‘success’ it might have. Up until the last couple of weeks, it had never had such a large base of emails to analyze, nor such a large number of servers to do the analysis on.”
“From what you’re saying, the more emails it analyzes, not only do the possibilities for what constitutes success get broader, but the system would also discover more methods to accomplish those goals,” Christine said. “What it really sounds like you’ve built is an expert system for social engineering. You know what I mean by social engineering?”
Mike nodded his head yes, but David had a puzzled look on his face, and shook his head.
“Social engineering is the name given to techniques for tricking people into giving you information or making changes to information systems,” Christine said. “Social engineering was popularized by hackers in the nineteen eighties. And by hackers, I don’t mean the good guy hackers like Richard Stallman. I’m thinking of folks like the Kevins.”
Mike nodded his head again, but David looked even more puzzled, and turned around to look at his wife.
“Honey, how can you be married to me, and not know this stuff? You know I was a total online geek as a kid, yes?”
“What can I say?” David sighed. “Please go ahead.”
“Okay, look. The eighties and nineties were the heyday of hacking. Folks like Kevin Mitnick and Kevin Poulsen were able to get access to all kinds of computer systems, phone company records, credit card company records. I think it was Kevin Poulsen who said that it was easier to trick someone into giving you a password than to brute force hack it. The classic example would be someone who was trying to get access to a company’s internal phone system. She might call the front desk of the company, and tell them, ‘Hi, I’m your AT&T rep. I’m stuck on a pole down the street troubleshooting your system. I need you to punch a few buttons on your end.’”
“And?” David asked.
“And the buttons the hacker would ask the operator to press might be a key sequence that would forward all incoming calls to an outside line. Then the hacker could impersonate an employee of the company from their home phone, so they could do even more social engineering. The point is, simply by knowing the lingo, giving plausible reasons, knowing what motivates people, a hacker can gain information or get people to do things by cleverly manipulating the human tendency to trust other humans. Since you’ve built a system that learns lingo, language nuances, and motivations, and can evaluate what will be most effective to the receiver, it is, by definition, an expert system for social engineering.”
David looked flabbergasted by this explanation. “How do you know all this?”
“You know, books and stuff,” Christine said, with a sarcastic smile.
“This is pretty much what I concluded when I was with my parents,” Mike added. “We never explored how far the system could go on its own.” He paused and looking meaningful at David. “So, what do we do?”
“I think you and I have to go right to Gary Mitchell, and tell him the truth. Even if that means I lose my job as the result of this. We have to get Gary to approve an immediate outage with hard power down. Then we can pull ELOPe off the system, even if that means we rebuild those servers from the ground up. Forget home. Mike, please go straight to the site.”
“On my way,” Mike replied, as he sped down Alberta Avenue, bypassing the turnoff for David’s block, and heading for the highway to downtown.
“Gary Mitchell is still gone. His admin says he was supposed to take a vacation over the holiday break, but he should have been back by now. Tahiti, in case you were wondering.” David had just returned from the building across the street where Gary’s office was located, while Mike and Christine waited in David’s office.
“I’m picturing him laying on a beach, a cigar in one hand, and a whiskey in the other.” Mike shook his head.
“I know,” David said, laughing, “I don’t think his admin meant to tell me where he was, but I was a bit demanding.”
“No word from him?”
“Nothing. He should have been back in town a couple of days ago. His admin has paperwork waiting for him to sign. She’s sent him emails and left voicemails, but nothing.”
Mike grunted.
“While you were over there, I spoke to Richard, who was the only member of our development team that worked through the holiday break,” Mike explained. “Remember that email you told me about just after we received the additional servers? You mentioned that we were assigned a team of top notch performance optimization experts to help us work on performance improvements to drive down resource utilization?”
David nodded. “Yeah?”
“According to Richard, that team showed up on the Monday after Christmas,” Mike said. “They were a bunch of subcontractors he had never met before. They had two guys onsite for the entire Christmas break, and another dozen offsite. He says he had an email from you telling him to grant them access, so he did.”
“Let me see what changes they made.” David turned to his computer, attempting to pull down the latest source code. He stared in frustration as an error dialog popped up, with an ‘access denied’ message. He tried again, and then pounded the keyboard in frustration.
“I’m in the same boat you’re in,” he finally said to Mike. “My access to the source code has been removed. I can’t pull down a copy of the latest code to see what they changed. Do you have any ideas?”
“Well, Richard kept an eye on them the first few days, and then he left for a skiing trip over New Year. If you look in your email inbox, the contractors emailed us both a written report of what they did. It was sent Friday morning, so they finished up just before either of us got back to town. According to the email, they made some major improvements in performance, mostly related to the Bayesian network. Melanie was here at work yesterday, pulled down the latest code and ran the performance tests against it. The new code seems to have taken the import of new emails from x squared to x log x, and quartered the evaluation time.”
“Woah, are you guys saying you originally had an exponential resource utilization curve?” Christine thought about her own work on massively multiplayer games. She knew that, in the ideal case, when you add users to an internet application of any kind, you want the application to scale linearly. She shook her head and turned to look at David and Mike. “How the hell did you ever expect this to scale?”
“Scaling the resources has been the major bottleneck all along. It’s why we ran into so many resource constraints, and why the project was in danger. It didn’t appear that there was any way to scale without requiring a massive number of servers.” David shrugged. “I just kept hoping that as long as we kept the project alive, we’d find some way to overcome that limitation. Now it seems that someone has.”
David turned back to his computer. He was still trying to coerce his computer into giving him access to the code. “Damn, how did our project access get revoked? I don’t understand how email could interface with the access rights.” He turned back to Mike. “Do we have any idea what else these contractors did?”
“I might.”
Everyone turned around to look at the door. There stood an older unshaven man, dressed in rumpled clothes, carrying bundles of paper under his arms.
“Gene Keyes, Controls and Compliance.” He spoke in a deep rumble. “I’m here to save your ass.”
Over the course of the next hour, Gene briefed the others on what he had found during his investigation. Like them, he had tried to reach Gary Mitchell, with no success. He had uncovered that while there were unusual charges across the company, the only consistent patterns of unusual behavior were found in three departments. As Gene spoke, he laid printed reports across David’s desk.
The first, of course, was the R&D department in which David’s ELOPe project was housed. According to Gene’s print outs, it had paid for several small allotments of servers and subcontractors to make modifications to ELOPe. The nature of the modifications was not specified, but the budget amounts were sufficient for dozens of engineer-months of work from an outside vendor.
In fact, it was the expenditures in David’s department that had led Gene to them. David’s legitimate order several months earlier of a pool of high performance servers had clued Gene in that all of the later purchases might be somehow tied to the project that first needed additional servers.
“So does this mean we’re under suspicion?” Mike asked meekly.
“No, I can see the problem is bigger than you boys. In fact, I can see the problem is bigger than just people,”
