``What?!''
Agnes Brown was agahst. She threw up her hands and leaned back in her chair. It was a high-backed leather chair that creaked loudly when she stood moments later. Jonny stepped out of her way. He glanced in my direction but said nothing.
Jonny had reacted to my news with great excitement and had rushed to Agnes' office to give her an update. He had expected Agnes to be pleased with the breakthrough in the case. Instead she was distraught over the flaw.
``How,'' she asked, ``can a security system that has been in use for over a decade be so badly flawed? The NSA helped develop that standard! It has been reviewed by security experts at DEC, IBM, Burroughs, Citibank, Mellon Bank, NCR, AmEx, Honeywell, and countless other high-tech companies.'' She flung an arm in my direction. ``And he finds a flaw after just a couple of days of study.''
I do not think that the derision in her voice was intentional, nor do I think she meant to insult me personally. Probably what she meant to say was that a single individual managed to find a flaw that a panal of expects had either overlooked or else deemed unimportant.
``When was the last time it was reviewed?'' she asked.
``It was reviewed and re-affirmed in 1991,'' Jonny answered. ``In 1995 there was a revision. The 1995 version is quite different from the 1985 and 1991 versions.''
I was surprised by the swiftness and accuracy of his reply. Apparently Jonny too had been studying the EFT protocols. ``Right,'' I said, ``but the flaw remains in the revised standard as well. I already checked. The 1995 changes do not correct this flaw. Indeed, the protocol itself remains unchanged. The changes made to X9.17 in 1995 are primarily involved with the notation and the drafting of the document... cosmetic stuff.''
Agnes strode from the room, beckoning to Jonny and me to follow. Not sure where we were going, or why, I fell in behind Jonny. Down the hall and to our left. Past the elevators. Through a door at the end of the hall and up a narrow staircase. We went up three flights. That put us on the tenth floor. We entered a wide outer office with a young male receptionist sitting at a long low desk. He looked up critically and raised an eyebrow.
``Do you have an appointment Mrs. Brown?'' he asked.
``Is he in?'' came the curt reply.
``He's busy,'' the receptionist shot back.
Without another word Agnes headed straight for the inner office door. Whoever ``he'' was, the fact that he was busy did not slow Agnes in the least. Jonny followed, but two or three paces behind now. The receptionist sighed and punched the key on the intercom with an air of resignation.
The intercom was buzzing on the desk as we walked in. The man sitting behind the desk looked away from the intercom and up at us. Agnes sat down into the chair immediately in front of the desk.
``What is it now Agnes?'' the man asked with a deep sigh and a forlorn glance at the papers lying in front of him. He took off his glasses and massaged his temple.
``The First Chicago case has heated up,'' said Agnes.
The man behind the desk sat up and let out a mirthless laugh and said, ``heated up? That case was red-hot already. What happened now?''
He listened without comment as Agnes told him that our banking system has a security hole large enough to funnel out billions of dollars. He was a portly man, in his early 50's. His hair was beginning to thin at the top. He had a strong air of authority about him. I later learned that his name is Charles Fisk and that he is head of the Chicago office of the FBI. His responsibilities include general oversight of all Midwest operations. He had been appointed to the post only six months prior to that meeting and was still getting used to Agnes' no-nonsense style. He tended to keep the reigns loose on people under him, Agnes especially. Now, though, he wanted a full status report and wanted the details on all leads. No sooner did Agnes finish explaining the flaw (as best she could (I did not dare correct her)) than Fisk wanted a run-down on all of the suspects.
``What have you got so far?'' he asked.
Agnes took a deep breath and glanced toward Jonny. ``Our best leads at this point are going to be whatever we get from a computer program that was written by a young woman that was an early victem.''
``Yeah, you told me about that. You mean Cryer. What was her first name?''
``Lisa.''
Agnes was referring of course to the program that Lisa, Rudy, and I had written. Actually we had written a pair of programs, but I was sure Mrs. Brown was talking about BIF and not Deep Throat. Of course Agnes would have been unaware of Rudy's recent contributions to BIF. Jonny took a step forward and began to explain to Fisk the findings of BIF. I was surprised at the amount of success the FBI had already had with the program. With the help of BIF, the FBI had found a bank account at Chase Manhatten that was being used to funnel a large number of EFT's that they believed to be counterfiet. Like many other accounts, this account had a large volume of money passing through with the account balance remaining roughly level. On any given day, the deposits into the account were nearly equal to the withdrawals. This despite the fact that tens of thousands of dollars were passing through the account daily.
What made this account especially interesting was that many of the payments were directed to a bank account in France. Could this account be one of the main arteries out of the country? It was the first solid evidence we had of laundering. Money was apparently being laundered through this account and then shipped overseas. Although they had not yet confirmed it, the FBI was convinced that they would find that the next destination for the money, after the French bank, would be a bank in Switzerland. Fisk immediately urged Agnes to have her agents confirm this as soon a possible.
``We are working on it,'' she replied. She swept her hair off her forehead and out of her eyes. With a nod to Jonny, she said to Fisk, ``the most interesting thing about these forgeries that Agent Carter has described is not so much where the money is headed, but rather where it came from.''
Fisk raised an eyebrow and turned to Jonny. In response to this cue, Jonny continued.
``We traced the money backward through the EFT network. When we did this we discovered that much of the money that was being routed to the French account was stolen from the accounts for a Major League baseball team --- not borrowed but stolen. All of the other forgeries we have seen have been loans. As you know, the way the mill works is that the hacker borrows money from lots of accounts and promptly returns it. Usually within 24 hours. Sometimes, just to throw us off the trail, the money is returned even sooner, in which case there is no loan --- just laundering. We have even seen cases where the money is deposited a day or two before it is withdrawn. This is why it so hard to trace the counterfeit money. There is no pattern to it and most of it is only borrowed.
``The baseball team's bank account is the first example we have found of an outright theft. We figured all along that such accounts must exist. After all, the millwright has to seed his operations somehow. Now we have an example. We think that the choice of accounts is not random.''
I was baffled. Why would a computer hacker single out a baseball team as a target?
Agnes answered my unvoiced question. Speaking to Fisk, she said, ``We are developing a profile. We believe the subject is a young male computer professional, a loner. He probably does not have an active social life. He appears to have a great deal of time to devote to devising clever ways to undermine our banking infrastructure... not to mention the time to operate the mill on a daily basis. It is likely that he is lacking athletic prowess. Perhaps he harbors some resentment toward professional athletes.''
Fisk wasn't buying it. Neither was I. They were attaching too much importance to the baseball connection. Sure it was unusual that the first example of a theft in the mill that the FBI stumbles upon happens to be on an account of a high-visibility organization, but was it really as unusual as they seemed to believe? It reminded me of the common situation where a person flips the top card on a deck of cards and then claims that a very low probability event has occurred when the card is, say, the Ace of Diamonds. Would the result have been any more atsonishing had it been the Ace of Spades? Or the any other Ace? What about the Joker, the Jack of Diamonds, or the Queen of Spades? Without first declaring which cards we consider ``unusual'', it is not meaningful to discuss the liklihood of flipping over an unusual card.
Was it really that surprising that one of the victems of the mill was a sports club? Would we be any less surprised if it were a movie star, a politician, or a religious organization? Or if it had been IBM, Microsoft, or GM?
I don't normally follow baseball. In fact, the only reason I had even heard about the team Jonny mentioned, was because the shortstop was rather infamous for his off-field exploits. Although an apparent leader on the field, he had been involved in a very public legal battle involving domestic violence and alcaholism. His legal troubles had come to a head when he had been involved in a drunk driving accident. All of this had occurred after I had left MMT and started consulting. Now that I work in a private office I do not have the opportunity to gather around the water cooler and catch up on gossip and current events. Without that casual source of news, I have a tendancy to fall behind. I do not know if the player was suspended from the team or not --- at the time there was considerable public debate over that decision. The team itself was going nowhere fast.
Fisk sat staring sternly at this desk. Noboby spoke. Seemingly aware that all eyes were on him, Fisk grunted crossly and continued to stare downward in deep thought. ``What about the international connection?'' he asked. ``Why France?''
Jonny shrugged his shoulders. ``Dunno. Probably as good a country as any.''
Fisk wasn't about to give up that easily. ``Maybe the subject is a French citizen. Is this the first international transfer we have uncovered?''
``No,'' said Jonny, ``but it is the first international theft we have found.'' After only a brief pause he added, ``It is the first theft of this magnitude too. We have seen other international loans. Not all to France. Some have been to England and Japan. Several were to Germany... A few to Brazil and Argentina... One to Canada...''
``Argentina was the country with the bank that lost $12 million a couple of years ago, right?'' Fisk asked. Then, realizing he was getting side-tracked he waved off any reply and instead asked, ``France has unusual laws governing privacy and electronic surveillance doesn't it?''
It was Agnes who provided Fisk with a confirmation. She said that France has no laws against electronic surveillance. In that country, it is perfectly legal to tape a phone conversation without informing the other party that he or she is being taped. Every utterance that is recorded on tape is admissable in court. She turned to me with one corner of her mouth pulled up in the slightest of smirks saying wryly, ``If Carl is unhappy with the FBI's invasions into civil liberties and privacy, he should try living in France.''
It was the first time I had seen Agnes show a sense of humor. Was she softening?
Fisk grunted. ``Tell me more about this computer program. Could it be be used to test specific profiles?'' he wanted to know.
``What do you mean?'' I asked.
``Well, suppose we want to test a hypothesis that the millwright is motivated by politics rather than financial gain. Could we look for accounts with high volumes of activity yet no net change in balance, where a number of payments are made to political campaign contributions? Or perhaps to a specific charity?''
``I don't see why not,'' I replied, thinking to myself that it would take Rudy no time at all to fulfill such a request.
Fisk was clearly excited now. He reached over his desk and jabbed at the intercom. As soon as his secretary responded Fisk demanded that he get Ms. Lisa Cryer on the speaker-phone immediately. Fisk suggested that the secretary try her work number first. With a wide grin on his face, Fisk turned back to Agnes. ``This could turn the case around. Bust it wide open, really. We should use the millwright's own tools against him.
``As I understand it, the reason the money mill was so hard to detect, and the reason it is so hard to trace the illegal transactions even now when we are fully aware of their existance, is that the scoundrel behind this has used computers to automate his attack. It seems that nobody anticipated a carefully choreagraphed and yet still massive attack on our banking system. After all, the larger the attack, the harder it is too coordinate and manage... unless you use computers to process hundreds of thousands of forged checks faster than you can blink.''
Fisk hopped out of his chair and walked to the front of his desk. He clasped his hands behind his back and paced briskly in front of his desk. Agnes was still seated in the chair. She uncrossed her legs to make more room for Fisk to walk between her and the desk. Jonny stood over by the window. I still had not stepped more than a couple of paces into the room and stood behind Agnes with one hand resting on the back of the chair.
``It is ingenious really,'' continued Fisk. ``The same computers that allow us to process millions of bank transactions in a day, also allow the hacker to create millions of forgeries in a day. By making most of them decoys, he makes our task of tracing the money he borrows next to impossible. On top of that, we can't even distinguish a bogus EFT from a legitimate one!''
He threw his hands up in despair. Then, without missing a beat he spun on his heels and walked back across the room with his hands once again clasped behind his back.
``What we must do is beat him at his own game. Let's turn the tables. We will use computers as a tool against him. He uses computers to automate a highly coordinated and massive attack on our banking system; we use computers to track the money through the system.''
``Uh... Sir?'' Jonny gently interrupted. ``We can try, but that probably won't work.''
Fisk stopped walking. He said nothing but Jonny had his full attention. Jonny gave a quick sideways glance in my direction, took a deep breath, and explained. ``We have another program that does as you suggest, but it is a long shot. It works with recorded EFT data and follows the money through the system. By starting from a payment that we know is counterfeit, and then tracking money into and out of that account, we hope to find other counterfeits. If we can string together enough counterfeit payments, we should be be able to trace the money into a bank account that the hacker is using to collect interest.
``This is not an easy thing to do. The counterfeits are perfect forgeries and are mixed in with legitamate traffic. The amount of EFT traffic along any given path, even through fairly inactive accounts, is very large. It is a pain-staking and labor-intensive task to investigate the validity of each EFT as we trace through the graph.''
``Graph? What graph?'' asked Fisk.
``Sorry, Sir. That is a computer science term that Carl has taught us. It is an abstract data structure --- a way of organizing data in computer memory. A graph is a set of nodes and arcs. Arcs connect one node to another node. The nodes represent bank accounts. The arcs represent funds transfers. The direction of the arc represents the direction of the transfer. When there are several payments between two accounts, there are several arcs, one for each payment.''
Fisk nodded his head slowly. It was apparant that he was only half-following Jonny's explanation. Jonny glanced at me, then Agnes. He strode over to the desk and took a pencil out of Fisk's pencil-holder. Next he pulled a crumpled envelope out of the waste-basket. He quickly sketched a graph for Fisk.
``See. Now suppose I trace a path in the graph starting here at point A. I have two choices: I can go to node B or C. Suppose I choose C. Now I have four choices, one of which is to go back to A. Just to keep things interesting, I'll go back to A, and then from there I'll take the arc to B. At node B there are two out-going arcs, both going to D. I'll take the arc labelled as twenty dollars. From D, I can go to G, then K, and so on.''
Jonny paused while he counted up the arcs in his example. ``Even in this small graph, with only about twenty arcs, there are dozens of possible paths. Now imagine we have the full EFT graph, which has hundreds of thousands of new arcs every day. Then possible paths number in the trillions. Or more. To make things even more complicated, when the paths get very long it is difficult to recognize when you re-visit the same node; you can go around in circles without even realizing it! This is because the EFT graph has cycles. This is the whole point behind the money mill --- the millwright is using cycles in the graph to skim off interest payments from banks. Even if we had a way to quickly identify the forgeries, we still would not have a good way to track the money. There are so many forgeries in the network today that even after we single out only the forged arcs in the graph and trace those, the graph is still too complex. There are too many bogus paths. This is what it means to mount a massive attack against the system.''
``Dammit, we have to do something.'' This was Agnes.
Fisk's reaction was more calm. H3 was undeterred. ``Fine. I can understand that. What about the other program?''
I stepped forward. ``The other program takes a very different approach. Rather than try to trace the stolen money through the network, we look at each bank account in isolation. In this way we circumvent the inherant inefficiencies in the problem. BIF ignores the flow of money and instead focuses on the activity in individual bank accounts. Bank accounts are analized in isolation, without worrying about the inter-action between multiple accounts. We try to identify suspicious activity in individual accounts.''
Fisk drummed his fingers on his desk and, with his chin resting in the palm of his other hand, stared sternly at the Mahogany surface. ``OK, what about our newest discovery? We now know how the attack is being carried out. How does that help us? Surely that makes is easier.''
Nobody answered.
``Mr. Fisk?'' It was the squawk of the intercom on his desk. Everybody except Fisk startled at the high volume and annoyingly nasal sound. ``Lisa Cryer of SoftTykes is on the phone.''
``Put her on the speaker-phone,'' came the excited reply. Fisk rubbed his hands together as a he leaned forward on this desk.
``Hello?'' It was Lisa. She sounded hesitent. No doubt she had not been supplied with much of an explanation from the secretary, given that the secretary himself had been given no explanation for the requested phone call. ``Hello Ms. Cryer. Sorry to interrupt you at the office. Hopefully you can spare a few moments to discuss an important matter with us. My name is Charles Fisk. I work for the FBI. I have a few questions for you concerning a computer program you have written for us. With me in the room are Agnes Brown, James Carter, and a gentleman named Carl Raymond.''
Lisa said nothing immediately so Fisk continued, getting straight to the point. He sat back in his chair and swiveled side-ways so that he could direct his comments towards the rest of us in the room while still turning his head toward the microphone on the speaker-phone.
``How hard would it be,'' he asked, ``to modify your program so that it could discover bank accounts like the ones it already finds, but where there is an unusually large number of payments to a political campaign fund?''
Lisa's anwer was more conservative than mine. She was hesitent with her reply. ``The limits to the sorts of profiles we can test are imposed by the expressive power of the rule language,'' she explained. ``No doubt some profiles will require extensions to the language, which could take considerable time.''
``What about the example I just gave you,'' pressed Fisk. ``Could you do that one without any major extensions to your language, or whatever.''
``Yes, that one we can do. We would need a list of political groups and funds.''
``Then let's do it immediately.'' Fisk turned to Agnes. ``We should pursue this case along conventional lines as well as the high-tech approach you are already using. Talk to Burns and have him assign one of his top profilers to this case full-time. I want an accurate profile. Have Burns' man make full use of this program of Lisa's to test various hypotheses. Let's get moving on this. I'm assigning this top priority. Tomorrow I will meet with Samuelson to discuss this case and I want something positive to report. At the very least, I want to be able to tell him we have some promising leads.''
Fisk hunched over the speaker-phone. Enunciating carefully for Lisa's benefit, he asked, ``What about net-zero accounts where the bulk of the payments are directed to a specific country?''
``That one won't be so easy,'' came the reply over the phone. ``You see we have certain parameters that we already have set up to measure... things like the payee and payer for an EFT, the paying and recieving bank, the amount, the date, and so on. The country of origin or the destination country happens to be a parameter that we do not already have defined. It will require writing a small amount of code to pull that information out of the EFT message format and store it in a way that it can be accessed by BIF. That requires changes to the parser that processes the EFT's. Then we have to extend the rule language of BIF to include predicates on the country parameter.''
Lisa could not see the blank stare that began to settle in on Fisk's face, but perhaps she could sense it; she paused momentarily and then summed up quickly. ``It shouldn't be hard, but it won't be as easy as your first example,'' she said abruptly.
Fisk crossed his arms over his chest and sighed deeply. His heavy eyebrows furrowed, he pressed his lips together tightly and stared intently at the carpeting beneath his feet. Nobody said anything. In the silence Fisk began slowly pacing the width of the office. The idea of profiling hacked bank accounts clearly appealed to him and he was not going to dismiss the topic until he had come up with an interesting hypothesis to test.
``Hmmm. Without going into details, would it be hard to test for an international connection?'' he asked.
Without mentioning Rudy, I told Fisk that recent changes to the program made it easy to flag EFT's that cross national borders.
``Good,'' he said. ``Let's pursue that Mr. Carter.'' Turning back toward me he asked, ``what about analysis of the times of day that the millwright is most active? Perhaps we can determine what time-zone he is in by noting the time of day when there is highest mill churning.''
``We can do that,'' I acknowledged.
``Let's not forget to take into account that the millwright might be a computer geek that keeps strange hours,'' Jonny warned.
I was intrigued now. Fisk was right. By analizing the forged EFT traffic in terms of international routes and time of day, we had a reasonable chance of determining where the millwright lived. We might be able to narrow it down to a particular country and a particular time zone. If we were persistent and whittled away at the problem, eventually BIF might reduce the problem enough that deep-throat would have a chance. It just might work.