I sat and stared at the computer monitor. My DEC Alpha workstation sits atop a card-table in the living room of my apartment. Under the card-table is a second machine, a Pentium-133 with four large SCSI disks, that serves as my file-server. Both of these machines run Linux. I have a third machine in my bedroom, also atop a card-table, that run Windows95; it is a Pentium-90. Sharing space on the card-table in the bedroom is a another Linux box — a 486-66. All four machines are networked via Ethernet. I use a dial-up PPP connection to connect to the Pentium-100 at my office. Or, I connect to my ISP and connect to the office over the Internet from there.
After changing to the directory holding all of the EFT traffic from July 11th, I located the file that contained the full set of transmissions sent out by Bendix of St. Louis and destined for First Chicago Trust on that day. I quickly did a grep for `Cryer’ and found three entries. Lisa said that there should only be one. I extracted the three EFT’s into a separate file, and then printed them out on the laser printer. I carried the printout over to the kitchen table and laid out the pages side by side.
There was a transfer of $25.32 to the power company. This was the gas bill Lisa had mentioned. It seemed a bit high for an apartment gas bill in the middle of the summer… but Lisa said this payment was legitimate. The next EFT was a payment of $1021.33 to an account owned by Jonathan Rogers, whoever he was. This was one of the EFT’s Lisa denied. The other, the last of the three transfers involving her account, was a deposit of $18120.11 into her account from an account at Bendix. That account was in the name of Anthony R. Lee. This is the transfer that had Lisa in hot water, for although both of these last two transfers had gone through when I replayed the file, the second one was a deposit into Lisa’s account and more than cancelled out the losses of the payment to Mr. Rogers. While she claimed the EFT was bogus, the bank couldn’t help but notice that Lisa gained $17098.78. Not a fortune, but more than spare change. I, of course, knew that she had benefited only because I had replayed the messages; I knew she was innocent, but the bank didn’t.
I picked up the printouts and walked back to the machine. I sat down, jiggled the mouse to activate the screen which had automatically gone blank due to inactivity, and pulled the EFT log into a text editor. I scrolled through the file absently as I tried to guess what had occured on that night.
Had somebody appended the bogus EFT’s? Who? Why?
It seemed strange to illicitly deposit money into somebody else’s account. Could it be that Lisa really was up to some shenaigans? I shook my head in disgust. I had already ruled out that possibility; not only did I trust her, but she couldn’t possibly have known I was recording and replaying messages. Even if she had been monitoring the EFT traffic over several months and therefore would have observed my earlier experiments, she still would not have known I’d be experimenting on any given day. I don’t keep a regular schedule; even I would not have known ahead of time that I’d be tinkering on that particular day.
I browsed through the other files in the same directory. My line-surveillance program was designed to log all the traffic on the leased line. The one file I had already reviewed was seperate from the main log; I had seperated the set of initial messages from Bendix to First Chicago so that I could prepare the replay. Now I turned my attention to the main log. This file would contain all the messages from the session, including my replays.
I wasn’t sure what I was looking for so instead of running search utilities as I had in my earlier post-mortem analysis, I scanned through the file haphazardly with a text editor. It was a good thing too, because as I scrolled through the file I noticed something that had escaped my initial review. The log showed that following the original transmission from Bendix to First Chicago — the transmission that I recorded but let pass — a bunch of error messages were returned by First Chicago. These messages were different from the class of messages that came later in the log, after my replay. These early error messages indicated that some of the EFT’s were too badly garbled for First Chicago to process.
There were a lot of these errors. Too many. I typed in search-and-count `grep’ commands to see how many. There were 893. Hmmm. Next I counted the number of EFT’s in the original transmission from St. Louis. Yup; 893. Every single one of the EFT’s had been rejected without any processing in Chicago.
This was strange. Had I done something to scramble the messages in transit? While an occasional bit-error over a phone connection is not unheard of, such glitches are rare with modern modems. Each EFT would have been processed seperately by the recieving bank, so an error in one EFT would normally be confined to only that EFT, leaving the others intact. Any line glitches should be isolated to a single EFT, or at worst a small number of consecutive EFT’s. Yet each and every one of the EFT’s in the log was rejected by First Chicago Trust on the grounds that each one was garbled beyond recognition. Strange.