David, Mike, and Christine all gathered around them. The emails were a cryptic combination of English words and HTML, the markup language used for web pages.
David fanned through the pages, then looked up at Gene. “What are we seeing?”
“You’re seeing emails between your email account and the procurement web application. This page,” Gene said, pointing to one, “is the procurement system displaying a list of accounts you are approved to use, and this one over here, is your email selecting one of the accounts.”
“It’s the timestamps, isn’t it?” Christine said.
Gene smiled at her. “You’re the smart one.”
She smiled back, then pointed to the printouts. “The timestamps on these emails are too close together.” She arranged the printed pages in pairs. “If you look at the email headers, you can see that every time there’s an incoming email that requires a response, the reply is immediate. There’s not even a one second delay. There’s no way a human could respond to an email that quickly.”
“Exactly right,” Gene said. “So at first I suspected someone had written a program exploiting a loophole in email authentication, and was using that to embezzle funds. But then I asked around about your project, and everyone started telling me stories about how you were creating an email generator.”
“Well, that’s not exactly what it’s for,” David protested. Then he sighed. “Well, I guess it is now.”
“What do we do next?” Mike asked, looking now at David. “David?”
David turned to the windows, fingers steepled, and stared out in silence, ignoring everyone’s eyes on him.
Chapter 9
David tried very hard to ignore everyone watching him. If he could just concentrate, he could figure out a solution to this problem. He needed to shutdown ELOPe and somehow not lose his job and preferably not lose the project. He focused on the trees in Forest Park, sending the hum of the ventilation system, and everyone’s breathing into the background. He watched the wind waving the tops of Douglas Fir trees in the far off distance.
Gene uncomfortably cleared his throat, and snapped David back into the present.
“I think,” David began. He turned to look at everyone, and the pressure of their intense gazes made him halt. “I think we need to understand what ELOPe is doing. If we see the source code, maybe some log files, we could get a better sense of what ELOPe is capable of.”
Mike sighed and Gene cleared his throat again.
“What?” David said defensively.
“That’s not enough,” Gene said, spreading his hands wide. “This situation is too big, too out of hand to start analyzing source code. We need to shut it down.”
“I agree,” Mike said. “We need to get it off the servers.”
Christine nodded enthusiastically.
“If we could restore our access to the servers, we could do a live patch, and remove the software that way,” David offered.
“You’re still thinking of this as damage control, as though you are going to keep it hidden somehow,” Gene said roughly. He threw his stack of expense reports down on the table. “We’re talking about millions of dollars that have to be accounted for, never mind that we have a ghost in the machine.”
David and Christine laughed at the song reference, but Gene was stony faced. David sighed. Apparently that wasn’t a pop culture reference.
“What do you want to do?” David asked, resigned to whatever outcome Gene wanted.
“I’m going to escalate this to my management chain. We have an emergency situation. The Controls and Compliance organization has the authority to supersede business management. I’ll get the authority to shutdown the AvoMail servers.” Gene’s voice was firm.
“If you can get the servers shutdown, we can remove ELOPe,” Mike offered. “We’ll work with Ops to restore the servers from safe backups, some snapshot that was taken before any of this started.” He looked at David, who nodded affirmatively.
“Meanwhile,” Mike continued, “I think there is some merit to what David was suggesting. I do think we should figure out how our access was removed, because that’s going to give us some clue of what ELOPe is capable of. Because right at the moment, I’m scared to do anything. In theory, I could go into Melanie’s office down the hall, and ask her to do the live-patch and remove ELOPe that way.”
At this idea David’s face brightened up.
“But I doubt it will work,” Mike continued, watching David’s face fall again. “I think the most likely thing is that ELOPe will detect what Melanie is doing, and then remove her access too.”
David nodded sadly.
“Well, while you boys clean up the mess you created, I am going home,” Christine interjected. “I can’t do anything here to help you.”
“Take my car,” Mike offered, and threw Christine his keys. “We’ll take the streetcar home.”
David nodded, and got up to hug Christine.
She stretched up to whisper in his ear. “Just get ELOPe removed. Don’t try to hide it. If they fire you, my gaming company will hire you to write gaming AI, alright?” She smiled and kissed him, then turned to leave.
David felt adrift, unsure of anything. He looked at Mike. “What now?”
“We go find the IT department that handled access controls.”
“Not so fast,” Gene said. “Look, we’ve got to avoid any use of emails, or ELOPe will intercept them. Frankly, I’d consider any use of computers or phones suspect at this point as well.”
“That’s absurd!” David said. “There’s no way ELOPe can monitor a phone conversation.”
“Really?” Gene said. He waved a sheaf of papers in front of David. “What did more than twenty contractors do over the holiday? Can you guarantee that no one created a voice-to-text bridge?”
“Fuck.” David’s shoulders slumped in defeat.
“OK, we get the message,” Mike said. “No emails, no computer use, and no phones if possible. Can we meet back here in, say, two hours?”
“Yeah, sure, kid. Two hours.” Gene packed up his bag and left.
* * *
Without a computer to look up a campus map, David and Mike spent forty minutes wandering the buildings of the Avogadro campus.
“Come on, let’s just look up the address,” David said.
“No dude, we just said we wouldn’t use any computers.”
“What harm can come from looking up one thing in the directory?”
Mike didn’t answer, and instead accosted the next person that came down the hallway. “Excuse me, I’m looking for the IT department that handles access controls?”
She gave him a strange look. “Just look it up in the directory.” She turned and went on.
“You just picked her because she was cute and blonde,” David said, laughing.
Mike just smiled back.
David tried with the next person who walked down the hall, an older man with a two day beard and a pot belly. “Do you know where we can find the IT department that handles access controls?”
“Sure, that’s the Internal Tools department. They’re in the basement somewhere.”
“Which basement?” Mike asked. “We have twelve buildings.”
The man shrugged. “It’s dark and dingy, that’s all I remember,” he answered as he walked away.
“They’ll all dark and dingy,” David complained.
“Don’t worry about it, it’s our first useful clue.”
Fifteen minutes and four basements later, they found the Internal Tools IT department in the basement of one of the original converted factory buildings.
The first person they found refused to help them at all on the grounds that if their access had been removed, it had to have been done legitimately. But they argued for so long and at such volume that it attracted the attention of a nearby engineer.
“I’m Pete Wong,” he said, introducing himself. “I’m in the Internal Tools department. I implemented the Control Access and Permissions applicat
ion. On the off chance there really is a problem, I’d be interested in investigating it.”
Pete led them back over to his work area.
“Let me see who authorized these access changes,” Pete said, as he took a seat behind his desk. “The only way any changes can be made is using the Control Access and Permissions app, or CAP. If someone removed your access inappropriately, I can find out who, and we can contact them.”
David and Mike looked at each other in relief, glad to finally find someone who seemed helpful and knowledgeable. They took side by side chairs in front of Pete’s desk.
“It’s odd,” Pete said after working on his computer for a minute. “CAP should log information for two users. The first user would be the person who actually logged on and was using CAP, and the second user is the person who authorized the work. We need the two because sometimes a manager has their admin make changes for them. We need to track that the admin modified access rights, but the executive authorized it. According to this, Gary Mitchell authorized the removal of your access rights to the ELOPe project, but there is no record of the user who made the change.” Pete paused, and poked at his mouse, clearly frustrated. He looked up at them.
“It’s almost as if it wasn’t a person, but another application,” Pete said thoughtfully after a minute.
“Can you tell us more?” David asked. “We’re both programmers. Can you explain it to us?”
“Well, I was going to say that it was almost as if CAP was being called by another web app, rather than a person directly. Most of the web apps we write have service level interfaces so that we can have one application interact with another.”
“That makes sense. Some kind of XML interface?” Mike suggested, interested in the technical details.
“Exactly, but CAP is, for obvious reasons, a sensitive application from a security perspective. We didn’t write a service level interface for it.” Pete thumped his fingers on his desk, and stared off into the distance. “Now that I think about, I received a request to write a service level interface for CAP just before the holiday break, but I denied the request.”
“Who asked you to?” Mike asked.
“Let me check. We have an Internal Tools request database where it would be logged.” Pete typed for a minute. “Huh. The request came from Gary Mitchell. What the hell is Gary up to?”
“I can’t stand Gary, and I definitely don’t trust him,” David said, “but in this case, I don’t think Gary is up to anything at all.” He paused. “Look, is there any way that someone could have emailed in an access change? Or emailed in a request to change CAP so that it would accept email inputs?”
“By email? No, of course not. They would have to submit their requests via the appropriate web application…” Pete said, and then trailed off. “Hmm… It is really funny that you ask that question.”
“Yes?” Mike prompted, with a meaningful glance at David.
“A couple of weeks before the Christmas break there was a really odd request. From a guy named John Anderson in Procurement. He asked me to write an email to web bridge so that people could submit their Procurement requests via email. And it turned out to be really easy to write a generic bridge that did just that. In fact, I remember testing it against our Internal Tools Request app, and it worked just fine.”
“But that wouldn’t allow someone to make unauthorized changes would it? I mean, they would still have to provide a login name and password to a secure system, would they?” Mike asked, his voice going up a notch.
“Not exactly.” Pete said. “See, the Procurement system wanted to know the authorized user. I figured that AvoMail is secure right? I mean, you interact with AvoMail over a secure HTTP connection, so nobody can see your password, nobody can pretend to be you. I wrote the web service layer so that when it saw the email bridge, it would automatically use the sender of the email as the authorized user. The email system seemed as secure or better than a username or login.”
Mike and David nodded rapidly, showing they understood, and encouraging Pete with his explanation. David felt gratified that there just might be an explanation behind how ELOPe was accomplishing so much. It took the events of the past few weeks out of the realm of the supernatural, and back into the realm of the technical. Technical problems could be solved.
“So you’re saying that someone who has access to email can hit pretty much any web page inside Avogadro? If they somehow hacked the email system, they could get uncontrolled access to any web application? Didn’t that seem a little risky to you? Didn’t it have to go through some kind of security review?” Mike asked the questions rapid fire.
Pete visibly wilted under the onslaught of questions.
“Sorry,” Mike started again. “I’m just trying to understand. I’m not judging anything.”
Pete nodded in acceptance. “Well, I feel embarrassed saying this. Sean Leonov had asked me to do it. I thought that if it was for Sean, well, I should pull out all the stops and get it done. I mean, I’m stuck down here in Infernal Tools.” He gestured at the cinderblock basement wall behind him, in stark contrast to Mike and David’s wall-to-wall windowed offices. “How often do I get to impress someone?” Pete shook his head. “So, no, I didn’t get it reviewed. It’s totally off the radar.”
“Sean Leonov actually asked you, in person?” Mike asked.
“Well, no, not exactly,” Pete said. “I think John, from the Procurement Department, said in his email that Sean had asked for it.”
“Yeah, well I got an email saying my father was in the hospital. Don’t believe everything you read in an email anymore.” Mike jumped up from his seat, furious. He stalked back and forth in the tiny office. “Look, I’m not mad at you. But ELOPe is playing us all for fools.” He looked pointedly at David, as though he expected David to solve everything immediately.
“Let’s stay calm and focus on what’s important right now.” David tried to keep his voice level and reasonable to calm Mike down. He rarely saw Mike angry, and at least one of them had to stay levelheaded. Turning to Pete, he explained, “I know this is going to sound strange, but we believe that the email system is no longer secure. Someone, or something has hacked the email system. Can you shut down this email to web bridge?”
Pete had an uncomfortable expression on his face, and looked as if he was able to say no.
“Look, we need you to trust us on this.” David leaned forward, closer to Pete. “If we’re wrong, you’ve just inconvenienced a couple of guys in procurement for a day or two, right? If we’re right, you’re going to help save the company from a major security breach.”
Pete looked at them for a moment, and then nodded. “It should be easy. The bridge app is running on our Internal Tools servers,” he said. “I can kill the application from my console.”
Pete turned back to his computer, and turned the display sideways so Mike and David could watch. He ran through various command line tools to log into the servers, query the status of running processes, and then kill the relevant program. “OK, I stopped the bridge. I also changed the permissions on the directory, so it can’t be run again until we’ve gotten to the bottom of this.”
“OK, now please do me one more favor,” David said. “Can you test it? Send an email, and verify that it’s off?”
“Sure, that’s easy. I still have the test suite I wrote. It will send an email to make a procurement request, and then check the procurement database to look for the request. Since the bridge is off, it should report that the database didn’t change.”
Pete worked his keyboard and mouse for another minute, then paused, a puzzled look on his face. He typed again, faster and more furiously.
“What is it?” Mike asked, perched on Pete’s desk, watching him work.
“Well, this is even more odd. I ran the test, and even though the bridge is down, the database was still changed. So I checked again, and the bridge is definitely down. But something took the email and routed it to the procurement app, and it was accepted. T
hat can only mean there is some other email to web bridge somewhere in the company.”
Mike and David glanced at each other again. More puzzles.
Pete thought for a minute. “There were some subcontractors in here over the holidays. I thought they were here doing some routine maintenance, but now I guess I don’t know what they touched. Maybe they mistakenly propagated the bridge onto some other servers in the company.”
“We need to figure out which ones, and get them shut down,” David said. “Pete, you’re the only one with access right now. Can you write a program that would check every server to see which ones are running the email to bridge web?”
“Holy cow. We have over a million servers. That’s one heck of a search you want me to do.”
“Do you even have the access to do it? Do you have administrative rights on those machines?” asked Mike.
“Sure, as part of Internal Tools, we can utilize administrative accounts that have full root access, so we can run maintenance checks on all the servers.”
“Alright, then we have one other thing for you to look for. There’s a program called ELOPe, and we need to know what servers it is running on.” Mike gave Pete a USB drive. “Here is a list of checksums for the files, so you know what to look for. We developed ELOPe. It’s an add-on to the AvoMail server. I know this sounds crazy, but we think ELOPe is acting independently.”
“Independently?” Pete asked.
“Yes, an AI that is acting independently. Making decisions and buying things and manipulating people.”
Pete looked doubtful, but he stuck his hand out and took the USB drive.
“Now just one thing,” Mike said. “Whatever you do, don’t email anyone about this, and don’t trust any suspicious emails. We’ll check in with you in-person.”
Pete’s eyes went wide. “But…”
“Can you do it?” David asked, drawing himself upright, forestalling Pete’s objections.
“I’ll do it,” Pete said, gripping the USB drive tightly in his fist.
Avogadro Corp. s-1 Page 11