Authors: K. J. Janssen
Tags: #Fiction, #Crime, #Mystery & Detective, #General, #Thrillers
As Paul concluded, John Portman stepped up to the microphone. “It goes without saying that if anyone has any information about this incident, they can come to me or Paul in confidence. Also, it will go easier on the culprit if he or she comes forward now. Rest assured, we will get to the bottom of this eventually, and when we do, we will be a lot tougher on the perpetrator.”
As they filed out of the auditorium, everyone found a friendly ear to vent their feelings about the meeting. Many of them were angry about being under suspicion, others just fearful of being falsely accused or of losing their jobs. A rapid resolution was needed, but none was readily in sight.
Dr. Orwell turned to John and Paul. “Keep me in the loop on this.”
They both nodded in the affirmative. Paul and John needed to have a quick resolution of this problem. Their jobs could be on the line if it wasn't found. As they made their way out, Paul said to John, “Boy, you sure know how to stir up a crowd.”
John smiled. “You didn't do so bad yourself. I guess I was a bit rough, but tough times call for tough actions. You can't pussyfoot around in situations like this.”
Paul smiled. “I am glad, though, that Dr. Orwell put you in charge of the investigation. I haven't a clue about what we need to do at this point, but I'll help in any way I can. I just want to find the culprit as soon as possible and prevent any further occurrences. Where do you plan to start with my people?”
“I'll have a talk with the computer room operators. I will probably drop some subtle hints about lie detector tests. I hate to be so heavy-handed, but we don't have a lot of time. The Board of Governors meets in ten days. I'm sure that Doctor Orwell will want things wrapped up well before that meeting. Then I'll join you in the conference room.”
“Look, John, you've got to do what you've got to do. If people's noses get out of joint, that's too bad. Like I said, you have my complete support for whatever you have to do. Just let me know how if I can be of any help.”
This was music to John's ears. He was in the driver's seat and everyone acknowledged it. Biding his time had been the right move.
Paul entered the conference room just as the last programmer arrived. “Gentlemen, I'm sorry to have sprung the âbabysitting' job on you on such short notice. But it's the only way I can be sure that our processing will be protected until we solve this problem. I'm asking you to take it very seriously. Keep your eyes peeled for anything that isn't âaccording to Hoyle.' In the interim, I'll need you to get started immediately on that incident report software. Make whatever patches you need to get it operational quickly. Eventually, I want to build it into all of our processing to assure that we're flagged immediately and automatically as soon as there is any infraction. If we had those controls in effect while PACA10 was running this morning, we probably would have been able to prevent the theft from occurring.” He was prepared to turn the meeting over to John Portman, who had just entered the room, when Jeff Dunbar raised his hand.
“Yes, Jeff? What is it?”
Jeff was the Lead Software Engineer. “Excuse me, sir, did you say PACA10? Was that the process that was hacked?”
“Yes, we were doing the usual daily processing for six blood banks. Why?”
“Well, then we might just be in luck.” He turned to his manager. “Robby, do you remember that you asked me to make a code change on PACA10 about a week ago? You wanted me to change some of the recommended donation schedules.”
Robby nodded affirmatively, “What about it?”
“Well, sir, I finished coding the changes last night and set up a parallel run with PACA10 this morning. With all the confusion going on, I haven't had a chance to print out the results. If someone was messing with that run, they wouldn't have know my program was monitoring and recording it every step of the way. I should have a record of everything that went on during the processing.”
Paul sat stunned for a moment, then a relief smile emerged on his face. “How soon can you pull those discs and tapes?” He looked over at John Portman, who gave him a signal that he would skip the comments he was going to make. They had a lead to follow.
Jeff replied, “I can get them right now, sir.”
“Take them to the Computer Lab. Turning to the rest of the group he said, “Don't say anything to anyone about this. This may be just the break we need. If one of our Operations people is responsible, I don't want to tip them off that we can trace what they did. He turned to Jeff. “Robby and I will meet you in the Computer Lab in about five minutes.”
Jeff left the room.
John turned to Paul. “Well, I guess I should suspend any further interrogations until you know more. This looks like a promising lead. Keep me informed. Right now, I've got to get moving on getting us operational again.” His first step would be to cancel the lockdown.
Paul turned to the rest of the programming staff. “We're not out of the woods yet. These tapes may only tell us how it was done. We really need to know who did this, and when we find out who, we should discover why they did it.” Paul left for the Computer Lab. Robby stayed back for a few minutes to assign team members for the days processing.
Jeff mounted the tapes and the discs, and began the processing of the transaction records. He was watching an oscilloscope as the records were processing. Suddenly, he shouted, “There!” He pointed at a series of blips on the bottom of the tube screen. It took a trained eye to spot variations of wavelengths on the tube.
“What is it? What do you see?” Robby asked.
“I don't know for sure, but I do know that it doesn't belong there. Notice the iterations of the code. That isn't our software code. That code came from outside of our system. It must be a universal code that is compatible with our operating system.”
“If you're right, Jeff, can you track it back to find out where it entered and forward for the rest of the processing, to see what it did?”
“Sure, that's easy. I should be able to flag and isolate it. Let me back it up to where it first enters and put a flag on it.” He rewound the tape and went forward again. At the right spot, he flipped a switch on the “scope” and sat back. “That ought to do it. Boy, having this equipment to work with sure helps a lot. I had almost forgotten it was available. This is probably the first time it's been used. When the output records are done, I'll go back to the beginning and lock in at the same vector. With any luck, we will be able to figure out where this alien code entered the processing. In time, we'll have a complete picture.”
Paul looked at Robby with a slight smile. They were both thinking along the same line. He spoke, “Jeff, if you solve this problem for us, there'll be a nice bonus for you.”
“Well, sir, I appreciate that. I'm just doing my job. It's a good thing that I got to use the scope at that seminar you sent me to last summer.” He was being humble, but it was obvious that he appreciated the idea of a financial incentive. The hunt went on for three hours, many times the duration of the original processing. This was due to the slowing down of the system so Jeff could mark where significant processing was taking place. Paul had some lunch brought in. Fortunately the lab had a small toilet closet, because none of them wanted to be away from the action for very long. As the processing went on, they learned that it was when the data from the blood bank in Mansfield was being processed that the system was compromised. The software code that rode piggyback into the NRBA computer system at that time was unlike any that the three of them had ever seen.
Jeff traced the code through the updating process, and tracked it as it traveled to the Financial Data Base and extracted a part of the disbursement records. The file it created was somehow encapsulated with the daily output until it arrived at the output program, where it was spun off to generate an Internet address. This new record, which contained twenty-four months of disbursement records, was then sent to an e-mail address in Burma.
Paul was the first to speak, “If I didn't just see it with my own eyes, I wouldn't believe it. That's the most creative code work I've ever seen. It's pure genius.”
“What a waste of God given talent,” Robby added. “So, where do we go from here?” He turned to Paul for the answer.
Paul reflected for a moment. “Jeff, I want you to copy your new version of PACA10 and use it as the official computer room processing tape starting tomorrow. At least we know that your version is clean. I want you to put the other files in a safe place. Don't show them to any one or discuss what we found. Then, I want you to take another look at the original processing tape to see if our visitor left any bugs behind, or maybe some digital fingerprints. Give it a good sweep.” He patted Jeff on the back. “You did a great job here today, Jeff. We're really indebted to you. I meant what I said before about a bonus. You've really earned one.”
“Again, I thank you, sir. I'm just glad we found it.”
“Robby, let's pay John Portman a visit. I think he will be interested in our findings on the blood bank in Mansfield, Ohio. I'm sure glad that our own people have been exonerated.”
“At least for now. Let's keep an open mind about this,” Robby replied. “There are still a lot of unanswered questions.”
They headed for Portman's office to update him.
Jeff failed to detect the software that Sue included which separated from the PACA10 processing immediately on entry. This software was the virus she dubbed “SLITHER.” Jeff's subsequent sweeps would miss it as well. SLITHER was already roaming around their central processing system. It would allow Sue to return at will if she needed to.
“John, have you got a minute? I think we uncovered something that you will be very interested in.” Paul was at Portman's door with Robby.
“Sure thing. Come on in. Did you find something?”
They spent the next ten minutes updating Portman on their findings. John was also relieved to know that no employee was involved, at least as far as they could tell right at that time. In his experience, this computer stuff was often deceptive. He often wished that he had more training with computers and programming.
Paul asked, “What's the next step, John?”
“I think we need to take another look at all the blood banks that had input on that run. Now that we know that the hack came from outside, that makes all six blood banks suspect. Even though the finger points specifically to Mansfield, I think it would be wise to look at them all.”
“That's probably not a bad idea. From what we saw with the coding that was used, it is possible that the hacker managed to switch to the Mansfield input at the point of entry. I know that sounds crazy, John, but if you had seen the slick software that was used, you would have your doubts too. What a mind that guy must have. There is no doubt in my mind that we are dealing with a computer genius. I hope that he isn't of the âmad scientist' persuasion.”
“That makes two of us, Paul. This stuff is way over my head. I'm going to assume, for the time being, that it is Mansfield, but I will continue to look at all of the blood banks involved. I'll contact the Directors at each of our Regional Laboratories and arrange for them to send a representative out to check their input procedures, and to personally verify the records and logs for this morning's Donor run. The exception will be the Mansfield, Ohio blood bank. I want to handle that one myself. That is about all we can do for now. There is one thing that I do know for sure: Genius or no genius, they all slip up sooner or later. We just got to hope that it's sooner. Paul, will you bring Dr. Orwell up-to-date on what we found so far?”
“Iâll do that right away. You have a safe trip. I wish you the best of luck finding the guilty party. Whoever it is, remember, you'll be dealing with a genius. This probably isn't the first time he's done something like this. He'll be good at covering his tracks.”
“Thanks, Paul. Let's hope that I'm looking in the right place. If anything pertinent happens while I'm gone, you can always reach me on my cell phone.” When they left, John made the first of several calls he needed to make before heading for the airport.
Headquarters for the National Rare Blood Association was located in Denver, Colorado, with an interlocking network of offices and laboratories throughout the world. The majority of their blood processing takes place in the United States. Foreign operations are conducted through independent affiliates. U.S. branch laboratories are located in Atlanta, Boston, Chicago, Cleveland, Dallas, Detroit, Miami, Mobile and New York City. Laboratories are tightly controlled by a Board of Governors who on paper are designated as Governors, but who are more commonly called Directors. The board was made up of twelve prominent businessmen from Fortune 100 companies as outside Directors and thirteen inside Directors taken from the ranks of the Association. The day-to-day activities were controlled by the National Director through Branch Directors located at each of the facilities.
“Let me speak with Dr. Hill, please.” Dr. Michael Hill was the Director of the Dallas laboratory for the NRBA. Dr. Hill was responsible for overseeing contributions from 175 blood banks on behalf of the Association, including four in the greater Dallas area. Portman held on for a few minutes.
Finally, Dr. Hill came on the line. “This is Dr. Hill.”
“Doctor, this is John Portman in Denver. I'm the Director of Security for the Association.”
“Yes, sir, I know who you are. How can I help you?”
“Doctor, it looks like our computer system was hacked this morning during donor processing. Two banks in Dallas were part of the processing run. I need you to arrange for visits to both these banks to see if any irregularities occurred during their transmission to us. Keep it low-key. We don't want to alarm anyone. We're pretty certain that we know the source of the problem, but the way software can be tampered with, there is no guarantee anymore as to where data comes from, or in fact where it goes to. As a precaution, we're checking all blood banks that had input for that run. What I need to have done is to have someone visit the two blood banks to check today's input records to assure that all processing records check out. I specifically need them to match the number of transactions they sent today against the control record and the receipt they got back from Denver.”
“I understand perfectly, but you certainly don't think that any of my blood banks were involved in this, do you? I can personally vouch for the integrity of the men who manage them. You will not find any wrongdoing in my area.”
“I understand that, Doctor, but as I said, we think we know where the problem is. We're simply touching all the bases.”
“That makes sense. Do you want me to send two of your security men, or let the Customer Service people handle it?”
“Either way is fine with me, Doctor, as long as they keep it low-key. There is absolutely no reason to cause any concern out there. Just have them give my assistant, Mel Tarkington, a call when they're finished, so we can cross them off the list. I will be traveling to one of the other blood banks, but if you should need to talk directly with me for any reason at all, please call me on my cell phone.
John gave him his number, and then went through the same process with the laboratories in Sacramento, Philadelphia and Miami. While he did this, his secretary made his reservations for a late-afternoon flight to Cleveland. It was nearing the time for him to leave for the airport. The Mansfield, Ohio blood bank was going to be his. He planned on the time zone difference giving him an advantage.
Dr. Jonas Waterman, Director of the Cleveland Laboratory, was thrown off guard by the unannounced visit from the National Director of Security. “Mister Portman, it's so good to see you again. I wish you had let me know you were coming. I would have arranged for someone to pick you up at the airport.”
“Well, Doctor, it was a last minute decision. I didn't have time to make a lot of calls. Anyway, having my own car will give me greater flexibility during my visit here. There are a few other places I may to visit while I am out here, so it will work out better that way.”
“What, may I ask, is the nature of your sudden trip to our fair city?” Dr. Waterman looked concerned.
“We've had a security breech that we believe originated at a blood bank in your region. I'm here to investigate it personally. I'll need absolute confidentially and your full cooperation. Time is of the essence on this.”
“Well, of course, Mister Portman. You have my full support. Whatever you need, just ask. Which specific blood bank are you targeting?”
“Mansfield, Ohio.”
“What was the nature of the breach?”
“Hackers stole a portion of the disbursement records in our Financial Data Base. Please keep this confidential. We're not certain, but we think that that was all they were after, and we're pretty sure that that was all they got. So far, we haven't found any viruses or any collateral damage to any of our other files, but we are checking out the entire system.”
The Doctor's face expressed genuine concern, as did his voice. John always watched for these signs. They were signs of sincerity. “That's certainly odd,” the Doctor replied. “Of what value would those particular records be to anyone? Are you certain that that's all that they got?”
“We're reasonably certain, Doctor. We could tell from the size of output records. It has all the earmarks of a being a professional job.”
“Oh, dear! How certain are you that the Mansfield blood bank is involved in this?”
“Ninety-nine point nine! We were able to track the donor processing from beginning to end. There is no doubt in our minds. We are certain that it occurred there. We even know how they circumvented our firewalls. Now we are trying to piece together why they did it, and hopefully that will lead us to who was responsible. It was too well done to just be a random act. It looks very professional. There is something big going on here.”
Deep concern now showed on Dr. Waterman's face as he asked, “How can I help you, Mr. Portman? I am completely at your disposal.”
“Well, first of all, tell me what you know about the Mansfield blood bank?”
“Well, they're a very small blood bank. Sheldon Baker is the administrator down there. They have a group of people that make donations regularly, like clockwork. We have never had even the slightest problem with them. I've known Sheldon for several years. He is a family man and very active in his church and community. I can't believe that he would be mixed up in anything like this. I wish I could say that about all of my banks. Some of them keep me on my toes.” He stopped talking for a moment as something came to his mind. “You know, Mr. Portman, something just occurred to me. I may be wrong about this, but I don't even think that Mansfield does their own data processing. Many of the small banks can't afford computer systems, so they use local Service Bureaus to do the work for them.” He reached for his phone. “Give me a moment to check on that.”
“Remember to keep it low-key,” John reminded him.
The look on the Doctor's face showed annoyance over the reminder. “Not to worry, Mister Portman, I'll be discreet.” He picked up the phone and buzzed for his secretary. There was no reply. Looking up at the clock, he realized that she was already gone for the day; he dialed security. He held for a minute and asked, “What's the name and address of the Service Bureau that services the Mansfield bank?” He wrote the information on a yellow post-it, thanked them and hung up. “Well, here it is. It's called Central Data Processing of Mansfield. I can give you simple directions to their facility. It's about an hour and a half from here. If you would like, I'm willing to go with you.”
“No, I don't think that will be necessary, Doctor. But I do appreciate the offer. What you can do is connect me with this guy Sheldon Baker so I can get the names of the people he deals with at the Service Bureau. That will give me a chance to give him a heads-up on the purpose of my visit.”
“Of course. Let me get him on the phone for you. You can use that spare desk over here in the corner. You will have complete privacy.”
John thought it rude of the Doctor not to offer him the use his office. He guessed that they did things differently in the Midwest than they did in Denver.
Sheldon Baker didn't shed any more light on the issue. He acknowledged that he had used Central Data Processing of Mansfield to input their data for the past three years. He had never experienced any difficulty with them during that time. He was overtly upset that it was the input from his blood bank that the hacker used to enter the system. He confirmed that, as was customary, he had been contacted by Denver a few hours ago, and that his records, which had been returned from the Service Bureau, had matched with theirs. John did not go into any additional details about the nature of his suspicions. The less everyone knew about this, the better. He decided to by-pass a personal visit to Sheldon Baker's blood bank in favor of a visit to the offices of Central Data Processing. Sheldon gave him the directions he needed, and the name and phone number of Roland Phoebes, the owner and operator. Ten minutes later, John was on the road, having called ahead and made an appointment with Phoebes, who agreed to meet with him at his office, despite the late hour.
Phoebes met John at the door. John spoke first, “Hi, I'm John Portman.” He handed Phoebes his card. “I appreciate your meeting me on such short notice and at this late hour. As I mentioned on the phone, this is extremely important.”
“Roland Phoebes, pleased to meet you. Don't be concerned about the time, John. I was here anyway, catching up on some paperwork and billing. I often work this late.”
They shook hands, and Phoebes led the way back to his office, which was decorated with brightly colored paintings on all four walls and gaudy figurines on his desk and bookshelves. John took a chair by Roland's desk.
“May I get you anything?” Phoebes offered. He gestured toward a bar that was set up in the corner of his office. “Something to take the edge off?”
“No thanks, Roland, I stopped for some coffee on the way over. I'm afraid I'm still operating on Denver time.”
“Well, I think I will have one. I've been working pretty much non-stop since eight this morning. He poured some Johnny Walker Blue into a glass, added a few ice cubes and turned back to Portman. “You know, John, my bureau has been sending data to the NRBA for about three years now, and this is the first time I've ever met anyone from the company. There must be something big going on to bring you all the way out here from Denver. You were very secretive on the phone.”
“Roland, I'm sorry I had to be so secretive, but this is not a subject I could discuss over the phone, and it is one that requires the strictest confidence.”
He was telling only half of the truth. The real reason for not telling him the purpose of his visit was that he didn't want to tip off Phoebes before he could get a chance to meet him in person and get a sense of whether Phoebes was being truthful. Over the years, John had developed a sixth sense that gave him a “feeling” as to whether or not a person was lying to him. He considered himself a walking lie detector. To be successful in his business, you had to be. He also was a student of body language. He was not getting any negative vibes from Roland Phoebes, so far. Right now, the only thing he knew for certain was that it was Phoebes' Service Bureau that was responsible for the hacker's code.
“What this involves is a problem we experienced with input records from one of your blood donor clients.”
“Which one? We service three in Ohio.”
“The Blood Bank of Mansfield.”
“When did this happen, John?”
“Earlier today. It would have been your nine o'clock run this morning.”
“That would be the Donor up-date.”
“Correct.” Portman was glad to see that Phoebes was knowledgeable about the day-to-day operations. That was essential. All too often, he had to deal with owners or operators who didn't know squat about how their businesses operated. Sometimes they were not only totally unaware of the services they were providing, but didn't even know who their clients were. This always slowed down his investigation while he went about locating the person or persons who really knew what was going on.
“Well, John, I can only tell you how it works from our end. Mansfield sends us their input by courier the night before the processing run. We key in the information, create an input control record and process it the next morning. We operate under the most stringent controls. Accuracy is most important to us. If anything was wrong with their data, it would be because they gave us their records that way. You know, GIGO (garbage in/garbage out). When we receive the receipt and records back from your IT Department, we print everything out and send it by courier back to the blood bank. We did that at three o'clock this afternoon. I'm a bit curious, John. What was the nature of the problem?”
“Roland, I'm not at liberty to discuss all of the details. I can tell you that the result was that some of our data was hacked, and we're certain that the input code used to do that came in at the same time that the Mansfield Blood Bank data was input from your facility.”
Phoebes looked surprised. He started to say something, and apparently thought better of it.
“Is there any point in your processing steps where someone could slip in any rogue data, or maybe substitute their own software for one of your operating programs?”
“John, I know our processing like the back of my hand. I personally set up this entire operation. If anything came from this data center, it would have to have come from the input we were given by the blood bank. We have very tight controls and monitors in place for every process. Run time is money to me. If a process deviates from the norm by as little as thirty seconds, an exception report is issued, and we haven't had one of those in at least nine months. You're welcome to look at our logs from this morning, the original source documents, our data entry runs and any other documentation we have from that run, but I can assure you that you won't find anything out of the ordinary. Just tell me what it is that you need to see. I will be glad to get it for you.”