3
March 17
Lee sat at his desk drumming his fingers and shaking his head. When the work started last November, he’d predicted security breaches. Did he really want security to be compromised just so he could say, ‘I told you so?’ He would plead the fifth to that question.
Barry’s head appeared over the cubicle partition. “Lee, the contractors don’t understand this spec. You need to make it a little more…user friendly. I’ve got to run. Have a meeting in a few minutes.”
Barry dropped some stapled papers onto Lee’s desk and disappeared.
Lee picked up the functional specification and began to read. He was soon deep into the process of revising the spec to reflect the underlying system requirements while using a restricted subset of the English language for the contractors’ benefit.
This is insane. I’m a computer scientist, not a linguist.
Lee’s phone rang, shattering his already impaired concentration. “Hello, Lee Brandt here.”
“Lee, this is Joe at Computing Security. I need you to come to my office as soon as possible. Barry’s here, too. We have a problem.”
“I’m on my way over.”
If Joe was concerned, there must be bad news for somebody. He closed the session on his server, locked his desktop, and walked downstairs to Joe’s office. The door was open, so he stepped in.
“Before you say I told you so, just listen to Joe for a minute. OK?” Barry said, his expression grim.
“Yeah, sure.” Lee’s conscience winced at the tone of his voice. He knew he should treat Barry with more respect, even if his boss didn’t always deserve it. “So what’s the problem?”
Joe motioned for Lee to sit down. “This is the scenario we’re dealing with. We believe one of our foreign contractors got into some data they shouldn’t have been able to see. At this point, we’re not sure whose fault it—”
“I told you—”
“I know very well what you told me.” Joe’s voice grew loud, out of character for him.
“It’s insane—pure insanity.”
Barry glared at him. “That’s enough, Lee. Will you please shut up, and listen to Joe?”
Though he’d lost his composure, Lee knew when to back off. He folded his hands on the table and waited to hear the bad news.
Joe let out a long sigh. “One of your co-workers, Ron Hemsworth, left his cell at work. When he came in late last evening, he walked by the B-size printer and saw a restricted drawing in the output bin, the printer that the contractors use in development.
“We think there may have been a paper jam and when someone cleared it, the drawing printed a second time—that print server’s a bit flaky. When Hemsworth—”
“Leaving a print behind—that sounds pretty sloppy if someone here is actually involved in industrial espionage or ripping off restricted data. Whoever it was could have checked the print queue to make sure they left nothing behind, and then we would have never known about the breach.” Lee began running other scenarios through his mind.
Joe continued. “As I was saying, Hemsworth found an ITAR-restricted drawing in the output bin of that printer, military-related data we have to protect from access by all foreign nationals. Before you say anything, I know that particular drawing should not have been in the insecure development environment, and I was assured there would be no ITAR data in development. It was a stipulation of the contract with BBT. But that’s a separate issue which I’m currently working on.”
Joe paused and met Lee’s gaze. “What Barry and I need to know is if any other unauthorized data have been accessed, ITAR or, heaven forbid, classified data. Lee, we need you to find out who accessed what on the development system between February 21 and March 15. Now…how long is it going to take you to do that?”
On the surface this seemed the fulfillment of Lee’s data-breach prophecy. Or were they being snookered? He would reserve judgment until he analyzed the logs. “I can have the initial analysis to you by tomorrow evening. But have you considered there may be a lot more to this than just one of our Indian contractors looking at one ITAR drawing?”
“We’d rather not think about that eventuality.” Joe paused. “Yes, we’ve considered it. We’ll cross that bridge if, and when, we come to it.”
“Lee, I don’t want to hear any more disrespectful talk about the contractors. Understood?” Barry spoke, his expression grim.
“Yes, I understand.” Lee knew there were some very talented people among the contractors, but he couldn’t help resenting their presence. They were doing work that was rightfully his. Perhaps they were taking things not rightfully theirs in the process.
“Now, do you have everything you need to do this analysis? Equipment, people, and—”
“I have all the resources I need.” Lee cut in. “I have my own server and my repository of reusable scripts, so I’ll get started now. If I need any help, you’ll be the first to know.” Lee’s conscience prodded him sharply upon uttering his last statement. He would go to nearly anyone for help before he would turn to Barry.
He stood, hoping that would end the meeting. He wanted to get started. If he could just come up with some hard facts that said, “I told you so,” that might provide some job satisfaction.
“Then why don’t we plan on meeting in my office again on Monday morning at 9:00 a.m.?” Joe stood up. “You’ll have the entire weekend if you need it.”
Just take my entire weekend and then pretend you’ve done me a favor.
“How nice of you, Joe. I’ll see you guys Monday morning.” He felt another twinge of conscience. As a Christian, he must show respect for the positions of authority Joe and Barry held. It was a fine line, a line Lee sometimes wobbled off like a drunk taking a sobriety test.
Walking back from the meeting, Lee wondered if he should start looking for a job in meteorology. He held a BS in meteorology and worked as a weather officer in the Air Force. Two of his friends, Dale and Jerry, were wooing him to join their start-up weather-consulting firm, but they…
He needed to quit daydreaming and get focused on the task at hand.
He had built a research-oriented, logging system and used it to archive detailed, system-usage records. Since he ran the same data-logging software in the development environment, he would use the data collected there to finger the rat who’d accessed unauthorized data through a hole probably created when populating the development environment with test data. It was a rat hole the CEO and his henchmen made possible by outsourcing a critical system. It was a rat hole that should never…
He needed to stop his internal ranting. He needed to do a lot of things. Leaving this project was probably one of them.
Back at his desk, Lee unlocked his desktop, opened a session on his server, along with his favorite programmer’s editor. In the editor, he began cobbling together a script he named Ratfinger.
Don’t worry, little guy. I’ll make sure you know how to finger a rat.
Two hours later, Lee closed the editor, saving the program in the process. After a short, successful test run, he was satisfied with his work. At the command-line prompt, he told Ratfinger to go fulfill its destiny.
Lee glanced at the clock. 5:15 p.m. Knowing the script might run for a couple of hours, he reviewed everything he knew about the twelve contractors from BBT. He wasn’t in management, so he couldn’t peruse BBT’s Human Resources records. Résumés and chat time with the contractors were his only resources.
All twelve were most recently from Bangalore. He knew that four were Muslim and eight were Hindu. He had talked a little religion with them.
All twelve had several years experience in information technology and at least a BS in Computer Science. There was nothing in those facts that pointed towards anyone committing espionage. For now, that job would remain delegated to Ratfinger.
As his script sorted through gigabytes of data, Lee sorted out the sources of discontent with his current job. The events of the last several months caused him to regret jumping ship from his career as a meteorologist to pursue mainstream computer-science work.
Forecasting power for an array of wind turbines or issuing warnings for a blizzard in North Dakota seemed more rewarding to him than writing systems code for a Fortune 500 aerospace company under their continually severe time and funding constraints.
The atmosphere could be a fickle and unfaithful paramour, often turning against a forecaster when they least expected it. But taming commercial systems development was worse than any words Lee voluntarily allowed into his vocabulary.
Much sooner than he expected, a window popped up on his monitor, interrupting his musings. The script had finished. Simultaneously, the big laser printer in the corner started spitting out paper. He walked towards the printer, praying it would prove to be a rat trap.
The report he pulled from the printer was a bit crude, but it contained all the required information. Since he was the only one who would have to read it, it would suffice. The million-dollar question. Did Ratfinger live up to its name?
Lee spread the printed report across his desk, lining up the data columns on each adjacent page. He started scanning down the column for ITAR-restricted drawings, one category of military information not authorized for disclosure to foreigners. Four drawings were accessed, all by contract employee number five.
So there is some dirty work going on. I’d bet money all of it was done by one person.
The classified-data category was next. There should have been no classified data on the insecure development system, but he couldn’t make that assumption. Consequently, he’d programmed the script to verify the security category by performing a cross-check, using another company database. With that check, the program would never cry wolf. Mindful of Ratfinger’s veracity, he ran his finger down the classified-data column. His finger stopped near the bottom. Someone accessed one classified drawing. Once again, it was contractor number five, Ramesh Nath. He’d found his rat.
Lee quickly logged in to his database manager’s account and put a Band-Aid on the problem. He removed all access to the classified drawing.
How classified data ended up in the development environment was another question for another time. Joe only asked Lee to determine who’d accessed what. But Joe hadn’t explicitly forbidden him from delving further. He wanted the goods on this person.
Should I probe deeper?
Stupid question.
If things went awry, he might have to beg for forgiveness later, but right now, he wanted to contact Ram without disclosing what he knew and to see how Ram reacted to a few pointed questions sprinkled randomly throughout their conversation.
The contact list for project employees was posted on the DEDS project website. But when he checked there, Lee found Ram wasn’t listed. Since it was after hours, he looked up the home phone for the Indian contractor’s program manager and keyed the number into his personal cell phone.
“Hi, Ash, this is Lee Brandt. Sorry to bother you after work hours, but do you have the phone number for Ram? It’s not on the project website.”
“I took it off because Ramesh flew back to Bangalore two days ago. We do not expect him to return to the project.”
Lee put his index finger on his desk calendar. “So he left on the fifteenth?”
Got out of Dodge the day after the classified drawing was accessed.
“That’s right. Do you want me to call my supervisor and put you in touch with him?”
He shook his head. “No, no, that’s OK. You don’t need to call anyone else.”
“I hope that his departure causes no problems.”
“No, no problems. Thanks.”
It did cause one problem. The rat ran before he could finger him.
Certainly there was more to this incident than simply an unauthorized person accessing a classified drawing. Ram viewed and printed a classified, radar-antenna-assembly installation drawing for a National Aerospace bomber, making him appear guilty of espionage. And then Ram left for home.
Once there, he would likely never be found, or prosecuted. Ram’s profit from selling the classified document couldn’t be much. The drawing was classified, but it revealed no big secrets. However, because of Ram’s crime, BBT could lose their multi-million dollar contract with National Aerospace. It was a huge risk for so little gain.
The whole breach scenario was illogical, or stupid, unless Ram was an agent for someone other than his employer. If so, he had a more sinister motive than small-time espionage.
Lee glanced at the clock. It was nearly 6 p.m. and he was alone in the lab. He grabbed his flash drive with all his portable freeware tools on it and walked across the room to Ram’s National-Aerospace-issued laptop, still docked on Ram’s desk. He logged in as administrator. With great expectations, he inserted his flash drive.
National Aerospace computer policies prohibited installation of unauthorized software on company computers. Running portable versions of unauthorized programs from a flash drive obeyed the letter of the law, but certainly not the spirit. But solving the mystery was important to National Aerospace, and possibly, to national security.
His portable applications manager popped open on the screen, and from it, Lee opened a program enabling him to trace network communications. But in the tray he saw the VPN client’s icon appear. Employees used this client to login to National Aerospace’s virtual private network when they worked off-site. But evidently logging on to the laptop had started the VPN client.
Strange. That wasn’t how National Aerospace’s VPN client was configured to work. The employee had to initiate it explicitly and use a special key to gain access.
Ram, because he was a foreign national, was not given an account to use the VPN client. While Ram’s behavior was a little bit fishy, his computer’s behavior appeared malevolent.
Had Ram hacked the VPN client? If so, what “enhancements” had he added? Who was the VPN client actually communicating with? And what was it transmitting?
Lee looked at the ports in use. On several pairs of ports, the laptop was communicating with some machine outside the company—ports that shouldn’t be used for these purposes. This wasn’t standard company software. Furthermore, two of the remote-host IP addresses—located in Texas and Colorado—were in states where National Aerospace had no employees.
Ram, what are you up to?
Convinced some sort of malware was loaded onto the laptop, Lee ran a full-system virus scan. While the scan iterated through the files on the laptop, he rummaged through the system files looking for malware, but saw nothing out of the ordinary. When the virus scan came back clean, he had exhausted his analytical resources.
He was going to need some help.
He decided to call his old friend and mentor, Dr. Howard Martin, at the university. Howie worked well into the evening when doing research. He taught computer security courses and did a lot of contract research, most recently for the FBI, DHS, and NSA—the kind of folks Lee could use right now. He pressed Howie’s entry on his cell-phone.
“Hello, this is Dr. Martin.”
“Howie, this is Lee Brandt. I’ve got a computer-security issue over here. The problem is with a contractor’s company-issued laptop.”
“Is the contractor there with you?”
“No. He left the country a short time ago—in a big hurry. It’s all very suspicious.”
“So you need someone to help you check out his machine?”
“Yes. I need to locate a well-hidden Trojan virus that’s communicating through our firewalls, and I need to know who’s on the other end. And, Howie, I need the help tonight.”
“Can you come over to my office at the university?”
“Sure, I can be there in fifteen minutes.”
“Good. I’ll have someone who can help you.”
“Thanks. See you in a few minutes.”
Why did Howie want him to come to the U? Sometimes the man had undisclosed motives which didn’t become apparent until later. Lee needed a break, so he was glad to accommodate his professor.
Lee walked to the parking lot and hopped into his blue, ‘65 Mustang convertible, his baby. When the 289, with its racing cam, began its sweet, syncopated rumble, a grin spread across his face. He slipped the performance automatic transmission into gear and headed north towards the University District and hopefully towards Howie’s cyber-sleuth.