Blood Money Page 8
“I’ll have what you need in less than ten minutes.”
John was not used to taking orders from a fellow director, especially since all the things that Paul had asked him to do were exactly what he would have normally done himself as the head of security, but this was one of those situations where the ego needed to be subjugated. Only temporarily, of course.
As he waited, Paul made a note on a yellow pad to make a systems change that would immediately suspend all processing whenever the processing time on a run exceeds the estimated run time by ten percent, but the clock would need to be running during the processing so that they had an early warning. Waiting until the processing was complete, which was what they were doing now, was totally inadequate. An override would have to be included that only he, Robby Acheson or John Portman could activate. That was for the future, however, and he was more concerned with the problem at hand. Paul drummed his fingers on his desk while he waited, looked at his watch twice and took a mouthful of water from the bottle on his side table. Eventually, he would have to contact his boss to appraise him of what happened. Paul reported directly to the new National Director, Dr. Thomas Orwell, who had been next in line to succeed Dr. Cartwright. This would be Orwell’s first “incident.” He would, no doubt, be very concerned with results and appearances. With the lockdown already in effect, the clock was slowly ticking. He had to get answers quickly.
John stuck his head in the door. He was waved in.
“What’ve you got?”
“Well, everything looks okay internally. We only had one visitor today, a Professor Dwyer from M.I.T. He got the courtesy tour we give to all academics. One of our customer service managers was with him the entire time. He was never near any operations, and was out of here around ten after nine. As for employees, only one of the laboratory technicians is absent today. He had a death in the family. Human Resources confirms that his mother was in hospice and expected to live only a few days. Aside from that, everyone seems to be where they should be. So as far as I can see, the extra run time must be because a blood bank sent more transactions than they noted on their control record. Input for that run originated from six blood banks. One in Burbank, California, one in Pittsburgh, Pennsylvania, two in Dallas, Texas, another in Miami, Florida and the last in Mansfield, Ohio. They have all been participating members for at least three years and generate input at least once a week, but not necessarily on the same day.”
The frustration began to show on Paul’s face as he said, “Get someone to contact each of the blood banks and have them check their records. I want them to resubmit their control records right away to check with ours. Make sure they verify by fax or e-mail. No verbal messages. We’ll need a paper trail in case we do have a problem. I need that information quickly. Thanks for your help, John.”
John used Paul’s telephone to contact Customer Service. After he communicated what they needed to do, he continued his update. “I have an operator printing out a summary record of the input and output files for the run. It’ll take a while. They’ll bring it up when it’s done. I expect it to be voluminous, but at least we’ll be able to see in print exactly what took the extra time.” He thought for a minute, then added, “In fact, Paul, why don’t I run down there myself and see if I can speed things up.”
“I’d really appreciate that, John.”
“No problem, glad to help,” he said leaving the office. So far, this was still what John would have done on his own. He came back in about eight minutes struggling with the weight of a stack of computer paper over a foot high. His face was without expression. “You’re not going to like this, Paul.”
“Why? What did you find?”
“The listing shows that disbursement records for the past two years were set up to be output. That’s what took the extra processing time. This is only a partial printout. That is one of our larger files. Apparently, the records were processed along with the normal outputs for the six blood banks. The reports to the six banks went out as usual. But here’s the weird thing. Even though we did not have an output address record for the file, somehow an address was created for it within the system, and it was sent to, of all places, a web site in Burma. Now, I’m certainly not a communications expert, but from what I have ever heard about situations like this, once records start bouncing around the globe like that, the final destination is usually untraceable.”
“My God, John, how is that possible? How could that happen with all the firewalls we’ve built in?”
“I don’t know. I was expecting you to know the answer to that. It looks like we’ve been hacked by professionals.” John picked up the phone and dialed his secretary. “Any word yet?” He listened for a few minutes, took a small pad out of his jacket pocket and jotted down a note. He hung up and turned solemnly back to Paul. “The blood bank in California and the two in Texas check out. Nothing yet on the remaining three.” He waited about five minutes and called again. “Are they sure? Okay, thanks Joan.” He hung up the phone. His face was emotionless. “They all check out. Not only have we been hacked, but there is no trail. I hate to say this, but this is beginning to look like an internal job. It’s the only plausible explanation I can come up with at the moment.”
“I guess I can’t wait any longer. Dr. Orwell has to know about this,” Paul said as he buzzed for his secretary.
This was one of the reasons John was willing to play second fiddle to Matheson, at least temporarily. He didn’t want to be the one to break the bad news to Dr. Orwell. There was no way of knowing how he would react. From experience, he knew that quite often the messenger gets shot. Seconds later, Paul’s secretary opened his door.
“Kathy, will you get Dr. Orwell on the phone for me? If he isn’t in his office, will you please find out where he is?”
“Right away, sir.”
A minute later his phone rang. “I have Dr. Orwell for you on three.”
“Dr. Orwell, Paul Matheson. John Portman and I need to see you right away on an urgent security issue. Yes, sir, it is about the lockdown. Thank you! We’ll be right up.”
Dr. Orwell knew about the lockdown. The call from Paul came as no surprise.
“Paul, John, please come in,” Thomas Orwell said as he motioned them toward a conference table in the center of the room. “Have a seat, gentlemen.” He looked directly at Paul and asked, “So, what’s this all about?”
“Doctor Orwell, we’ve had a hacking incident and it looks like it may have originated within our ranks. It happened between nine and ten twenty this morning. A segment of our financial file was extracted during normal Blood Bank transaction processing and was somehow sent out to a fictitious Internet address. John made an initial check of the blood banks involved and they seem to be in the clear. It is possible that an outsider may have hacked in at the exact time the transaction processing was inputting, but that would have taken very precise timing and a thorough knowledge of our processing and passwords. I suspect that the infraction occurred inside the company, probably in our Operations Department. We need to find out who is responsible, and why and how the file was sent to an address in, of all places, Burma.” Paul took a deep breath and waited for Orwell to respond.
Orwell’s voice was calm and his words were measured.
“It’s difficult to conceive of one of our employees doing such a thing. Has anything like this ever happened here before?”
“We’ve had a few cases of hacking, but they always left a trail, and we eventually caught and prosecuted them. No one has ever tried to extract whole files. Usually they just try to plant bugs and screw up our processing; just mischievous stuff. Usually it is done from the outside. Occasionally it’s a screw-up in the input records. We have never had anything quite like this. In the past, we’ve always been able to find the culprits and handle things quickly and quietly. This one has me baffled.”
“You said a file was stolen. What was on the file?
“It looks like it was two years worth of disbursement records.”
Dr. Orwell’s face drained of its color. He turned to Portman. “What do you make of this, John? This has the appearance of being more than a nuisance hacking.”
“I agree with Paul, sir. I hate to say it, but I think you’re right. This has all the earmarks of an inside job by someone with a thorough knowledge of our systems and procedures.”
“What have you done so far?”
Paul replied, “We did the lockdown about half an hour ago while we checked on employees and visitors. Nothing seems out of the ordinary, as far as we can tell. I don’t see how it can be anything but an inside job. As a precaution, all processing has been suspended. I need your advice as to how to proceed with this.”
“I think we need to have a group meeting of operating and software people,” he said, directing his reply to Paul. “I don’t think we need to involve anyone else right now.”
“What should I tell them?”
“Well, we owe them an explanation for the lockdown and suspension of processing. Let’s start with that. We’ll address the group in the auditorium in ten minutes. Attendance for those two departments is mandatory.”
*
The auditorium was about one quarter filled. The back door was closed and manned by a security guard. Paul checked to assure that everyone was in attendance. He motioned to Dr. Orwell that he could proceed. The Doctor stepped up on the stage and adjusted the microphone; the buzzing came to a stop. “I’m sure you all want to know what is going on.” He hesitated, cleared his throat and continued. “We’ve had an incident this morning that is extremely serious. It involves the theft, via the Internet, of a section of our financial records. We don’t know all the details yet, and we haven’t determined the ramifications, but I can assure you of one thing. We will get to the bottom of this, and anyone found to be complicit in this crime will be prosecuted to the fullest extent of the law. Our work here carries with it a trust. One that we take very seriously. Any action that violates that trust will be severely dealt with.” He hesitated for a minute, scanning the audience of curious faces. “I’m sad to say that everything so far points towards this infraction originating within our ranks.” That caused a stirring among the employees. He continued, “John Portman, our Director of Security will be in charge of the investigation. I expect each of you to give him your cooperation. Anyone who has a problem with this should be prepared to sever their employment at the NRBA immediately.” He turned towards Paul. “Now, I want to turn the microphone over to Paul Matheson.”
Paul stepped up on the stage. He didn’t bother adjusting the microphone, he just tilted his head upward as he spoke. “Dr. Orwell expressed the same feelings I have regarding the integrity of the NRBA and everyone who works here. The quicker we resolve this puzzle, the sooner we can put this unpleasantness behind us. What occurred today will not be tolerated. Something happened during the processing of our daily transaction run that we can’t trace, or at the moment even figure out the cause of. We know that one of our financial files was copied and sent out over the Internet to an untraceable address. We also know that the blood banks aren’t involved, so the only logical conclusion is that the processing was tampered with, either from the software or the operating side.” Again, the audience buzzed among themselves. He added, “I hope to God I’m wrong; that there is another explanation. We need to get back into production as quickly as possible, so as a precaution, until further notice, all employees involved in operations will be teamed with someone from software development whenever they are involved in a processing operation. Also, we will be changing our control programs so that any time a processing run exceeds the control time by ten percent or more during a run, that processing will be halted at once and an incident report will be sent immediately either to me and to Robby Acheson, our IT Operations Manager. I’m sorry we have had to meet today under such unfortunate circumstances. I know that as professionals you’ll understand that in situations like this the shadow of suspicion falls on everyone, regardless of who they are. When this is behind us, we must go on without any hard feelings. That being said, we want to be up and running in thirty minutes, but first John Portman and I want to meet with Robby and his staff in the executive conference room in five minutes.”
As Paul concluded, John Portman stepped up to the microphone. “It goes without saying that if anyone has any information about this incident, they can come to me or Paul in confidence. Also, it will go easier on the culprit if he or she comes forward now. Rest assured, we will get to the bottom of this eventually, and when we do, we will be a lot tougher on the perpetrator.”
As they filed out of the auditorium, everyone found a friendly ear to vent their feelings about the meeting. Many of them were angry about being under suspicion, others just fearful of being falsely accused or of losing their jobs. A rapid resolution was needed, but none was readily in sight.
Dr. Orwell turned to John and Paul. “Keep me in the loop on this.”
They both nodded in the affirmative. Paul and John needed to have a quick resolution of this problem. Their jobs could be on the line if it wasn’t found. As they made their way out, Paul said to John, “Boy, you sure know how to stir up a crowd.”
John smiled. “You didn’t do so bad yourself. I guess I was a bit rough, but tough times call for tough actions. You can’t pussyfoot around in situations like this.”
Paul smiled. “I am glad, though, that Dr. Orwell put you in charge of the investigation. I haven’t a clue about what we need to do at this point, but I’ll help in any way I can. I just want to find the culprit as soon as possible and prevent any further occurrences. Where do you plan to start with my people?”
“I’ll have a talk with the computer room operators. I will probably drop some subtle hints about lie detector tests. I hate to be so heavy-handed, but we don’t have a lot of time. The Board of Governors meets in ten days. I’m sure that Doctor Orwell will want things wrapped up well before that meeting. Then I’ll join you in the conference room.”
“Look, John, you’ve got to do what you’ve got to do. If people’s noses get out of joint, that’s too bad. Like I said, you have my complete support for whatever you have to do. Just let me know how if I can be of any help.”
This was music to John’s ears. He was in the driver’s seat and everyone acknowledged it. Biding his time had been the right move.
Paul entered the conference room just as the last programmer arrived. “Gentlemen, I’m sorry to have sprung the ‘babysitting’ job on you on such short notice. But it’s the only way I can be sure that our processing will be protected until we solve this problem. I’m asking you to take it very seriously. Keep your eyes peeled for anything that isn’t ‘according to Hoyle.’ In the interim, I’ll need you to get started immediately on that incident report software. Make whatever patches you need to get it operational quickly. Eventually, I want to build it into all of our processing to assure that we’re flagged immediately and automatically as soon as there is any infraction. If we had those controls in effect while PACA10 was running this morning, we probably would have been able to prevent the theft from occurring.” He was prepared to turn the meeting over to John Portman, who had just entered the room, when Jeff Dunbar raised his hand.
“Yes, Jeff? What is it?”
Jeff was the Lead Software Engineer. “Excuse me, sir, did you say PACA10? Was that the process that was hacked?”
“Yes, we were doing the usual daily processing for six blood banks. Why?”
“Well, then we might just be in luck.” He turned to his manager. “Robby, do you remember that you asked me to make a code change on PACA10 about a week ago? You wanted me to change some of the recommended donation schedules.”
Robby nodded affirmatively, “What about it?”
“Well, sir, I finished coding the changes last night and set up a parallel run with PACA10 this morning. With all the confusion going on, I haven’t had a chance to print out the results. If someone was messing with that run, they
wouldn’t have know my program was monitoring and recording it every step of the way. I should have a record of everything that went on during the processing.”
Paul sat stunned for a moment, then a relief smile emerged on his face. “How soon can you pull those discs and tapes?” He looked over at John Portman, who gave him a signal that he would skip the comments he was going to make. They had a lead to follow.
Jeff replied, “I can get them right now, sir.”
“Take them to the Computer Lab. Turning to the rest of the group he said, “Don’t say anything to anyone about this. This may be just the break we need. If one of our Operations people is responsible, I don’t want to tip them off that we can trace what they did. He turned to Jeff. “Robby and I will meet you in the Computer Lab in about five minutes.”
Jeff left the room.
John turned to Paul. “Well, I guess I should suspend any further interrogations until you know more. This looks like a promising lead. Keep me informed. Right now, I’ve got to get moving on getting us operational again.” His first step would be to cancel the lockdown.
Paul turned to the rest of the programming staff. “We’re not out of the woods yet. These tapes may only tell us how it was done. We really need to know who did this, and when we find out who, we should discover why they did it.” Paul left for the Computer Lab. Robby stayed back for a few minutes to assign team members for the days processing.
Jeff mounted the tapes and the discs, and began the processing of the transaction records. He was watching an oscilloscope as the records were processing. Suddenly, he shouted, “There!” He pointed at a series of blips on the bottom of the tube screen. It took a trained eye to spot variations of wavelengths on the tube.
“What is it? What do you see?” Robby asked.
“I don’t know for sure, but I do know that it doesn’t belong there. Notice the iterations of the code. That isn’t our software code. That code came from outside of our system. It must be a universal code that is compatible with our operating system.”