``Ladies and gentleman, we will be delayed a bit longer. We expect to have clearance for take-off in about fifteen minutes. We apologize for the delay.''
Agent Carter groaned and slouched deeper into the seat beside me. We were sitting on a 727 bound for St. Louis. The plane was still resting on the runway at O'Hare, in the same spot as it had been for the last twenty minutes. And now it sounded like it would be at least another fifteen minutes more.
Agent Carter loosened his tie and sighed loudly. He was wearing a black suit, white shirt, and a navy tie. He had not taken off his suit-coat when he sat down and he now looked quite uncomfortable.
I was wearing casual pants and a T-shirt. I had been tempted to put on my ``munitions'' T-shirt that morning, but had decided against it. No point in destroying my good relations with the FBI only days after it began.
My munitions T-shirt is a shirt that I own that has the full implementation of the RSA encryption algorithm printed on it. RSA is not a complex algorithm, and it can be implemented in only a four lines of (highly optimized and very unreadable) Perl. Since the US State Department has declared that any RSA program is to be classified as a munition and therefore can't be exported, my shirt is a munition. I bought the shirt from a fellow that printed a large number of them and sold them over the Web. The shirt was intended to be a barb directed more toward the State Department and NSA, rather than the FBI. Still, I don't think that Agent Carter would have found it as amusing as I did.
The plane did eventually take off, about a half hour after the captain had promised us that it would be only fifteen more minutes. The flight was extremely short. It was one of those flights where the plane never really has a chance to level off. No sooner did it fully ascend before it started descending. Agent Carter and I filled that short time with talk of the latest developments in the case. Apparently the FBI had confiscated several of the computers at First Chicago, particularly the desktop machines used in the security department. The hard-drives on those machines contained ample evidence of the delay scam. There were numerous memo's and e-mail messages that not only detailed specific instances of the scam, but also described the unofficial bank policies outlining circumstances under which the scam should be used and how it should be covered up if questioned.
He said that Lampley had made an effort to delete most of these files, but it is difficult to erase data from a hard-drive such that it can't be recovered by forensics experts. Jonny spent a good part of the trip bragging about how the FBI was able to recover the data despite Lampley's efforts to conceal the evidence. I had already heard stories (mainly from the net and other questionable sources) of forensics experts recovering data from disks even after the entire disk had been overwritten with random data. Supposedly, by physically examining the magnetic patterns between tracks on the disk, one can infer what has recently been stored on the tracks. I have also read the FIPS document, where it requires that RAM be zeroized by first powering down the machine, and then powering it back up and overwriting the RAM 1000 times with successive 1's and 0's. If proper clearing of RAM requires such elaborate precautions, it comes as no surprise to me that removing all physical evidence of information stored on hard-drives, without actually destroying the drive, is difficult.
When we landed in St. Louis, Jonny took care of the car rental. He got us a grey Taurus, with air-conditioning, thankfully. St. Louis is hot and extremely humid in July.
As it turns out, Bendix of St. Louis is not located in St. Louis. The Bendix headquarters is in Clayton, which is a suburb west of the city. The airport, which is northwest of the city, is directly north of Clayton, and I-170 runs between the two. It was a short drive down I-170 and we reached the bank by 10:30. The building itself was a typical bank headquarters, a glass tower of about thirty floors with a square footprint. Clayton contained many other buildings of a similar nature, at least a couple of which were undoubtedly competing banks. There was parking both under the building and another around in the back. Jonny chose to park in the lot in the back.
Inside, we were met with a strange scene. The bank was a bustle of activity, very little of which appeared to be related to finance. This would not have been a good time to go to Bendix of St. Louis for a loan.
The hallways were filled with people trotting in and out of offices. We passed one room where a women in a beige dress was standing in front of shredder feeding documents in at a steady pace. It looked as if she had been at it for quite some time, judging from the bored expression on her face.
Managers called out from behind their desks at passers-by in the hallway. I overheard shouted requests for ``security audits'' and ``activity reports.''
There were security guards posted at regular intervals down the hallway. I wondered how an uninformed guard could possibly recognize inappropriate behavior in the midst of such unusual activity as people bustled back and forth with stacks of papers in their arms.
We passed a short middle-aged man in a black suit crawling along the floor with a tape measure in his hand. He appeared to be measuring the length of the hallway, although I could not fathom his purpose. I glanced at Jonny, but he wasn't looking in my direction so I couldn't see his reaction. Instead he was looking further down the hallway, where a workman was standing atop a step-ladder and mounting a surveillance camera high on the wall.
Still more workmen had been putting in lights in the parking lot when we parked the Taurus. They appeared to be new additions rather than replacements for old lights. Despite the mid-morning sun, the lights shone bright when they tested them as we stepped out of the Taurus. These were bright halogen lights, seemingly capable of lighting a small baseball stadium.
Before we reached the workman on the step-ladder, a voice called out to us through one of the open office doorways. A very young man hurried out into the hallway to greet us. He could not have been older than twenty-eight. His hair was black and longish for someone dressed as conservatively as he was. He wore a grey pinstripe three-piece suit with a white dress shirt underneath. The shirt had French cuffs and he wore silver cufflinks. His tie was red and conservative. On his feet he wore neatly polished black wing-tips. He introduced himself as Tony Miccuzzi, the man we had come to see. He was an information security officer at Bendix of St. Louis.
``Have you got the tape we requested?'' Jonny asked after the introductions were over.
``Yup, it contains all of our interaction with First C over the last twenty business days,'' Tony said as he extended an 8mm tape cartridge out to Jonny.
Jonny immediately opened his briefcase, resting it on a lifted knee while balancing himself on the other foot. He took a manilla folder out of the briefcase at the same time that hie put the tape in. He opened the folder and laid a single piece of paper on the desk. On the page were neatly typed notes.
``We'll look over the contents of the tape back in Chicago; I dragged Carl down to St. Louis because I want him to see your EFT operations in action. He was the one that picked up on the delay scam at First Chicago and he may be able to assist us with the investigation. We are already familiar with the protocols; we want to review the policies and practices that are specific to Bendix. For starters, who knows the master key?''
``You really should talk to management about stuff like that,'' Tony said hesitantly. ``I am too far down the ladder to know all of our policies.''
``We will be talking to management too,'' Jonny assured him, ``but my experience as an investigator has been that it is the people in the trenches that know how things really get done.''
This appeared to please Tony who now said, ``I can tell you right off that I don't know the master key. Nor do I have access to it.''
For the remainder of the morning the young information security officer reviewed the Bendix security policy with us. He also gave us a tour of the EFT operations room and let us look in on some transfers. Jonny asked lots of questions and took lots of notes. I only watched and listened, choosing to interpret my role as an observer very literally. Jonny did not limit his questions to Tony, but also directed many questions to members of the EFT Operations group. On three seperate occasions Jonny spoke to employees individually, out of ear-shot of Tony and other Bendix employees. For the most part, Jonny's questions related to procedural aspects of EFT operations. All of the questions were posed in a non-threatening and friendly manner. Jonny played the part of an outsider interested in the logistics of wholesale banking.
After lunch Jonny and I met with several managers, each on an individual basis. To each manager Jonny posed the same two questions:
All of the managers were in agreement in their responses. Every one stated that he was sure that policy was followed to the letter. Two of the managers gave long and condescending answers, explaining to us the importance of security to Bendix and the need to follow the official corporate security policy.
The estimates by the managers for the probability of failure ranged from 10-6 to 10-15. The manager that claimed 10-15 explained his estimate by claiming that the only point of vulnerability in the entire system was DES and that the best cryptanalytic attacks he knew of for DES required on the order of 1015 operations. I bit my tongue and did not comment on his oversight of numerous other points of vulnerability, nor on his flawed reasoning.
On one occasion when a middle manager was especially vocal in asserting that he saw to it that procedures were followed rigidly, Jonny informed him of our morning interviews and, without naming names or giving too many details, explained that we had learned of four different security procedures that were ignored in his branch office alone.
``And this isn't an isolated example,'' Jonny added. He then explained how the probability of failure estimates provided by the operations personnel, the people in the trenches, was many orders of magnitude more pessimistic. I myself was shocked not only at the disparity between the views of management and the views of the lower-level employees, but also at the consistency with which the two groups adhered to their differences. I was reminded of the situation at NASA following the space shuttle explosion. Another example I had heard involved a government minister in Britain. This man was responsible for all of Britain's banking industry a short time ago. He was claiming an error rate of 1 in 1.5 million when most others quoted something closer to 1 in 20,000.
I did not say much in the interviews, not even when the one manager gave his estimates for vulnerability based entirely on the number of operations in a brute-force attack on DES. Instead I let Jonny do his job without interference. I was impressed with the efficiency with which he was able to pull information out of people. He had certain questions which he asked every person we interviewed. He did not follow a script and the prepared questions came out at different points in the different interviews, seemingly fresh and spontaneous each time. He never let the conversation wander, remaining in control at all times. It was a long process --- we spoke to fourteen people that day --- but Jonny knew how to obtain the maximum (useful) information in the minimum time.
Despite the fact that both Jonny and I were exhausted after a full day of interviews, we went back to Tony's office to do more investigative work. We found Tony hunched over his keyboard. Jonny explained that he and I were booked on a flight for the following morning. Since this meant that we had the rest of the day and the evening free, he suggested that he, Tony, and I pool our wits and see if we could figure out how the money mill forgeries were being made. Tony enthusiastically agreed and we set to work.
Using the whiteboard on the wall of his office, Tony walked us through a full EFT session between Bendix and First Chicago. Each step of the way, both Jonny and I interrupted with many questions as we tried to find weak points in the protocol and in the business policies of both banks. Things got a little complicated when we reached the point where the Chicago bank executed the delay scam, as this muddied the picture. I suggested that we leave out that aspect of the scenario, since it was unrelated to the money mill attack, but Jonny was reluctant to change any aspect of the timeline of July 11th.
Several hours later we reached the end of the timeline with no new insights into the forgeries. The end of the work-day had long since passed and everybody else had left. The halls outside Tony's office were now quiet. The silence was eery, especially in comparison to the earlier chaos.
``Yeah,'' Tony replied when I commented on the sudden solitude. ``This place has been like a zoo the last couple of days. Did you notice the new lights and cameras in the parking lot?''
Tony loosened his tie, a red one with a brown paisley print. He left it around his neck but loose enough that he was able to unbutton his collar button as well. He then excused himself to go to the restroom.
Now that we were alone I asked Jonny why he kept asking the managers about policy and the probability of failure. It was a question that I'd been waiting to ask for some time. After all, we were not business consultants; what did the FBI care if Bendix managers were out of touch with the reality of the technical situation? Why harp on it?
``Because,'' Jonny explained, ``any time upper management denies there is lax security, and refuses to look into breaches when they occur, the door is left wide open for an inside attack. Do not think for a moment that the employees are unaware of management's attitude.''
I whistled softly between my teeth. It made sense. If employees know that managers turn a blind eye to security incidents, then there is no deterant. By covering up problems, the banks make themselves all the more vulnerable.
Banking relies upon trust; it is the very essence of the business. A bank fails when consumers lose faith in the bank's ability to safeguard money. When there is a security breach at a bank, it would seem quite rational for the bank to gloss over the problem. Even if a bank must sustain the financial losses associated with a successful hack, that may well be preferable to letting the inability of the bank to protect itself and its customers become public knowledge. This is the point that Jonny had made upon our first meeting, in Agnes' office.
``I was trying to establish that the Bendix employees had the opportunity to commit inside attacks on the EFT system,'' Jonny finished.
I would say he succeeded! The environment at Bendix was ripe for fraud.
``We see this all the time with ATM fraud,'' Jonny said conversationally. ``It isn't at all uncommon for security personnel at banks to be quietly fired for disciplinary reasons. On the other hand, it is uncommon to hear a public admission by a bank that recent ATM fraud was traced back to the bank's own security department. The numbers don't add up; people are being fired for theft but nobody is reporting the thefts.
``Not only do the security personnel know better than anybody where the flaws are, but they know better than anybody just how strong the impulse is to deny that a problem exists. I learned during my case-work on ATM fraud that bank managers like to fool themselves into thinking that each and every case of ATM fraud is an isolated incident, a fluke, that can't possibly be repeated and therefore requires no corrective action. You saw that for yourself this morning.''
Tony still had not returned. I took advantage of Jonny's talkative mood and asked why the current case was different. Why was this case getting so much attention, both from the FBI and from the banks? Neither Bendix nor First Chicago appeared to be sweeping it under the rug. At Bendix the signs of upheaval were obvious.
He reminded me that the Bendix reaction was very ambiguous. On the one hand the offices were a site of mass hysteria and over-reaction. On the other hand, the bank managers attributed the problem to a fluke occurence that was unlikely to be repeated. They claimed that Bendix security was exemplary.
Jonny answered my question by noting that there were several reasons why this case was different. He tapped his pencil on his fingers as he ticked them off.
``Hell,'' he said as tossed his pencil on the desk and leaned back in the chair. ``Even I would have shrugged it off as another example of tricks of the trade and let the banks deal with it themselves.
``Or take the Argenina heist as another example --- twelve million dollars stolen by a couple of hackers, and scarcely a murmer in the press. If it had been an armed robbery it would have been all over the news.''
Tony returned and we changed the subject back to the EFT forgeries. We all agreed that the money mill was probably being run by an individual or a small group of people. Unlike the delay scam, the money mill did not appear to be a case of institutional fraud. MAC's are not like digital signatures; they do not provide strong non-repudiation with a third-party. Both the sender and the recipient of an authenticated message know the authentication key. The recipient cannot prove to a third party (e.g. a judge or arbitrator) that the message originated from the sender because the recipient can attach valid MAC's to messages just as easily as the sender can (since both know the key). Therefore, an insider at First Chicago, the recieving bank, would understand that creating messages that purportedly came from Bendix would not absolve First Chicago from suspicion. And certainly an insider with access to the key at Bendix would not be so foolish as to think that he or she would be overlooked in an investigation. The FBI was targeting each and every employee that might conceivably know EFT keys at either bank.
During the course of this conversation I learned that the FBI was using a very broad definition for ``employee that might conceivably know''. Apparently the FBI was investigating each and every employee at both banks, although the focus of the investigation was in the information security and EFT departments. Shortly after saying this Jonny excused himself to call his wife and say goodnight to his children. Tony took his tie all the way off and tossed it on the desk. He was wearing only a black pair of socks on his feet, having taken off his shoes at some point. His shoes were sitting under the desk, beside the waste basket.
``It's been rough,'' he groaned. He slumped down in his chair and let his arms drop straight down to either side of his slight frame. Tony wasn't bulky enough to fill out his suit even under the best of circumstances. Now, having missed dinner and working late into the night, his suit was wrinkled and disheveled. He stretched his legs out and rested one foot on the waste basket. Leaning back in his chair he stared at the ceiling.
``They gave me a hard time too,'' I said. ``Of course in my case they had good reason to, seeing as how I was a prime suspect at the time. I don't feel justified in getting indignant about it.''
``Well, the same goes for me too,'' he conceded. ``I was warned when I was hired that if anything went wrong the entire security department would be put under the microscope. Its crazy. Nobody in the security department would be foolish enough to run the mill. I never thought there would be an incident on the scale of this one.'' He grimaced, seemingly in pain. All of us were exhausted.
``I'll admit we have occasional minor incidents,'' Tony said with a shrug. ``Happens all the time actually. But do you realize how big this one could be?'' he asked. He shuddered visibly as he said this. He slumped down further in the chair (I would not have thought it possible) and put his hands over his face for a moment. His long wavy black hair was unkempt. Fatigue had set in for both of us. I massaged my eyes; I would have preferred to splash some cold water over my face. What I needed was a sink. Or a bed.
``I'm scared Carl. Really scared. The forgeries we are seeing are perfect forgeries. Somebody has cracked DES or has broken into a key center --- take your pick. Either way we got trouble.
``The worst part about it is that it does not look like this case is going to be solved. The FBI is in over their heads. Jonny doesn't know what to try next and he is the best they've got. Even worse, why is it that ---''
Tony stopped abruptly and a moment later I saw why. Jonny stepped up behind me. ``Max gave me one of his 7-Up's,'' he said. ``Either of you want some? He didn't have anything with caffeine,'' he sighed. Then, seeing the uncomprehending look on our faces, he added, ``Max is the guard down the hall. Nice guy.''
``Thanks,'' I said as I held out a hand for the low-octane soda. I took a swig and passed the can to Tony. ``I don't think we're going to get any further tonight. We'd better call it a night and head home,'' I suggested.
``You mean call it another day,'' Tony said. ``It's 4:30 already. In fact we'd better get out of here before people show up for work. We don't meet the dress code anymore. Wrinkles aren't considered a valid substitute for pin-stripes,'' he smirked. Not the best of jokes, but it was 4:30 and we were all way behind on sleep so I let it go and returned the smirk with one of my own.
The three of us made a feeble attempt to neaten up the papers strewn about the room, and tossed out the styrofoam cups. It took Tony a bit longer, mainly because it was his office and most of the papers were his, but also because he seemed to have ``made himself at home'' more than Jonny and me. Jonny and I were waiting in the hallway when Tony finally left the room and shut off the light behind him. He had his neck-tie in one hand and his suit-coat in the other.
The emergency lighting illuminated the hallway with an eery glow as the three of us walked down the hall. Twenty hours and little progress to show for it, I thought. We were all feeling dejected. Tomorrow -- no, today -- Jonny and I would be heading back to Chicago. Lisa wouldn't be pleased; she had pinned high hopes on this trip. She wasn't the only one.
I glanced to my left at the two men walking beside me down the hall. I didn't envy Jonny. I only had to deal with Lisa; he had to answer to Agnes. And Tony was still in hot water and now seemed likely to remain so for quite a long time. There were no leads left to explore at this point; we had run out of ideas.
We reached the end of the hall and turned left and then left again. We came up to the locked door with the guard station immediately inside.
``Hey Max,'' Jonny greeted the guard. ``Thanks again for the pop, man. We're headin' out.''
``Nice meetin' ya Jonny,'' replied the guard as he slid the log book across the desk in our direction. Jonny wrote in the time (4:51 now), our names, and our purpose. The three of us then signed it and, with a final nod to Max, walked out the door and into the elevators. Nothing was said as we waited for the elevator and descended to the lobby. The three of us walked out to the cars together.
``Sure is nice that they puts these lights up,'' Tony remarked with a smirk. ``Now I can find my car more easily. I can even find the keyhole for the door-lock. My car doesn't have a remote-control door-lock.'' We were all tired, but Tony most of all. He laughed a little too hysterically at his own (poor) joke as he said goodbye and collapsed into his dirty rusty clunker.
Too exhausted to bother with elaborate goodbye's Jonny and I waved our hands, said we would see Tony the next time we were in town, and climbed into the Taurus. I immediately reclined the seat-back as far as it would go. I stretched and let out a long sigh. It is amazing how comfortable a car-seat can be when compared to cheap office furniture and when the evaluation is made after considerable sleep deprivation. I didn't even mind the clammy feeling from my clothes as the sweat that had soaked into them over the hours cooled down from the air-conditioning in the car. Jonny didn't look or smell like he was any fresher. I wondered if somebody would have to sit next to me on the airplane. I hoped not. I wondered if I would have to sit next to Jonny on the airplane. I hoped not. I slipped into sleep.