Read She Left Me Breathless Online
Authors: Trin Denise
“What do you know about the Salami Technique?”
Sydney didn’t know what she expected Caitlyn to say first but salami fit nowhere in the equation. She pretended to think about it for a few seconds and then said, “I like mine on a hoagie bun with provolone, tomatoes, lettuce, mayonnaise, and lightly baked.”
Caitlyn laughed a deep belly laugh, showing straight white teeth. “That’s not the salami I’m talking about.”
“I kinda figured that,” Sydney said with a wink.
“Okay, how about I give you a little history first and then I will explain how it’s being used to embezzle money from our client accounts.”
Sydney leaned back in her chair, crossed her legs at the ankle, and smiled. “I’m all ears,” she said, lacing her fingers behind her head.
“It all started with the banking industry and the advent of computers. When the banks went from manual bookkeeping and converted to computerized systems they unwittingly opened a very large door to a form of embezzlement that beforehand had been impossible to pull off, which is now known as the
Salami Technique
.”
Caitlyn got up from her chair and walked over to the coffee maker sitting on a small table in the corner. She poured herself a cup and turned to Sydney. “Would you like a warm up?” she asked.
“Since when did you start drinking coffee, and yes I would like a warm up, thank you.”
Caitlyn glanced at her wristwatch. “Almost six days ago,” she said as she poured coffee into Sydney’s mug.
“See what happens? I go out of town for six days, everything falls apart, and you become a java junkie,” Sydney said, grinning as she took a sip of the steaming liquid.
“Just means you are too valuable to leave us,” Caitlyn laughed as she sat back down in her chair. “So the Salami Technique got its name after a bank employee who also happened to be a computer programmer accumulated a large amount of money. He averted any suspicion by not taking large amounts of money at one time; instead, he sliced off thin quantities of cash from thousands of customer accounts. He then redirected that cash into an account that he had full control over. The analogy is that he shaved money from customer accounts like a butcher would shave pieces of salami to make a sandwich.”
“Okay, I’m with you so far. How did he do it?”
“He wrote a program that would randomly transfer thirty to forty cents from several thousand customers’ checking accounts into the account he controlled. Over a couple of years, you can imagine how much money he had stockpiled. I think by the time he was caught it was estimated that he had stolen over three-million dollars.
“Why did it take so long to catch him?” Sydney asked.
“No one complained. The amounts he took were so small that most customers never bothered to report that they had thirty to forty cent discrepancies on their statements. He had also been smart enough to never take money out of a customer’s account more than three times a year.”
“That’s unbelievable,” Sydney said, shaking her head.
“Well think about it. Would you go into your bank and make a fuss if you were missing thirty cents?”
“No, I wouldn’t,” Sydney admitted.
“And that’s what made him successful. He was banking on that exact assumption.”
“So, how did he get caught then?”
Caitlyn smiled. “Well it seems there was one old man who had grown up during the great depression and he was not happy that the bank had cheated him out of seventy cents over the course of one year. He went into the bank and threw what one would describe as a temper tantrum until the bank was forced to look at it.”
“And that’s how they caught the guy?”
“Yep and the old man got his seventy cents back as well as free checking for the rest of his life.”
Sydney chuckled. “How common is this problem?” she asked.
“More common than you would think. Several movies have been made about it. You’ve probably heard of them,
Superman III
,
Hackers
, and
Office Space
just to name a few.”
Sydney nodded. “I have seen all of those movies but I had no idea that what they were doing actually had a name for it.”
“I will give you an example of how easy it is to pull something off like this if you know what you are doing. Between 2007 and 2008, a 22 year-old Plumas Lake, California man named Michael Largent used the Salami Technique to accrue $50,000 in funds from the two brokering houses, E-trade and Charles Schwab and Co. He then used it to get another $8,000 from Google checkout.
“How is that possible?”
“When you open an account with any of those companies, you have to provide your checking account number as well as the banks routing number. The companies then make a small monetary deposit into your account. It can be as little as one penny and as high as two-dollars. You the customer, then have to go back to the company’s web site and enter the amount deposited into your account in order to verify yourself and open an account with them. PayPal is another company who has the same verification process using a debit or credit card.
Sydney got up from her chair and refilled her coffee cup. She brought the pot over and topped off Caitlyn’s cup.
“Thank you,” Caitlyn said, taking a sip. “So, in order to pull it off, Largent took advantage of a logic flaw in the computer programming. He designed an automated script program that set up 58,000 fake accounts and when the companies like E-trade deposited the funds, Largent then transferred the money into his own account.”
“How’d he get caught?” Sydney asked.
“The brokerage houses discovered it and contacted the authorities and that’s when the United States Secret Service and the FBI got involved. Now the kicker here is that Largent did not do anything illegal, at least not in theory by setting up the accounts. None of the companies involved specified any limitations on how many accounts a customer could open but the Department of Justice ended up charging him with fraud.”
Sydney frowned. “Okay, if what he did wasn’t illegal then how could they charge him for a crime?”
“The Assistant United States Attorney, Matthew D. Segal, who is a prosecutor in the office’s Computer Hacking and Intellectual Property unit or what’s known as C.H.I.P., claimed Largent used false names, driver’s license, etc. and that constituted fraud. I personally think his arrogance was his undoing. You see, some of the names he used were cartoon characters and comic book heroes.”
“Bugs Bunny opening an account would definitely raise a red flag,” Sydney laughed.
“In 2009 he pleaded guilty to two counts of fraud and was sentenced to fifteen months in prison and ordered to pay $200,000 in restitution.”
“Did he say why he did it?”
“He wanted to pay off his credit card debt and he didn’t think he was doing anything wrong, legally he wasn’t, but morally and ethically he was.”
“If he was that talented why would he waste his time doing something illegal?”
“That is the same question the judge asked before sentencing him. My guess is that it was an adrenaline rush, like pulling one over on big brother. If he had used real names, it’s hard to say how long he could have gotten away with it. Probably years, maybe forever.”
Sydney sat up in her chair, resting her elbows on her knees. “Okay, I think I have a pretty good idea now of what and how the Salami Technique works, so how does it all pertain to us?”
“I found the problem when I ran a beta test on the upgraded billing system program. When I loaded the programs, I created a mirror image of both systems so I could run them simultaneously for a step-by-step comparison. What I found was a discrepancy between the amount billed to our customer’s invoice and the amount our customer’s actually paid to Welsh.”
“If you’re telling me that our customer’s were charged more than they should have been due to embezzlement, this could be a public relations nightmare. Our stock will go into the toilet,” Sydney said, shaking her head. This is the last thing she needed to deal with right now.
“The invoices that our customers received showed the correct amount they owed.”
“I don’t understand,” Sydney said, her brows furrowing.
“Someone with highly sophisticated programming skills accessed our billing system software and used a backdoor in the program to rewrite several lines of code. They set up several logic algorithms so that when a customer sent in their payment for the invoice and our customer service representative marked it as paid in the system, the program would kick in and round down to the nearest dollar. The change that was left over was then transferred into a separate account and the invoice billed in the system was automatically changed to reflect that amount. What they did, I mean the way they rewrote the program, is quite ingenious actually. I’ve never seen logic used in this fashion.”
“Probably because you don’t think like a thief,” Sydney teased. “Okay, just so I understand what you’re saying, let me give you an example and you tell me if I’m on the same page as you.”
“Shoot,” Caitlyn said, leaning back in her chair.
Sydney stood up from the chair. She paced slowly back and forth in front of Caitlyn’s desk. It was something she did whenever she was deep in thought. She stopped to look at Caitlyn. “I know we have different ways for customers to pay their invoices. Some do it over the phone and some have terms, and some send in checks, etcetera. For this example let’s say I’m Joe Blow and I get an invoice in the mail for $2,921.26. I call up Welsh to pay my bill over the phone with a credit card. Once the customer rep takes the payment and marks the invoice as paid, this rewritten program code kicks in and removes the twenty-six cents, changes the invoice in the system to reflect the amount as if the twenty-six cents never existed. The missing twenty-six cents is then rerouted into an unknown bank account. Is that correct?”
“You got it. That’s exactly how it works. Slicing off pennies like you slice salami to make a sandwich,” Caitlyn smiled. “That’s also why this doesn’t have to be a public relations nightmare for us as you say. Our customers don’t need to know anything about it because they were invoiced the correct amount and they paid the correct amount. The money is being stolen from Welsh, not our customers.”
“How did you figure this out?”
“I told you that I made a mirror image of the system. On one side, I had our old system records and on the other was the new program. It just so happened that several customers happened to pay their invoices in between the time it took me to load up the new software.”
Sydney grinned from ear to ear. “You compared the same invoices from the old and new software?”
Caitlyn smiled with satisfaction. “That is exactly what I did. I had to make sure that all the data fields on the invoices were the same and they were except for the invoice amount. Do you know why that is?” Caitlyn asked.
“Testing me again, aren’t you?” Sydney chuckled.
“Just want to see how your logic is doing, that’s all,” Caitlyn teased.
“It wasn’t the same because the new software you loaded does not have the same logic code to change the values,” Sydney answered triumphantly.
Caitlyn clapped her hands together and smiled at Sydney. “Bravo, bravo. You are correct and you just won a new Dirt Devil vacuum cleaner.”
“Why a Dirt Devil?” Sydney asked, frowning.
“Because they suck better,” Caitlyn said, her expression serious.
“I’m gonna ask although I probably shouldn’t. How do you know they suck better?”
“It’s a matter of creating the correct formula in order to make calculations based on the pull of gravity, how quickly what’s being sucked in is pulled into the hose, and how many inches it travels over time once it’s entered into—”
Sydney held her hand up to stop Caitlyn’s explanation. She shook her head and smiled. “I knew I was gonna regret asking.”
Caitlyn laughed. “What’s the problem? I was explaining it in very simple terms.”
“Okay then ... how about we forget I asked and in that case, I would like one in candy-apple red please,” Sydney said with a laugh.
Caitlyn chuckled. “I’ll get right on that.”
“Now that we’ve got the vacuum settled, do you have an estimate on how long this code has been active in our system?”
“Around seven years.”
“Holy shit. You have any thoughts on the person or persons who would be able to do this?” Sydney asked.
“Yes ... but you’re not going to like it,” Caitlyn said, shaking her head.
“Try me.”
“It has to be someone here at Welsh and I say that because whoever has done this had to have access to our system, our password protected system.”
“Executives are the only ones with that type of authorization,” Sydney said, thinking of the implications.
“Exactly, and to narrow it down further, this person has to have programming abilities, which means it could be anyone on the executive floor.” Caitlyn smiled. “I took the liberty to pull all of the executive’s résumés and eighty percent of them have programming experience although that is not their primary job function here at Welsh. Most have secondary Computer Science degrees, even the Marketing VP.”
“Eighty percent, huh? That’s leaves us with what, six, seven people?”
Caitlyn nodded in agreement.
“How many people know about this?” Sydney asked.
“No one except for you and me,” Caitlyn said with a shake of her head.
“Good. For two reasons I would like to keep it that way. The first is that if it is someone here, we don’t want them to know we are onto what they’ve been doing, otherwise they may stop, and we’ll never catch them. The second reason is that this is dangerous as hell. We’re talking millions of dollars and people have killed for much less.”
“And since no one but the two of us know I’ve been testing out this new system billing program, I think we should keep that to ourselves as well.”
“I agree. Do you have any idea where the money is going or how we can catch whoever is doing this?”
“I’m working on that. I have spent the last twenty-four hours trying to find the account where the funds have been dumped but it’s too tedious to do by hand seeing that we have over two million customers worldwide,” Caitlyn said, massaging the sides of her temples with her fingertips. “I decided to write a new logic program where I can input the monies that have been rounded down from several invoices and have the system search for an account or accounts that match a deposit for those amounts. It shouldn’t take long once I finish writing the code.”