Showing posts with label digital detective. Show all posts
Showing posts with label digital detective. Show all posts

23 April 2023

The Digital Detective, Banco and Bunco, Part 2


Resuming from last week

Money Laundering

Checks (‘cheques’ in other English-speaking countries) are becoming less common in our digital society, but they still have their uses: Investors often receive dividend checks, some companies send refund checks, and many of us write checks to our lawn guy and housekeeper. Check handling still holds a place in our economy and so does a scheme called ‘check washing’.

Crime segments on programs like Dateline and 20/20 have warned us against the practice of bad guys plucking checks out of mailboxes and ‘washing’ them in a ‘household chemical’ bath. Then with a blank check in hand with the original signature, they fill in a new payee and amount. The scheme can work with bonds, wills, and other instruments, anything with a dye-based ink written with ordinary pens. Very old inks comprised of iron compounds remain unaffected.

Wait. Are you going to share with us?

What is the household chemical? Enquiring crime writers want to know.

The answer is ink-dependent and I’m aware of two compounds. Women baddies may have an advantage: The primary go-to chemical, acetone, is the principle ingredient in fingernail polish remover. Other dye-based inks may better respond when treated with ordinary bleach.

Here’s a how-to video by Dr Uniball… (Shh. I know, I know, the poor man. I’m afraid Dr Uniball suffered an unfortunate lab accident.) That aside, here is one of his experiments:

Note: Although not mentioned in the video, fraudsters can preserve the signature by covering it with transparent tape. Ink not so protected washes away.

So how can you shield yourself against lawnmower man bleaching your check or your nifty cleaning lady rewriting the palty cheap-ass amount after an acetone bath? You can purchase speciality India ink pens costing in the hundreds of dollars. Or, as I recently learned, you can buy a less than two dollar Uniball at your local Dollar Store. This pigment-based pen is made by Mitsubishi Pencil Company, yes, a sister company of the car manufacturer. Look for Uniball 207, pictured here:

UniBall 207 pen

But wait. If you’re a fraudster and your victim banks with Chase or certain other banks, you don't have to bother erasing and filling in checks. Crooks have discovered Chase’s sloppy remote banking by smartphone looks only at the numeric dollar amount and routing number. Bad guys can add in an extra digit to the dollar amount, changing it from hundreds to thousands. Chase doesn’t trouble themselves to validate the written amount or check the written payee matches the conman’s name on the account. They even allow the same check to be deposited more than once.

BoA Signs of Fraud
Signs of Fraud from Bank of America

A casual survey suggests Chase Banks may figure in more frauds than all other banking institutions combined.Worse yet, Chase battles customer victims who try to get their money back. Lily, our Chase target in a previous article did everything right, trying to get an oblivious and lackadaisical Chase to take action. And they die– they blamed her.

No place in the world is safe from fraud, but if YouTube is to believed, Arizona suffers an outsized number of attacks. And naturally, Chase customer service isn't there when needed.

From A to Z, ATM to Zelle

Zelle is German for jail, literally, a prison cell. I’m frankly surprised it doesn’t mean Sucker!

I can’t trust Zelle. If accounts of a money app can’t be viewed and studied on the web, the customer/victim is at a disadvantage when attempting to reconcile transactions. Unfortunately banks and society at large push us in that direction.

Former business partners owed me money and had been steadily paying me through Sun Bank. Abruptly payments stopped. I notified them. It turned out Sun wanted to cease sending direct, electronic payments to my bank (and others) and insisted its ‘partners’ use Zelle. The problem was that Sun submitted payments into the black hole of Zelle, but my bank didn’t see them.

“Not our problem,” said Sun. “Call Zelle.”
“Not our problem,” said my bank. “Call Zelle.”
“Not our problem,” said Zelle. “Call your bank.”

This occurred after repeated and futile attempts to get a phone number for Zelle, who declined to help because they were ‘too far removed from the situation’, claiming they were outside the transfer rather than being the conduit. It took four months of repeated complaints to resolve the issue.

☚☛

As you might imagine, Zelle is a convenient tool for fraud. In one particular scam, you receive an SMS text that your bank account has been put on hold, pending unusual activity. You phone the conveniently provided phone number, and a polite professional asks how she can help you.

She ‘checks’ your account, saying it appears nefarious forces are attempting to penetrate your security. The solution is to safely move your money into a bank-approved Zelle account. If you’ve not heard of Zelle, she provides you a web link showing your bank works with Zelle, and she’ll help you set up a new free account, which will make bill paying so much easier.

Ten minutes later, your new Zelle account is all set up and your money moved into it. “Thank you, thank you,” you say before hanging up, upon which the scammer sets to work. You receive another text message, this time from your real bank. Your accounts have been emptied.

“Not our problem,” says Zelle. “Call your bank.”
“Not our problem,” says your bank. “Call Zelle.”

16 April 2023

The Digital Detective, Banco and Bunco, Part 1


One upon a time I was scammed, or rather American Express was. In my consulting days, a pair of cancelled flights kept me hostage at Chicago Airport for ten hours, which covered a couple of mealtimes. For one of those, I plunked down in their sit-down restaurant and partook. And was partaken without my knowledge.

The end-of-month credit card statement showed a charge that could have fed a family of twelve instead of not-so-little ol’ me. AmEx explained this was called a ‘waiter’s charge,’ literally so in my case. A waiter hands you a bill in a black leather folder. The diner casually tucks a credit card in the folder and the waiter carries it away. At this juncture, the fraud happens.

If the restaurant keeps a computerized tally, the waiter adds on an additional lobster and a hell of a tip. Without an ongoing account, a waiter simply adds in a dollar figure. In olden days, waiters might run two or three blank slips through the imprinter for later use. These days thanks to skimming devices, a waiter can mint a new card before you leave the premises.

Once a card is out-of-sight, waiters can do anything they wish.

As did a waitress in Minneapolis’ beloved Pannekoeken Huis. Two things had come together to draw my attention to a minor racket. Unlike my girlfriend whose sharp eye for cash register fiddles caught one in the middle of a famous theme park, I don’t have specialized training in these things. However, a conversation with a vice president of finance at the company I consulted for raised my awareness. After meals, he carefully perused the bill and credit card slip, commenting he’d find mistakes nearly half the time and went on to prove it.

Bad Taste

And so I found myself in the very restaurant where he’d enlightened me. Frankly, the waitress did little to avert attention to herself. In a Midwestern city where everyone is friendly, she was unusually hostile. Perhaps it was the result of a bad morning, but she acted distinctly sour. Thus when the check came and bearing in mind the VP’s admonition, I looked over the register’s paper tape and there it was… or in this case wasn’t. The line items didn’t match the inflated total.

Her scam took but a moment to unravel. The register tape provided the clue– the restaurant’s logo was missing at the top of the tape. She’d rung in a false item, rolled the register’s tape forward several inches and tore it off, and then rang in the real breakfast tab.

I brought it to the attention of the front-of-house manager. That trusting soul cheerfully waved off the discrepancy as a register glitch. Fine, not my problem, but the practiced moves of the waitress announced she’d done this many times. I did not encourage her by leaving a tip.

That wasn’t why he glanced at your derrière

Does your credit card have a tap ’n’ go icon? If so, it has a built-in bit of electronics called passive NFC… near field communications, a cousin of RFID. Your cell phone may have something similar, but is active NFC because it’s battery powered. They work on the same principal as store exit scanners that sense security tags still attached to the jacket you just bought.

Besides the likelihood of your butt mashing your phone, NFC is a major reason you shouldn’t carry your phone in your hip pocket. A passerby brushes her phone past your pocket and *snap* — she’s captured your information.

Sleight-of-Hand

Scams can happen other ways. You check out of your doctor’s office, or you pay at the window of that overpriced restaurant, or you’re enqueued at Wendy’s drive-thru window and your fuel gauge is running low as is the patience of the guy behind you who taps his horn for the third time but it’s not your fault because your salad isn’t ready and finally the server comes to the window and hands you a bag with a freckled girl’s face on it and says, “That will be $36.80,” and you realize for that kind of money you could have dined at Pannekoeken Huis with money left over but you dig through your purse and there’s your MasterCard that you hand over and a second later he hands it back followed by a receipt that you stuff in your purse and before the guy behind you can blast his horn again you pull forward and out of his way, yet when you get home you receive a text message that your credit card has hit its limit. What? How can that be? You should have at least fifty dollars to spare.

And there it is: Instead of $36.80, you were charged $96.80. Maybe the guy’s finger slipped ringing it up. But wait, there’s another $23 charge from the same place at the same time. That shouldn’t be possible. What happened?

When you handed over your card, you lost sight of it for an instant only. But it was enough time for the window guy to pass the card over a pocket skimmer or even a second NFC machine, a modern analogue of imprinting an extra credit card slip.

Contactless Cards (NFC, RFID)
Universal Contactless Cards (NFC, RFID)

ATM : Access Thy Money

You may seen recent warnings about ATMs with inoperable card slots, glued shut according to articles. Nearby, a helpful guy who’s standing a respectable, unobtrusive distance behind you offers a suggestion. “You can tap your card.”

But of course you can. You thank the guy, boink the card over the symbol, stuff $200 in your purse, and nervously flee the scene to safety. Or so you think. The helpful guy, he moves in and empties your account.

When an ATM’s mechanical reader returns your card, it automatically logs you out of the system. Likewise in store transactions, once the clerk rings you out and you see the Thank You message on the screen, you’re once again disconnected from your account.

Surveys show at ATMs, tap ’n’ go customers often don’t manually log out of their accounts. Without a mechanism holding their card and releasing it as they sign out, clients fail to realize the connection to their account remains active and vulnerable. Please, log out.

Next Week: Money Laundering

24 October 2021

The Digital Detective, Wall Street part 4


When corporations upgrade large computer systems, they typically run the old and the new in parallel a few weeks or months until the bugs are shaken out. Occasionally events take a turn as discussed last week.

Mutual Admiration Society

Back in New York, our mutual funds firm (not so fondly referred to as MuFu) faced a different problem. They had completely rewritten the primary application, changing over from Cobol to C, and it hadn’t gone well. Four months after parallel commenced, they were experiencing glitches and crashes.

The sizeOf problem I’d caught wasn’t a contributing cause. An unidentified problem was triggering errors, an oversight so simple it would boggle the mind.

Robert, their very defensive senior C expert, hadn’t told me about a front-end program written by yet another programmer. I had to figure that out for myself. The bug wasn’t in the program they’d assigned me; it was introduced by what came before.

Front end and Back end Processing
Front end and Back end Processing

As previously mentioned, Cobol reads like English and C… well, C is sometimes great and often horrible. C had become the most recent fad and application programmers were feeling the bite of its double edge sword.

The staff was comprised of university C students and the last Cobol member on her way out. Machine language (and assembler) weren’t in their purview and when they dismissed John, ‘the old guy’, they'd rid themselves of their only person who could poke around in memory (RAM) to determine what went wrong.

And memory was a problem. The program used customer numbers to index into a table and reference records in storage… in theory. In practice, I soon learned the customer was occasionally wrong, wildly wrong, trying to access a memory location off in the wilds of Kansas.

Cobol could detect out-of-bounds matrix subscripts; C could not. Thus it took me a little while to figure out the bogus account code was coming from a front end program. That preprocessor queued submitted entries, performed minor verification with a check digit, converted the input to binary, and passed the record on to the back-end program I first investigated.

In short, sometimes the data entry folks included dashes in the account number (e.g, 7654321-1) and sometimes they didn't. The Cobol app extracted only the digits; the C program didn’t. Both programs tentatively vouched for the account number (7654321) using the check digit (1), indicating it resided in the realm of possible valid numbers. Unfortunately, the newly written C routine included the hyphen when attempting to convert the number to binary. Both versions then ‘piped’ (passed along) the massaged data to the back-end program where hell and fury would erupt when a bad number with the mashed-up hyphen was passed along.

For all the grief it caused, correcting the C front end was trivial. Worryingly, the front-end program, instead of creating the transaction serial number, left that task for the back-end program. Bad, bad, error-prone design. And, as I would discover, prone to manipulation.

I returned the program to service and turned my attention back to the mysterious ‘sizeOf’ conundrum.

Faith, Hope, and Charity

Many organizations buy into mutual funds for long term storage of their money. City, county, and state governments store tax revenues, fines and fees there. Churches and charities divide money between money market and mutual funds.

In the mutual funds program, a template field labeled IRS501C was data-typed binary in the old Cobol Record data division and as boolean in the matching C Struct.

When I returned to the section with the anomalous ‘sizeOf’ routine, I could see this field being referenced, but I didn’t know why. A library search for original source code for sizeOf and the parent routines turned up nothing.

Growing more suspicious, I asked operations to dig through their archives and find the code. “Don't hold your breath,” they said.

Next day, the IT director gave me the conference room to spread out my work. I mapped binary instruction after instruction, recreating an assembler code version of the program. C could fool the eye, but machine code, even in the absence of context, revealed details of what was going on– if I could figure it out.

I constructed charts of data structures, trying to figure out what was taking place. At last when I spotted buried instructions trimming fractions of a cent from daily interests earned, I knew I’d stumbled upon skulduggery.

Figuring out the sleight-of-hand was mind-bending, but I got a break. Like so many magic tricks, the chicanery was breathtakingly simple. Only the surface artifice was complex.

I had accumulated a suite of experimental data to test extremes of the system. It contained only a dozen records but I noticed the audit log reported thirteen. What? A record with a proper transaction serial number had materialized like a magic trick.

As mentioned previously, the front-end processor should have been creating the transaction serial number, not the back end, but apparently no one here knew better. That oversight facilitated the deception, allowing crooked code to create records undetected.

Computer hours were reduced that day. Being the first of the quarter, month-end and quarter-end reports took priority. Idling, I suddenly wondered if month-end had anything to do with the mysterious symptoms I was witnessing. Once again I nagged operations about searching archives for source code.

An hour later found me wrestling with that data cleverly hidden beyond the end-of-data marker. An impatient operator slapped a cartridge on my work table. "Try this," he said.

Former employee John had made a rare oversight. He’d deleted the source files, but… Each evening, operations backed up everything, and that included John’s source code. It filled in gaps.

No comments, of course, but lo, I beheld the twisted mind of a criminal genius. The routines were rife with indirection and misdirection. The ‘sizeOf’ trick merely hinted at the scam iceberg. While the obfuscated C code suggested one thing, the meticulous machine instructions I’d decoded step by step helped me understand what was really happening.

The scheme launched from a database record under MuFu’s own name and address, 100 Maiden Lane. The registered agent was listed as K. King, address 103rd floor, 350 Fifth Avenue, Manhattan, New York 10118. Midtown… I looked it up… Empire State Building. The street address was legitimate, but 103rd floor?

interest truncation example

Greed Kills

The charlatan routine skimmed thousandths of a cent or so following rounding errors– interest and binary-to-decimal trailing digits after rounding high. On average, the algorithm could have siphoned a quarter of a cent per transaction without setting off alarms, but our sneaky programmer apparently wanted to stay well below nets cast by auditors. Those fractions of a penny accumulated in the bogus MuFu self-owned bucket until the end of the month. Dollars– thousands of them– and been created out of thin air.

I fully expected John’s wife or a friend had opened another account to receive the transfers, but as I traced the code, it invoked a random number generator to index into an entry in the hidden part of the file, just one binary field,  which turned out to be an account number. At month end, the subversive routine transferred out between $1200 to $5000 a month from the bogus MuFu in-house account to the account selected by the random number generator. But why only certain accounts? What was special about them? How was John profiting?

As always, I sat outside on the ferry shielded by a bulkhead. As I started at the lights of Brooklyn, the answer hit me, knocking sleep out of the equation. I rode the ferry back.

With suppressed excitement, I extracted the account numbers and checked the first indicated record. Bingo. And the next one. And the next. And then the 20th and the 100th. Bingo, bingo. Every case showed the IRS501C non-profit tag.

Damnation. I’d unmasked a freaking Robin Hood. John– or should one say Little John– was stochastically selecting non-profit accounts to donate to. That generated the thirteenth record.

Fascinatingly, the audit trail reinforced the fraud’s legitimacy rather than exposed it. Only a paper trail might suggest a missing document, but who was going to dig through reams of flattened dead trees?

If United Way or Scouting USA or Bethune Cookman read their statements at the end of the month, they might have scratched their heads but concluded they surely made a deposit and misplaced their record of it.

I made copious notes and documented everything. When presented to the firm’s CIO, she looked disbelieving, then doubtful, and finally bewildered.

“I know your reputation,” Loretta said, “but this can’t be possible. Besides, IT claims John had aged beyond usefulness. He couldn’t keep up. He barely finished this, his last project, before we let him go.”

“If so, he put effort into making a final masterpiece.”

“Leigh, darling, can you fix it?”

Call me darling and I can fix anything. I yanked the too-clever code out by its roots and their senior programmer, Robert, fixed the hole and, upon my recommendation, moved the transaction serializer to the front-end.

“What will you do about the spurious deposits?” I asked.

“They go back months. We wouldn’t look good demanding hospitals and heart foundations return money deliberately deposited into their accounts. John gave away money we couldn’t detect was missing. We’ll leave it that way.”

“What about John?”

Loretta sighed. “Same reasoning. Arresting him will bring nothing but bad publicity. Can you imagine the Times or the Journal with headlines about a Wall Street Robin Hood? That’s bad enough, but a sympathetic soul would raise issues about ageism. No, we can’t win there. Thank God we discovered it.”

“Can you get me John’s contact info?”

“What? No, maybe, yes, why not. I’ll discreetly ask HR for it.”

Robbin’ Robin

I phoned ‘John’ and invited him to lunch.

“I don’t think so,” he said. “Who is this again?”

“Leigh Lundin.”

“Oh shit, you? What do you want?”

“Just a chat. Really.”

“You’re working for MuFu?”

“Yes, today I am; tomorrow, no. I’m wrapping up.”

“So you know…?”

“Lunch,” I said. “Let’s not do this on the phone.”

“Fraunces Tavern?”

“Whew! If you pay.”

He laughed. “Okay. If you accept that, you aren’t out to nail me.”

“I’m not. John, can you afford it?”

“I landed on my feet. Arthur Lipper knows me and his son hired me.”

I respected Lipper Inc. He chose well.

The Wolf Pup of Wall Street

We met in the pub where George Washington bade farewell to his troops. John looked like a mad Santa with puppy dog eyes and an Albert Einstein hairdo. I’d bet a dozen grandkids employed him as a stage for hundreds of adventures.

He said, “You’re not recording this?”

“No.” I kept my smile easy and relaxed my body language.

“I’m not admitting anything including this statement.”

“Hmm. Let’s talk hypothetically, this entire conversation, okay?”

“Sounds fair. What have you figured out?”

“Most of it, I imagine. Cancer research received a couple of grand on the first before I could stop it. That will be the last payment.”

“Good,” he said. “I mean, embezzling’s awful.”

I snorted. “SizeOf.”

He laughed. “I thought that was clever hiding in plain sight, but apparently not clever enough.”

“I overlooked it at first. John, what was going on? Why did our suppositional programmer take such a risk?”

He dropped the hypotheticals.

“They dismissed anyone approaching retirement, figuring to save paying pensions, I suppose. You heard about Walston?”

“I was there, John.”

“The MuFu bastards had a definite preference for young faces. I knew for months they were going to fire me, I could smell it in the air.”

“I know that feeling, John.”

“The staff treated me like crap, acting like I was in my dotage. They figured my brain had rotted along with Cobol, but they needed me to effect the conversion. I learned C until I knew it better than they did and then studied it more. Their superstars couldn’t read a dump or comprehend machine instructions during debugging. I turned the joke on their little experts.”

“Sheesh. I’m sorry you went through that, John.”

He shrugged. “What will happen to me now?”

“Far as I know, nothing. I think they’re too embarrassed. One or two, the CIO and the VP maybe, have shown a touch of grudging respect. They’re coming to grips with the senile grey-beard who fooled them.”

“Good, because I’m a coward. I’m not looking for fame and misfortune.”

“Don’t worry, John. Everyone but the sheriff loves a Robin Hood.”

Final Thoughts

And that is my favorite Wall Street crime case. I’m called when matters go mysteriously wrong, so Miss Marple-like, I occasionally stumble upon another puzzle and test of wits.

In this case, charities profited and the bad guy turned out a good guy. Some may object that a criminal avoided prosecution, but personally, I couldn’t imagine a better outcome.


Following are a few more tech notes.

17 October 2021

The Digital Detective, Wall Street part 3


I’m still astounded Fortune 500 companies and government facilities not merely allowed, but invited me, a 19-to-20-something freelance me to play with their very expensive computers. I mean work, not play, yeah, work is definitely the word. Reputation is everything. And okay, I have authority issues. So I’m told.

Striking off on my own meant no security blanket, no 401K, no pension, no profit-sharing. It meant scary months when I wondered if the phone would ring with a client and months when I wondered if the previous client was going to pay or not. That’s a concern– some companies withheld payment until they once again needed help. Sometimes managers wouldn’t like what I reported. My type of work– designing systems software– was specialized, so occasionally famine struck.

During one drought, camels were toppling over, birds fell from the sky, and my bank account appeared a distant mirage. Finally a call came in before the telephone company could cut me off. It was Wall Street again, a mutual funds house we’ll call MuFu. Loretta was their CIO, Chief Information Officer.

100 Maiden Lane, NYC © Emporis
100 Maiden Lane
NYC © Emporis

“Darling, are you available?”

“Personal or pleasure?”

“Are you saying personal isn’t pleasure?”

“You’re married.”

“Was, Darling, was.”

“Loretta, I’m sorry.”

“Don’t be, I’m not.”

She lied. I could almost hear the sounds of tears leaking from her eyes. She was a nice lady who’d come up through the ranks.

“Loretta, what’s happening?”

“If you’re available, I need help.”

“Please don’t let it be application programming.” Even if it was, I desperately needed the work.

“Well… Did you hear we’re undergoing a conversion from Cobol to C?”

“You and every other firm with fresh university graduates.”

My professors, Paul Abrahams and Malcolm Harrison, were language experts. Abrahams was chairman of ACM’s SIGPlan and would eventually be elected president of the US’s professional organization, the Association for Computing Machinery. They received early releases of Unix and with it the C language. For my part, C was co-respondent in a love-hate relationship. It constituted a step up from assembler language, but I wanted more.

She said, “I know you’ll be simply shocked, but we’re experiencing crashes. We can’t cut over until we nail the problem. Nobody around here can read machine code. I know it’s not your thing, but nobody knows Cobol either.”

In the following, I’ve tried to trim back technical detail to make it more accessible and I apologize where I failed to restrain it. The gist should suffice.


Next day I took the Staten Island Ferry to lower Manhattan, where I strolled up Pearl Street and turned onto Maiden Lane. The mutual funds house took up a few floors of an older building, although the interior was done in chrome movie set futurism.

The glass room remained there running their big iron computer. Off to one side was a new server chamber covered in curved, blue plexiglass. Very spaceshipish.

Loretta blended 10% boss and 90% Cub Scout Den Mother, which made her a popular manager among the guys. She called in her lead analyst and chief programmer, Richard and Robert. The latter radiated lethal hostility.

“Leigh’s here to shoot that bug that’s killing us.”

“We don’t need help,” Robert said. “He’ll just waste our time.”

Loretta said evenly, “You’ve had months and it’s still not identified. Please give Leigh all the help he needs. He’ll likely work after hours to have the computer to himself.”

After Loretta departed, Robert said, “I know who you are. You used to be hot shit.”

“I’ve never heard it put so charmingly. Listen, I’m not here to take your job. I’m not here to threaten you. I’d like to get the job done and move on. Show me what’s going on.”

As predicted, the program started and died with an out-of-address exception– the program was trying to access memory that wasn’t there.

I asked for listings and a ‘dump’, formerly called a core dump, a snapshot of memory when the system died. The address of the failing instruction allowed me to identify the location of the link map, an org chart of routines that made up the program. Sure enough, the instruction was trying to reference a location out of bounds of its memory.

I took the program source listing home with me and spent a couple of days studying it. It was ghastly, a compilation of everything wrong with bad programming and especially in C. It contained few meaningful variable names and relied on tricks found in the back of magazines. Once in a while I’d see variables like Principle or Interest, but for the most part, the program was labeled with terse IDs such as LB, X1 and X2. This was going to take a while.

The company had no documentation other than a few layouts from the analyst. When I called in to ask a question, Robert stiff-armed me. I arranged my first slot for Friday evening with time over the weekend.

I began with small cleanup and immediately hit snags. I’d noticed a widely separated pair of instructions that read something like:

hash_cnt = sizeOf(Clientable);
      :
cust_cnt = abs(hash_cnt);

Wait. What was the point of the absolute value? C’s sizeof() returned the number of items in an array. It should never be negative. You could have five apples on a shelf or none, but you couldn’t have minus five.

As part of the cleanup, I commented out (disabled) the superfluous absolute value function. Robert dropped down as I compiled and prepared to test. I typed RUN and the program blew up. What the hell? Robert appeared to sneer, looking all too pleased.

He said, “That section was written by that old guy, John. We fired him because didn’t know crap, so no surprise it’s hosed up.”

I knew who he was talking about, a short, pudgy bear in his late 40s with Einstein hair. I’d never been introduced, but I’d heard him on a conference panel. John was no dummy, no matter what Robert said.

Robert smugly departed. I stepped through the instructions, one by one, studying the gestalt, the large and small. My head-smack arrived on Sunday. Curious why sizeof() would return a negative value, I traced how hash_cnt was used. As I stepped through the instructions, I saw it descend into a function called MFburnish().

I couldn’t find source code for MFburnish(). No one could. Without source, it would be very difficult to determine what happened inside it.

I went back to the variable Clientable passed to sizeof(). The array was loaded from a file, Clientable. Both consisted of binary customer numbers. I spotted something odd.

C is peculiar in that it uses null (binary zero) to mark the end of arrays and ordinary file streams. This file had two nulls, one about the seven-eights mark and another at the absolute end.

At first, I thought the file had shrunk and the marker moved down while remaining in the same space. But when I looked at the file, it had the same defect… or feature.

As some point, I looked at the link map to check upon another routine and for the first time noticed what I should have spotted earlier. There amid C Library functions of isalpha(), isdigit(), islower(), isupper(); was sizeOf().

Double head-smack. First, C’s authors claim sizeof() is a unary operator like +n and -n. To me, sizeof() looks and acts like a function and nothing like a unary operator. But by their definition, it shouldn’t show up in a link map with real functions. On closer inspection, the program read not sizeof() but sizeOf(). Another annoyance of C is that it’s case sensitive, meaning sizeof and sizeOf and SizeOf and even SIZEOF are not the same thing. This kind of nonsense wouldn’t have been possible with their old Cobol system.

The deception seemed awfully abstruse, even by C standards.

interest truncation example

The Clientable contained account numbers of a sizeable fraction of clients. Why some customers and not others would take me a while to discover. Unlike sizeof(), the ginned-up sizeOf() showed the actual record position within the full file expressed as a negative number, hence the abs() function.

Someone had written deliberately misleading code. But why?

Money, of course. Moving backwards, I began to look at the code with a different eye. And there it was… not merely the expected interest calculation, but the conversion from binary to decimal, another Cobol to C difference. I suspected one of the company’s programmers had pulled off the oldest thefts in computerdom– siphoning off money by shaving points when rounding numbers.

This wasn't the problem Loretta had asked me to solve. Robert had directed me to the wrong program, which turned out to be a stroke of luck. Loretta had invited me to track down a program bug, but I suspected I had unearthed traces of virtual villainy.

Next week: The Confrontation

Following are Cobol versus C notes for the technical minded. Feel free to skip to next week.

03 January 2021

The Skating Mistress Affair, Part IIII


bank vault

Parts I-III provide the background of a unique bank fraud investigation.

In Part II, negotiations soured and in Part III, legal action failed miserably. The bank thought they were done for, but I wasn’t.


The Commentator

To continue developing and enhancing the software, I needed to understand it at least as well as the author. Nothing would do that like immersion in it, and nothing would aid in immersion like having to document the programs line by line, block by block, section by section.

Tedious. Refill the Ritalin, oil the exercise bike, and absorb.

Data Corp set up a pair of desks for me, not with their programming group but in a large room staffed with accountants, bookkeepers, and clerks. That made me the only guy amid thirty-some women.

pink office chair
 
pink Princess phone
Princess phone
 
boobs coffee cup
a slightly less risqué model
 
latex fingertip protectors
latex fingertips

Flirtatious and fun, the data center girls delighted in playing pranks on me. Some tricks were small, such as when they glued a dozen water-cooler cups together and hid the rest. Others were more ornate. They ordered a pink and gold chair for my desk, and installed a Playmate screen saver. My black office phone found itself replaced with a princess phone also in pink. A welcome gift box on my desk contained a coffee cup shaped like breasts.

My office mates flattered and flirted. Once, I asked a supervisor why the girls believed they could get away with such outrageous behavior. “You look easy to tease,” Shelly said. They read me like a Power Point slide.

They were also kind, sharing lunch with me. I never knew who installed a bud vase on my desk and kept its rose and water fresh.

One afternoon, the VP stopped by to pick up a couple of data cartridges. I opened my desk drawer… and immediately slammed it shut. I’d caught a glimpse of something lavender and lacy. Every eye was riveted upon me, watching what I’d do next.

“Er, maybe this drawer,” I muttered, only to spot another item, pink and frilly. The women had filled my drawers with, well, drawers, lingerie at least. I could feel the back of my neck burning.

“Er, I have to dash down to the computer room,” I said. “I’ll drop them off at your desk.”

“But…”

He peered after me suspiciously, knowing something was up. As I took off, he glanced around at the women who were all staring at him.

One morning I arrived to find a fat pink envelope on my desk decorated with hearts and cupids. Inside was tucked another plump envelope with a calligraphic message on it: “Shelly, Julie, DiDi, and Roxy invite you for the weekend. Necessities enclosed.” Heads craned my way as I slipped my thumbnail through the seal.

Out fell a dozen of the tiniest condoms. They’d filled the envelope with the thin latex fingertips clerks slip on when flipping through sheaves of checks and currency. Their cleverness cracked me up. When I stopped laughing, I took out a ruler and carefully measured one of the latex rings. Nodding judiciously, I placed one in my wallet. The lasses laughed, hooted, and jeered and cheered.

We Leave Our Light Off For You

At night, I pretty much lived at the data center, starting on the computers as soon as one was freed up from the work day. To snatch a few hours’ sleep, I holed up in a small motel near the bank’s Data Corp office.

During my extended stays, hotels generally grew used to me, A low-key and seldom demanding demeanor made the maids happy and sometimes pampering. Managers were pleased to X-out a room from their unrented list for a month or six, sometimes more. Across many states and a few countries, hotel life worked efficiently for me.

But deep in the Shenandoah Valley…

This local motel operator wasn’t used to a nomad like me, out all night, sleeping during the day. He glowered at my arrival each morning, frowned as I departed in the evening. Chambermaids reported reams of secret code documents in my room. Learning I skulked down to the bank building each night convinced him I was up to no good. He grew suspicious nefarious activities were afoot.

He telephoned the bank. They routed him to the Data Corp center and wound up with an operator who told him, “Oh, that’s the guy involved in the computer fraud.”

He’d heard enough.

Next morning, exhausted from a long and grueling bout of decoding and debugging, I arrived to find the motel manager in the lobby, arms folded, glaring at me. My haphazardly packed suitcases stood by the door.

Stiff-lipped and obviously fearful of a disheveled guy my size, he said, “Pay your bill and leave. I’ve called the police.” Activity in the motel stopped as a gallery of employees gathered at the balcony rails to witness their innkeeper deal with his dastardly guest. I disappointed them by producing my American Express.

With no internet at the inn, he refused to lend me a phone book to look up alternative hotels. The manager got his final satisfaction by ordering his bellboy to toss my bags outside.

Theirs was an independently owned franchise of something like Motel 7. An hour later, cheek buried in a Howard Johnson’s pillow, I sleepily fantasized complaining to Motel 7’s corporate office… and drifted off to sleep. Just another hazard of the road.

Reanimation

Here I delve into technical details of Sandman’s cryptography and computing. Feel free to skip ahead to The Flash Gorden Super Decoder Ring.

The first hurdle required overcoming a lack of tools, even a lack of tools to build tools. I needed to develop solutions on the bank’s computers, and they weren’t geared for deep-level development. The answer was to invent parsers in assembly language, the language of the machine itself, not meant for the type of character analysis and manipulation I needed. That filled the early days and then came the heavy lifting.

David Edgerley Gates previously brought to our attention substitution cyphers called cryptogramsfound in Sunday newspaper puzzles. Each encrypted letter translates or maps to a plain text letter. For example,

CryptoQuote Encryption Table
↪︎ ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 ↪︎
JXOHY28RGUPB1WA736SLZQF5MD40CN9VTKIE

In the ‘Adventure of the Dancing Men’, Sherlock Holmes took on a secret society’s messages that differed from cryptograms only in the ‘letters’ represented as pictographs. The Dancing Men glyphs corresponded one-to-one with letters of the alphabet.

Sherlock Holmes Dancing Men translation table

Sandman didn’t resort to half measures. I realized he’d built multiple tables that made decoding a multiple more complex. I had to figure out the mirror image of what he’d devised. The American Civil War saw the use of hair-yanking two-dimensional cyphers. Sandman hadn’t made decryption impossible, merely difficult.

Toward that end, I built a translator to fill holes in the reconstituted tables, gaps where uncertainty failed to reveal which letter represented what. The translator checked for errors, refined and reran the process repeatedly until the blanks filled in.

The process was a variation of stepwise refinement: shampoo, rinse, repeat. I’d decrypted so much, I no longer doubted the plan’s viability. The more I decoded, the smaller shrank the unknowns list.

As Sir Conan Doyle pointed out, the frequency of letters we use in writing varies considerably, useful to know when solving puzzles and Wheel of Fortune. In many examples, ETAOIN occur most frequently in ordinary writing and KXQJZ appear least often. In my code tables, I’d cracked the ‘E’s, the ‘S’s, the ‘T’s and most of the other letters. Here and there I might not know the occasional Q or J, but that decreasingly mattered. Over time, I could plug holes as the solution became clear. I was going to whip this thing.

Ironically, if Sandman had simply treated labels as serial numbers, e.g, No52000, No52010, No52020, etc, he would have robbed them entirely of meaning, making decoding moot. He probably avoided that path, thinking it went too far and might set off alarms within Data Corp’s programming staff.

In the days before I’d realized the labels were encrypted, I wrote a program to extract a sampling from 25,000 lines of code, sort them, hoping they’d point a way to patterns. The harvest yielded 3600 unique names, not one of them a recognizable word or abbreviation. That clue alone suggested something bogus. Programmers might omit vowels, might use peculiar abbreviations, or sometimes use slang drawn from popular fiction like grok and borg, foo and plugh. In 3600 labels, I found not one meaningful word. Patterns, yes, but nothing recognizable surfaced.

I built frequency counters, applets to show how often characters appeared. I had to be wary of vowels since labels were limited in length and the first thing people jettison when abbreviating are vowels. The tables from the frequency counters not only revealed which letters were the most crucial, but also helped zero in on likely character replacements.

The first pass turned out better than expected. A thousand labels suddenly appeared readable. A few unknowns became obvious, but in one table I inadvertently mixed M with N. Correct and rerun. Rinse and repeat. Letter by letter, the coded alphabets unmasked.

Discovering how Sandman selected which table to use helped narrow the focus. The first character of a label served as a table selector. If that letter fell within the first third of our thirty-six alphanumeric characters, he used table 1, or within the second third, table 2, and so on. That mapping didn’t immediately jump out from the encryption, but it could be deduced as labels revealed themselves.

Sandman’s Encryption Table
  ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
selector

↪︎ JXOHY28RGUPB1WA736SLZQF5MD40CN9VTKIE
↪︎ 5FXABTS2V71K9Y6G048HUOLEIPQJNZCDMWR3
V52KGBXSLOM7TIWH6P18Q03NYDJZCEUFR94A

7-of-9 and Other Figures

An important issue I had to deal with was context. If you’ve ever glanced at raw HTML, you saw that formatting tags were mixed in with common text. You might see something like:

<html><head><title>Student Body</title></head><body>

This page discusses who shall head the student body.

</body></html>

Imagine searching and replacing the keywords ‘head’ and ‘body’ without affecting the HTML tags in a hundred-thousand lines and upwards of a million words without making a mistake. The solution is to comprehend meaning, to grasp when head is part of a formatting tag and when it isn’t.

Much like a human reader, the translation program needed to comprehend context. It parsed the text, distinguished actual programming statements, formatting commands, comments, and assorted runes in what technical people call a non-trivial exercise.

The smart enough parser had to recognize if “7,9” referred to two registers, two memory locations, a mix of the two, coordinates, formatting, a decimal number, part of a comment, or an actress in a television show.

To minimize errors as I restored the code, I borrowed a programmer to help check expansions. Late into the night, our flat conversations sounded like alien air traffic controllers:

“… Hex two-five-five, nought, bang paren dog-easy minus splat…”

“… Xor var fox fox, double word, two-seven baker niner able, no deltas.”

A splat meant an asterisk, bang an exclamation point, a delta implied a difference, and much of the rest was hexadecimal. You’re following this, right?

Deltas had to be identified and dealt with. A final pass matched the assembled output of the original and my newly created decrypted version.


The Flash Gordon Super Decoder Ring

It took a shade over two months, but finally I could inform the vice president he had viable source code, better documented than the original. Since most people couldn’t tell assembler code from alphabet soup, he awarded me congratulations with a vague smile. After all, he had to trust what I said it was.

More satisfying was a phone call I made, one to Sandman.

He said, “I don’t believe it. Impossible. You could not have done it. I couldn’t have done it.”

“It’s true. Got a fax number? I’ll send you a couple of pages plus a cross-reference list of labels.”

“Wow, that’s stupendous. Awesome. I didn’t think it could be done. I respect you, you know. This has been extremely satisfying in a way, a battle of brains. Thrust and parry. Check and mate. You’re as good as they say.”

“You could be a contender, Dan. Do the right thing, join the universe on the side of the angels.”

I thought it was end game, but it wasn’t over yet. When no one was looking, perhaps influenced by his corrupt skating Queen, Sandman slipped another rook onto the board.

Computer Associates

I continued development, expanding the product’s capabilities. Some time earlier I had invented Fx, a technique to carve out an independent partition tailor made for such a product to run in. I refined it for Data Corp, which pleased the customers.

On the sales side, matters were not going well. Sandman was right about one aspect. The business model Chase maintained in his head did not match the reality of the market. Australian Boyd Munro had managed to support a high-flying international sales organization– literally high flying– Boyd and the top officers flew their own private planes. Their salesmen personally visited companies to sell a product that leased for a thousand dollars and upwards a month.

Chase owned a Cessna, but with a product that sold for a fraction of Munro’s in an increasingly competitive and changing market, flying half way across the country to make a sales pitch wasn’t feasible. Although we’d solved the technical and legal catastrophes, the board eyed the bottom line, and S&M– sales and marketing– loomed in their gunsights.

During my break in Boston, the vice president phoned. Another situation. Couldn’t he time dramas to occur when I was in Virginia?

“Leigh, what is your opinion of Computer Associates?”

“My opinion? They have staying power, can’t argue that. They change with the times. The company has a chequered reputation, though, considered shady. Rumors persist about a clash with Tower Systems out in California and that the D-fast and T-fast products were cloned. Supposedly the president’s brother is the corporate attorney, so one story says they bully smaller companies in court, grind them down with legal fees, Software Darwinism, the beast with the biggest claws.”

“Computer Associates expresses an interest in buying the rights to our product. They want to send a software specialist to look over the programs. Can you fly here to show it to him?”

“You want to show a competitor our source code? In light of what I just explained, if only a small part is true, does this make sense?”

“Did I mention they are talking a five with a lot of zeros after it?”

“Five hundred thousand dollars? You are joking.”

“I do not joke.”

“Have them sign a non-disclosure agreement, maybe an MOU. Protect yourself.” I could tell from his reaction he wasn’t listening to anything but a five followed by five zeroes.

Bankers, hard-nosed but so naïve.

CA’s software guru turned out to be a Jersey guy with an enviable excess of kinetic energy. The bank’s coffee klatch girls studied Matt, sizing him up.

“He looks like the Leverage TV actor, you know, Christian Kane without the smile, don’cha think?”

“I picture that bad boy flying down the road on a motorcycle, long hair flattened back by the wind.”

“You hear how he talked to the receptionist? He gives me the creeps. You ever see Andrew Dice Clay?”

“Girlie, we got a male who fogs a mirror. What more do we need in a testosterone drought?”

Matt communicated mostly in monosyllabic grunts and nods, then dove head-first into the programs. The vice president hung about, all but wringing his hands before deciding his presence wasn’t contributing. Chase on the other hand, sat down prepared to answer questions. When Matt opened his notebook and began to make copious notes, I shot a questioning look at Chase. He merely shrugged and motioned me outside the room.

“The VP said anything goes. They want to sell it and don’t want us to throw up barriers.”

“What about the non-disclosure? Your bank had me sign one.”

“You are a consultant. This is an established company.”

“I don’t believe it. You wouldn’t give me a hint about the program until I signed sixteen documents. This guy waltzes in, they open the vault?”

“Pretty much. Look, they know your feelings; they just don’t see it your way.”

The VP returned and offered lunch, a largess almost unheard of. Barbecue, Southern buffet, Chinese… Matt waved them all away. “Cold pizza will do.”

Folks in the Shenandoah Valley like to get to know people they do business with. Matt did his best to keep a distance. Chase was clearly uncomfortable with this, but the vice president took it to mean Matt was all business and above frivolity while the rest of us worried about job security. The fact Matt saved the vice president forty bucks for lunch didn’t hurt either.

The afternoon turned into more of the same. Matt pored over the programs, taking extensive notes, filling page after page. From time to time he stepped out of the room to make private phone calls. About 5:30, we shut down for the evening, unusual for us. We invited Matt out to dinner. Chase suggested bluegrass, but Matt declined both.

We met again at nine the next day. Mid-morning Matt turned his attention to my Fx routine and his interest picked up, so much so that he was copying actual bits of code. How did this advance negotiations, I wondered. I closed the binder cover and excused myself, taking it with me.

I stopped in the VP’s office, and reported I didn’t like the way this was going. I’d developed this routine on my own, already had it purloined once, and I didn’t want it stolen again. Because I benefited from royalties, I allowed the bank to use it but they didn’t own it– I did. My holding out for a signed agreement did not make the vice president happy.

Lunch saw subs delivered. By mid-afternoon Matt said he was ready for a meeting. Even I wasn’t prepared for the audacity of his announcement.

“You know a guy named Daniel Sandman? We bought rights and title to the package from him. After minor changes, we shall bring it to market. We’re willing to pay you $10,000 for whatever rights you think you have and you turn your source code over to us.”

The blatant gall stunned us. Finally, Chase said, “The offer of a half million plus was just bullshit?”

The vice president, never one to forget proprieties, frowned at Chase but said to Matt. “You viewed our source under false pretenses?”

Matt shrugged. “You were under no obligation to show me a fucking thing. I suggest you consider this proposal quickly and unemotionally. I have no idea how long my bosses will keep the offer open. With or without you, we’ll bring the product to market within months.”

“What offer?” said Chase. “This is blackmail.”

“It’s actually extortion,” said the vice president. “It won’t fly here. We own the product. We have taken steps more than once to defend it. I cannot imagine what Sandman led you to believe, but the product is not yours. Now I’d appreciate it if you return the notes.”

“Forget about it. The notes are mine, freely allowed by you. You know Charlie Wong, the guy I work for? And his brother, their lawyer? Believe me, before this is over, we’ll own it, Fx and all, and you’ll be wishing you had the $10,000 to cover your first week of legal fees.”

“Fx is not for sale,” I said flatly.

“You think you can stop us?”

The vice president leaned in. “Our customer base monthly revenue is worth more than you’re offering. I suggest you leave, before Southern hospitality comes to an end.”

Matt tapped his fingers a moment and said, “You’ll regret it. Call me a fucking cab.”


The after-conference turned dismal. We had been humbled, deceived, threatened, misled and misused. Only our refusal to be bullied gave us the least comfort.

Matt’s feint and his company’s bluff corroded the bank’s confidence. Computer Associates’ audacity must surely have some credence, mustn’t it? The vice president sent out a tendril of query, tried a civilized probe into Computer Associates, which was met with stony implacability. Gradually, the cold acidic silence ate through the bank’s certainty and sense of justice. They decided to invest no more in the product.

I was retained for the time being because Data Corp still had customers who depended on the software and they would not abandon them. As manufacturers introduced new devices and operating system changes, our package continued to adjust and adapt.

Loose Ends

Chase departed, moving on to sell elsewhere. He reported an industry insider rumor that Computer Associates concluded Sandman either screwed them or they found him too volatile to work with. Either way, they killed off their project. But sadly, they’d also killed ours.

CA’s retreat came too late for us. With sales and marketing shut down, the die had been cast. Within a year or two, requests for updates to the software slowed and then tapered off altogether. The bank ceased billing the last few customers, letting them continue to use the product if they chose or migrate to a competitor’s offering.

Sand Castles

Sandman induced mixed feelings. He possessed a brilliant, if sadly injudicious mind. Like a Greek drama or a Russian novel, the characters and the outcome were doomed from the start. I thought of Sandman less a bad guy and more a pathetic protagonist hemmed in by a distorted perception of the world.

As a result, he acted vengefully and criminally. He’d defrauded a bank and its most important business clients. Goaded by his lover, he blew every chance, every opportunity to get it right. When the blunders of a cigar-chompin’ deputy gave him a get-out-of-jail card, he attempted one more dishonest end-run, reselling a product he no longer owned. It shouldn’t have turned out a tragedy, but characters seldom get to decide the plot.

I confess I relished the contest. Like a novel’s protagonist, I had to see it through until its end. A friend noted I would have fought the battle even if I hadn’t been paid.

As a freelancer, jokes surrounded me about riding into town, smiting a problem, and riding out again as winsome daughters clasped their hands to heaving bosoms and cried out, “Who was that masked man?” Even the industry slang of a hired ‘code-slinger’ evoked the image of a geekish gunfighter. We each enjoy our illusions, but the challenge felt exciting.

Although a resoundingly happy ending didn’t materialize, the case looms in my past with a sense of satisfaction, of skirmishes won and a job completed. One could argue otherwise, but I like to think it a shadow victory for the good guys who prevented the bad guys from winning.

As much as I enjoyed the battle of wits, the world would have been a happier place if Sandman had executed an ethical U-turn into the righteous lane. But if the ungodly, as The Saint was wont to say, always did the right thing, we’d have no story.

20 December 2020

The Skating Mistress Affair, Part III


bank vault

Part I and Part II provide the background of a unique bank fraud investigation. Last time, Sandman, influenced by his interfering inamorata, could not grasp that having cheated a bank once, he was no longer in a position to negotiate tough deals to make matters right.

No one had any notion of the unreal turn the case would take.


Off-Court Serve

A sizable entourage gathered in North Carolina: the vice president, a local consultant, a legal assistant, two attorneys, a company officer, Chase, and a brace of company people who stayed in the background.

I hadn’t previously met the bank’s attorney, a pretty, dark-haired girl with beauty, brains, and a beguiling sense of humor. Diane and I hit it off immediately.

The vice president introduced the other attorney, a local Greensboro man who’d made good. He’d graduated Harvard summa cum laude, then returned home to practice. His Clark Kent glasses lent a vague, intellectual uncertainty that would fool most people. Women zeroed in on tall, dark, and handsome, although he’d probably suffer an academic stoop in later life. Chase used the term ‘Esquire’, which became the man’s sobriquet for the rest of the trip.

The attorneys laid out a simple plan. They intended to search Sandman’s residence and, if necessary, his workplace for the source code. Since Sandman worked nights and slept days, they hoped to catch him napping– literally.

Esquire’s clerk had filed a brief and affidavits, including a couple from me, in support of search warrants for Sandman’s residence and place of work. They drafted carefully the motion to search the workplace, Carolina Steel. They weren’t Sandman’s employer, they merely let Sandman use their computers for development in exchange for his software and services. Two of their employees, Harry Church and Charley Barley, collaborated with Sandman.

Guilford County courthouse
Guilford County courthouse

An out-of-state entity requesting to search a local company might give a judge pause, but banks enjoyed certain federal privileges and protections. Trailing after the attorneys, we convened at the Guilford County courthouse to obtain a judge’s signatures on the court orders and warrant.

And then we waited. And waited. The courthouse’s architecture would have given Howard Roark apoplexy, a dull cell block unrelieved by a Greco-Roman temple façade. Its uncommonly hard benches had been cunningly copied from a Spanish Inquisition design. After painful hours of aching back and backside, I’d have confessed to assassinating Warren G Harding.

Once we discovered judges had adjourned for lunch, we followed suit. Esquire stayed behind in case a magistrate returned early. We need not have worried. The clock read well after lunch hour when Esquire came dashing back.

Why Southern Deputies Have Stereotypes

   
Sheriff J.W. Pepper   Sheriff B.T. Justus   our Deputy I.B. Dimbulb

The next step entailed the sheriff’s office executing the search warrant. While we waited, the Sheriff’s Department assigned a deputy to us. Jaws dropped. I wasn’t sure about the others, but I gulped in dismay.

Sheriffs J.W. Pepper and Buford T. Justice– movie fans might recognize them as the fat, stogie-chomping clichés portrayed by actors George Clifton and Jackie Gleason, respectively. Our guy looked like their bigger, nastier, meaner brother, the Southern deputy the South has done its best to stamp out.

Mean little eyes peeked out from the fat pads of his cheeks. His hair was losing the follicle war fought on an oily battlefield. He chewed a fat cigar mashed out so often, its end looked exploded. This good ol’ boy had worked hard developing a beer gut, the kegger kind that gave meaning to barrel-chested.

Chase and I’d been chatting up the pretty attorney between us, idly flirting to keep in practice. The deputy looked around at the gathered crew, hitched up his gunbelt and seized upon her to impress.

“Lil lady, whuz this here all about?”

Diane explained we were waiting for a warrant.

“Whut, you’re a legal lady? Purty lil theng lack you? Listen here, I’ll check on it, pull a few strings.”

He wandered off, came back, and glowered at Chase and me still sitting on either side of her. He plumped down next to the law clerk, facing us, legs apart to accommodate the sag of his kilderkin belly. Guilford County law enforcement shirts were made out of sturdy twill, not flimsy civilian fabric that might rupture at the next Big Mac.

“We wait a bit. At least this here’s simpler than last week. Yes sir. We wuz down in n-town, middle of the night, had my nightstick out whaling away, an’ you wun’t believe how shy them dark ones gets facing real lawnforcement.”

A man with a gun, a prejudice, and a loose screw had been turned loose on the streets of Greensboro.

The rest of us sat aghast. The local paralegal looked as if he wanted to shrink out of sight. Our VP, lounging against the wall, grimaced in disgust and departed the scene of the crime.

Next to me, attorney Diane tried to reassure me, the Yankee in the group. She whispered, “Believe me, this is not what Southerners are all about. This moron is… is…”

“An abomination,” muttered Chase. “Pardon the expression, but an utter asshole.”

His eye-watering cigar breath wilted most of us. I couldn’t decide if the deputy was oblivious to our reactions or encouraged by them. Had some of us managed to conjure obsequious interest, the course of events might have changed.

He continued. “Yep, now you takes a good oak nightstick, it makes a real good impression. It’s a grand persuader and if someones gets a bit messed up, you don’ gotta file no reports lack if you draw down. Nows this one darkie…” He didn’t use the word darkie.

I worked and traveled throughout the South, but I never encountered anything like this. More than sickening, this guy frightened us.

Once upon a time, the don’t-tread-on-me temper I inherited from my mother would override the quiet reason of my dad’s DNA contribution. Chase glanced at me in alarm. He’d seen me erupt once before. He leaned over and rested a calming hand on my wrist.

“Leigh, don’t, man. Don’t let anger cloud your vision. We need this guy on our side; it’s too important.”

Chase was right. We didn’t need to antagonize the repellant lawman assigned to us. I stalked toward the restrooms.

Hands on the marble counter, I leaned forward gathering myself. The vice president stepped out of a stall. He washed his hands and said, “Piece of work, isn’t he.”

“That bastard gets his jollies clubbing kids. Makes me sick.”

“That’s why I left before I told him off. We can’t change him now.” He clapped a hand on my shoulder. “C’mon, we endure.”

And we did for two more hours. None of us knew how much more of the deputy we could take before one of us turned homicidal.

Chase and the VP grew increasingly agitated the warrant was taking so much time. As shadows grew long, legal delays put at risk the plan to surprise Sandman asleep. Now past mid-afternoon, the time neared for his inner vampire to stir.

Esquire appeared and waved the vice president over. Minutes later they handed the deputy the court order.

The deputy squinted at the documents.

“Whut’s this here software?”

Chase said, “Computer programs, apps. Software runs the computer.”

“Whut’s it look like?”

“It could be listings, discs, hard drives, or even tape.”

“Yuh, but which?”

“It could be any of the above: print-outs, discs, cartridges, or tape.”

“Yuh, I said which?”

Chase turned helplessly to me.

I said, “We don’t know, sir. If this order was for music, it could be on a cassette, a CD, a vinyl record, or even sheet music, see? Same idea; we don’t know if it’s on a hard drive, CD, or printed sheets. It could be any or all.”

“Listen up. If you don’ know whut you’re lookin’ fur, we jez ain’t goin’.”

Attorney Diane stepped forward. Beguilingly, she said, “This is a court order signed by a judge; you have the warrant. Leigh here can recognize the software.” She rested her hand on his forearm. “We need an experienced officer like you to execute the warrant.”

“Thet judge pulls bogus orders outta his ass all the time. It don’t spell out what it is, I don’t execute it.”

Esquire hadn’t been regaled with the deputy’s adventures like we had, but the antipathy between the two men had blossomed, instant and intense. He said, “Come, Deputy, explain that to the judge.”

“Folks say you got fancy-ass Harvard law school, but that don’t cut no ice. I don’t tote for you. I works for the Sheriff.”

“The judge hears this, you might not work for anyone.”

The deputy stared at Esquire. He unhurriedly took the cigar out of his mouth, pulled out a paper pouch of tobacco, tucked in a chaw, and reinserted the cigar. He gave the distinct impression he’d like to address Esquire with the nightstick. Finally, he said, “Let’s git.” He turned and stomped away.

The Raid

The deputy’s heavily muscled Dodge led our convoy of four cars. The paralegals and staff came along as witnesses. We pulled in front of a modest house in a suburban neighborhood.

Chase stayed back to avoid antagonizing Sandman. I was kept waiting in the last car, I was told, for the premises to be secured.

Four got out. Both lawyers and the vice president followed the deputy up the walkway. The deputy banged on the door.

A spikey-haired, sleepy-eyed Sandman came to the entry, tying the belt of his bathrobe.

“We lookin’ for a Daniel Sandman. You happen to be him?”

“Yes.”

“We got a warrant for software. You got any this here software?”

“No, no sir, I don’t.”

“None at all?”

“No sir.”

“Well, then, a good day to you.”

“But… but…” said Esquire. “We came to search.”

“No, we ain’t gonna do no search.”

“But we have a warrant, a search warrant, as directed by a judge.”

“You heard the boy: He ain’t got none of this software. His word’s good enough for me.”

The vice president spoke up. “He has the software and we have a court order.”

The deputy spoke in mean, measured words. “You heard the boy. He said he ain’t got software. Now, you wantin’ to mess with me?”

Thwarted, the lawyers trudged back to the cars. Revving the Dodge’s big engine, the deputy whipped the powerful car down the street and out of sight.

“We still have the court order for his workplace,” said the vice president.

“A lot of good that will do us now,” said Esquire. “But let’s try.”

Nervy Steel

He directed us to Carolina Steel’s headquarters. As if anticipated, we were swept straight to the top floor where two company officers and their lawyers met us. Clearly, they knew we were coming.

The company attorneys blathered and blathered, made phone calls and blathered more. They claimed they were waiting for senior counsel. Outside the conference room, security gathered.

One of the executives said, “Our boys downstairs assure us they don’t have any of this software mentioned in the court order.”

Chase muttered in my ear. “Least not anymore.”

“That’s why we brought an expert and a court order to search,” said our vice president.

“Now, now. Normally in Carolina, police or deputies conduct searches. You don’t do it differently in Old Vir-gin-I-A, do you? All y’all can’t expect us just to let you poke around, can you, especially since our boys assure everyone nothing’s to be found? Certainly you don’t mean to question our veracity or abuse our hospitality?”

A legal argument ensued, but it grew clear that without police presence, we wouldn’t be allowed beyond the boardroom.

Security personnel moved in to escort us to the parking lot. The burly males looked menacing enough, but the much scarier short female guard appeared itching to shoot one of us in the kneecap.

Thwarted yet again, we adjourned for a post-mortem. It felt like our own. What should have been a simple mission, abjectly nosedived.


Days later, talking to Sandman, he told me what happened behind the scenes.

“Man, the deputy gave me a scare. As soon as I closed the door, I lit the fireplace. Middle of summer and I get a blaze roaring. I’d stacked listings all over the house, one of them on an end table next to the door, not more than two, three feet from where the deputy stood.

“I gathered them up, feeding them piece by piece to the fire, burning the evidence. I also had a couple of mag tapes around. You wouldn’t believe how Mylar stinks when it burns. Gives off this black ash. The stench still reeks in my nostrils. That left a disc cartridge. I figured if worse came to worst, it might anciently sorta get dropped.

“Simultaneously, I called the computer room, and told Charley and Harry the situation. The entire time you were upstairs with the lawyers stalling you, they were downstairs erasing everything they could off of disc and tape, shredding so many listings they fried the shredder and had to roll in another.

“Every ten minutes the CIO would call in. ‘What’s left? What’s left?’ By the time our lawyers let you go, we’d hidden the key pieces and destroyed the rest.

“Harry, Charley, and me… we worried one or all of would be let go, but Carolina Steel’s attorneys nixed that, saying terminations could be used as prima facie evidence we’d done something wrong like destroying the programs specified in the warrant.

“Man, I shouldn’t gloat, but our insane clown deputy beat your Harvard summa cum laude lawyer. Lot of good he did y’all.”

Post Mortem

I accompanied the bank people back to Virginia. It wasn’t a happy trip. The vice president needed to prepare an explanation for the stockholders. The rest of us and Data Corp’s general manager met at the Arbor, a favorite restaurant for dinner, overeating, and imbibing. Comfort food and drink.

We agreed not to talk about the debacle while we ate, but we couldn’t bear the tension. We cursed the deputy, Sandman, Carolina Steel, and software in general. Finally we pushed fried chicken aside and sat back.

“Well,” said the bank’s attorney, dabbing lipstick where it had worn thin. “That was a right fiasco.”

“And other words that begin with Æ’,” Chase said.

Diane put her lipstick away. “What I don’t see is an option anymore.”

“That was it, the end of the line.”

“We’ve got to consider our exposure, to customers, to shareholders, to ourselves. We face serious liability if customers discover we don’t possess the source code.”

“Hmm,” I said.

“Damn,” said Chase, far down in his beer. “I have clients who want to buy it if we can add features and support for new hardware.”

“There is one option,” I said, but no one was listening.

“Oh Lord,” said the attorney. “I wonder if we’ve stepped on any state or federal banking regulations. We could be accused of fraud here.”

“Not necessarily,” I said.

“Even worse exposure,” she groaned, “most of our sales have been out of state.”

I said. “Folks, listen a moment. I can decrypt the code.”

Chase peered at me speculatively, the lawyer skeptically, and Data Corp’s general manager like I was crazy.

Chase said, “Danny told us over the phone it’s too complex even for him. It can’t be done.”

“When do you stop believing the guy who screwed you and start listening to the guy hired to save your butts?”

For the first time in weeks, Chase looked more relieved than morose. He gulped like a man given a Heimlich maneuver.

The general manager reached across for the last piece of chicken. “I’m pretty certain we can’t afford for Leigh to write us an entirely new program.”

Diane’s paralegal had followed both the legal and technical discussions. She had drafted the original purchase contract with Sandman.

“Leigh, what makes you think you can do this?” she asked. “Not only would you have to figure out the program in the ordinary course of events, but a brilliant and devious guy has done his best to see it can’t be done.”

“If anyone can do it, Leigh can,” Chase said with perhaps more conviction than he felt. “If you’d heard the two of them on the phone, you’d know he’s got Sandman on the run. I’ve seen his work, even more brilliant than Sandman.”

“Are we talking battle of the brains or war of the egos?” said the GM. “He may be quite the code-slinger, but experts say code-smashing can’t be done.”

I said, “The difficult part was figuring out it was encrypted. The second hardest has been deducing how. I’ve been working that out at home while I’ve been waiting.”

“You’re plugged into NSA or CIA or something?” said Diane’s paralegal.

“No, it’s merely a puzzle.” A famous quote came to mind. “A riddle wrapped in a mystery inside an enigma.” They stared at me. The Churchill reference fell flat. I couldn’t blame them; we’d undergone a bad day.

“What’s our guarantee?” the paralegal asked. “We already took the word of one guy. It’s not up to me, but I wouldn’t throw good money after bad.”

I said, “Sandman created programs to strip and encrypt the program. I have to design programs to decrypt and restore the code.”

Diane spoke up. “So why are you saying this isn’t the most difficult thing in the world?”

“Sandman didn’t want to trigger alarms, so no fancy NSA 128-bit encryption. Instead, he scaled up cypher obfuscation to support the legend of a hard-to-comprehend way of doing things. He believed he garbled the code too much to permit serious study. He’s wrong, but it’ll take detective work.”

“Even so,” said Chase, “you won’t get the documentation back, the comments.”

“True, but I’ve been living with this program for months. Once decoded, the label names give clues; that’s why Sandman encrypted them. As for the logic, in a circular way I can learn the code by having to document it and I can document the code by having to learn it. Does that makes sense? I’ll attain a deeper knowledge than if I hadn’t had to do the extra work.”

Chase raised his glass. “I bet on Leigh.”

The attorney– she of little confidence– shook her head. “He’s cute but…”

Chase picked up the check and said to me, “Let’s get sleep and start tomorrow.”


Sandman had blown his chance to negotiate a deal that would have benefited everybody. The bank boxed him in legally and I was closing in on breaking his unbreakable code. He still had one more wrong move to make as we wrap up in Part IV.