Showing posts with label computers. Show all posts
Showing posts with label computers. Show all posts

06 January 2019

Chasing Pennies


bank vault
I've written about exploits in banking and brokerage fraud with further articles to follow. Bad banking practices don’t feature well in my write-ups. Institutions change only when they’re forced to.

Recently my fraud expertise touched upon the personal. A good friend fell victim to gaping holes in one of New York’s largest financial institutions, J.P. Morgan Chase & Co.

Lily is smart, pretty, and unattached. Two out of three is pretty good, but she means to win the trifecta. She doesn’t advertise, but merely hopes to attract the right kind of guy. She appears on social media: Facebook, Pinterist, and a singles’ site that’s been around some thirteen years, MeetMe.com, where she met an interesting fellow.

Telling the good from the bad isn’t always easy. By the time our malefactor (male factor or dirtbag are also suitable) stepped into the light, he already knew critical pieces of information about Lily: her real name (thanks to odious Facebook requirements), where she’s lived, family relationships, and importantly– her birthday.

MeetMe.com
For a few weeks, ‘Antonio Sanchez’ from ‘New Jersey’ wooed our lass on MeetMe. He didn’t do anything crass like ask her bank account number or credit card information; thanks to Chase’s security ‘features’, he didn’t need to.

As Thanksgiving approached, Lily traveled across the country, stopping to visit relatives in Greenfield, Indiana, home of another Lilly, the famed pharmaceuticals company. Our heroine happened to check her bank account and found it unexpectedly fourteen hundred fifty dollars richer.

Lily, not only smart but honest, sought clarification at the Greenfield branch of Chase. Greenfield couldn’t fathom the problem.

bogus check 1 (808869)
check 1 of 6 #808869
“You put money into your account in the early hours of the morning. Looks like you needed it. What’s the problem?”

“I didn’t deposit anything.”

“But you did.” Greenfield regarded her suspiciously. “You’re saying you didn’t?”

“Exactly. I didn’t do any such thing.”

“Well, lucky you. Someone likes you well enough to put coins in your account.”

*click* Instantly Lily knew who’d made the deposit.

A couple of hours later, the situation reached me. By then, other deposits had appeared. Curiously, monies were rapidly shifting among Lily’s three accounts. My fraud alert alarms clanged.

“If you make a withdrawal,” I advised, “calculate only what you own to the penny and not a cent more.”

“What’s the problem?” friends asked. “A handsome guy sending Lily money? Does he have any brothers?”

I spoke adamantly. “There is no money, no boyfriend in New Jersey, no gold at the end of the rainbow.” When I explained the con, Lily agreed to join me for a visit to the Indiana State Police.

Indiana State Police
The man manning the reception desk told us all detectives were out of the office and wouldn’t return until the next day. Lily asked if she could file a report.

The grizzled trooper brought forms out to us in the lobby. He stood by as Lily tried to explain the situation.

He interrupted her. “A guy giving you money is no crime. No crime, you can’t file a report.”

I said, “There is no money. It’s a con…”

The trooper threw up his palm in a ‘Talk to the hand’ gesture. Cops are trained to seize and maintain control, even when counterproductive. He went on to lecture Lily, not so much accusing her of wasting police time, but of being silly.

“May I explain?” I said as levelly as I could. “There is no money, only fake deposits. He will use that false balance to pay himself.”

The cop paused, considering. “Wouldn’t work,” he said. “If I deposit a check, I have to wait a few days to withdraw funds.”

“That’s why he’s moving money around her accounts. Some banks, perhaps including Chase, lose track of new deposits as they’re moved around. The technique is called seasoning, losing the new deposit tag and making the money look like it’s aged on account.”

“I’m a road warrior,” said the trooper. “I’m not up on these things. Yeah, I’ll have a detective phone you.”

Virtually next door to State Police Headquarters, we’d noticed a Chase branch. Lily made the wisest decision of the day, visiting the bank for an update.

The young woman listened attentively. She quickly grasped the situation. “Oh my God,” she said. “I received a notice exactly like yours of a deposit early in the morning. I need to check my own account before I go home today.”

Together, the three of us discovered additional deposits and further shifting around of money. By then, funds had been used to buy the first Western Union money order made out to an unknown and very foreign name.

“Let me guess,” I said. “The money’s sent to Nigeria?”

“If Lily didn’t give this jerk her personal information,” the young lady said, “how did he get into her account?”

I explained one hypothesis. I’m a vocal critic of the so-called security questions routinely forced upon on-line customers. “What city were you born in?” “What was the name of your first pet?” “What’s your favorite team?” “What’s your favorite color?”

With the slightest information, bad guys find it ludicrously easy to guess the answers. The favorite color question often includes a helpful drop-down menu of eight colors. No one chooses black or white, so a malefactor can guess the answer in six tries or less.

The young branch manager rang the fraud department. She posed the same question to them, who replied “There are so many ways to breach an account…”

bogus check 2 (808870)
check 2 of 6 #808870
The bank gave us copies of the checks. One peculiarity came to light. Chase said it appeared the Nigerian repeatedly deposited the same two checks over and over, fooling Chase and highlighting another flaw in their security, a defective filter for detecting duplicate deposits.

Chase froze Lily’s accounts, leaving her stranded without travel money in the midst of a cross-country trip. But wait, we’re not done.

Lily awoke the next morning, finding her accounts unlocked and a half dozen or so deposits burgeoning her balances.

Lily phoned Chase to let them know further monkey business was afoot in her reactivated accounts. They quickly closed the window and her accounts, again cutting off her funds.



Big banks and little people, comes now the pathetic part. Instead of expressing gratitude for Lily’s quick action of notifying them of fraud, Chase blames Lily for the leaking of money from the bank. Their stance is that Lily either worked with the malfeasant Nigerian to defraud Chase, or at the very least handed over her account information to the bad guy. As you now know, that doesn’t have to happen. All it takes is sloppy banking.

Besides seizing Lily’s bank balance, Chase now demands another $600 in compensation for their losses. Good move, Chase: encourage honest citizens to rush in to report fraud made possible by your own shortcomings.

It’s a great day for banking. Have you had similar experiences?

01 October 2017

You, Identity Theft Victim


Today’s article outlines the massive Equifax identity theft that’s still surfacing today. For the first steps in protecting yourself, you can jump to the distant section on discovering whether you have been targeted and obtaining security features that have been made free for you.
Equifax investigated
Monetizing Your Body

Commercial law can be a peculiar thing, who owns what and why companies have certain rights you don’t. For example, you enter a hospital for surgery. Doctors snip out some piece of you. Likely, you never question who owns that removed bit of flesh or bone and you’re happy just to get rid of it.

Suppose doctors discover something unique and potentially highly profitable in that tonsil or toenail, your appendix or gall bladder. Your DNA might save millions of lives around the planet and earn billions of dollars… none of which you’re entitled to. Unless you signed an agreement otherwise, the physician or hospital owns that biological bit of you including the rights to exploit it. One woman actually applied for a patent on her own body for such a circumstance.

Monetizing Your Life


Financially successful corporations make tidy profits collecting information about you, not merely your earning and spending habits, but where you live, work, school, shop (or shoplift), if you’ve been to court and why. The peculiarity is you don’t own that data. Huge companies do and often their information is wrong and sometimes misused.

A few years ago, credit bureaus were finally forced to hand out credit reports to those who demanded them (a) no more than once a year or (b) if you were turned down for credit. But… odds are high you’ve never seen your full report, because it can contain information the bureaus don’t want you to know. When a mortgagee or a banker or employer receives your credit report, a line at the top might instruct them not to show the report to the subject (you or me), followed by information or opinions they don’t want shared with the… well, victim.

For example, the redacted secret part on my own credit report read “suspected of using false address.” This came about in two ways. First, I had been buying property, a dozen addresses were associated with my name, so I relied on a post office box, much as my grandmother had done. Second, the US Postal Service allows post box renters to use the post office’s physical address, quite handy for imprinting on checks. Such an address looks like:
Chandler Hammett
1201 Post Industrial Drive #107707
Los Angeles, Ca 90210-7707
In my case, the comment didn’t particularly affect me, but imagine someone applying for a sensitive job. The HR department reads the line “suspected of using false address,” and suddenly the potential employee is rejected with no reason given. The applicant should have a right to know about that careless assessment, but has no way of learning of or correcting the report. Why? The bureaus own the reports, you and I don’t.

Monetizing Miscreants

In a past article, I pointed out that curious hackers– the benign exploring kind– can receive severe prison sentences for merely poking around in data warehouses and behind the scenes in web databases. I argued that bankers and merchants who fail to secure vaults, leave doors unlocked, and don’t hire a watchman should be punished as well. If any major office didn’t lock its doors, could you blame kids for wandering in and looking around?

Let’s discuss Equifax, which has suffered an extraordinary data loss to a ‘state actor’… presumably China, North Korea, or Russia. Stolen is your name, social security number, credit card numbers, drivers licence, address, and all the minutia that makes you you. With this kind of data, thieves can lie low for years before springing into action.

I say that as fact, because thieves (state actors) stole the records of the vast majority of working and retired citizens in two separate breaches. The second theft (the first was acknowledged only after the second came to light) affects between ¾ and ⅞ of American adults. Equifax admissions have edged upwards from 153-million stolen files to 182-million; outside assessments estimate as high as 200-million or more.

Note: Canadian and British records have been stolen in the same breach. Equifax says they’re “working with UK regulators,” whatever that means.

Monetizing Misfortune


Equifax executives cashed in stock before the breach became public, attempting to option their knowledge for their personal profit. Then after the big reveal, the company offered to help protect user accounts through a subsidiary— for a fee. Equifax and their security pet since had their arms twisted into providing the services free.

Political response has been as antithetical as you might expect. Congressional members of one political party sent a demand letter to Equifax with a deadline for explaining details and corrective actions. Contrarily, in defense of Equifax and in fear of impacting deregulation, the other major party is working a bill through Congress to limit the liability of credit bureaus and other companies.

Have You Been Hit?   866-447-7559

Here Equifax estimates whether or not your data has been sucked overseas. Be cautious of similar links, because identity thieves are working those, trying to snatch whatever data they can. Use this link:
☞  Has my data been stolen?
Note that updates may still be made, so it’s possible an all-clear this week might turn into a false negative next week. Tap that link to see if you’ve become a victim:

Once you receive an indication, you can decide what to do next. Equifax can take several days to email you about options (now free) that they provide. The FTC offers suggestions and guidelines.

Equifax will provide ninety days of ‘fraud alert’ (notification of identity theft) and a year of monitoring, which can be renewed indefinitely. You may also choose to lock or freeze your account and ‘thaw’ it only when you apply for a loan or other use.

Use the phone number (866-447-7559) above if you have questions or need help you can’t find elsewhere. Contact the other credit bureaus to notify them your identity and data has been compromised.

Equifax Inc.
P. O. Box 740241
Atlanta, GA 30374-0241
800-685-1111
800-525-6285
1150 Lake Hearn Drive
Atlanta, GA 30342
fraud: 800-525-6285
web site
Experian
P. O. Box 2002
Allen, TX 75013-2002
888-397-3742
888-243-6951
701 Experian Parkway
Allen, TX 75013
fraud: 800-397-3742
web site
Trans Union Corp.
P. O. Box 1000
Chester, PA 19022-1000
800-916-8800
800-888-4213
2 Baldwin Place
Chester, PA 19022
fraud: 800-680-7289
web site

Let us know if you’ve been hit. In the meantime, be safe out there– state actors abound!

29 April 2017

Over-Byters Anonymous


 Family Fortnight +  Leading up to the  International Day of Families on the 15th of May, we bring you the first in a series about mystery writers’ take on families. Settle back and enjoy!
by Melodie Campbell (Bad Girl)
Here's my salute to the wonderful families who put up with us crime-writers! 
I write mystery and suspense fiction.  Lately it's been taking over my life.

I blame this on my new laptop.  Sleek and slim, it accompanies me everywhere: in the car, at the kitchen table, in the loo.

Unfortunately, it has become too convenient.  I have become a victim of the Computer Black Hole of Time.  Take last week, for instance:

"Quick - the laptop! I have an idea and I don't want to lose it."

"Oh no, Mom!  Not the laptop!  Don't do it...don't turn it on...don't"
(Insert theme song from Twilight Zone here.)

Alas, poor Natalie.  She knows what is to come.  Like Jeff Goldblum in that remake of The Fly, I merge with my mini-computer.  We become one.  Conscious only of our own existence.  Oblivious to the sounds of life around us.  Consumed by the story that has to come out of us.

Somewhere, a voice cuts through the fog.

"Mom, I'm hungry."

Normally a staunch advocate of the five food groups, I forget all about artificial flavour, colour dye number 412 and hydrogenated everything.  Lost in the netherworld of word-processing, I utter the dead giveaway:

"There's some Twinkies in the cupboard."

Natalie shakes her head in despair.  "She's gone."

Tap tap tap.  Fingers on the keyboard have a rhythm all their own.  Mesmerizing.  Hours shrink to minutes.  Like a jigsaw puzzle half done, the shreds of my story are piecing themselves together.  If I can only...

"Dad's home, Mom."

"Just a sec."

"It's dinner time, Mom."

"I think there's some Oreo's in the cupboard."

Back to the keyboard.  The laptop is humming our tune.  Words glide across the screen in a seductive dance.  I'm caught in the feverish whirlpool of setting, viewpoint, characterization and climax.

An electric can-opener disturbs my train of thought.

"Earth to Mom.  Want some tuna?"

"Just a sec."

"Honey, are you all right?"

My husband's voice.  What is he doing home so early?

"We're eating now," he says.

"Have a Pop Tart," I blurt.

Natalie shakes her head.  "Give up, Dad."

I'm back to the screen, running with my story character...heart pounding, mind agonizing.  Will he get to the scene before the murderer?  Will he be in time to prevent it?

Somewhere in the house, water is running - pounding on porcelain like thunder.  Hey, that's it!  Add a blinding thunder storm, the hero running through sheets of rain, slipping on wet pavement, unable to read the house numbers....

I PG UP and start revising.

"Night, Mom."

"Night, Mommy"

"Murrmph?"  I don't look up.

Finished.  I save copy and turn off my partner in crime, the laptop.  Draft one, complete.  What a team.  Sitting for hours in one position, I am oddly invigorated.  Ready to run the Boston Marathon, and looking for company.

It's dark outside.  The house is quiet.  I thump upstairs, looking for everyone.

Even my husband is in bed.  I sit on the edge of the mattress, bewildered.

"Why is everyone in bed so early?"

My husband pokes his head up.  "It's 3 a.m."

"It is?"  Astonishing.  Once again, I have been a victim of the Computer Black Hole of Time: entire hours mysteriously devoured by the simple on-switch of a computer.  I contemplate starting a self-help group for chronic users:  Over-Byters Anonymous.  But I don't think I could deal with the separation anxiety.

"Wanna read my story?" I ask eagerly.

There are limits to the devotion of even the most supportive family.

It's 3 a.m.  He declines.

Added note:
Today is Authors for Indies day in Canada.  By Indies, we mean independent bookstores.  All across the True North, authors are appearing at independent bookstores to do signings, and show their appreciation.  I will be at Different Drummer bookstore in Burlington, Ontario, this afternoon.  Many thanks to all our independent bookstore owners!

Melodie Campbell got her start writing standup.  Her books and short stories have won 10 awards, even though they are probably certifiable, poor things.  Read at your own risk. www.melodiecampbell.com

20 March 2016

Duping Delight


He lied for pleasure,” Fuselier said— Supervisory Special Agent Dwayne Fuselier, a clinical psychologist and an FBI investigator.
In this case, he was talking about Eric Harris of Columbine notoriety. But millions of people who aren’t mass murderers also lie for pleasure. They tread beyond compulsive, they go beyond obsessive– they lie for enjoyment, gratification, and amusement.

Telling Lies by Paul Ekman
Psychologist Paul Ekman says lying represents a key characteristic of the psychopathic profile. He calls it ‘duping delight’.

It’s rare for the average person to get to know a criminal mind. I’m not talking about the desperate committer of crimes or those who’ve lost their way, but people who deliberately set out to steal or defraud for no other reason than they wish to.

Oddly enough, most fraudsters I’ve personally known have been disbarred lawyers. Truly. Wait, I’m not picking on lawyers as a class nor am I providing fodder for lawyer jokes– we can do that another time if my friend Dale turns a blind eye. But for unexplained reasons that seem beyond coincidence, the major swindlers I’ve encountered have been former attorneys and one a former judge. They all hail from Florida as well, formerly a haven for con artists and scammers selling underwater parcels of land.

My friend Sharon sent me an Orlando Sentinel article titled “Husband of disbarred attorney sues her, alleging fraud, forgery.” Strange as that sounds, it barely hints at the machinations involved… you’ve got to read the article.

It put me in mind of another lawyer whom I’ll call Dr. Bob Black.

Judge Not Lest… an opinion piece

I met ‘Dr. Black’ at a local college campus. We chatted between breaks. He failed to let on he’d been disbarred, although he mentioned numerous times he’d been a judge. He shared he was raised in financial comfort and had been well educated. His relationship with his parents, especially Bob Sr, sounded complex and later left me wondering about the residual effects.

Black had bought a minor mansion in an Orlando historical district. He’d gutted it and was in the process of slicing its interior into small apartments when the Historical Society called a halt, pointing out that ruining a historical building and establishing multi-family residences in a single-family zone was forbidden. Unfazed, Black put it up for sale, advertising it as partially converted to apartments but possibly not mentioning the legal stumbling blocks.

At the time of his real estate ventures, Bob was also hawking a computer he called the Macintosh XLS. I recognized the machine as an Apple Lisa, the forerunner to the Mac, although Black claimed it was not a Lisa but a super-advanced product that outclassed other computers— especially its price of $10 000, about five times the price of a Mac at the time.

A little research showed he was buying refurbished units from a company in Shreveport, bundling them with freeware and shareware, and offering training worth “thousands of dollars.” As it happened, he was paying less than $40 for adult classes at Winter Park Tech where my friend Geri taught. Geri found herself with more than one of his victims in her classes, including one man whose wife was dying of cancer and was barely holding together emotionally.

The Scheme

Black was buying outdated, refurbished computers for a few hundred dollars, adding freeware (free software) and $40 worth of classes, and then selling them as high-end products to the unsuspecting.

Dr. Black was a snappy dresser. Even at casual gatherings he wore suits, and under his suits he wore sweater vests, not a common sight in Florida.

He liked talking to me, even when I’d call him on some of his shenanigans. When I asked barbed questions, he showed a politely bland face, no anger or irritation at all. I wondered if he masked his feelings or felt nothing at all. Did he choose me just to have one person to talk to?

He claimed to have been a judge, and apparently that was true. The ‘Dr’ part he tacked onto his name– He liked the sound of it. Beyond the connotation of ‘juris’, it had no more meaning than the ‘Dr’ in Dr. Pepper.

Judgment-Proof

Black confided he was ‘judgment-proof’ and explained he maintained real property in his wife’s name and kept all his other assets offshore. The topic of disbarment didn’t disturb him… he simply acted as if he didn’t hear those questions, although once he hinted at a political misunderstanding.

One of his controlling peculiarities was to arrange meetings with clients at odd minutes on the clock, say 9:42 or 10:13. Black claimed he was too tightly scheduled to waste appointments on the half or quarter hour.

His attitude toward ripping off people was entirely incomprehensible to most observers. Black exhibited zero contrition but especially no shame whatsoever. He displayed a bullying arrogance toward anyone he could. He may have fancied himself superior to lesser people; others were merely ants that he righteously stepped on if they got in his way. Bob seemed to typify a sociopath in every sense of the word.

The Detective and the Reporter

A pair of related calls came in on my consulting line. Geri had referred one caller, a former New York City homicide detective who’d been defrauded by Black. The other was from our local WCPX star consumer crusader, Ellen MacFarlane. The detective happened to know Ellen’s mother, a NYC judge, and her sister, a force within the New York Department of Consumer Affairs. They asked me if I would provide technical knowledge for an exposé of Dr. Bob Black.

Ellen suffered from multiple sclerosis, but she was a fighter. I sat in on the interviews, sometimes feeding her questions. Black’s strategy was to answer no question directly. If she asked him about reselling obsolete equipment, he would respond with a rambling discourse on Steve Jobs, Reaganomics, and local gardening regulations. He exhausted the lady, but Ellen managed to air the segment.

The detective wasn’t done. He sued Black and called me as a witness.

We sat waiting for Black in the judge’s chambers. At nearly half-past the hour, the phone rang. The judge put it on speaker phone: A whimpering Black claimed he was deathly ill.

The judge said, “Frankly, Mr. Black, you don’t have much credibility around this court. However, I’ll continue this case if you get a doctor’s note to me within three days.”

Upon my return to court, I bumped into Black. He always acted polite to me and he did so this time, impervious to my cool nod. This time, the parties indicated they were considering a settlement. I wasn’t called to court again so I don’t know what, if any, judgment or restitution was involved.

To say Black was a scoundrel or a rascal is to diminish the impact he had on others. The Yiddish word ‘gonif’ comes close, implying a thief and a cheat.

Most of us would like to leave the world a better place. Besides social currency, reputation is a reflection of future self, the part that remains after we’re gone. We can’t all be great authors, musicians, artists, nurses, and teachers, but we can be good people. People who don’t care are alien to the rest of us.

I’ll bracket this article with “in my opinion,” but Black made a living from cheating people. He could argue he gave naïve people what they asked for (“They should have done their homework”) and what he promised (“So what if I sold them free software and who’s to say the $40 course isn’t worth thousands”).

For all that, my greatest astonishment centered around his lack of shame. I used to attend LegalSIG, a special interest group run by a local law firm concerning matters of business and law. Black would attend, showing no chagrin, no humiliation, not the least discomfort. Most people would not put themselves through such mortification, but Black felt no discomposure. He was internally ‘judgement-proof’ emotionally as well as financially.

Friends asked why ‘Black’ singled me out to talk. Partly, people found it easy to chat with me, even confide, but also I could listen without hating him, which I suspect many of his colleagues and victims must have done. From him, of course, I heard only fragments of his exploits. He never mentioned the word ‘victims’, but hinted those who’d fallen for his schemes were weak-minded. He sometimes suggested when his prey rose up, they were unfairly trying to victimize him for being the more clever.

I can’t read a mind like his, but I began to suspect that if he dealt with emotions at all, he might have felt no wrong. He might even have believed himself entitled, that he had the right to exploit lesser humans, those who could not harm others. If so, I feel sorry for him. But I'll never know for sure.

12 July 2015

Techno-dull


Mr Robot
Edgy. It’s what a new USA Network television, Mr Robot, is trying for, so edgy that producers are getting ulcers trying to make it happen. And cyberpunk. It’s oh, so cyberpunk, rebel without a clause, pass the opiates please. It’s new, it’s now, it’s different, and it's supposed to be ultra-tech-savvy. It has exciting technology working for it… or does it?
One of Dorothy Sayers' novels, The Nine Tailors, is noted for its portrayal of campanology– professional bell-ringing. Sayers was largely complimented for her accuracy of detail. In a small way, she created kind of a techno-novel. Since then, many authors have created stories detailing technology of one kind or another– military, espionage, aerospace, medical, or computing.

Bluffing computer experts is tricky, especially the ‘leet’, the priesthood as it were, the 1% of 1%, the dei ex machina, code-slingers, bit busters, programmers of the programs that run programs. Rendering a story about computers takes more than networking verbiage and Unix gibberish. Bear with me as I wade into technical detail.

Going Viral

John Brunner’s Shockwave Rider introduced the concept of viruses, but most novels and virtually all movies get the technology wrong. That doesn’t mean a reader can’t enjoy some stories. Thomas Joseph Ryan’s The Adolescence of P-1 was a good read. 2001 A Space Odyssey was smart, the letters HAL being one displaced from IBM. And for hopeless romantics, Electric Dreams gave movie-goers a Cyrano de Bergerac love triangle featuring a computer named Edgar.

But a story shouldn’t pretend to be something it isn’t. An Amazon review about a computer novel by a top-rated mystery writer said the commenter got laughs reading aloud excerpts to employees in the company lunchroom. That’s not the kind of critique anyone wants.

Dennis Nedry
Dennis Nedry from Jurassic Park
Casting Stones

Casting is another problem with computer shows. Techno-geeks’ IQs typically run high, but that’s seldom how computer experts appear on the screen. One example of awful rôle selection occurred in Jurassic Park, that of an unlikely computer sysadmin, the oafish and creepy Dennis Nedry. We’re going to talk about lack of subtlety: Nedry / nerdy, get it?.

If Hollywood doesn’t stereotype a sallow, shallow wimp with taped glasses, they opt for the opposite, a busty beauty in a skin-tight action figure costume. Movie makers think an eye on the décolletage prevents audiences noticing thin characterization.

When I think of actual top geeks (someone without my movie star looks– stop laughing), I think of colleagues like my friend Thrush, programmer Bill Gorham, software architect Steve O’Donnell, or a handful of others. These ordinary guys possess the extraordinary ability to make machines dance to their own tune.

Robin Hoodie

The show’s idea of characterization appears twofold. First, dress the part: Make the protagonist, Elliot Alderson, sullen, slurring, antisocial, slouch through life in his hoodie. Have ruthless, junior exec Tyrell Wellick wear designer ties and suits. Decorate drug dealers with lots of tats. Mission accomplished.

The other part of the simplistic characterization is the creation of a polarized ‘them versus us’ atmosphere: hoodies v suits, punks v preppies, young v old, crackers v hackers, morphine users v tweakers v coke-heads, Anonymous v the establishment, bad guys v the other bad guys, capitalists v socialists v nihilists v anarchists… which might be interesting if someone had bothered to delineate a bit.

Elliot, the main character, is a morphine-addicted presumed programmer– he once mentions source code. The guy is a pathological liar who lies even to himself, then follows up by telling people in slurred speech, “I’m just being honest.” He drinks ‘appletinis’ and tells his shrink he’s not a junkie, even as he snorts his drug of choice. Supposedly this doesn’t impair his ability to dig into the bowels of computer networks.

A major problem here is that mainly druggies find drug users entertaining. One shouldn’t have to be stoned to appreciate a television show, but drug use and overuse underlies a major theme of Mr Robot. Elliot’s Asperger’s syndrome one can deal with, but his continuous mumbling is hard to stomach.

Of all the cast, only the female characters appear likable and worthwhile, Elliot’s shrink, Gloria, and his childhood friend and co-worker, Angela. Elliot and Angela telegraph to the audience their unrealized attraction as in a third-rate romance novel.

Tyrell Wellick represents the only alpha male in that universe, a ruthless junior exec but one who keeps his eye on the prize. As the best drawn character, he’s a sadomasochistic and exploitative bisexual who goes all out for what he wants. The actor speaks fluent Swedish but god-awful French, more than once butchering the word ‘bonjour’. Wellick does win on other points: When his pregnant wife asks for a bondage session, he’s reluctant to proceed, trying to be gentle.

Anonymous

A major factor– or malefactor– in the series is Mr Robot, a sociopathic anarchist played by Christian Slater looking exceedingly bored throughout. ‘Mr Robot’ is the name of a tech support company, passed on to Slater.

He’s formed ‘fsociety’, a squad of hackers patterned after the group Anonymous. Instead of Guy Fawkes masks, fsociety uses the likeness of that Parker Brothers’ mustached tycoon, Rich Uncle Pennybags aka Mr Monopoly.

Uncle Pennybags © Parker Bros.
In reality, fsociety is disappointingly unlike Anonymous. The latter is focused on justice and exposing inequity and corruption, not anarchy for its own sake. Anonymous gives an impression it values human life, unlike the show's producers who suck hours out of your life never to be returned.

Unsubtle

Those of us in the US tend to confuse and conflate capitalism with a free market economy; Mr Robot drops any distinction at all. Fsociety is dedicated to gutting Evil Corp (which deserves it) within a larger goal of bringing down the economy.
  • E: Evil Corp– that’s its unimaginative nickname– is the company that Elliot, Angela, and Tyrell work for. Obviously, subtlety isn’t held in high regard among the writers. The company’s E logo simultaneously hints at an actual secretive government provider and evokes ‘E for everyone’ entertainment ratings.

  • F: Two guesses what the F in fsociety stands for, subtle like a sledgehammer.

I tried to imagine the original cocaine-fueled pitch for the series. I think it went something like this:
“Like okay, man… (sniffff) There’s this guy, hacker dude, we’ll dress him in a hoodie so everyone thinks Robin Hood, see. (sniffff) And there’s this evil corp, we’ll call it Evil Corp so the audience can’t miss it. (sniffff) Listen, I confuse free markets and capitalism, but let’s say we burn down the economy… What do you mean, how would I cash my paycheck? What does that have to do with anything? Oh, irony, I get it. That’s good, that’s good. We’ll include irony.”

Verisimilitude

The series makes a stab at hi-tech realism, not particularly savvy, better than some shows, not as good as others. Writers drop a few Unix buzzwords (Gnome, KDE, TOR) and gloss over how their network was penetrated.

Elliot identifies a supposedly infected file that fsociety wants him not to open: fsociety00.dat. Amusingly, the IP address associated with the bogus file is 218.108.149.373, an impossible address like movies using 555-1234 as a phone number. (Geekology trivia: An IP address resolves to four bytes in binary, so each number of the group must be less than 256.) Mr Robot offers no specifics how Elliot tracked down the file in error, but the date and a bogus IP address should have clued in even a noob, never mind our ersatz hero.

Elliot passes the file on to a colleague, saying he’s done the hard work and ‘all’ that’s left is the encryption, as if that’s nothing. *bzzz* Wrong answer.

The program promulgates the notion that if someone has a root kit or hacker tools, they’re somehow an ultra-savvy user instead of being like any other mechanic with the right toolbox. The real guys with the smarts are the black hats who write the hacker tools and the white hats who find ways to combat them.

The show also advances the prejudice that ‘old people’ (presumably over 25) can’t deal with technology. A little reflection would have shown that the very systems Elliot and his hacker friends are using were designed by the old guys who themselves built on the shoulders of greater giants. (Articles on Anonymous have shown that the inner core of the organization isn’t strictly young guys as popularly imagined, but largely socially conscious programmers from the late 1960s and early 1970s who range upwards in age into their 50s and 60s.)

Elliot sneers at the CEO of E-Corp for carrying a Blackberry, ignoring the fact that an executive can run a company or tinker with technology, but probably not both, not at the same time. The US State Department deliberately uses Blackberries because they’re less susceptible to hacking… but that sort of realism would cut the series short.

Later, Elliot denigrates a hospital IT manager, William Highsmith, but even as he’s disparaging the IT guy, Elliot uses his supposed superior hacking skills to type the word NEGATIVE into his drug screen. Nothing screams phony like spelling out a presumed binary value instead of clicking the bit setting like true experts and their grandmothers would have done.

In the third episode, Elliot gives a stoned soliloquy on debugging. He’s correct in that finding a bug is usually the hardest part of the problem, but then he awkwardly extends an analogy of bugs into the real world of people and society.

Commodore 64
Halt and Catch Fire

Based on a single episode, a competing series Halt and Catch Fire has a much better and more realistic grip on technology and story-telling. Their team planned how to fake an AT&T computer by kludging together parts from a Commodore 64. Unlike the vague buzzword-dropping, watch-the-other-hand unexplained ‘magic’ in Mr Robot, the HCF scheme could actually work.

From both a writing standpoint and a hi-tech background, Mr Robot disappoints. I expect more… more characterization, more plot, more realistic tech. And less morphine, please, much less. I’m a minority, but my tech-savvy friend and colleague Thrush, who still keeps his hand in the land of Unix, also expressed dismay, finding the show dark and dismal with a poor handle on technology.

Mr Robot is like a 1960’s drug culture anti-establishment film, entirely unentertaining. But that’s my take. What is yours?

08 July 2015

Scattered Castles


There's been a lot of smoke and mirrors lately about the Chinese hacking into computer networks all over the place, and of course it isn't just the Chinese. Cyberattacks have become a lot more common. Anybody remember STUXNET, the virus that targeted the Iranian nuke R&D? Nobody's copped to it, but we can imagine it was probably a joint effort by the U.S. and the Israelis.
My own website was hacked by some Russian trolls. I don't know what the object was. Bank fraud, or Meet Hot Slavs?  It wouldn't be to use any of the actual information from my site, but to compromise the server pathways. FatCow, the server, hosts a buttload of websites, and once in the back door, you could cherry-pick all the caramels, and leave the liquid centers behind.

The point of the Chinese hacks is that they're not amateur or random, by and large, but directed by the Ministry of Defense, against specific hard targets. The big one, most recently (or at least most recently discovered), is the security breach of the Office of Personnel Management. I know this doesn't sound all that glamorous or hot-ticket - OPM is basically the U.S. government's Human Resources department, the central clearinghouse - but in fact it's a big deal. Best guess to date is that 18 million files have been penetrated, and that's a lowball figure. 

Here's what makes it important. OPM is responsible for security clearances, access to classified material. Back in the day, this was the FBI's job, but it's presently estimated that 5 million people, including both government employees and contractors, hold clearances, and the FBI's current staffing is 35,000. You do the math. The numbers are overwhelming. OPM, in turn, farms this out to FIS, the Federal Investigative Services, and the private sector.

But wait, there's more. The intelligence agencies, CIA, NSA, the National Reconnaissance Office (the spy satellite guys), have their own firewalled system, know as Scattered Castles. For whatever reason, budgetary constraints, too much backlog, or pressure from the Director of National Intelligence, the spook shops were instructed to merge their data with OPM's. So was the Defense Department. A certain amount of foot-dragging ensued, not just territory, either, but concerns about OPM's safeguards. In the end, they caved. Not to oversimplify, because the databases are in theory separate, but it created an information chain.

Suppose, and it's a big suppose, that Scattered Castles is accessible through the OPM gatekeeper. Nobody in the intelligence community, or OPM, or the FBI (which is the lead investigator of the OPM break), will go on the record one way or the other. Understandably, because they'd be giving whoever hacked OPM a further opportunity to exploit, if they haven't already. This is a case of locking the barn door after the horse is gone. The worst-case scenario is that active-duty covert agents could be exposed. And bear in mind, that when you're investigated for a security clearance, you give up a lot of sensitive personal data - divorce, bankruptcy, past drug use, your sexual preference - the list goes on. Which opens you up to blackmail, or pressure on your family. This is an enormous can of worms, the consequences yet to be addressed.

OPM uses a Web-based platform called eQip to submit background information. You might in all seriousness ask whether it's any more secure than Facebook. The issue here, long-run, isn't simply the hack, but the collective reactive posture. These guys are playing defense, not offense. The way to address this is to uncover your weaknesses before the other guy does, and identify the threat, not wait for it to happen. Take the fight to them. Otherwise we're sitting ducks.  

It's amazing to me that these people left us open to this, quite honestly. They don't go to the movies, their kids don't play video games, they're totally out to lunch? It ain't science fiction. It's the real world. Cyber warfare is in the here and now.

Heads are gonna roll, no question. OPM's director is for the high jump, and her senior management is probably going to walk the plank, too. This doesn't fix it. What needs fixing is the mindset. We're looking at inertia, plain and simple, a body at rest. We need to own some momentum. 


http://www.DavidEdgerleyGates.com/



08 March 2015

The Kaspersky Code


Three weeks ago, Kaspersky Lab, the Russian security software maker exposed a cyber-espionage operation that many believe originated within the NSA. The devilishly clever bit of code hides in the firmware of disc drives and has the ability to continuously infect a machine. If you use a Windows computer, there’s a good chance it’s not only infected but was built that way likely without the manufacturers' knowledge.
Kaspersky researcher Costin Raiu says the NSA couldn’t have done it without the source code.

What?!!

The contention that the NSA definitely had access to the source code is not only patent nonsense, it ignores that fact that Kaspersky themselves supposedly didn’t have the code. Having the source code is the easy way, perhaps the preferred way, but it’s hardly the only way.

A Reuters article speculates how the NSA might have obtained the source code and indeed, one of those is a likely scenario. But it’s also feasible to do the job without the source and I’ll show you what I mean, a technique I used to unravel computer fraud programs. Fasten your seat belt because this is going to get technical.

World’s Greatest Puzzle

Those around in my Criminal Brief days know that I love puzzles. For me, the ultimate puzzle has been systems software programming, making the machine do what I want. But sometimes I’ve come up against puzzles, some benign, some not, where I didn’t have the source code.

Let’s try an example. What if we found mysterious code in our computer that looked something like this:

confused pseudo code snippet
Mysterious Snippet of Computer Code

If you can’t make sense out of this, you’re not alone. 98% of computer programmers wouldn’t know what to make of it either. But if you look closely, the data populating the upper block looks different from that in the lower block. This is a clue.

Unlike commercial and scientific programs, systems software deals with the operation of the computer itself– utilities, communications, and especially the operating system. The realm of a computer’s internals are abstract, far more so than the Tron movies. Key aspects seldom relate to real-world equivalents. Sure, we say that RAM is a little like notes spread out on your work table and that disc storage is kinda sorta like a file cabinet… but not really. Even the term RAM– random access memory– is misleading; there’s nothing random about it.

Back in the real world, let’s say you want to write a simple program that adds the number of apples and oranges. In most programming languages, this code would look like this:
total = apples + oranges
Internally, a program loads apples and oranges into registers (kind of like keying them into a calculator), adds them, and stores them in a variable called total. If we were to write this in the argot of the computer, we’d use assembly language mnemonics, an abstraction of the computer’s machine language. Deep, deep down in a program, we’d see nothing but numbers where we count…
0, 1, 2, 3, 5, 6, 7, 8, 9, A, B, C, D, E, F
Yes, A-F are digits in this context. Within the computer, our little program above might resemble…

simple pseudo-code program: total=apples+oranges
total = apples + oranges

What isn’t obvious to many programmers is that computer instructions are data. Indeed, some black-hat crackers (the bad guys) have used this property to sneak malware onto unsuspecting computers.

If you look again at the original sneak peek of data, you’ll start to see patterns and may even pick out the machine instructions from our code example above.

clarified pseudo code snippet
Less Mysterious Code Snippet

This puzzle solving is called reverse engineering. It’s possible to write a program called a disassembler (I have) or a de-compiler (I haven’t) to decode the machine language into something more intelligible. The program has to be smart enough to not only separate actual data from instructions, but distinguish the type of data.

As you see, compiling source into binary executable code isn’t a one-way street. With dedication and know-how, reversing the process is well within reach.

How safe do you feel now?

05 February 2014

Call of the Wicked





by Robert Lopresti

I have a friend who has a mother, a wonderful lady we will call Kate.  She is a smart woman who, at a time when many people were retired,  was still doing biomedical research.  That  kind of smart.

But time has passed and she is retired now, and living in a senoir home, what is known as an independent living center.  And one day not too long ago she got a phone call from someone who said he was calling from Windows.  He explained that they had found that her computer was about to crash but he could fix it if she gave him control.

Well, you know what happened next.  She had to call someone from the office to yank the plug out of the wall to turn the computer off, and then she had to buy a new computer.  (According to the guy who looked at her machine, if you suffer this type of hack, the trick is to get someone to fix it before you log on again.  After that, its too late.)

I won't go through the misery that followed: closing bank accounts, changing passwords, destroying credit cards.  Because that is all minor inconvenience, as tedious and infuriating as it is.

The real damage was done inside Kate's head.  Falling for that trick damaged her self-confidence and self-image, because she knew she would not have done so a few years before.  And that is the true, soul-destroying evil accomplished by these morally-bankrupt thugs who deliberately aim their scams at seniors.

For some reason, this makes me think of Dick Francis.  One of the things I like best about his work is that his characters never lost their shock over bad guys doing bad things.  While the heroes of Chandler get cynical and  see the glass as not only mostly empty but slightly moldy, Francis's men stay outraged and furious.  That doesn't belong to you.  Put it back!

From time to time scholars have pondered why so many people are fascinated by crime fiction.  Part of the answer, I think, is that we all deal with villains and the mysteries give us a pain-free way to reflect on them.  And, in fiction, at least, we can sometimes defeat them.

Until next time, watch out for the bad guys.

18 August 2013

The Truth shall set thee free


by Leigh Lundin

For at least the past half century, clerks and bureaucrats offer consumers the excuse “It’s not our fault, the computer made a mistake.” As a computer specialist, I know that behind a mistake is another human and the proffered excuse is an attempt to mitigate or evade responsibility. It’s not that computers are infallible, but they do what people tell them to do.
Reflection
In a couple of small towns where I grew up, town gossips considered their mission to find out about everyone else’s business while hiding the skeletons in their own closets. One of the women complained her husband wouldn’t share the tidbits he picked up at the local grain elevator. He became my hero.

Some victims must have felt vindication when one of the worst dashed back and forth, spying upon her own daughter making out in her boyfriend’s car in front of her house, then running to the back bathroom, climbing up on the tub and peering out the rear window spying on another couple having at it. In her gusto, she slipped on the tub, fell and broke her arm. Her screams and the subsequent ambulance brought all pleasurable activities to a halt. The lessons I took away was that– private as I am– tight lips and an open bearing is a wise policy.

Thus, when it comes to government, I lean towards the-truth-and-damn-the-consequences policy, not in every instance, but the vast majority of the time. And this is what I’ve learned from the Snowden and Manning affairs: Our nation, our government survives pretty damn well when the truth comes out. Might these examples suggest the less secrecy the better? Or at least shouldn’t we open our eyes and engage in a discussion what secrets are wise and what aren’t?

Friday morning I was listening to CNN pontificate about the Edward Snowden affair. Their hostess pointed out that people either believe he’s a hero or a traitor. I’m not sure this reflects political leanings but the guest on the left took the position Snowden’s a betrayer whilst the guy on the right claimed Snowden’s a patriot. I never did hear anything of importance from the guest in the middle, but my mind may have tuned out following an amazing, jaw-dropping, mind-numbing statement: The NSA apologist (the guy on the left of the screen) said something to the effect we can’t so much blame NSA’s crimes on people, because these crimes are committed by computers.



Wh– what?

Going back to my opening paragraph, computers do what people tell them to do. In centuries past, defendants might have tried “Your Honour, t'were me fourteen vicious dogs wot ripped apart me wife’s paramour all on their own selves,” or “It were an accident pure and simple, Judge. Me horse reared up and clopped the landlord on ’is head.”

But blaming computers, it’s like saying:
  • “I didn’t cut them joists too short, my saw did.”
  • “Officer, I didn’t run the red light, my car did.”
  • “Judge, I didn’t shoot the guy, my Glock did.”
Fortunately, we crime writers seldom bring up the computer-ate-my-homework excuse, else without humans, we’d have little to write about. Imagine the detective’s dénouement: “Based on the prints, I determined the digits are digital and the bite marks are bytes. Yes, the culprit is the CDC-6600.”

23 June 2013

The Digital Detective, Wall Street part 2


continued from last week
The Best of Times…

Systems programmers held a unique niche in the multiple mainframe corporate structure. We didn’t practice ordinary commercial programming but were responsible for keeping the software side running– the operating systems, telecommunications, and utilities. The best of us knew assembly language– the cryptic machine instructions that underpin more or less human-readable languages like C, Cobol, Fortran, and Java. We dealt in bits and bytes, binary and buzzwords, not credits, debits, and balance sheets.
77 Water roof

77 Water plane
Plane atop 77 Water St

Walston was flush. Shortly after I joined, they moved into their fancy new skyscraper at 77 Water Street, a few steps south of Wall. It featured an artificial stream, a padded soda dispenser shaped like a floppy-eared dog, elevators illuminated like the night sky, and a full-size sculpture of a biplane on the roof. You can see it in the opening fly-over sequence of the disappointing movie The Forgotten; there you can spot the airplane still atop 77 Water.

Walston’s cast of characters included my boss Alex, his boss and vice president Paul, and an assistant vice president, Jim. Brokerage firms contain nearly as many vice presidents as they do brokers. The wrinkle in the relationship was Jim had originally hired Paul who passed him on the corporate ladder. Nearing his 25th year with the firm, Jim became marginalized, holding down a desk but no responsibility. Upon retirement, he planned to buy a Land Rover, move to South Africa, cultivate a mustache, and live a life of alternating adventure and leisure. As the weeks ticked away, that’s all he talked about.

Lower Manhatan Financial District
Wall Street and Financial District
Walston’s third floor contained two sections: the computer room and offices occupied by Arthur Anderson overseen by a Walston executive with the musical name Glenn Miller. As systems programmer, I was the rare programmer allowed in the computer room. That drew the attention of Arthur Anderson.

It wasn’t unusual for large corporations to provide offices for their accounting firm, but it wasn’t kosher for one’s auditors to use provided offices to perform work for other companies. The rules for AA were different. As one of the accounting wonks said, saving office space didn't hurt anyone. It may have been true, but violating rules exemplified the looseness of managerial oversight.

Toad in the Hole

Walston brought in two consultants, guys who would tell a company the same common sense advice at five times the price of listening to their employees. That’s one reason I later became a consultant– companies pay to listen to you.

As far as I was concerned, this was more background noise, but one day my boss Alex called me into his office. There sat the consultants and two Arthur Anderson guys amid palpable tension. They wanted me to perform a task: write a program to scan files and ‘correct’ fields, i.e, numbers within the file.

I pointed out I didn’t do that kind of commercial programming and this was far more suitable a task for one of the Cobol programmers. No matter, they assured me, they wanted me. I should be flattered.

Who’s the analyst who designed this? I asked, not feeling the least flattered. I’ll talk with him. No, said the consultant, only you. The Anderson guys nodded while my boss frowned.

Reasonably, I protested that the Cobol programmers possessed the pension suite’s data structure templates. Without them, I had no idea what the data was. It would be like blindly machining a part while they withheld the blueprints, which could damage the data.

The Arthur Anderson guys exchanged glances. My boss started to fidget. The background noise sounded like a clanging alarm. Practiced deceivers they weren't. Something felt wonky but I didn’t know what. They didn’t quite say I had no need to know, only I needn’t be concerned.

Where did a shift of responsibility end and liability begin? Were they buying blind loyalty or blindness? A light bulb went on. I raised my last objection. What about the lack of an audit trail, I asked. Assembler language would bypass all the record and financial controls.

Of course they knew that. They went into a huddle. Moments later, my boss said coldly, “We’re done here. You’re dismissed.”

I slogged back to my desk feeling dark and dysphoric. With good reason: shortly the VP called me in. He informed me the firm would cut my salary and no longer pay my tuition. Alan, the office political toady, would replace me.

Fire and Ice

Suddenly I didn't feel so brilliant. A thunderstorm had squalled up out of the blue. A kid like me didn’t make or have a lot of money and I desperately needed my classes. It didn’t dawn on me to ask why they didn’t dismiss me. Maybe they feared what they thought I knew or wanted to keep tabs on me, but my ego suggested they kept me because Alan the toady was incompetent and incapable of doing my job. He didn’t know machine language but he knew Cobol… and probably knew where to find the questionable data templates. Meanwhile, they were slamming me for questioning orders.

My boss and his boss cold-shouldered me. They almost fired me when the payroll department screwed up and continued paying my tuition, but as was pointed out, that was their error, not mine. We were at loggerheads, but they needed me as much as I needed the job.

The VP’s secretaries treated me with surprising sympathy and kindness. I don’t know how much they knew, but one took me out to lunch and the other gave me a small gift. In the cold light of Walston, they radiated warmth.

In the outside world, Ross Perot had been tacking his way through Wall Street, taking over data processing services, a forerunner of out-sourcing. When the F.I. DuPont scandal hit, Perot stepped in and bought the firm.

I received a cagey call from EDS, the company Perot founded, asking if I’d come to work for them. EDS had a rigid stiff-necked (most said 'tight ass') reputation with a dated, regimented dress code– white shirts, narrow dark ties, grey suits, pants with cuffs, shoes with laces. They subjected potential employees and their spouses to a battery of interviews. Creative thinking was not encouraged. EDS employees liked the money but not one I knew liked the company. I politely declined.

We picked up a programmer from DuPont. Perot had arrived in NYC and put his DuPont troops through sort of a surprise dress parade. As he marched down the line of employees, he came across a girl who wore the fashion of the day– a miniskirt– and fired her on the spot. At Walston, we didn’t mind miniskirts and hired her.

Word on the Street

One day, employees awoke to a lead article by the Wall Street Journal announcing Ross Perot would take over the computing facility of Walston. Vice President Paul turned shockingly white– he hadn't heard even a whisper– but brokerage houses mint vice presidents like they print stock certificates. The company denied the story and things sort of returned to normal.

Except an odd and unsettling thing happened. One month from his 25th year and retirement, Jim, the marginalized AVP found himself called into the VP’s office. Paul, the vice president, fired him. Full retirement gone, no Land Rover, no African adventure, no life of well-earned leisure.

Another discreet call came in for me. The woman on the other end asked me to identify myself, asked if I could talk privately, then said, “Please hold for Mr. Perot.”

Despite what I've heard before and since, Ross was polite, even gracious, and I was flattered he asked me to work for him. But, as I pointed out, I attended university full-time, I wasn’t as regimented as his usual workers, I enjoyed a bachelor life, and– thinking of Perot’s cozy relationship with Richard Nixon– our politics didn’t mesh. He’d famously said he didn’t like gunslingers and lone wolves– and I was the epitome.

He said, “Son, thank you for being honest,” and wished me well. I wondered why he wanted me.

Take Two

Once again, employees learned the news not from their own company but from the WSJ: For the second time within weeks, employees woke to a Journal article confirming Perot would be taking over Walston’s computing center. Again, our shocked vice president had been left out of the loop.

When Perot dropped in to inspect the troops, he spotted the same girl in her minidress we’d hired from F.I. DuPont and again fired her on the spot. Can’t say Perot wasn't consistent.

Days later, Walston fired Vice President Paul two weeks from his 25th year– and full retirement. The firm dismissed the consultants and Arthur Anderson's office underwent a shake-up. Programmers found themselves not only locked out of the computer room, but locked out of the computers.

Except for me. A good systems programmer could run the shop without operators, without analysts, without programmers. Perot didn't trust Walston's people, which explained the recruitment calls to me.

A panicked EDS crew asked where certain files could be found. They asked if I could find backups of older versions. They asked if I knew anything about original programs and data alterations. Unsurprisingly, those hotly desired files were the same my bosses asked me to ‘correct.’ The unasked question finally arose: were they corrections or were they coverups?

I dug into the files only to learn what Arthur Anderson already knew. It appeared Walston’s proprietors had embezzled the company’s retirement fund. Now it made sense why they fired the AVP days from his 25th year. That’s why they fired the VP days from his 25th year. The money was gone, reflected in the records my bosses and Arthur Anderson (or certain employees within Anderson) desperately wanted 'corrected'. The scheme was so compartmentalized, I doubted how much any one party in my department knew, remembering my boss, Alex, claimed the instructions came from on high. "Just follow orders," he said.

I'd been lucky: What might have happened to the joker who tampered with the data? Alan had been lucky: Unable to find his assets with both hands, he'd botched the changes although he left an audit trail.

Trinity Church from Wall Street
Trinity Church framed
by Wall Street

How The Mighty Had Fallen

Perot took over Walston, folding it in with DuPont and again saving Wall Street considerable embarrassment. Two and a half years later, he lost his financial shirt and dismantled a hemorrhaging DuPont Walston. Perot arranged for Congress to give him a special late night $15-million tax break, causing an outcry of socialism for the wealthy when the bill became public knowledge.

Dark forces on Wall Street gleefully watched Perot depart, some accusing him of trickery, some suing him on the way. Whatever the truth of that matter, Walston had been rotting internally before Perot arrived.

Arthur Anderson survived with their reputation barely sullied. Indeed, Anderson and Walston’s Glenn Miller caught more flack for the Four Seasons Nursing Centers scandal than the internal decay within their own firms. It would take the Enron affair to bring down Arthur Anderson.

My services remained in demand and I moved on, still on Wall Street, starting my masters degree before joining forces with two of the earliest software entrepreneurs.

Imagination Noir

In imaginative moments, it’s easy to envision the kernel of a mystery intrigue plot. I picture a John Grisham novel, a storyteller's movie in my mind like The Firm. Had Walston’s board reacted viciously and violently, I might have found myself in a dire plot, on the run for my life with a miniskirted damsel as VPs, AVPs, and Anderson drones dropped dead around me. Excited movie audiences would gasp between mouthfuls of popcorn, women would cry, and children would whisper, “He’s so bwave.”

Maybe a dastardly plot isn't so far-fetched considering the mysterious suicide (or assassination?) of Enron executive Clifford Baxter, about to testify before Congress. But in the world of finance, what’s crooked isn’t always an actionable crime. Commit a fraud of sufficient size and business will hush it up rather than prosecute– not unless something can be gained in the guise of ‘investor confidence’.

Footnote

The case ended with a gentler tone: I commuted to Wall Street on the Staten Island Ferry. One surprisingly sunny afternoon, I spotted Paul, the ex-vice president. He said hello and sat down across from me. Once again open and pleasant, he appeared the man I’d once liked– and could come to like again.

We didn’t talk about Walston. He explained he moved with his aging mother to Keene Valley in upstate New York. Turning his back on Wall Street, this former executive now worked as a carpenter. He spoke of small town pleasures where old men sat in front of the local hardware store whittling and discoursing upon merits of lawnmowers. For the first time in decades, he felt relaxed and at peace.

That pleased me. Paul wasn’t a bad man, merely a figure caught up in the machinating machinery of Wall Street. He offered his hand and we shook warmly.

Looking back, I think his chat was sort of penance, kind of an apology without the words. That was decent, more than many people would have done. And it was enough.

Besides, I’d eventually consult for banks, institutions where further fruits of fraud lay concealed beneath a public veneer.

16 June 2013

The Digital Detective, Wall Street part 1


High Finance and Low Crimes
I learned a couple of curious things when I worked at IBM’s Wall Street Data Center. One was that my friend, Curtis Gadsen liked mayo sandwiches and fleecy-legged girls. The other was my friend Ray Parchen could be fooled because he was too good at his job as a mainframe computer operator.

IBM 360 mainframe
IBM 360 computer room
Like an old-time stoker fed the fires of furnaces and steam engines, an IBM operator stuffed the huge machines with programs and data. Very good operators could act and react instantly without thought, confident in their experience and skills, mounting discs and responding to messages as they'd done ten thousand times before, giving them no more thought than donning their underwear in the morning. The keyword was efficiency.

Unintimidated by hulking computers the public suspected were semi-sentient, Ray worked quickly and accurately, and for that reason, he held down the first shift position. For him, I wrote a silly little psychological program that worked only with the best.

Amidst weighty programs queued for the giants of Wall Street, I slipped in the prank while a dozen employees gathered outside the computer room’s glass wall, waiting for the small program to do its thing: It made discs chatter, tapes whirr, lights blink, and the data center rumble as if Colossus was taking over the world.

We watched Ray bend over the console, reading the first mundane message:
05483A Press ENTER.
Ray pressed the ENTER key. The machine responded with another message:
05483A Press ENTER hard.
A few of us watched from outside the computer room as Ray hit ENTER again. The machine came back with:
05483A Press ENTER harder.
Ray punched the ENTER key, and a couple of the girls giggled. The computer responded with:
05483A Press ENTER even harder.
Ray smacked the key hard, very hard. The machine responded with one last message;
05483I Did it occur to you I can’t tell how hard you press ENTER?
Ray looked up with a red-faced grin and spotted us chuckling. Afterwards, he joined us for a drink where we argued why the program fooled some and not others.

Of course he knew pressure couldn't be detected, but he hadn't engaged his knowledge hidden behind the wall of his expertise. I would discover this common quirk could be exploited, as Simon Templar might say, “by the ungodly.” As noted in the article about kiting, confidence men take advantage of confidence.

Over the next few days, we tried our little joke on other operators and observed this interesting fact: Only the best fell for the stupid little prank. Novice operators stopped, studied the messages, and tried to look them up.

Ray and the other top operators reacted immediately and without thinking. Self-assured of their abilities, they acted instinctively by rote.

Less experienced operators questioned everything, including themselves. We caught more than one systems engineer trying to look up the bogus message number in the reference manuals and they sometimes called for help. That spoiled the little program.

Lesson: Sometimes it’s easiest to fool the most experienced.

There’s a reason I tell this story. It leads to how I became sort of a detective, a digital Dashiel of a Continental Op.

Over the next few weeks, I'll talk about an accidental career as a investigator in a field yet to be invented, that of computer forensics. I reveled in the chase, but my career often hung in the balance under threat of firing, even blackballing. Often the only reward was termination but hey, that happens to all the best private eyes.

Background Noise

An early case exploded with little of my own involvement, or, perhaps because of my lack of involvement. The players: Walston & Co, the nations third largest brokerage house, and Arthur Anderson, the biggest of the Big Eight accounting firms until participation in the Enron scandal brought about its demise. Anderson had dirtied its manicured fingers long before Enron arrived on the scene.
Lower Manhatan Financial District
Wall Street and Financial District

Search the internet for Walston & Co and its Wikipedia entry merely reads "(Walston) was acquired by Ross Perot following pension account fraud and then merged it with Dupont, which had found itself in financial difficulties." Here's the story behind the story.

Despite the Wikipedia gloss-over, the wheels of merger with F.I. DuPont began turning before revelation of Walston’s fraud. Fifteen million in securities had vanished from DuPont’s accounts. The White House grew nervous. Wall Street threw up its collective hands, Oh woe, what to do, what to do?

A Texan rode into town, Ross Perot. He’d bulldozed through the insurance industry (an intriguing inside tale of its own) and encouraged by Felix G. Rohatyn, he made his move on Wall Street. For an initial $30 million, the impossibly old, impossibly young forty-year-old Napoleonic Perot acquired control of one of the Street’s most prestigious houses. (N.B: Regrettably, Time Magazine articles referenced herein require a subscription.)

At the time, that seemed background noise for me, a full-time employee and a full-time student, living paycheck to paycheck and barely sleeping. I couldn't guess how it would alter my career.

Trinity Church from Wall Street
Trinity Church framed
by Wall Street

Crime on the Street

In the Financial District, denizens simply call Wall Street 'the Street'. Philosophical sorts read a moral into its long, narrow confines, noting it begins at a church and ends at a river: When times get tough, in depression or desperation, one may choose salvation or suicide.

The Street fosters its own culture. On the one hand, a man’s word is his bond– multimillion dollar transactions hinge on verbal promises. On the other hand, huge regulatory holes allow brokerage houses to commit the sleight-of-hand that brought the economy to its knees ten years ago. We can’t say we weren’t forewarned, but in the heady days of deregulation, greed and giddiness carried the day. We never seem to learn industries cannot police themselves.

One of the first observations of the Street is that the market's moody– it reacts, even overreacts to political news of the day. But I stumbled upon other emotions, which included surprisingly little hanky-panky. A few notes from the era:
Francine Gottfried
Miss Francine Gottfried

  • Wall Street can be a mad marketplace when the economy's in a lull. Late one summer, a sweet keypuncher named Francine Gottfried caused a sensation with the mostly male lunch crowd as her 43-23-37 figure bounced down the steps of Chemical Bank & Trust. For a few days, a sort of silly mating season reigned and then, as so often happens, her 15(0) minutes of fame were up.

  • Once, as I strolled with my boss down the street, we encountered a beggerman squatting on his flattened cardboard. My boss stopped and chatted with this derelict before moving on. I didn't say anything but he confessed: The homeless man once worked as a broker, what Wall Street called an account executive or AE. When my boss and the man’s wife carried on an affair (and subsequently married), this man– the husband– collapsed in despair. He now lived– literally– on the Street.

  • During the 'Hard Hat Riots' (then called the Wall Street Riots), I picked my way through roving construction workers from the rising World Trade Center left by police to run wild, bashing kids protesting the war in Vietnam. On my way to school as police idled, I helped a girl and her boyfriend bloodied by a musclebound thug. It was no contest: the canyon-like Street corralled the teens, leaving them easy pickings by hardhats with pipes and wrenches. That wasn’t one of Wall Street’s prouder moments. Hard-hats went on to attack the city's mayor's office, smashing the face of one of his aides.
The Young and Restless

A precocious if unaware teen, I worked as an IBM shift supervisor in their Wall Street Data Center, Number 11 Broadway. I had the greatest boss, a pretty blonde named Judy Kane. We boys loved her; the girls– not so much.

And I loved software, the machine-level bits and bytes and Boolean stuff. A teenage mad scientist, I found computers a giant puzzle, one I learned to solve and control. It was a battle of wills, me versus machine, immersive therapy for a broken heart (but that's another story). I'd come to know these Daedalus creatures like a mother knows her own children; better even, I'd learned their DNA.

A sales rep, Herb Whiteman, discovered I spent weekends camped in the computer room, teaching myself to program the huge monsters, then catnapping on the couch as the computers blinked and toiled, compiling my routines. Herb asked if I’d be interested in joining a three-man team that would change Wall Street and put video terminals on broker’s desks. Argus Research, the parent company, would double my IBM salary.

The company gave us secretaries and an entire floor of offices, no expense spared. Unfortunately Argus, in the business of prognostication, shortly deduced the economy teetered on the brink of recession and pulled the plug. Not long after Walston & Company hired me as their fancy-pants systems programmer offering tuition reimbursement as part of my hiring package. Me! I was just a kid from nowhere.

Thus began my introduction to low crimes and high finance.

Stay tuned for more next week, Wall Street's big boys and big crimes.