While the description of X9.17 is accurate, the description of the manner in which the keys are applied to Electronic Funds Transfers (EFT) is simplified.

In the story, it is stated that cryptography is used for message authentication (MAC’s) but not for secrecy. It is stated that EFT’s are sent “in the clear”, making it possible to eavesdrop on the messages (but (supposedly) not tamper with the messages).

In fact, cryptography is used to provide both integrity and secrecy of EFT traffic.

Note that the use of cryptography to encrypt the EFT’s has no bearing on the actual attack. It is still possible for an insider to learn the key-encrypting or data-encrypting keys used by other participants of the network. The author chose to “overlook” the fact that EFT’s are encrypted because including this detail would have complicated the early part of the story. In order for Carl Raymond to make his initial observations and uncover the mill, he would have to defeat the encryption. This would have made the first few chapters overly complicated and would require that Carl’s initial actions be even less honerable.

In other words, Carl Raymonds’s early observations are not possible when EFT’s are encrypted. Susan Ignassi’s attack is still possible.

The post Exception appeared first on The Electronic Money Mill.

I would have liked to have slept in the following morning but that was not an option. I was awakened at 6:30 by the telephone beside my bed. It was Fisk’s secretary, informing me that I was to report to his office at 8:30. That left me just enough time to pull myself out of bed and prepare a quick breakfast before walking down the street to catch the bus to downtown Chicago.

As it was, I was late, arriving at the FBI building at close to 9:00. Still bleary eyed, I mumbled my name to the receptionist and was escorted without comment to a large conference room at the end of the hall. I still had not fully recovered from the previous day’s mad dash across town with Lisa at the wheel of her off-road Mustang convertable.

Nobody seemed to notice my tardiness, as a large number of people had been requested to attend the debriefing and many of the others were late too. Lisa was already there by the time I had arrived however. The attendees included all of the people that had been at the meeting in D.C. Rudy Levinski was there, sitting near the back. I later learned that each and every person that was aware of the money mill was in attendance, with the exception of the President and his cabinet. The main message that was conveyed at the meeting was that no part of the entire incident would be released to the public. Anybody who leaked word of the the EFT crimes to the press would be treated in a manner in accordance with the importance of the secrecy of the entire affair. Nobody dared to ask what this meant, especially me. I feared that I would be the prime suspect if there were a leak. Everybody knew that my involvement was not due to a professional obligation nor my political stance. Or, to be more accurate, my involvement was due to my political stance on computer security, but that initial involvement was more closely related to the crimes rather than the shutting down of the mill. I said very little during the entire debriefing, speaking up only when Samuelson stated that we had entered a new era; law enforcement can no longer preserve public safety. This sounded too much like a lead-in to the argument for key escrow. It was at this point that I interjected into the proceedings. Far from being cause for trepidation and consternation, the shift to electronic banking should be reason to be optimistic. If deployed carefully and responsibly, digital messaging systems and Electronic Commerce can be far more reliable than more conventional means of conducting banking and business. With digital commerce, we have a theoretical basis upon which to pin our confidence.

Digital signatures are unforgeable without access to the private key. The private key can be stored on tamper-resistant smart-cards such that nobody — not even the cardbearer — can read the key off the card. The signing functions are implemented in hardware on the card. Modern public-key cryptography can be used for key-exchange in a way that avoids the sort of attack used to run the money mill. Indeed, in the modern era of cryptology, there is little justification for continued use of shared-key key-exchange protocols such as X9.17. It would behoove the ABA to give serious consideration to a public-key-based protocol for key exchange.

To further avoid future trouble in the EFT network, the member banks should employ secret-sharing procedures. Secret sharing is similar in concept to the procedures for launching nuclear weapons where two officers must simultaneously insert physical keys into keyholes on opposite sides of the room. The idea is that neither officer can unilaterally make the decision to launch; it requires the full cooperation of both officers. Cryptographic key-sharing divides a key into several parts and entrusts different people with each part. Knowing only one part of the key is of no practical value toward the reconstruction of the key. Secret sharing is based upon strong cryptographic theory, enabling cryptologists to prove with mathematical rigor that knowledge of only a limited number of key-shares is useless. Not only would this have prevented Susan Ignassi from causing all the trouble she did, but even a renegade bank president would be unable to obtain his own bank’s master key without the cooperation of other officers of the bank. Susan Ignassi was able to learn the key-encrypting key used by Fourth Nationwide Bank of California because of her position as a manager of the security department. Agent Jonny Carter had diagnosed part of the problem correctly; Ignassi provided compelling evidence of the danger of the NASA syndrome in international banking. Without secret-sharing procedures to eliminate the possibility of any one individual learning the entire master key, the banking industry is vulnerable to dishonest security officers. Combined with the sloppy procedures and lax attitudes in these same banks, it appears that Susan Ignassi is not an anomaly.

Digital signatures and secret-sharing are not the only recent advances in cryptology. Zero-knowledge proofs make it possible to establish that a remote party knows a secret without either party ever divulging to eavesdroppers what that key is, all without the use of encryption! These only touch upon the surface of the tremendous volumes of powerful new information-sharing and information-protection features that are now achievable using modern cryptography. We live in an era with great reason for confidence. Ours is a time of exciting potential. Information is something to be held sacred. There is no pursuit more noble than the pursuit of knowledge and information. Key-escrow and export limitations on cryptographic tools only hinder the free exchange of information over public networks.

All of this assumes that strong cryptographic tools are used. Fortunately, such technology is available today. Very strong encryption algorithms are widely known and easy to implement. Admittedly, perfect security is not obtainable, but very good security is. We live in a time where the cost of security grows at a rate similar to a logarithm function. At relatively little expense it is possible to deploy very tight information protection. Additional dollars beyond that initial cost have a low marginal return. The result is that even small enterprises can implement strong encryption and only extremely powerful entities, such as the NSA, can develop encryption algorithms that are significantly stronger than the status quo.

The post Chapter 21 appeared first on The Electronic Money Mill.

Following the meeting in Washington D.C. it was decided that the money mill could not be permitted to continue. The risks were simply too great. The FBI and ABA had to stop the mill, at any cost. This meant that first and foremost the key translation server had to be shut down. This would stop the current string of thefts immediately. Of course a longer term solution was needed to prevent future attacks of a similar nature. The X9.17 protocol would need to be amended, but that could wait until after a careful review process.

I had briefed Rudy Levinski on the meeting early the next morning. He had left a handwritten note on my pillow while I was out of town. It made me somewhat uneasy to know that he had been in my apartment in my absence. Could I really trust him? What did I really know about him? Didn’t he fit the FBI profile rather well? He is a loner. he is a bank employee working in the EFT department. He lives in the United States but is a foreign national, European even. This certainly fit the FBI profile.

Rudy was an enigma. Weather willingly or not, he had helped Lampley tamper with EFT payments on behalf of First chicago. Later he had helped analize the forgeries and had been the first to realize the workings of the mill. Yet he had done this only after Lisa and I had forced his hand. Now, he was helping with the case by providing us with valuable characterizations of illicit EFT traffic. His rules for the BIF program were proving quite valuable. There was reason to believe that his rules might finally break the case. Pretty soon we would be able to pipe the output from BIF into deep-throat and let it crunch on the graph. Lisa was about to install a new patch for BIF that might push us over the hump. This patch had potential. Also, the NSA had very nearly completed their parallel implementation of deep-throat. We just needed a little more time… more time to finish implementing the changes to the programs, and more time to let the computers crunch.

I still had not made up my mind how to deal with Rudy when Lisa and I arrived at Jonny’s office the next day. It was early in the afternoon on a dreary day. We had trotted through a drizzle to cover the short distance from her car to the front entrance of the E. M. Dirksen Federal Office Building in Chicago.

Now, as we stood in Jonny’s office, I was on the phone with Leon Anderson. Leon is a Federal Reserve Board staffer. He had called Jonny but was now talking to me while Jonny and Lisa held a quiet conversation at Jonny’s desk. Leon was explaining to me the bulliten that the Fed had sent to all banks that morning. Ironically the bulliten was distributed over the same data network that is used for EFT’s. I had already read a printed copy of the bulliten; Jonny had shown it to Lisa and me the moment we entered his office. It now lay on his desk.

“Everybody,” came Leon’s gravelly voice over the phone. It was in response to my query about which banks had recieved notification of the shutdown. “The bulliten should have cascaded down through the entire EFT network by now.”

“This is really going to grind the economy to a halt,” I muttered. I masaged my face with the hand not holding the phone and absently watched Lisa giving Jonny a tutorial on C programming. The two of them sat on the other side of the room hunched over the latest listings for deep-throat. “The banks must be raising hell,” I said into the phone. “Are any of them demanding explanations?”

“The banks are fine until the end of business today,” he explained. “In fact some banks should be able to make minor adjustments before then.”

“What do you mean?”

“They have a few hours. The EFT system will remain in operation for the remainder of the day. The service will be stopped first thing tomorrow morning…”

He went on talking but I was no longer listening. I felt a chill start at my head and work its way down my back all the way to me feet. I actually shivered. I felt dizzy. I turned to Lisa. My throat was dry and I had a hard time speaking the words that followed.

“It’s not down,” I choked out. “The announcement has gone out but it’s not down. Everybody knows but it’s not down.”

Lisa stared back, not saying anything. She backed up slowly to the desk behind her. She gently bumped into the desk and reached down with one hand to support herself as she sat on the corner of the desk. She understood my fear. Jonny didn’t. He looked at me, then at her, and then back to me again.

The post Chapter 20 appeared first on The Electronic Money Mill.

The following Monday at 8:15 in the morning Lisa and I were in the J. Edgar Hoover Building on Pennsylvania Avenue in Washington D.C. The meeting wasn’t supposed to begin until 9:00 but neither one of us are the type that likes to cut these things close and if the people at this meeting were even half as important as Agnes said then it did not seem like it would be wise to keep them waiting. Not that I was at all sure that they would even bother waiting for us if we were late. That was another reason for being on time — I didn’t want to miss anything.

Lisa and I had flown in together that morning. Our flight landed at National Airport at about 7:30. It was the earliest flight we could get out of Chicago.

Lisa used to have a friend that worked in D.C. and she had visited the city several times in the past so I left all the travel arrangements to her (I had never been there before). Lisa had no trouble finding the “Metro”, Washington’s name for the subway. Lisa informed me that my startled reaction to the cleanliness of the subway cars and the stations was typical of American tourists in D.C. I was used to the Chicago subway, which like any other American subway except the Metro, featured cars with the full spectrum of modern American graffitee, everything from hastily scrawled profanities to elobarate still-life painted with painstaking attention to detail.

Not only was the cleanliness of the subway system impressive, but it was nice to see that our nation’s capital uses a token system based upon magnetic-strip cards. The cards can be purchased in nearly any denomination from vending machines. The rates vary depending upon how far one is traveling. Magnetic-strip readers at the turn-styles automatically debit the cards appropriately based upon the station of origin and the destination. I have no idea if they use any sort of cryptographic algorithms to thwart forgeries and tampering. Probably not. Even so, the system is fast and convenient; nice.

We took the “yellow” line to L’Enfant Plaza, a station where nearly all of the lines meet. There we switched to the blue line, which we took to Federal Triangle. Lisa explained that we could have picked up the blue line at the airport and avoided the need to switch trains, but it is faster to do it as we had because the blue line takes a very circumspect route from National Airport to Federal Triangle.

The Federal Triangle Metro station is underground, beneath 12th Street and Pennsylvania Avenue. I inserted my token card into the turn-style and it promptly popped out of the return slot with a soft phlifft. I followed Lisa up the escalators to street level.

We had no trouble finding the FBI building; it was clearly labeled as such with a large sign on the lawn. The building itself was on Pennsylvania Avenue between 9th and 10th streets, placing it near the mid-point between the White House on one end of Pennsylvania Avenue and the Capital Building on the other. As it turns out, the walk from the L’Enfant Plaza metro station would not have been any longer than the walk from Federal Triangle; we had been fooled by the name of the latter into believing it would be the closer of the two.

We had more trouble finding the conference room than we did the building. After receiving our visitor clearances Lisa and I spent several minutes wandering the halls looking for the room where the conference was supposed to be. We hadn’t been given a room number and nobody had come out to escort us. I was a little surprised at the lack of escort, not because I expected better hospitality, but rather because I expected tighter security. We knew only that the meeting was to take place at 9:00 and was supposed to be somewhere on the third floor. We eventually met up with Jonny and he showed us to the conference room.

It was a mid-sized room with seating for about forty. The room was longer from front-to-back than it was wide, with a doorway near the front and a second door near the rear. We entered from the rear entrance. There were long tables that were fixed to the ground and ran nearly the full width of the room. The chairs were also fixed to the ground, but were free to swivel. There were about seven chairs per row and about ten rows. The front of the room had a wide empty space between the front wall and the first row of seats. Part of this space was filled by a lecturn positioned slightly off-center, closer to the left side of the room, where windows lined the wall. The room reminded me of the classroom where I had taken Complexity Theory at Princeton.

Most of the second and third row were already filled. Nobody had chosen to sit in the first row yet, and not enough people had arrived to fill more than two rows.

Lisa and I chose seats at the far end of the fourth row, near the windows. Jonny sat down with us for a moment but almost immediately popped out of his chair, excused himself, and hurried off to talk to a group of three men that had just entered the room through the door at the front. I recognized one of these men from television news reports; he was Louis Weld, the director of the CIA.

The post Chapter 19 appeared first on The Electronic Money Mill.

“What?!”

Agnes Brown was agahst. She threw up her hands and leaned back in her chair. It was a high-backed leather chair that creaked loudly when she stood moments later. Jonny stepped out of her way. He glanced in my direction but said nothing.

Jonny had reacted to my news with great excitement and had rushed to Agnes’ office to give her an update. He had expected Agnes to be pleased with the breakthrough in the case. Instead she was distraught over the flaw.

“How,” she asked, “can a security system that has been in use for over a decade be so badly flawed? The NSA helped develop that standard! It has been reviewed by security experts at DEC, IBM, Burroughs, Citibank, Mellon Bank, NCR, AmEx, Honeywell, and countless other high-tech companies.” She flung an arm in my direction. “And he finds a flaw after just a couple of days of study.”

I do not think that the derision in her voice was intentional, nor do I think she meant to insult me personally. Probably what she meant to say was that a single individual managed to find a flaw that a panal of expects had either overlooked or else deemed unimportant.

“When was the last time it was reviewed?” she asked.

“It was reviewed and re-affirmed in 1991,” Jonny answered. “In 1995 there was a revision. The 1995 version is quite different from the 1985 and 1991 versions.”

I was surprised by the swiftness and accuracy of his reply. Apparently Jonny too had been studying the EFT protocols. “Right,” I said, “but the flaw remains in the revised standard as well. I already checked. The 1995 changes do not correct this flaw. Indeed, the protocol itself remains unchanged. The changes made to X9.17 in 1995 are primarily involved with the notation and the drafting of the document… cosmetic stuff.”

Agnes strode from the room, beckoning to Jonny and me to follow. Not sure where we were going, or why, I fell in behind Jonny. Down the hall and to our left. Past the elevators. Through a door at the end of the hall and up a narrow staircase. We went up three flights. That put us on the tenth floor. We entered a wide outer office with a young male receptionist sitting at a long low desk. He looked up critically and raised an eyebrow.

“Do you have an appointment Mrs. Brown?” he asked.

“Is he in?” came the curt reply.

“He’s busy,” the receptionist shot back.

Without another word Agnes headed straight for the inner office door. Whoever “he” was, the fact that he was busy did not slow Agnes in the least. Jonny followed, but two or three paces behind now. The receptionist sighed and punched the key on the intercom with an air of resignation.

The intercom was buzzing on the desk as we walked in. The man sitting behind the desk looked away from the intercom and up at us. Agnes sat down into the chair immediately in front of the desk.

“What is it now Agnes?” the man asked with a deep sigh and a forlorn glance at the papers lying in front of him. He took off his glasses and massaged his temple.

“The First Chicago case has heated up,” said Agnes.

The man behind the desk sat up and let out a mirthless laugh and said, “heated up? That case was red-hot already. What happened now?”

The post Chapter 18 appeared first on The Electronic Money Mill.

The next morning I slept late. After fixing myself a breakfast around noon, I settled in for a long bout with the X9.17 protocol. This is the ANSI standard I had gotten at the Chicago Public Library on the day of my arrest. I was hoping that I might be able to find a weakness in the protocol that would explain the money mill. Little had suggested that the mill was probably an attack on the protocol used to exchange encrypted messages rather than an attack on DES directly. This was a plausible explanation.

This left me with the question of how the millwright was getting the MAC keys. Was he a trusted insider? Or was he an outsider that had discovered a way to circumvent the security measures designed in the key-exchange protocol used by all banks worldwide? I was determined to find out.

I fixed myself a peanut butter and jelly sandwich, grabbed a can of iced-tea, and sat down at the kitchen table. I opened my copy of the X9.17 standard. On the blue and white cover, in the upper right corner, it was dated 1985 but it also indicated that the standard was reaffirmed without any modifications in 1991. The title of the standard is Financial Institution Key Management (Wholesale). I cracked the cover, sat back with my can of iced-tea (I’ve always found it more convenient to buy it by the can than to make my own) and, with great determination, set out to learn the protocol. As it turns out, determination was an important requirement; without it I would have tired quickly from all of the acronyms. As it was, they slowed me down but did not deter me.

X9.17 is intended for the exchange of cryptographic keys used in applications for wholesale financial institutions. In other words, for electronic funds transfer. This is the standard used for automatic deposits, automatic payments, wire transfers, and even the automated clearing of paper checks. To maintain the secrecy of keys, all exchanged keys are encrypted using key-encrypting keys. This encryption is done using DES. To provide integrity for exchanged keys, the protocol again uses DES, this time to compute message authentication codes (MAC’s).

X9.17 supports the exchange of two types of session keys: keys used to encrypt data for privacy; and keys used to compute MAC’s for integrity. The standard refers to both types as data-encrypting keys. The cryptographic keys used to encrypt data-encrypting keys during a key exchange are referred to as key-encrypting keys. So key-encrypting keys are only used to encrypt and authenticate other keys, which in turn are used for EFT’s and other inter-bank traffic. X9.17 only specifies key exchange, not key use (i.e. not EFT), but since all evidence indicated that the millwright had knowledge of keys, I wanted to study the X9.17 document to determine if there might be some way for an outsider to eavesdrop on MAC keys.

The standard includes two different architectures. The simpler architecture, called the two-layer version, uses manually distributed key-encrypting keys to exchange data-encrypting keys. The second architecture is a three-layer architecture that supports an additional layer of key-encrypting keys. The manually distributed key-encrypting keys are used to encrypt a layer of automatically distributed key-encrypting keys which are used in turn to encrypt data-encrypting keys. I noted that both architectures require that there be a secure mechanism external to the protocol for exchanging top-level key-encrypting keys.

The standard allows for three different “environments” (not to be confused with architectures). Because X9.17 has these three environments, it is really three separate protocols in one standard. The first, the point-to-point environment, is a protocol whereby two parties can agree upon a session key that is generated by one of the parties and is encrypted by that same party. The second environment, the key distribution center environment, is meant to be used when neither of the parties wishing to establish a session key is able to generate a good key or encrypt a key for use by the other party (i.e. the two parties share no prior secrets). In this environment, one of the two parties requests a key from a trusted distribution center and receives two ciphertexts, one of which can be decrypted by that party and the other of which is relayed on to the other party for decryption. The third environment, the key translation environment, makes it possible for one of the two communicating parties to generate the key. The trusted translation center is used to encrypt the key for transmission to the other party. This environment is appropriate when one of the pair is able to generate good keys but the pair does not share a prior secret.

OK, so far so good. I stood up and walked over to the refrigerator. Rummaging through the contents turned up very little in the way of snack foods and I didn’t want to prepare anything elaborate, so I settled for a second can of iced-tea.

I found the various message formats for each of the three environments on pages 47 through 50 of the document. Many of the fields are optional. Indeed, many of the messages are optional. I decided that the best way to tackle this was to filter out all of the optional features and concentrate first on the core of the standard. I got up from the table and went over to the telephone stand for a couple of clean pieces of paper. Sitting back down, I opened the iced-tea and took a long sip. Doing so, I noticed that the clock on the wall above the dishwasher read 3:05. Hmmmm, this might be a long afternoon. I used the first sheet of paper to jot down all the acronyms so that I would be able to refer to them easily. The standard already had a table of all the acronyms, listed on pages 4 through 7, but I wanted a list that only included those acronyms I expected to use. I left out all the acronyms for optional features, for example. The first part of my list consisted of the acronyms for the five message types that comprised the core of the protocol. The remainder of the list consisted of acronyms for required field types.

The post Chapter 17 appeared first on The Electronic Money Mill.

It was 9:20 Tuesday morning and I was sitting in the office of Agnes Brown. Hers is a corner office. The windows look out over South Dearborn Street in Chicago. The curtains on the windows are drab and worn. All of the decor is in sharp contrast to the plum location of the office. The office is spacious but very nearly barren of furniture. The most prominent piece of furniture, indeed the only piece of any note, is her desk. Rather than facing toward the door, in the natural position, the desk faces away from the door and toward the window opposite the door. I can understand why. The office is on the seventh floor and the view out the window, while not spectacular, is nicer than that of the hallway. The window faces west where the view is dominated by the Sears Tower.

Agnes was perched on the edge of the desk, with one foot on the floor. It would have been awkward for her to sit at her desk at that moment, as she would have to turn her back to all of the people in the room. Those people were Jonny, Lisa, and me. In another forty-five minutes people from the NSA would be coming to discuss the money mill.

I leaned on the window sill. Lisa and Jonny sat in straight-back chairs. Jonny had turned his around and was leaning forward with his arms crossed over the back of the chair.

I was nervous as I waited. The NSA is the country’s foremost authority on cryptology. The acronym stands for National Security Agency, although some joke that it actually stands for Never Say Anything or No Such Agency. Created by Harry Truman following World War II, the mandate of the NSA is to listen to (and decode) all foreign communications of interest to the United States. The NSA is known to be the world’s largest employer of mathematicians and the largest buyer of computer hardware. No other organization in the world has more expertise in cryptology. No other organization in the world has better code breakers.

Adding to my unease was the fact that Jonny and Agnes weren’t any less nervous than I was. Throughout our conversation Jonny was tapping on his shoe with his pen as usual, but the tempo was faster and he skipped a beat occasionally as he shot a nervous glance in Agnes’ direction.

For her part, Agnes Brown seemed to be more irritable than nervous. She met each of Jonny’s glances with a level stare, followed by a quick glance at his tapping pen. For the past several minutes Jonny had been ranting about the controversies that always seem to go hand-in-hand with cryptology.

He paused now as he walked over to a small coffee machine which sat on a small table near the window. There was no sink in the room and the machine did not have a water feed of its own. Instead, there were several plastic milk jugs of water. Jonny filled the machine using the remaining water in one of these jugs and placed the empty jug under the table, along with two other jugs. Next he disposed of the old filter and coffee grounds in a waste basket under the table. They were using a plastic grocery bag as a liner for the waste basket. Beside the machine was an assortment of coffee blends: mountain, regular, de-caff, French roast, and almond vanilla. Jonny chose the regular.

Jonny didn’t say anything while making the coffee, but having finished, he now resumed his story where he had left off.

“Everybody always blames new technology for life’s problems,” he said. “Yeah, it’s true that the booming progress of computers — the Internet and telecommunications — has opened up a whole new area of crime, and I’ll be the first to admit that the Bureau has been slow to keep up. We are only beginning to come to grips with computer crime. You’re seeing the leading edge of our hacker-cracker methods in this investigation… I shouldn’t be telling you that, seeing as how you’re still a suspect, at least officially.”

I wasn’t surprised that the FBI was lagging in this area. “I suppose there is always a transient period when new technology is first introduced where the crooks have the upper-hand until the law enforcement people come up to speed with the new environment,” I offered.

“Hey, you make it sound like the Bureau is a bunch of bumbling bozos man,” Jonny objected. “I didn’t mean to make it sound that bad. And we haven’t fumbled computer crime yet — at least not big-time. Of course if we blow this case, and it is leaked to the public, it would be a major embarrassment.”

Agnes turned to me and added quickly and pointedly, “You’d be the first person we’d investigate for any leaks, Carl.”

Jonny apparently hadn’t finished making his point about blaming technology for he then went on to say, “When cars were invented they were a big improvement over horses and walking, but they also made it easier to make a clean get-away from the scene of a crime. Does this mean that cars should be banned? Or that they should be blamed for all of society’s problems?” (I resisted the temptation to reply in the affirmative just to goad him into a big debate over pollution, safety, and the like.) “No,” Jonny answered in reply to his own rhetorical question. “Really, the situation was unchanged because the cops also had new cars. Technology gives better tools to the crooks but also to the cops.

The post Chapter 16 appeared first on The Electronic Money Mill.

There were the usual and customary delays at the airport and it was not until early afternoon that I arrived back in Chicago. It was a dreary day, with a light drizzle falling during the entire cab-ride back from the airport. The humidity was oppressive. I flicked on the light switch as I stepped through the door and into my apartment. No sooner did the light come on than a sharp pain sliced through the back of my neck. The last thought that went through my head as the floor tiles rushed up to greet me was that they were very much in need of mopping.

I was unconcious before I hit the floor.

I don’t know how long it was before I awoke. At first I was not sure if I was really awake or not. I willed my eye-lids open, but everything remained black. Slowly I became aware that I was indeed conscious but that the room was dark. Very dark. It is late at night, I realized. I must have been out for a long time.

A small orange bead danced in the dark before me. It had an eery glow that brightened and faded, and then brightened again as I watched. Even at its brightest it was too dim to illuminate anything. With my eyes straining to penetrate the blackness and my brain struggling to sweep away the fog in my mind, I watched the dancing orange bead. I became aware of the smell of tobacco smoke.

Of course. The orange glow was that of a burning cigarette. It was too dark to see who held it. I squinted my eyes. That made my head hurt so I stopped. The smoker must have realized that I had awakened, for he now spoke.

“I am sorry I had to hit you Mr. Raymond,” came the easily recognized European accent and exceedingly polite manner.

“Why did you have to knock me out, Rudy?” I asked beseechingly. What reason could there possibly be for attacking me in my own apartment?

“I was not certain it was you,” he explained. “I was afraid you might have been the FBI and I do not wish to speak to the FBI at this time. Indeed, I do not want the FBI to know where I am.”

Suddenly I realized that even I did not know where we were. Even in the dark I could tell we were not in my apartment. For one thing, the easy-chair in which I sat was far too firm and new.

“Where are we?” I asked with sudden alarm.

“Someplace where the FBI cannot listen to our conversations,” he replied. The glowing embers of the cigarette continued to bob up and down. “This is another reason why I knocked you unconcious; I did not want you blurting out my name in your apartment. I suspect that the FBI has your apartment bugged.”

Now I was annoyed. What was he talking about? Why all the silly theatrics. Why knock me out? Rudy Levinski had become even more paranoid and cynical than me. Did he really think that my apartment was bugged? Did he really have reason to fear the FBI to such an extent? The First Chicago delaying scam was minor compared to the mill; surely he did not think that the FBI would move aggressively against Lampley. Even if the FBI did so, perhaps out of frustration over their failure to make headway on the larger case, it would be Lampley, and not Rudy, who would pay the price.

When I voiced these thoughts to Rudy his reply was quiet and level. “They already have a warrant for my arrest Carl. They came to my apartment two days ago. I was not home at the time, but when I returned some time later I found my front door off the hinges and my personal belongings ransacked. A neighbor informed me that there were six men that entered my apartment and that they were there for about two hours.”

“Are you sure they were FBI?”

“One can never by sure, I suppose. Regardless, I do not wish to be found right now.”

The post Chapter 15 appeared first on The Electronic Money Mill.

“Ladies and gentleman, we will be delayed a bit longer. We expect to have clearance for take-off in about fifteen minutes. We apologize for the delay.”

Agent Carter groaned and slouched deeper into the seat beside me. We were sitting on a 727 bound for St. Louis. The plane was still resting on the runway at O’Hare, in the same spot as it had been for the last twenty minutes. And now it sounded like it would be at least another fifteen minutes more.

Agent Carter loosened his tie and sighed loudly. He was wearing a black suit, white shirt, and a navy tie. He had not taken off his suit-coat when he sat down and he now looked quite uncomfortable.

I was wearing casual pants and a T-shirt. I had been tempted to put on my “munitions” T-shirt that morning, but had decided against it. No point in destroying my good relations with the FBI only days after it began.

My munitions T-shirt is a shirt that I own that has the full implementation of the RSA encryption algorithm printed on it. RSA is not a complex algorithm, and it can be implemented in only a four lines of (highly optimized and very unreadable) Perl. Since the US State Department has declared that any RSA program is to be classified as a munition and therefore can’t be exported, my shirt is a munition. I bought the shirt from a fellow that printed a large number of them and sold them over the Web. The shirt was intended to be a barb directed more toward the State Department and NSA, rather than the FBI. Still, I don’t think that Agent Carter would have found it as amusing as I did.

The plane did eventually take off, about a half hour after the captain had promised us that it would be only fifteen more minutes. The flight was extremely short. It was one of those flights where the plane never really has a chance to level off. No sooner did it fully ascend before it started descending. Agent Carter and I filled that short time with talk of the latest developments in the case. Apparently the FBI had confiscated several of the computers at First Chicago, particularly the desktop machines used in the security department. The hard-drives on those machines contained ample evidence of the delay scam. There were numerous memo’s and e-mail messages that not only detailed specific instances of the scam, but also described the unofficial bank policies outlining circumstances under which the scam should be used and how it should be covered up if questioned.

He said that Lampley had made an effort to delete most of these files, but it is difficult to erase data from a hard-drive such that it can’t be recovered by forensics experts. Jonny spent a good part of the trip bragging about how the FBI was able to recover the data despite Lampley’s efforts to conceal the evidence. I had already heard stories (mainly from the net and other questionable sources) of forensics experts recovering data from disks even after the entire disk had been overwritten with random data. Supposedly, by physically examining the magnetic patterns between tracks on the disk, one can infer what has recently been stored on the tracks. I have also read the FIPS document, where it requires that RAM be zeroized by first powering down the machine, and then powering it back up and overwriting the RAM 1000 times with successive 1’s and 0’s. If proper clearing of RAM requires such elaborate precautions, it comes as no surprise to me that removing all physical evidence of information stored on hard-drives, without actually destroying the drive, is difficult.

When we landed in St. Louis, Jonny took care of the car rental. He got us a grey Taurus, with air-conditioning, thankfully. St. Louis is hot and extremely humid in July.

As it turns out, Bendix of St. Louis is not located in St. Louis. The Bendix headquarters is in Clayton, which is a suburb west of the city. The airport, which is northwest of the city, is directly north of Clayton, and I-170 runs between the two. It was a short drive down I-170 and we reached the bank by 10:30. The building itself was a typical bank headquarters, a glass tower of about thirty floors with a square footprint. Clayton contained many other buildings of a similar nature, at least a couple of which were undoubtedly competing banks. There was parking both under the building and another around in the back. Jonny chose to park in the lot in the back.

Inside, we were met with a strange scene. The bank was a bustle of activity, very little of which appeared to be related to finance. This would not have been a good time to go to Bendix of St. Louis for a loan.

The hallways were filled with people trotting in and out of offices. We passed one room where a women in a beige dress was standing in front of shredder feeding documents in at a steady pace. It looked as if she had been at it for quite some time, judging from the bored expression on her face.

The post Chapter 14 appeared first on The Electronic Money Mill.

As it turned out, Lisa was right; I did like Agent Carter. The moment Lisa and I walked into his office I recognized him as the fidgety man who asked the easy questions at the table during my interrogation. He introduced himself to me with a broad smile and a firm handshake. He clapped his hand on my shoulder as he pumped my hand. Lisa was greeted in a similar manner. The unpleasantness of two days previous was furthest from his mind. He was determined to do all he could to drive those thoughts from my mind as well.

After pulling out two chairs in front of his desk and waiting for Lisa and I to be seated, Agent Carter circled around behind his desk. Without sitting down himself, he explained that he was taking the lead on this investigation and that I would be working with him. He went on to describe his background in detail.

Agent Jonny Carter joined the FBI straight out of college. He obtained his BS degree in Political Science from Georgetown University in Washington D.C. He grew up in Maryland, not far from Baltimore. He married young and he and his wife now have two children, both girls. He is now working in the division that handles computer crime, with an emphasis on banking. Agent Carter was quick to point out that there are other groups in the FBI that handle other aspects of computer crime such as mail fraud. His group concentrates on ATM crime, EFT crime, and other aspects of automated banking. This was already too wide a focus as far as he was concerned. Too many incidents and not enough investigators. Allowing some frustration to show, Jonny said that sometimes he feels that he alone is concerned with computer crime in the banking industry.

The number of actual computer crimes is far greater than police and FBI records show, explained Jonny, still standing behind his desk. He paced back and forth and fidgeted as he spoke. He explained that the number of reported cases is low partly because victems fear embarrassment in the press. For example, banks and other financial institutions are a favorite target for hackers. However, banks base their entire business on trust. Once customers begin to doubt the ability of a bank to protect their assets, the bank is in serious trouble. Every bank must factor the reduced customer base that results from embarrassing press coverage into any decisions concerning computer crimes. For example, suppose bank X fully expects to lose about $1 million per year in computer theft. How much should that bank spend to correct the problem? There are options available to the bank, such as installing firewalls and making wiser use of cryptography, but these cost money. On the face of it, it would seem that $5 million is quite reasonable; the bank can expect the solution to “pay for itself” within a few years. However, this fails to take into account the very real losses that result from admitting that there is a problem in the first place.

Fixing a problem requires first acknowledging that the problem exists. Acknowledging that a hacker problem exists results in a severe drop in public confidence. Once lost, public confidence is very hard to regain. It may take several years, even after the new remedies are in place. The loss is made all the worse if all other banks continue to deny the problem exists, thereby making the one honest bank appear to be sloppy and vulnerable when in fact exactly the opposite is true!

Lisa pointed out that the area that is most vulnereable is the Internet. Everybody is racing to move serious applications and businesses to the Internet and nobody is willing to wait for strong security to be incorporated into the Internet Protocol (IP). Instead, most proponents of Electronic Commerce prefer to downplay the risks and fool even themselves into complacency.

Agent Carter agreed. The Internet will never be free of hackers, he said. Even if stringent laws are passed protecting privacy and integrity on the net, without a technical solution that prevents such activity, we are reduced to relying upon deterants. And deterants alone are unlikely to solve the problem, no matter how harsh they may be. Students, being the free-spirits they are, young and anxious to learn through experimentation, will continue to tinker with the net in every manner they can.

I pointed out that it is hard to distinguish “innocent” probing from malicious hacks. For example, the traceroute command looks like a suspicious attempt to use source-routing for a man-in-the-middle attack. Often an apparent attack — one that sets off alarms in a firewall — is nothing more than an innocent mistake by a naive user who isn’t familiar with the application he or she is trying to run (e.g. a first-time user of telnet). This is one of the greatest challenges in firewall design.

“That’s right,” Jonny agreed. “I don’t know the technical details, but I can appreciate what you are saying Carl. This is what makes my job so tough.”

Jonny explained that it is not at all unusual today for a systems administrator to correct a problem when an attack occurs but not bother investigating the actual crime. Very few people make even a feable effort to find the culprits. It is simply too costly. It took Clifford Stoll the better part of a year to track down the hacker he first detected on the machines at Lawrence Berkeley labs in 1988. Tsutomu Shimomura succeeded in tracking down Kevin Mitnick in only a couple of months, but he had the help of numerous people and he himself worked on the case full-time (and even over-time) during those months. Shimomura was relentless. A corporation, faced with the option of spending many person-months pursuing an intruder, with a very real possibility that the culprit will turn out to be a prankster trying to impress his cronies or girlfriend, is more than likely going to choose to repair the damage and get back to the business of making money. Even a very diligent company, one that opts to pursue an intruder, is going to have difficulty enlisting the help of other companies and organizations. For example, if the intruder is traced back to a university, the systems administrators at that university are more than likely to be somewhat jaded; no doubt they recieve complaints about hacking on a regular basis.

The post Chapter 13 appeared first on The Electronic Money Mill.