The following Monday at 8:15 in the morning Lisa and I were in the J. Edgar Hoover Building on Pennsylvania Avenue in Washington D.C. The meeting wasn't supposed to begin until 9:00 but neither one of us are the type that likes to cut these things close and if the people at this meeting were even half as important as Agnes said then it did not seem like it would be wise to keep them waiting. Not that I was at all sure that they would even bother waiting for us if we were late. That was another reason for being on time --- I didn't want to miss anything.
Lisa and I had flown in together that morning. Our flight landed at National Airport at about 7:30. It was the earliest flight we could get out of Chicago.
Lisa used to have a friend that worked in D.C. and she had visited the city several times in the past so I left all the travel arrangements to her (I had never been there before). Lisa had no trouble finding the ``Metro'', Washington's name for the subway. Lisa informed me that my startled reaction to the cleanliness of the subway cars and the stations was typical of American tourists in D.C. I was used to the Chicago subway, which like any other American subway except the Metro, featured cars with the full spectrum of modern American graffitee, everything from hastily scrawled profanities to elobarate still-life painted with painstaking attention to detail.
Not only was the cleanliness of the subway system impressive, but it was nice to see that our nation's capital uses a token system based upon magnetic-strip cards. The cards can be purchased in nearly any denomination from vending machines. The rates vary depending upon how far one is traveling. Magnetic-strip readers at the turn-styles automatically debit the cards appropriately based upon the station of origin and the destination. I have no idea if they use any sort of cryptographic algorithms to thwart forgeries and tampering. Probably not. Even so, the system is fast and convenient; nice.
We took the ``yellow'' line to L'Enfant Plaza, a station where nearly all of the lines meet. There we switched to the blue line, which we took to Federal Triangle. Lisa explained that we could have picked up the blue line at the airport and avoided the need to switch trains, but it is faster to do it as we had because the blue line takes a very circumspect route from National Airport to Federal Triangle.
The Federal Triangle Metro station is underground, beneath 12th Street and Pennsylvania Avenue. I inserted my token card into the turn-style and it promptly popped out of the return slot with a soft phlifft. I followed Lisa up the escalators to street level.
We had no trouble finding the FBI building; it was clearly labeled as such with a large sign on the lawn. The building itself was on Pennsylvania Avenue between 9th and 10th streets, placing it near the mid-point between the White House on one end of Pennsylvania Avenue and the Capital Building on the other. As it turns out, the walk from the L'Enfant Plaza metro station would not have been any longer than the walk from Federal Triangle; we had been fooled by the name of the latter into believing it would be the closer of the two.
We had more trouble finding the conference room than we did the building. After receiving our visitor clearances Lisa and I spent several minutes wandering the halls looking for the room where the conference was supposed to be. We hadn't been given a room number and nobody had come out to escort us. I was a little surprised at the lack of escort, not because I expected better hospitality, but rather because I expected tighter security. We knew only that the meeting was to take place at 9:00 and was supposed to be somewhere on the third floor. We eventually met up with Jonny and he showed us to the conference room.
It was a mid-sized room with seating for about forty. The room was longer from front-to-back than it was wide, with a doorway near the front and a second door near the rear. We entered from the rear entrance. There were long tables that were fixed to the ground and ran nearly the full width of the room. The chairs were also fixed to the ground, but were free to swivel. There were about seven chairs per row and about ten rows. The front of the room had a wide empty space between the front wall and the first row of seats. Part of this space was filled by a lecturn positioned slightly off-center, closer to the left side of the room, where windows lined the wall. The room reminded me of the classroom where I had taken Complexity Theory at Princeton.
Most of the second and third row were already filled. Nobody had chosen to sit in the first row yet, and not enough people had arrived to fill more than two rows.
Lisa and I chose seats at the far end of the fourth row, near the windows. Jonny sat down with us for a moment but almost immediately popped out of his chair, excused himself, and hurried off to talk to a group of three men that had just entered the room through the door at the front. I recognized one of these men from television news reports; he was Louis Weld, the director of the CIA.
Louis Weld had been appointed CIA director less than a year previous, and already he was making quite an impression. All of the weekly news magazines featured quotes by Weld on a regular basis. Unlike past CIA directors, Weld maintained a very high profile and was quite outspoken about seemingly everything. I liked what I read about him. He was investing a lot of time and effort into re-tooling the CIA to accommodate the changing geopolitical scene following the collapse of the Soviet Union.
The room slowly filled, and as it did so, the buzz of the semi-hushed conversations increased. Jonny reappeared with a young man at his side. He introduced him to Lisa and I as Danial Smith, a computer operator at an X9.17 Key Translation Center managed by Chase-Manhattan. Jonny explained that a few of the Key Center operators had been invited to the meeting to provide any insights they might have from their perspective in the trenches of electronic banking. They, better than anybody else, understood the practicalities governing any effort to mount a counter-offensive against the millwright.
Danial Smith was young. He could not have been older than twenty-five. He was red-haired and had extremely fair skin. His face was lightly freckled. He appeared to be out of his element in his brown tweed suit and red tie. I was sure he did not normally wear a suit to work.
``Danial generally agrees with the technicians at Bendix,'' Jonny said pointedly.
``Something like this was bound to happen sooner or later,'' Danial said. When he spoke, he sounded even younger than he appeared. He had a high-pitched voice and a slight lisp in his speech.
``Maybe it has already happened a few times in the past...'' said Jonny. He let the comment trail off and nobody replied immediately. He had a point; would any of us have heard about it if something like the money mill had happened before? Perhaps Jonny actually did have knowledge of a similar incident, but was barred from mentioning it.
``What do you do exactly?'' Lisa asked Danial.
``I run the key translation service. Mostly that means that I make sure the machines stay running... lots of systems administration work.''
``What Operating System?'' she asked.
``Mostly Unix. We still do a little bit of work on mainframes. What Operating Systems do you use Ms. Cryer? Agent Carter tells me you are a programmer.''
``Yes, that's right. I've worked some with Unix but most of my work is on Mac's. I prefer developing for the Mac, but that might be because the applications tend to be more fun. I try to stay objective about such things.''
``In our business? Good luck. I haven't met anybody that has a balanced and objective position when it comes to Operating Systems or programming languages,'' laughed Danial. He dug his hands into his pockets. His hands were balled into fists. He appeared nervous for some reason. ``Most of my programming is in Perl and other scripting languages,'' Danial offered, ``what about you?''.
``Mostly Smalltalk, but it looks like we will be switching over to Java soon,'' she replied. ``The company that I work for makes educational applications for toddlers and preschoolers. Our original system, which is starting to show its age at this point, was implemented entirely in Smalltalk. Our next product is going to be web-based... hence the switch to Java.''
As he and Lisa continued to exchange computer science banter, I looked around the room again. This was America's banking and cryptographic brain-trust that was being assembled. Would they be able to devise a solution to our predicament? News of my X9.17 discovery had spread quickly. The rapid distribution of the news was the result of Agnes' hard work. I recalled her initial reaction when Jonny and I told her the news. Jonny had forced her to cancel a meeting already in progress so that she could hear my story. The cold glare of disapproval that Agnes had directed toward Jonny had slowly given way to a look of bafflement at first and then, as comprehension began to settle in, her attitude changed to one of excitement and enthusiasm.
``You've done it!'' she exclaimed. ``If we know how the millwright is getting his keys, then we are well on the way to cracking this case!
This praise and her glee over the discovery would have made me a lot more comfortable if she had not mentioned later in the conversation that it was peculiar that I was making all of these discoveries single-handed, despite the large number of cryptanalysts and computer scientists on the case. She credited me with discovering the mill in the first place, ignoring the contributions of Rudy Levinski and Lisa. She reminded me that I was the first one to realize that First Chicago was running a delay scam. And now it was I who discovered a flaw in X9.17. This, despite the wide-spread review that the protocol had received since its inception in 1985. A review process that included analysis by the world's best cryptanalysts. Agnes clearly did not include me in that group. The nature of my early involvement in this case would forever taint my image in Agnes' eyes. I will always remain a petty hacker, an upstart, and a nuisance by her assessment.
Actually, what troubled me most about Agnes' comments was that the same observations and accusations could be directed at Rudy Levinski. Hadn't he made several important discoveries? Many of the most significant contributions had been his. The additions he made to BIF were proving to be a major advance. Rudy was the first one to explore an international connection. I felt uneasy. I never should have accepted that disk from him. Where was he now?
Lisa poured a glass of water from the pitcher on the table and extended the pitcher toward me. I filled my glass and looked around the room. It was filling rapidly now. As I surveyed the room I decided that the chances of the entire case being cracked were good. The speed at which this meeting had been called and the feed-back I had already received regarding the key-exchange protocol, suggested that those in positions of authority were taking swift and expert action. I watched as a short heavy-set man wearing a dark suit approached the lecturn. Danial quickly left to join his own kind and everybody settled down into their seats. The room quieted quickly. The man at the lecturn was overweight enough that he looked uncomfortably warm despite the air-conditioning. His hair was thinning despite his relatively young age. He began by introducing himself and I learned that he was Frank S. Samuelson, head of the FBI. He pulled a handkerchief out of his pocket and patted his forehead as he spoke.
Mr. Samuelson explained that the purpose of the meeting was two-fold. First, we were to determine the extent to which the now apparent weaknesses in the EFT system posed a threat to United States national security. Second, we were to pool resources and develop a plan for immediate implementation that would identify and locate the culprits and apprehend them. He informed us that the people in attendance today represented the FBI, the CIA, the NSA, DISA, the ABA, and ``other knowledgeable people.'' I suppose Lisa and I fell into the last category. As I looked around the room I concluded that we were the only ones in the last category. It wasn't hard to guess who was from which agency.
The bankers were all in the fifth row, to my right (the seats immediately behind me were still empty). Templemeyer was among them. Apparently Rudy had not been invited, for I did not see him. The group was easily identifiable as ABA people from their dress --- they looked like bankers. All of them wore light grey suits, and several of the suits were three-piece. Their ties were mostly yellow; those that were not were generally light colors. All of them had chosen to leave their suit-coats on, despite the fact that most of the other people in the room were in shirt-sleeves. If they were not bankers then my next guess would have been accountants.
Other than myself and Lisa, the NSA people were the only ones wearing casual clothes. I knew they were NSA because, like everybody else, they chose to sit with their own kind and I spotted Lorenzo and Mr. Little among them. Little and company had been the last to arrive and were seated near the back of the room.
The DISA group was easy to spot since they were all dressed in military uniforms. DISA is the Defense Intelligence Security Agency. They are a joint forces group that spans all of the defense units (army, navy, air-force, etc.). DISA is responsible for overall information security --- both strategic planning and implementation. Curiously, the NSA falls under the authority of DISA, although I have no doubt that DISA takes orders from the NSA in all matters related to cryptography; DISA is left to address security matters that lie closer to physical security, I suspect.
Even the FBI and CIA were easily distinguishable, although I would have known which group was which anyway simply because I knew the FBI people and I recognized the face of one of the CIA (Weld). The FBI agents seemed to adhere to the stereotype of a spook more than the CIA did. The CIA agents had a bit more variety in their dress code, whereas the FBI might as well sell clothes in the basement of their headquarters; it looked as if they all shopped at the same store anyway.
My survey of the room eventually brought my attention back to Lisa and myself. It was at this point that I noticed that Lisa and Agnes were the only women in the room. Agnes must be a bit of an anomaly, being a female in a position of authority in a business still very much dominated by men. She handles it well. I was never consciously aware of her gender; never really stopped to think about it, until now. Suddenly I wondered if she had children. I realized then that I knew very little about her personal life. I suppose that is part of the reason she has risen to the level she has --- she is capable enough that her gender never has a chance to become an issue.
My chair was jostled slightly from behind and I turned to see what the disruption was. It was Jonny, trying to slip into the room as quietly as possible. He mouthed an apology when our eyes met and took the seat directly behind. I was pleased he was back. With all of these spooks in the room I might need an interpreter... or a diplomat.
Eventually Mr. Samuelson finished speaking. Much of what he had to say had been wasted on me for I could not keep up with the acronyms. Apparently the FBI has some sort of ``initiative'' called C3E that they are implementing in four stages. The first stage consists of training and re-educating the FBI work-force and is only now just nearing completion. The next three stages, to be implemented over five years, are the actual program. Apparently most of the other attendees in the room already knew about the program because Samuelson did not tell us what the acronym actually stood for until much later in the talk. It is `Combating Computer Crime and Espionage'. Much of his talk detailed the FBI's (lack of?) progress in re-tooling to adapt to the rapid proliferation of computers and their use as telecommunications devices.
Samuelson asked for, and received, questions from the audience. There were one or two questions about the C3E program, all of them from the DISA contingent. The DISA people seemed to be at the meeting due to some bureaucratic necessity and not particularly interested in the issue at hand. Then, somebody in the CIA, a man in a beige sports-jacket and blue-jeans, with a yellow pencil in one hand and small spiral-bound notebook in the other (making him look a little like a journalist and very much out of place), asked if the FBI profile for the ``hacker'' included any international connections. Mr. Samuelson replied that technical details on the current status of ``Case #228-CC/FFU-296'' would be forthcoming in the presentations to follow. He actually rattled off the entire case number, as if we wouldn't know which case he meant, this despite the fact that he had no doubts about which case the questioner meant without that person citing the case number. This last question provided Samuelson with a nice seguey into the next presentation and he took advantage of it. He introduced the next speaker --- another FBI agent --- and stepped down from the lecturn, while patting his forehead with his handkerchief.
The next speaker was a young man with an athletic build, although he walked with a slight limp as he slowly made his way to the front of the room. I missed his name when Samuelson introduced him and he did not repeat it. He began with the profile. The FBI was still convinced that our adversary was a loner male computer geek with a PhD. They still believed that he was living in the United States. Two interesting changes in the profile were that they no longer listed him as a US citizen and that he was likely an employee of a bank. The speaker suggested that the subject might be an international graduate student at an American university or a permanent resident working for a US bank. The reasoning behind these changes was that the attacks were too sophisticated for an outsider, and they were no longer limited to domestic banks; counterfeit EFT's had been found that were directed to foreign banks. The FBI was concentrating on France, Germany, and Russia.
The speaker said that, despite the international scope, the FBI still believed that the subject was living in the States. Indeed, the FBI now suspected that the attacker was living on the west coast, probably California. Furthermore, there was some evidence that the subject was targeting American cultural icons. This suggested that the subject was either a foriegn national living in the United States, or else an American citizen with strong political feelings against the United States.
This completed the latest update on the millwright profile. The speaker then went on to discuss other issues. He related the NASA syndrome that Jonny had discovered at the Bendix offices in St. Louis. This helped support the theory that the subject was an employee of a bank. If the millwright was working in the security department of a bank, then this might provide him with access to the X9.17 key-encrypting keys for that bank. Even if he did not work in the EFT or security departments, given the sloppy practices at some banks, an employee in good standing with the company would have ample opportunity to steal the master keys.
I only half-listened to this part of the talk. Jonny had leaned forward and was loudly whispering in Lisa's ear. He was recounting anecdotes from that St. Louis trip. This was not distracting so much as it was interesting. I found myself listening to their conversation instead of the speaker's far dryer coverage of the same facts. I did, however, catch a comment by the speaker saying that the President had been briefed on the entire money mill investigation and that he had requested that he be kept up to date with all new developments. This pleased me; nobody was taking this matter lightly now. There had already been enough down-playing of the incident early on: First Chicago executives had hoped to pin the blame on Lisa and sweep the entire affair under the rug; later it had appeared that Lampley and Levinski would take the fall; there were indications that I might be a scapegoat; Bendix had been working feverishly to shred documents and weather what they hoped was a brief squall; and Agnes had been reluctant to concede that the FBI needed assistance from the NSA. Now though, the matter had escalated up to the highest levels of government. Everybody recognized that we were no longer dealing with a high school phone phreak bent on impressing his friends with childish exploits of computer crime.
Next it was Weld's turn to speak. I was anxious to hear what he had to say. Everybody in the room seemed to lean a bit further forward in their seats and set down their pencils.
``Gentlemen, Ladies... let's step back for a moment and take a look at the big picture. What do we have here? What is the potential threat?
``I'm not asking how much money was stolen. Nor am I asking how much money we think might be stolen before this is over.
``I'm asking about the potential for harm to an international banking system we now know has security flaws at several levels. I'm sure our friends from the ABA will excuse me if I stipulate that the operations personnel at some banks have been somewhat blaz\acutee about certain aspects of security. I very much doubt that Bendix is unique. But putting that aside, far more importantly, we now know that the key management protocol has design flaws. We have seen the impact of these flaws. Have we seen the full impact?''
At this point Weld placed a viewgraph on the projector. The title of the slide read simply, ``Scope.'' The slide itself had only one sentence on it. Actually, it was only a sentence fragment, and it read, ``flaws evaluated in the context of geopolitical threat models.''
Upon placing this slide on the screen Weld said, ``my question is this: is anybody considering the possibility of a terrorist attack on the US banking infra-structure? I know that the FBI profile for the millwright and the recent money mill operations indicate a single person working for personal gain, but forget that for a moment. Concentrate instead on the larger problem. We have weaknesses in technical design, in bureaucratic procedures, in inter-department communications, and in banking procedures. So I ask again: what is the potential cost?''
Weld paused and slowly gazed around the room. He stood with both arms outstretched before him, hands resting on either side of the lecturn, leaning slightly forward. His eyes went from one person to the next, making eye contact with anybody that returned his gaze. Weld had not changed the viewgraph slide since putting up that initial slide asking about the threat potential. He had no need for slides; everybody had their eyes fixed on him. After surveying his entire audience Weld took a sip of water from the glass in front of him.
``Here's a hypothetical situation,'' he said. He had everybody riveted to their chairs and he knew it. I had been hoping for a chance to see why Weld was becoming somewhat of a celebrity and I was not disappointed.
``Suppose the actual attack hasn't even started yet. Suppose all we have seen so far are a few practice runs. Furthermore, suppose our `attacker' is merely the computer programmer that engineered the attack on behalf of a larger group. What group? Oh let's say... the Iraqi government. Or even an extremist group within the United States such as the Patriots. The FBI has already told us that the group behind the attacks is probably opposed to our government.
```But wait,' you say. `All evidence we have indicates that the millwright is operating for personal gain.' True. But perhaps that personal gain is payment for a job well done in cracking the American banking network. Maybe all we've seen so far is the initial payment for a different attack. An initial payment and a test-run rolled into one. The real attack doesn't have to be a whole lot different from what we've already seen. It might be the same thing, only on a larger scale. Say... ten thousand times the scale. And why not? Surely it is a small matter of programming to step up the frequency of the bogus EFT's. The attackers wouldn't even have to increase the dollar amounts on individual EFT's. After all, using unusually high amounts might draw attention to the illegitimate EFT's. Remember, they probably don't know we are on to them.''
I looked around the room to see how the others were reacting. Normally in a gathering like this there are two or three quiet conversations being carried out, either in whispered exchanges or on notes scribbled on a neighbor's papers. Not so here. Weld had everybody hooked.
``Or maybe drawing attention to themselves is not a concern. Does the Iraqi government care if we know they are the culprits after they have succeeded in bringing the American banking system to its knees? Do they care if we trace the origin of the attack back to a computer in Baghdad after they have declared war on a nation where every bank account has been altered and the economy is in collapse?
``Repairing the damage won't be easy. There will be secondary and tertiary affects. I would expect a public reaction that puts the 1929 crash and all previous bank runs to shame. It took American investors forty years to recover from the 1929 crash. Maybe some of the bankers in the room can estimate the overall economic impact of a temporary but massive loss of integrity in the entire international banking infra-structure. I can't. But I have my suspicions. Thank you gentlemen.''
Weld strode off the podium, sat in his seat, crossed one leg over the other, and sat facing the front of the room with his hands resting in his lap. I think everybody was caught be surprise by his abrupt finish. But then, there really was no need to say anything more. And, by way of a summary, his sole viewgraph remained on the screen, asking that same question about seemingly small flaws becoming large when viewed in a different context. Weld's scenario, while perhaps unlikely, was certainly plausible.
Nobody took the podium right away. Nobody did anything right away. You could almost hear the collective breathing in the room quicken as the ramifications of Weld's argument hit home. Weld had delivered his message with very few pauses, speaking quickly and succinctly. Much of what he said was only now sinking in. Many in the room had come out of bureaucratic necessity and had not been terribly interested initially. Now these same people were itching to pursue the case with new fervor. Suddenly the FBI profile seemed short-sighted, and Weld's scenario did not seem far-fetched at all.
I glanced at Lisa, who had turned to speak to Jonny. Jonny was dumb-struck. After working on this case for weeks, it was not until this moment that he realized the nearly boundless importance of the case. I too had been sobered by Weld's comments. The fate of the entire world economy hung in the balance! I felt a dizziness wash over me. Moments earlier I had been pleased that people were no longer under-estimating the gravity of the situation; now I realized that I myself had under-estimated!
Ours is a society that takes for granted the comfort of a strong and reliable banking infra-structure. Runs on banks are a thing of the past, to be studied by children in history class. Individual investors are protected by the FDIC and scarcely pause to think about such matters. When we put our money in a bank, the only risk we even consider is the financial risk associated with the opportunity cost for that fixed-income investment vs. other investments. Yet the FDIC cannot save all of us if the banking infra-structure collapses. Who will save the FDIC?
Every day trillions of dollars pulse through wires and over air-waves. Hundreds of thousands of transactions are carried out electronically each day. The routing of pennies through the network is no less intricate than drops of water in a river system. The ACH, CHIPS, Fedwire, and other clearing houses form the main arteries in a world-wide network of rivers, dikes, reservoirs, brooks, and streams.
For some length of time --- nobody is sure how long --- money has been leaking out of the waterways. New feeder streams have opened. These streams form the millrace. Every day the millrace directs vast quantities of water over the wheels. More money pours into these accounts. The wheels turn faster. Interest payments are made. Money is lost. Stolen. Nobody notices. The mill runs unabated. Continuously. Money is siphoned off, yet the overall volume of water in the system remains unchanged. The siphoned money is paid in the form of increased interest payments ground out by the rapidly spinning water wheel. Account balances are preserved. One successful mill builds confidence. Two mills build wealth. Three builds an empire. More mills destroy the world economy.
Without any way to detect the money mills, nevermind prevent them, we cannot even be sure how many are already running. If one millwright discovered the flaw and learned how to exploit it, why not two? Or two hundred? How close are we to a catastrophe? Is our wholesale banking system already a sieve? How can we know?