The Enigma Factor

“Nice to meet you, Mr. Cornwall.” Jacob extended his hand.

            “You, as well. Please call me Larry. Brian here was just telling me about your background in security and testing for unauthorized access. I am here to engage your team to help me find a problem. I was just telling Brian that my guys stumbled over this event in our logs that can’t be explained. We don’t see any breaches, but it makes me uncomfortable. I don’t believe in random or coincidence events. My guys have tried, but at this point they think the log is just messed up.

            “PT has experience in our environment, and we are about due for a review. I just think it is worth having it now rather than in sixty days. We did find some code that appeared odd that I brought a copy of for you to review in advance. It doesn’t appear to be connected to any other programs, but my guys didn’t recognize it and quite honestly it is a bit complicated for their skill levels. Most of our programming is contracted with all new code validated by PT before being placed into production. This program doesn’t show PT’s validation markings, which may or may not be a problem. We have teams that are working on changes, and this was found within the secured sector, thus isolated from sensitive information.”

            Larry handed Jacob a thumb drive which he plugged into the side of his machine and waited for his PC’s acknowledgement of the device. He had reviewed programs before and knew that PT validation marks were always inserted within the first five lines of all validated programs. That was likely as far as Larry’s guys went into review of the code.

            Brian took up the conversation before Jacob could speak. “I was telling Larry that you were attending DEFCON and perhaps would be ideal to take the lead when you returned. With your arrival this morning, we won’t have to put off the services. We do have a standard service contract that we can modify for starting tomorrow if you can be onsite then, Jacob. With their security firewalls, there is no way to access via remote support. The location is in Manhattan at their main office.”

            “No problem,” Jacob said then faced Larry. “What time would you like me to start and what do I need from your security folks to access the building?”

            Jacob knew that post- 911 buildings in New York, especially in Manhattan, were very hard to enter without proper authorization. No way to bluff one’s way into most buildings in New York these days unless it was retail space.

            “If you can arrive at seven-thirty, I can meet you in the lobby, square the security with a day badge and request at least a two week badge for your access on your own. I will get my guys in place by eight with all the information we have and your system access information. Of course, you will be given full access, but I would like one of my guys to shadow you at least part of the time to learn a bit more. Brian, I think that is already in our agreement, right?”

            Brian glanced at his machine, “Yep, it sure is. However if our team, mainly Jacob, has special routines confidential to PT, then he will alert your guys at those points to leave or whatever the approved process dictates. The machines that Jacob will use will not have any screen capture software on them, which we check as a matter of routine in advance. Agreed?”

            “Yes, Brian, that has been the standard agreement in the past, and I didn’t think you guys changed policy. Sounds good. Jacob, I will see you in the lobby in the morning.”

            “Yes, sir. I will be there by seven-thirty with my ID in hand. Thank you, Larry, I am sure we can track it down. I will take a look at this today and perhaps have some information to share with you in the morning. Thank you for bringing it with you.”

            They shook hands and said their goodbyes. Brian escorted Larry out while Jacob returned to his cube and started reviewing the program he had been given. Jacob had only begun reading the code and starting to annotate when Brian peeked over the cube.

            “I am not sure why you are back early, but your timing is great. Get to a stopping point and come to my office.”

            Jacob knew that his stopping point had been reached, so he followed Brian to his office. He closed the door and sat in the chair.

            “Correct me if I am wrong, but DEFCON is still running? Yet here you are in the office. I suspect there is a story here, right?”

            Jacob grimaced slightly then responded like a whipped puppy dog. “Yep, there is a story, but it is straight out of Grimm’s Fairy Tales. Let’s just say that it was like an out of body experience that I’d sooner not relive. I am ready to review this program, which will likely take most of the day. Then tomorrow I will be with Larry and his team, rather than stop in here first, if that is aligned with your thoughts.”

            Edging his eyebrows up with a questioning look, Brian said evenly, “Okay, I get it. The story can wait until another time as long as you are good to go. I wanted to let you know that Larry is likely more concerned than he is letting on. This bank is important to his livelihood, and he doesn’t want anyone messing with his baby. I need you to keep me posted, and if it is something hairy, you might want to make certain you bring me into discussions with Larry. I’ve known the guy a long time. He is a straight shooter and hates being out of the loop.”

            “I do recall you having a history with Larry. But I always work with the customer and their customers’ interest in the forefront. Let me get started and see if we can determine what’s up. I will make certain his team is aware each step of the way.”

            “Works for me. Thanks, Jacob, glad you are back.” Grinning, Brian added, “We’ll discuss Vegas when it stops stinging you.”