Teaching had always been an ambition of mine and I was thoroughly enjoying the chance to give a lecture to such a bright and responsive pupil.
“Not quite,” I replied. “I spoke of doubling the payments but not doubling the amounts. You’re right; I can’t alter the amounts because the MAC’s guard against altering the content of EFT’s. Or, more accurately, if I did alter the amounts, it would be detected because the MAC’s wouldn’t pass the verification test executed by the receiving bank. But I can send the same EFT twice. Certainly it is no trouble to record all the messages while letting them pass through, and then later send them all again. These transfers were passing over a data line routed through my computer so —”
“Is that what you did?” she interrupted. “You sent out copies of all the EFT’s so that every check was cleared twice?”
“Not exactly,” I answered. “There is an entire protocol for dealing with communication failures and other errors. Unfortunately the standard doesn’t lay out the error handling very clearly. Consequently I have to do my research by introducing errors and observing the responses.”
Between bites I gave Lisa the details of July 11th. Like many other afternoons in the last two months, on July 11th I had intercepted a phone call originating from a bank in St. Louis by the name of Bendix. The call was part of the Electronic Funds Transfer (EFT) system for the US banking infrastructure. I knew this because that is the only reason that Bendix and First Chicago use that particular line. Like many other afternoons, I then proceeded to eavesdrop on the data transmitted over the line. OK, this occasion was a bit different in that I had also inserted some messages into the traffic stream as well. But even that wasn’t entirely new; I’d done it before without such strange results.
The funds transfer network is actually a collection of a several smaller networks. The largest and most important of these is the Clearing House Interbank Payments System, or CHIPS for short. As the name suggests, CHIPS is used for inter-bank transactions (otherwise known as wholesale banking). It is a closed network, where all of the member banks are pre-registered and known to each other. CHIPS handles about 182,000 messages a day. That comes out to a weekly load of about 910,000 messages. CHIPS is a world-wide banking network and is used to move an average of $1.2 trillion every business day. A single message can carry a dollar amount of as little as $50 or as much as $2 million.
Retail banking, where consumers can issue payments and check balances, uses an entirely separate network. The wholesale banking network is carefully guarded and consumers are barred from any direct interaction with the system. For wholesale banking, there is CHIPS, the Automated Clearing House (ACH), FedWire, and several smaller networks. ACH is regulated and managed by the Federal Reserve, although it is operated privately. All of these networks operate in roughly the same way.
The use of CHIPS and it bretheren has increased dramatically in recent years. As recently as three years ago the daily load was only $400 billion. Part of the increase is due to the increased popularity of direct deposit and automatic payments. It has become quite common for employees of large companies to have their paychecks deposited into there accounts electronically. More recently, consumers have begun to make greater use of automated payment options. For example, many people have their utility bills paid automatically. Consumers give authorization to banks and utility companies to affect these payments electronically. And, of course, it has long been true that even paper checks are processed at least in part electronically.
My interest in the EFT network stems from professional curiosity. My curiosity can be labeled as “professional” because I’ve been trained in computer security and cryptographic protocols. My interest must be labelled as “curiosity” because no bank is paying me at the moment. This leaves me in a position of being on the outside looking in. While the design of the CHIPS network is publicly available for review, lower-level implementation details are not. Consequently I was not privy to some of the error-handling aspects of the system. My admittedly unorthodox method of determining how the banks had opted to implement error-handling is to introduce errors and observe the results. This brought me to the important part of the story, the whole reason I’d been forced to seek out Ms. Cryer in the first place. Thus far she had listened intently with only a few interruptions for clarification.
Next I explained how, after recording the EFT messages originally bound for First Chicago from St. Louis, I sent the recorded messages on to First Chicago. This meant that First Chicago Trust recieved duplicates of all of those EFT’s. I kept the connection open after sending my copies so that I would recieve the error messages from First Chicago. It was for the purpose of studying these error messages that I was sending the recorded copies in the first place. Sure enough, error messages began pouring back from First Chicago, complaining that the EFT’s were replays of earlier transmissions. The security routines at the recieving bank had detected my attack and they were responding appropriately. Except for the transfers on Lisa Cryer’s account! Those replays were not rejected; all others were. Why?
Lisa said that she had no idea. She suggested that perhaps I had corrupted the EFT on her account in some way and therefore it differed from the original and was not a replay.