover-up. Yes, it was illegal, but not unusual, he said. Furthermore, he was certain that the Mafia was not involved, nor any other sinister criminal element.
Rudy said that his greatest fear was that the hacker would never be found and that the FBI would need a scapegoat and that the bank would need a fall guy. It appeared very likely that Mr. Lampley would be a fall guy, but he would probably take some of his people down with him. As the man that actually operated the EFT system at the bank, Rudy was a good candidate for both a bank fall guy and an FBI scapegoat.
``This is my motivation for approaching Ms. Cryer to assist in any way I can,'' Rudy explained. ``That reason still stands. The fact that you two are aware of the EFT stalling operation in no way changes that. I am disappointed that you chose to visit me here at the my office, but as long as you are here anyway perhaps we can take this opportunity to review some of the forged payments together.
``Tell me Mr. Raymond, were you able to determine if the forgeries entered the EFT stream upstream or downstream of your wire-tap?''
``It was upstream --- closer to St. Louis. My recordings of the traffic include the forged EFT's on Lisa's account.''
This pleased him. ``That will help absolve First Chicago Trust then. If it was a bank employee that created the forgeries, it appears more likely that it was an employee of Bendix of St. Louis rather than my bank.'' He sighed softly. ``First Chicago Trust is in enough trouble as it is. It is a shame that we don't use public-key cryptography to sign messages. If Bendix had used a private signing key instead of shared secret key, then my bank could not possibly know the signing key and would be above suspicion with respect to forgeries. As it is now, since we use shared symmetric keys, it is the word of each bank against the other.''
There was a brief silence and then Rudy asked gently, ``what about the replays? Were those inserted into the message stream upstream or downstream of your tap?''
``Uh,'' I stammered, ``those were actually created at my wire-tap; not upstream or downstream.''
``I see,'' he said quietly, showing no surprise. ``You generated those yourself... and for what purpose?''
I am not sure why I chose to come clean at that moment. Perhaps I felt sorry for him. He was clearly under a lot of stress yet was taking it well. He was the victim of circumstances; an employee working for a corrupt employer in a ruthless business. Maybe I was simply conscious of the fact that Lisa was standing beside me and, having full knowledge of my involvement, would recognize any attempt by me to mislead Rudy or misrepresent facts. For whatever reason, the moment he asked about the replays I decided to tell him the full story. This I proceeded to do.
When I was done, his attitude was one of friendship and comraderie. We were all in this together now. He suggested that we pool our efforts and study the clues together. He pulled a small stack of papers out of the top drawer of his desk. They were computer printouts. Some of the lines on the pages were highlighted with a pink marker. He explained that these were the EFT's that his department had determined were forgeries. Recognizing a forgery was no easy task since the MAC's checked out perfectly. The highlighted lines on his printouts were found by investigating payments in a more mundane and conventional manner. Staff members had been studying payment patterns for individual account holders in an effort to weed out regular bill payments such as mortgage payments. When they came upon an unusual or large transaction, bank employees called the account holder for voice confirmation that the payment was proper. This was a pain-staking process and needed to be conducted carefully so as to avoid embarrassment to the bank.
Next Rudy laid a large sheet of paper on his desk. On this sheet was a hand-drawn diagram. The diagram consisted of points and arcs --- being computer scientists, Lisa and I both recognized it immediately. It was a directed graph; an abstract data structure. The arcs represented funds transferred from one account to another. The points that were connected by arcs represented bank accounts, and where labelled with account numbers. The direction of the arcs illustrated the flow of money from one account to another. Each arc was labelled with the amount of the EFT it represented.
The first thing that would have struck anybody upon looking at the graph, was the intricacy of the structure. There were many nodes (accounts) --- perhaps 50 --- but there were far more arcs. There were arcs going everywhere. There were multiple arcs between the same pair of accounts even. Some accounts had as many as fifteen arcs going in and out.
Rudy explained that these represented only forged EFT's. If the diagram included arcs for legitimate EFT's it would be far more complex.
``We estimate that we have found fewer than 15% of the forgeries,'' Rudy announced. ``As you can see, there is an excessive number of them. Most of the forgeries are on bank initiated corrections. Beyond that, there does not appear to be any pattern; they are everywhere and they go everywhere. They are in amounts ranging from ten dollars to tens of thousands of dollars.''
He looked at me sideways as he said this, as if waiting for me to say something or notice something about the graph. Other than the size of the graph and the number of the arcs, I could not see anything remarkable about it. It was a cyclic directed graph with weighted arcs. Nothing more. Rudy paused to mop his forehead with a handkerchief he pulled from his pocket.
``In addition to the amounts, I've annotated each arc with a date. I've also annotated the account numbers at the nodes with a bank prefix. Very nearly all the forged EFT's we have found are error-correcting transfers, meaning that they have been assigned a code to indicate that they are funds transfers intended to correct an earlier banking error.''
Some of the arcs had dates other than July 11th. There were many with dates later in that same week, as well as some with dates before the 11th.
When I mentioned this Rudy nodded but explained that far more intriguing was the amounts of the transfers.
``You will notice,'' he said, ``that the sum of the weights of the in-arcs and out-arcs are equal at each node. For every dollar that is stolen from an account, a dollar is deposited into the same account.''
Amazingly enough, this was true. Lisa and I chose a few nodes arbitrarily and added up the weights. Every time they summed to zero; no net change to the account balances. This was strange.
``In some cases the in-arcs and out-arcs are for different dates,'' Rudy continued. He stabbed a node near the center of the diagram. ``For example, on this account here the forged withdrawals are for July 13th while the forged deposits are for July 14th. Thus, while the account balance was ultimately left unchanged, there was a twenty-four hour period when it was incorrect by...'' He leaned over and studied the numbers. ``By $14,213,'' he finished.
``Why steal money and then turn around and give it right back?,'' Lisa wondered out loud. ``It doesn't make any sense.''
``Well,'' offered Rudy, ``the deposits come from different accounts. Perhaps the subject is some sort of Robin Hood figure and likes to redistribute wealth.''
That would have made more sense if the hacker actually was redistributing wealth. In just the small number of forged EFT's that had been found, the net affect on hacked accounts was zero. In each case --- except Lisa's --- the balances were restored within 24 hours. No money was changing hands other than for brief transient periods. Most of the balances were restored immediately. Some were ``restored'' even before the money was withdrawn.
Now, for the first time, I began to understand what had happened to Lisa's account on the day I replayed the messages between Bendix of St. Louis and First Chicago Trust. It was plain now. The hacker had forged an EFT to deposit funds into her account. He also forged an EFT to withdraw part of the deposited money. Then, either he was spooked by the error messages by First Chicago or else he intended to withdraw the remaining portion the next day. The result was that Lisa Cryer's account was the only account that was used to route forged EFT's where the net change in balance was not zero. The fact that the net change was positive, and by several thousand dollars, was what had Lisa in hot water with the police.
``Do you remember who the forged payment out of your account was to?'' I asked Lisa.
``Oh yeah, I remember all right,'' she replied with a mirthless laugh and a nod. ``It was to Jonathan Rogers for about one thousand dollars.'' She bent over to open her handbag as she said this. Moments later she had a small piece of paper in her hand and she read from it as she continued. ``The amount was $1021.33 to Jonathan Rogers. The deposit was from Anthony R. Lee for $18120.11. That makes my net profit $17098.78.''
Rudy slowly thumbed through the pages before answering. ``In addition to the deposit from Ms. Cryer's account there was a second illegitamate deposit into that account. Also, there was a payment out of Rogers' account. The amount of the payment equals the sum of the two forged deposits and we have confirmed that the payment was also forged.
This made Jonathan Rogers' account one of the many that the hacker was apparantly using to launder money. The hacker was routing money through numerous accounts. Sometimes he simply deposited money from one place and then immediately paid it out to another place. Other times he split a transfer or merged two or more. In the case of Jonathan Rogers, the hacker appears to have deposited money from two seperate accounts, one of which was Lisa's, and then used a single EFT to withdrawal the money. My guess is that Lisa's account was also being used to launder money, but in that case the hacker was using a single EFT for a deposit and two EFT's for withdrawals... except the second debiting EFT was never made.
``Carl, what is the point of all of this? Why is the hacker doing this?'' implored Lisa. Clearly exasperated, she was at a loss. ``Except for screw-up's like the one with my account, the hacker isn't stealing any money. What's the point? Is it just a power trip?''
``Probably. Most hacks are.'' I myself was not fully satisfied with this explanation even as I voiced it. It is true that most intrusions into computer systems are by kids on power trips, but this attack seemed far too sophisticated to be a joy-ride. The MAC's on the bogus EFT's were perfect forgeries. Any attacker that can crack DES is no prankster. Joy-riding through the bank accounts of numerous private citizens seems too high-stakes for even the most couragous braggart. When Robert Tappem Morris unleashed his worm on the Internet in 1988, he victemized a very large number of people, but he had no malicious intent. His worm was disruptive due to a bug in the software, causing it to replicate far too rapidly. Kevin Mitnick, while a major nuisance, never directly stole money from bank accounts. He appears to have broken into computer systems as part of an obsessive hobby, collecting root passwords as trophies. All indications are that the prize that Mitnick sought was respect from his peers, be they other hackers or his adversaries fighting to keep hackers out of their systems. Indeed, the standard but dubious argument that hackers use in their own defense is that they never actually steal anything. Hackers of this type tend to exploit bugs in operating systems and server programs. The most infamous security-bug-ridden program is sendmail, but there are many others. These same hackers also rely heavily on ``social engineering'', which is their term for a con-job. These people are phone phreaks and OS groupies. What they lack in formal education they more than make up for in persistence. They read OS manuals and phone company service manauls. Very rarely do they have any expertise in cryptology.
Malicious cryptanalysts tend to be in a different class. They are usually highly trained mathematicians, expert in the number theory needed to fully understand today's encryption algorithms. Anyone with such a deep understanding of mathematics and computer science normally recieves plenty of respect and prestige in their regular day-job. There is no need to seek out extra-curricular activities to build up one's ego and prove one's worth. The only plausible carrot I could think of that would entice a trained cryptanalyst to forge EFT's on the scale we were seeing was the promise of tremendous personal wealth. A pat on the back and a good story to tell at the bar simply does not measure up to the risk --- no matter how lonely and unhappy a person might be.
Our hacker was after money. But how? He or she doesn't steal any!
I looked at the directed graph splayed out on Rudy's desk. What can someone gain from this? I racked my brain. Rudy Levinski's bank occasionally rejects EFT's simply to avoid being caught off-guard in managing their reserves. Could this attack have a similar motivation? Perhaps. The fact that some accounts were deprived of funds for a full day might be an indicator of tinkering with reserve requirements. Or obligations for interest.
Aha! That was it! I realized then that the hacker was probably helping himself or herself to overnight loans at zero interest. Not large loans, but lots of them. The total could be quite large even if the affect on individual accounts was small. Maybe stalling on payments was not the only way First Chicago Trust met reserve requirements. Perhaps when the bank needed lots of funds fast, a few illegal and surrepticious ``loans'' were taken out of other banks.
``Have you told us everything about meeting reserve requirements at First Chicago, Rudy?''
``Yes. Why do you ask?''
``Take a look at the graph. Not all of the bank accounts that the hacker uses to route money are balanced immediately. Many of the accounts remain below their proper levels for a full day. It appears that somebody or some institution is using these forgeries to obtain overnight loans without interest. If my hunch is right, we will find that the net affect of all of these forgeries is a large flow of money out of Bendix and into First Chicago.''
``I do not fault you for being quick to accuse my employer of wrong-doing, but I will be very surprised if you are correct, Mr. Raymond. For starters, I will point out that our delay tactics interfered with the forgeries. Even you will agree Carl that it is far-fetched to suggest that we would deliberately interfere with our own scam. Furthermore, I do not believe that my superiors would treat Ms. Cryer as roughly as they have if they knew the source of the forgeries.''
Suddenly I found his exceedingly polite manner grating. ``Let's take a look anyway,'' I snarled, unconvinced by his argument.
We had only the confirmed forgeries to work with, and the banks were convinced that these represented only a small fraction of the full set of illegitamate EFT's. Nonetheless, I was hoping that they would serve as reasonable sample from which to determine if the net affect was a large shift of money out of Bendix bank accounts and into First Chicago accounts.
Trying to track the money along a chain of bad EFT's was next to impossible. Not only was the information we had very sketchy because the banks had not yet identified all of the forgeries, but the sheer number of EFT's made the problem insurmountable. The hacker was using multiple EFT's to deposit money into an account, and then using multiple EFT's, of very different denominations, to transfer the money out again. Sometimes the in-flow was equal to the out-flow, sometimes it wasn't. When the in-flow equaled the out-flow we figured the account was being used to launder money. When the in-flow was less than the out-flow then we figured we had an example of a ``loan''.
After an hour and several cans of iced-tea, I was forced to concede that there was no pattern in the bad transfers. The hacker was routing money pell-mell between the two banks and even within the two banks. There were transfers between numerous accounts at First Chicago. There were transfers into First Chicago. There were transfers out of first Chicago. There were transfers everywhere.
The data did not support my theory. The delay scam and the forged EFT's were indeed seperate attacks perpetrated by seperate entities. There would be no easy answers.
My heart sank. It was hopeless. Even writing a program to trace the money would be futile. The bogus EFT's were buried in the regular EFT traffic. EFT's number in the hundreds of thousands every day. This may not seem like a lot, after all a modern computer is capable of millions of instructions per second. Yet, with so many accounts in so many banks with so much activity, even with the use of super-computers there is no hope of being able to trace the money to determine which account is the one the attacker is using to collect his interest. It was an NP problem and for an NP problem, an input of 100,000 is hardly small.
Computer scientists have a way of classifying difficult problems. By measuring the run-time of the fastest algorithm for a problem, we can characterize the difficulty of solving the problem. We measure run-time as a function of the size of the input. For example sorting a list of words into alphabetical order is considered to be an n*log(n) problem. This is because the world's best sorting programs require n*log(n) operations, where n is the number of words in the list and log is the base-2 logarithm function. A complexity of n*log(n) means that if the program takes 30 seconds to sort 100 words, it will take about 7.5 minutes to sort 1000 words. The time we must wait for an answer grows with the size of the problem. The rate of growth is n*log(n). This is generally considered to be an acceptable rate of growth. There are many natural problems with much higher complexity functions. Many of these problems have exponential complexity. Path enumeration in a directed graph is but one example. There are many such problems. Some of them are well-studied problems with colorful names. The cute names often bely the abstract and complex mathematical nature of the problems. These are names like the Traveling Salesman Problem, the Chinese Postman for Mixed Graphs, the Rural Postman, the Crossword Puzzle Construction Problem, the Knapsack Problem, and, my personal favorite, the Left-Right Hackenbush for Redwood Furniture Problem. These, and many more, are all programming problems for which the best known algorithms have exponential complexity. If a problem with exponential complexity takes one second to process an input of length 20, then it takes 366 centuries to process an input that is only three times that size!
I groaned and slumped down in the chair.
It was hopeless.
Lisa was smiling broadly and shaking her head in wonderment.
``This is no ordinary hacker,'' she laughed.
``This guy knows his computer science. Embedding the
attack inside an NP problem... you have to
admit, he's no slouch.''
She was positively beeming. I didn't share her
admiration. We needed to solve this NP problem... fast.
Apparently she had forgotten that the three of us
were prime suspects.
With every additional day Lisa spent with Rudy
and I, it would be easier for the FBI to build a
case against the three of us, claiming that the three
of us were in cahoots. I already had a track record for
tinkering with things I shouldn't; Rudy had already been
implicated in the delay scam; and Lisa was several thousand
dollars wealthier due to one night's work.
Even if the FBI did not believe that we were guilty of running
the attack, with such a bold assault on our nation's banking
system they would need a scapegoat. Any one of the three of
us would serve the purpose; together we made a perfect EFT
counterfeiting ring.
``It is the perfect crime!'' Lisa exclaimed.
``And it is all made possible by the electronic banking system.
Using a computer to automate the crime, the criminal can mount
an attack of staggering complexity!''
She then proceeded to tick off the steps, one by one, on her fingers:
``And,'' she continued, ``the real kicker is that
the entire thing would never have been discovered at all if it had not
been for the coincidence of two other seperate attacks:
your replay experiments Carl; and your delay scam Rudy.
The interference of the three seperate attacks is the only thing that
brought the counterfiet EFT's to light.
Now, even when we know the forgeries exist, there is no feasible way
to determine who is behind them.
Whoever it is can keep right on doing it; nobody can stop it.''
Rudy sat down and rested his chin in his hand. He spoke quietly,
musing to himself.
``Our adversary simply channels money from all over the world into his
account. He returns the money as quickly as he takes it. He is careful
to borrow only small amounts from any individual. Nobody notices the
absence of a few dollars for one night.
Those customers that do notice the unauthorized EFT's also notice that
they balance. Most of the forged EFT's are assigned the code used
for error corrections, so when cautious customers do call with a
complaint, the problem is quickly diagnosed as an internal matter
that has been corrected by the bank, with no apparant loss to the
customer -- the matter never gets beyond the help-desk.
``Our adversary is clever.
By forging error-correcting EFT's, very little suspicion is
arroused by customers or by bank personel fielding the occasional
complaint.
Furthermore,
our adversary does not steal money outright; instead he or she makes
money off the flow of money.
What we are witnessing is a money mill.''
``Yes,'' I said, ``and the more money flows through the graph, the more
interest is paid out. It really is an electronic money mill.''
And so it was. Somebody was running a large money mill right in the midst
of our nation's regular banking activity. Intermixed with
legitimate transactions were counterfeits. These raced through
the EFT network, collecting small amounts of money from
accounts all over the world. Like a millrace, these transactions
poured money down the chute and over the wheel. As the wheel
turns interest is paid out. Once it passes over the wheel,
the money flows back to the accounts from whence it came. The
total volume of money in the system is preserved. And yet, at
the same time, new money, in the form of interest,
is generated and paid out to the person
running the mill. That person would be the millwright.
Which account did the millwright use to collect his or her
interest? There must be some part of the EFT graph
where all paths lead through a small number of accounts.
These accounts would be the millrace --- the chute down which
the money flows, leading it to the wheel.
We had found the money mill; now we needed to find the millrace.
If we found the millrace then we would be able to find the
millwright.
The three of us were amazed at the boldness of the crime.
What sort of person has the audacity to take on the
world-banking infra-structure? A very powerful or very desperate
person, that's who. Either way, this was becoming very
dangerous for amateur investigators such as ourselves.
I turned to Lisa and Rudy and voiced my fears, but they
would not hear of backing down.
``Hell, Carl. Now that we know we are going up against
a first-rate hacker, I'll be damned if I'm going to stop
now,'' Lisa exclaimed. The new found admiration she had for
our adversary was still evident on her face.
Rudy too was eager to enter the chase.
``Not only is my own professional reputation at stake, but
I feel that our world economy has been put in a precarious
position,'' he said. ``I feel it is my moral obligation
to correct the current situation and remove the vulnerability
that makes it possible... whatever that vulnerability might be.''
A little melodramatic for my taste, but that was Rudy.
OK then, we were all in agreement to press on.
The three of us set to work to determine how we might
be able to find the man, woman, organization, or government
that might be running the digital money mill.
With the help of Rudy, we identified several EFT and
account parameters relevant to financial activity. We then set to
work trying to characterize suspicious activity in terms of these
parameters. Rudy was especially helpful. He dug up a program
the bank already had for doing essentially the same thing. This
application was different only in the sort of activity that was
deemed suspicious, and consequently the choice of parameters.
Still, there was some overlap and we were able to borrow heavily
from the designs.
We decided early on that we would evaluate and filter each account
on an individual basis. We would do no traffic analysis. We wanted
to avoid any complexities due to expensive searches in the EFT graph.
Instead, we needed an efficient program, even if that meant that
it would be only an approximate solution.
Our plan was to collect lists of suspicious EFT's and search for
two types of patterns. First, we hoped to be able to identify
bank accounts with a large number of illegitimate EFT's over an
extended period of time. These accounts were prime candidates for
accounts owned by the people running the money mill.
For the mill to work, there had to be some collection accounts
where large volumes of money flowed continuously.
This would allow the crooks to maintain high balances using other
people's money.
It would take a lot of pruning before the number of such accounts
would be small enough to make manual review of each one practical.
All evidence indicated that there was an appallingly large number
of illegitimate EFT's, to say nothing of the fact that it is next to
impossible to characterize bogus EFT's accurately.
Nonetheless, we set out to design and implement a
Balance Inspection Filter program --- BIF for short --- to do just
this. The design made use of a rule-based architecture whereby we
could easily modify the semantics to redefine a suspicious account.
Lisa took the lead, explaining that she had developed several
rule-based systems for the Macintosh in the course of her work
at SoftTykes.
We had a backup plan as well; a second program, which would also be
written by Lisa, would tackle the problem from an entirely different
angle. Given a subgraph of the EFT graph, this program simply enumerated
all paths that maintain a constant balance. This was the path enumeration
program --- the one with exponential complexity. We hoped that we could
keep the size of the input small by only processing the output of the first
program. We planned to pipe the output of BIF into this
program and then analyze individual paths.
In we found any cyclic paths that left the balances of all the accounts
in the path unchanged, then either that path would be a decoy or else
it would be part of the money mill and one of the accounts in the
path would be an account that the millwright was using to collect
interest on the flow.
Even better, if we found an acyclic path, then it seemed likely that
we would have an example of an outright theft.
Our theory was the the millwright probably used collection accounts
with extremely high balances; otherwise the interest payments would
not be large enough to warrant the risk of executing such an elaborate
and bold scheme. Rudy, who was more knowledgeable in banking matters
than Lisa and I, believed that the sum of the
balances in all the collection accounts, however many there might be,
was probably in the neighborhood of $1 million.
Since it was unlikely that a crook would have this sort of capital
available for an initial investment, the millwright probably had to
steal the money used to seed these accounts.
An acyclic path, if we could find one, might be an example of a theft
used to seed an account. With luck (lots of luck), we might find
an acyclic path and then it would be relatively easy to trace the
path to its final destination, which would be an account owned by the
crooks. From there the FBI could use more traditional techniques
to find the account holder and apprehend him or her.
Of course we would haev to be careful to avoid mistaking part of
a cyclic path as an acyclic path.
We recognized that the chances of finding an acyclic
path were slim indeed. Due to the to the
explosive number of paths in an EFT graph, which contains a tremendous
number of arcs, stumbling upon such a path within our lifetime was
unlikely. Still, as long as the machines were idle anyway, we figured
we might as well put them to work (we were desperate).
It was Rudy that came up with the name of deep-throat for the program
that enumerates EFT paths. He pointed out that the person code-named
Deep-Throat that had helped Woodward and Bernstein expose Watergate
had repeatedly told them to ``follow the money.'' And that is precisely
what this program does.
With luck, we would be able to follow the money down the millrace and
right into the millwright's bank account.
Then we would turn the matter over to the FBI and let them arrest
him or her. It would not be easy though. We already had ample evidence
that the millwright was a clever computer scientist and expert
cryptanalyst.
He or she ---
it was at this point that
I decided to myself that I would presume the millwright was a male;
it makes it much easier to think and talk.
He might have anticipated the investigative approaches we were taking.
Clearly he had anticipated a deep-throat style program and had come up with
the clever trick of hiding the entire crime within an NP problem.
This demonstrated strong expertise in computer science as well as
a mind that is capable of devious trickery.
The attack itself -- counterfeiting EFT messages that rely upon DES
MAC's for authentication -- requires highly unusual skill in
cryptanalysis. There are very few known weaknesses in the DES algorithm.
The few weaknesses that have been published are directly related to
key-size and not to the DES algorithm itself. Triple-DES, which makes
use of two 56-bit keys and three iterations of the regular DES algorithm,
is very strong indeed. The world's best cryptanalysts have not been able
to come close to cracking triple-DES, and it has been in wide-spread use
for three decades.
If the millwright is able to forge DES MAC's --- and all evidence pointed
in this direction --- then he was one of the worlds top cryptanalysts.
Our task would not be easy.
To succeed the three of would need help from deep-throat, BIF, the FBI,
and fate.
10
20
30
40
50
60
n
0.00001
0.00002
0.00003
0.00004
0.00005
0.00006
n2
0.0001
0.0004
0.0009
0.0016
0.0025
0.0036
n3
0.001
0.008
0.027
0.064
0.125
0.216
n5
0.1
3.2
24.3
1.7 min
5.2 min
13.0 min
2n
0.001
1.0
17.9 min
12.7 day
35.7 yrs
366 cent