“That’s right,” he replied.
She frowned. “Have you given an apartment key to anyone?”
“Nobody.”
“And you’ve got no idea who might be behind this?”
“Not specifically. But my theory is someone’s trying to get me to quit working on the BankCoin project.”
“Why in the world would you think that?”
Frank hunched down in his chair. “Well,” he said, “Let’s assume someone’s hacked BankCoin. Wouldn’t they be afraid I’d figure that out? Anyway, what else could it be?”
Addams frowned more deeply. In fact, she was more suspicious about what Frank might be up to than she was inclined to believe his strange story and gnomic cards. Her bank was already paying him an outrageous amount, and in her opinion, he’d done precious little to earn it. She’d been at the bank for fourteen years, three as Cronin’s chief of staff, and she hadn’t received a tenth as many stock options as Frank, let alone anything close to his salary.
“Well,” she said, “it seems like quite a leap to me to assume whoever is playing tricks on you is thinking about First Manhattan. If their goal is to make you quit, why don’t they just say that on one of these silly cards?”
Frank shifted uneasily in his chair. He was troubled by the same question and hadn’t come up with a good answer.
“So,” Addams said, “why should the bank hire a private investigator for you? I don’t see a single word on any of these cards that’s the least bit threatening. For all I know, some oddball friend of yours is pranking you.” The look on Addams’s face suggested that in Frank’s case, adding “oddball” to “friend” was likely the waste of an extra word.
Pointing out he had no friends, oddball or otherwise, would be too humiliating, so Frank shrugged instead.
“Well, Frank,” Audrey summed up. “I’m afraid I can’t see my way clear to authorize spending bank funds to hire a private investigator. However, you should feel free to do so yourself, and,” she added, raising one eyebrow as she pushed Frank’s notes into a pile in front of him, “I believe we’re paying you more than enough to do that.”
Addams stood up, and Frank reluctantly did the same.
As soon as he left, Addams picked up her phone and called bank security.
“Henry, Audrey Addams here. We’ve got an employee named Frank Adversego who’s acting a little strange. He’s a systems security guy and has access to everything. I’d like you to have your people keep an eye on him. Yes, he’s signed the usual agreement, so we have the right to access his email and his phone records. Let me know if you see anything unusual. Also, I want a daily log of who he speaks to by phone outside the bank and a copy of every email he sends inside or outside the bank. Thanks.”
Then she had another thought. What was the name of that FBI investigator? She opened her contact management program. Right: Ryan Clancy. She should let him know, too. She put in a call to him and left a message that she might have some important information.
Then Audrey Addams indulged herself in something she rarely did. She smiled.
* * *
Ryan Clancy looked at the notes from his call with Audrey Addams. He was significantly more concerned about what Frank had reported than she was. Word had come over from the CIA that the Russian Federal Security Service was starting to take an interest in BankCoin. Well, why wouldn’t they? It was an obvious target and a spectacularly attractive one, too. Find one flaw in that technology, and you could bring the whole global financial system house of cards down. What were the banks thinking? Crazy.
Anyway. If the CIA was right, the Russians would be highly likely to try to turn an employee at First Manhattan. Clancy would need to ask his contact there to keep a closer eye on Adversego. Maybe the Russians had dug up something from his past they could use to blackmail him. And there was always money. That had a long history of working.
It was rare good luck this Addams person would be sending so much information to him. He wouldn’t even need a warrant to directly monitor what Adversego was doing.
* * *
Frank was feeling discouraged as he headed home to Washington. He was convinced Audrey Addams thought he was a little crazy. And for the first time, he realized she looked at him as a useless drain on bank resources. After all, what had he come up with so far? Is that what everyone at the bank thought? That possibility bothered him a lot.
There was a cold drizzle waiting for him when he landed at National Airport but no driver holding an umbrella the way there would have been in New York, waiting to escort him into a fancy town car. Instead, he stuffed himself into a beat-up Uber that must have been within a hair of failing to make the grade. Also, the driver’s taste in music sucked.
At least Frank hadn’t deployed his first homemade trap yet. He didn’t think he could face returning home to still another defeat in his war with a beast with less than one percent of his own cranial capacity. And there would be no fancy bottle of scotch waiting for him in his cupboard.
What a day. And now his Uber driver had the cold-tolerance of an Eskimo. Or maybe his car heat wasn’t working. Either way, Frank was chilled to the bone. When he got home, he’d make a pot of coffee right away.
Which is what he did. Plopping down in his living room to wait for it to be ready, he stared blankly at the water dripping onto his balcony. Now what?
A bit of motion caught his eye. Huh. Fang was perched on the railing outside. Just what Frank needed. A gloating squirrel.
But then the animal dropped to the balcony floor and hopped hesitantly forward. The drizzle had turned to sleet now. When Fang rose on his hind legs and placed his front paws on the glass, Frank could see how soaked and pathetic the tiny animal was. It stared at him for a while. Then it disappeared.
Frank looked out into the now-empty darkness and felt his face begin to burn with a sudden and obvious realization. What was the matter with him? Was a blue jay or a cardinal more entitled to be fed just because it was colorful? Every living creature needed to eat. What kind of species bigot was he? And how had he allowed himself to become so ridiculously obsessed with a squirrel? Maybe the pressure of his bank job was affecting him more than he’d realized.
He filled a bowl with seeds and placed it on his balcony. Then he waited, wondering whether Fang could find it in his tiny heart to forgive him.
Chapter 37
Girls Just Want to Have Fun
Audrey Addams had felt unnerved ever since the office party where Glen Olson had made his advances. She felt as if all eyes were on her – and perhaps they were. What if Olson was gossiping right now, talking to someone nearby? Who knew how he would describe their encounter? Eventually, she broke and called Sylvia Bunsen, the only person in the bank she could think of with whom she could share what had happened.
Sylvia had been playing cat to Audrey’s mouse for months, thus far with no success or any apparent realization by Audrey of what Sylvia had in mind. But Sylvia was persistent. Audrey’s exquisite aloofness appealed to her; she loved an amorous challenge now and then. She had no idea whether Audrey was gay or straight, but she was betting the odds were in her favor, assuming Audrey had any interest in playing on either team at all. If so, Sylvia looked forward to the day she could whisper softly in Audrey’s ear that she was beautiful.
Audrey had first caught Sylvia’s eye at a bank off-site retreat. She maneuvered herself on to Audrey’s group during one of those silly games intended to build team spirit. She followed up a few days later with an invitation to grab lunch, and then another; Sylvia was nothing if not persistent. Eventually, Audrey said yes. Fishing around over their salads, she found out Cronin never shared budget details with Audrey. From the way she admitted it, Sylvia could tell Audrey couldn’t stand being excluded from anything on the management front.
Conveniently, Bunsen worked for the bank’s chief financial officer. Fro
m then on, she baited her lunch invitations with suggestions that she had interesting budget information to share. Audrey always took the bait but never reciprocated with an invitation of her own. That made Audrey’s unexpected call a welcome surprise.
The restaurant they met in was quiet, discreet, and almost empty. Sylvia was understanding and patient, offering Audrey all the time she needed to describe what had happened and work through it out loud. For the first time, Sylvia felt she was establishing a bond and wondered how far she could take it. Should she reach across and take Audrey’s hand? No; not yet. Too risky. And anyway, best to hedge her bets; Audrey wasn’t the only woman who appealed to Sylvia, and she had a second agenda to pursue as well.
“I don’t want to interrupt,” Sylvia said, “but I should ask. Are you planning to go back to the office this afternoon?”
“Yes,” Audrey replied, with a look that managed to mix determination with revulsion.
“Okay, then we’ve got to buck you up first. Time to get you back on an even keel. Right?”
“Right.”
“Okay. Let’s talk some shop so you can pull yourself together. What’s new on the blockchain project?”
Why that? Audrey thought. She found it deadly boring. But lately, Sylvia always asked about it.
“BankCoin? Not much. Well, I guess one thing. There’s this guy named Frank Adversego we brought in to be the senior cybersecurity risk manager a while back. As completely clueless a wonk as you could ever imagine. I think he’s starting to go over the edge.”
“Over the edge? How?”
“He’s convinced someone’s, I don’t know, stalking him. Moving things around in his apartment – trying to intimidate him or something. He thinks the bank should hire a private investigator to stake out his place.”
“And you told him what?”
“I told him no way. We’re paying him a ton of money. If he wants an investigator, he can jolly well pay for one himself. And then I called up bank security and told them to send me a daily log of his external phone calls and copies of all his email.”
This time, Sylvia did reach across the table but only to give Audrey’s hand a friendly squeeze.
“You go, girl! That’s the spirit! Now let’s go back to the bank and give those men hell.”
* * *
Sylvia Bunsen loved to dance. She also loved women who loved to dance. That’s what the clubbing scene was for. On the dance floor, she introduced herself as “Jinx” Bunsen. It was a made-up nickname she thought would appeal to the kind of person who appealed to her. In any event, it seemed to charm the lovely Svetlana, and she was very appealing indeed. They’d met at a club three weeks ago.
Sylvia wasn’t sure what Svetlana did for a living but figured it must have something to do with technology, because she was always asking about the BankCoin project. Sylvia didn’t mind. Sometimes, it was fun to play at being the mouse instead of the cat. How much she decided to share was up to her, and she loved teasing Svetlana, giving up little but looking into her eyes a lot over a glass of wine in a way that promised more if the price was right. As it always was when at last Sylvia gave her the information she wanted.
Audrey’s little story about Frank therefore made Sylvia’s day. She could go dancing tonight!
* * *
Marko Andropov was sitting at his terminal at the Russian Federation embassy in Washington, DC. On the embassy directory, he was identified as its chief of protocol, which indeed he was. But his more important role was to serve as the senior FSS agent for the northeastern United States.
Periodically, he toggled back to the screen he’d left open since emailing Audrey Addams earlier that morning. Of course, the email would not appear to have been sent by him. Instead, he had spoofed Frank’s email address as the sender. The message was short and read as follows:
Audrey,
I think this article on alt coin security is important: [link]
Frank
The link looked exactly the way it should, and if clicked, it would lead – although not immediately – to the web address displayed in the email. Before it took Addams to that destination, it would skip through a Dark Web site Andropov had prepared for that purpose. The delay would be almost imperceptible but more than adequate to allow the malware on Andropov’s site to begin uploading to the First Manhattan system.
There – Addams had just clicked on the link. Good. Andropov was now inside the First Manhattan Bank’s network and able to shadow the email and activities of both Audrey and Frank.
* * *
Da!
Shukov closed the decoded version of the message from Andropov. It included welcome news: not only had Andropov penetrated First Manhattan’s network, but he would be sending Shukov a daily summary of the activities of the most important cybersecurity investigator on the First Manhattan staff, together with copies of all of his email and external telephone logs.
Shukov was pleased with the progress his malware team was making, too. At the next JCSC meeting he would report that it was only a matter of time before the Russian Federation would be in a position to take down the Western world’s banking infrastructure.
That was a great relief.
Chapter 38
Time to Get With the Program
Frank had an idea. He tapped his fingers and stared at the screen. Hmm. It might be worth the effort.
There was a knock at the door. It was Ruth.
“Good timing!” he said. “Come on in!”
“What’s up?” she said, taking a seat.
“A new idea. Can I bounce it off you?”
“Of course,” she said, sitting up straighter.
“I’ve been struggling with how to scan the whole codebase to find any malware that might already be there. I’ve gone through BankCoin more times now than I’d care to admit, each time trying to come at it from a new perspective – and so far, no luck. Maybe there’s no big vulnerability or malware to be found – but what if there is and I’ve just missed it? The problem is how to recognize the bad code in the middle of hundreds of thousands of lines of good stuff. It might seem innocuous until you really understood how it would act. So, what I’m thinking is that the best way to find it would be to write code for the most likely attack scenarios and then look for something similar. Not exactly the first thing anyone would try, but I’m running out of ideas. What do you think?”
“I take your point,” she said, “but what are the odds you’d come up with the same approach?”
Given Frank’s participation in the Russ Task Force, much better than Ruth might guess. But he obviously couldn’t share that.
“Well, not a hundred percent, of course. But there’s an attack I’ve always thought was improbable that maybe I’ve been underestimating. Let’s say the Russians or North Koreans want to take down the whole BankCoin network. How would they go about that? One approach would be to penetrate the system of a participating bank and then somehow get inside BankCoin, too. Next, they’d create a smart contract that contained malware instead of transaction details and submit it for inclusion in a block the same bank created. Are you with me so far?”
“Yes, and I think I see where you’re going. But remember that if a block has too much data, it triggers an alarm.”
“Right!” Frank said. “Good. But now let’s say the enemy hacker can somehow prevent any other smart contracts from being included in the same block. I checked in this morning to see how big the blocks are getting these days, and it looks like the volume and complexity of smart contracts have really taken off. That means if the bad guy can keep them out of a block, he might have several thousand lines to work with and not worry about triggering an alarm. So, the question is, would it be possible to create a piece of malware that was small enough to get past the malware alert and infect the whole BankCoin network? If so, Schwert’s original mechanism doe
sn’t work anymore, and an attack against one bank could threaten all.”
Ruth nodded. “Wow,” she said. “That might work!”
“Right,” Frank said, “So, what types of malware could take down BankCoin, and which would require just a few thousand lines of code?”
“Well,” Ruth said, “I guess if we’re talking about taking it down temporarily, it could encrypt every copy of the blockchain. And if someone wanted to destroy the system, it would erase them.”
“Right!” Frank said. “That’s what I think, too. Right now, there aren’t any air-gapped, archived backup copies of BankCoin in the traditional sense, because every live copy is a backup of every other live copy.”
“Well, then the first thing we should do is create backups and then air gap them so we’ll always have …” She paused. “No, that wouldn’t work, either.”
Frank smiled. He already knew that, but he was pleased Ruth had spotted the drawback so quickly. “How so?” he asked.
“Because the malware might have already been added to the BankCoin copy we archived. It may be the hacker didn’t want to activate the malware immediately. If that was the case, we couldn’t ever reboot from our archival copy after an attack and know we were home free, because the same enemy could just trigger the same malware again.”
“Exactly!” Frank said.
Then Ruth’s eyebrows shot up. “And what about this – a smart contract by definition is a program that’s supposed to trigger a payment at a later date. So, if the malware is already planted somewhere in the blockchain disguised as a smart contract, you’d never be able to spot the block carrying the attack trigger, because it would look just like any other block that updated a smart contract. And millions of those updates are added to BankCoin every day.”
“Bingo!” Frank said, pleased. “So, I think we agree we should assume, for safety’s sake, that some kind of malware might already be in the BankCoin blockchain. That’s the easy part. The hard one would be finding it if it’s there – and by ‘there’ we’re talking about somewhere in a blockchain that now contains billions of transactions. How do we spot it? That’s why I’m thinking of going through the exercise of designing the same sort of attack. If we’re successful, we’ll have a better idea what to look for in the existing blocks, and what to scan for in the ones ahead.”
The Blockchain Revolution Page 28