Parts I-III provide the background of a unique bank fraud investigation.
In Part II, negotiations soured and in Part III, legal action failed miserably. The bank thought they were done for, but I wasn’t.
The Commentator
To continue
developing and enhancing the software, I needed to understand it at least as
well as the author. Nothing would do that like immersion in it, and nothing
would aid in immersion like having to document the programs line by line, block
by block, section by section.
Tedious. Refill the Ritalin, oil the exercise bike, and absorb.
Data Corp set up a
pair of desks for me, not with their programming group but in a large room
staffed with accountants, bookkeepers, and clerks. That made me the only guy
amid thirty-some women.
 |
| |
 |
| Princess phone |
| |
 |
| a slightly
less risqué model |
| |
 |
| latex
fingertips |
Flirtatious and fun,
the data center girls delighted in playing pranks on me. Some tricks were small,
such as when they glued a dozen water-cooler cups together and hid the rest.
Others were more ornate. They ordered a pink and gold chair for my desk, and
installed a Playmate screen saver. My black office phone found itself replaced
with a princess phone also in pink. A welcome gift box on my desk contained a
coffee cup shaped like breasts.
My office mates flattered and flirted. Once, I asked a supervisor why the girls believed they
could get away with such outrageous behavior. “You look easy to tease,” Shelly
said. They read me like a Power Point slide.
They were also kind,
sharing lunch with me. I never knew who installed a bud vase on my desk and
kept its rose and water fresh.
One afternoon, the
VP stopped by to pick up a couple of data cartridges. I opened my desk
drawer… and immediately slammed it shut. I’d caught a glimpse of something
lavender and lacy. Every eye was riveted upon me, watching what I’d do next.
“Er, maybe this drawer,”
I muttered, only to spot another item, pink and frilly. The women had filled my
drawers with, well, drawers, lingerie at least. I could feel the back of my
neck burning.
“Er, I have to dash
down to the computer room,” I said. “I’ll drop them off at your desk.”
“But…”
He peered after me
suspiciously, knowing something was up. As I took off, he glanced around at the
women who were all staring at him.
One morning I
arrived to find a fat pink envelope on my desk decorated with hearts and
cupids. Inside was tucked another plump envelope with a calligraphic message on
it: “Shelly, Julie, DiDi, and Roxy invite you for the weekend. Necessities enclosed.”
Heads craned my way as I slipped my thumbnail through the seal.
Out fell a dozen of
the tiniest condoms. They’d filled the envelope with the thin latex fingertips clerks
slip on when flipping through sheaves of checks and currency. Their cleverness
cracked me up. When I stopped laughing, I took out a ruler and carefully
measured one of the latex rings. Nodding judiciously, I placed one in my
wallet. The lasses laughed, hooted, and jeered and cheered.
We Leave Our Light Off For You
At night, I pretty
much lived at the data center, starting on the computers as soon as one was
freed up from the work day. To snatch a few hours’ sleep, I holed up in a small
motel near the bank’s Data Corp office.
During my extended
stays, hotels generally grew used to me, A low-key and seldom demanding
demeanor made the maids happy and sometimes pampering. Managers were pleased to
X-out a room from their unrented list for a month or six, sometimes more. Across
many states and a few countries, hotel life worked efficiently for me.
But deep in the Shenandoah Valley…
This local motel
operator wasn’t used to a nomad like me, out all night, sleeping during the
day. He glowered at my arrival each morning, frowned as I departed in the
evening. Chambermaids reported reams of secret code documents in my room.
Learning I skulked down to the bank building each night convinced him I was up
to no good. He grew suspicious nefarious activities were afoot.
He telephoned the
bank. They routed him to the Data Corp center and wound up with an operator who
told him, “Oh, that’s the guy involved in the computer fraud.”
He’d heard enough.
Next morning,
exhausted from a long and grueling bout of decoding and debugging, I arrived to
find the motel manager in the lobby, arms folded, glaring at me. My haphazardly
packed suitcases stood by the door.
Stiff-lipped and
obviously fearful of a disheveled guy my size, he said, “Pay your bill and
leave. I’ve called the police.” Activity in the motel stopped as a gallery of
employees gathered at the balcony rails to witness their innkeeper deal with his
dastardly guest. I disappointed them by producing my American Express.
With no internet at
the inn, he refused to lend me a phone book to look up alternative hotels. The manager
got his final satisfaction by ordering his bellboy to toss my bags outside.
Theirs was an
independently owned franchise of something like Motel 7. An hour later, cheek
buried in a Howard Johnson’s pillow, I sleepily fantasized complaining to Motel 7’s
corporate office… and drifted off to sleep. Just another hazard of the road.
Reanimation
Here I delve into
technical details of Sandman’s cryptography and computing. Feel free to skip ahead to The
Flash Gorden Super Decoder Ring.
The first hurdle required
overcoming a lack of tools, even a lack of tools to build tools. I needed to
develop solutions on the bank’s computers, and they weren’t geared for
deep-level development. The answer was to invent parsers in assembly language,
the language of the machine itself, not meant for the type of character
analysis and manipulation I needed. That filled the early days and then came
the heavy lifting.
David Edgerley Gates
previously brought to our attention substitution cyphers called cryptogramsfound in Sunday newspaper puzzles. Each encrypted letter translates or maps to
a plain text letter. For example,
CryptoQuote Encryption Table
| ↪︎ |
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 |
↪︎ |
| JXOHY28RGUPB1WA736SLZQF5MD40CN9VTKIE |
|
In the ‘Adventure of
the Dancing Men’, Sherlock Holmes took on a secret society’s messages that differed
from cryptograms only in the ‘letters’ represented as pictographs. The Dancing
Men glyphs corresponded one-to-one with letters of the alphabet.
Sandman didn’t
resort to half measures. I realized he’d built multiple tables that
made decoding a multiple more complex. I had to figure out the mirror image of
what he’d devised. The American Civil War saw the use of hair-yanking two-dimensional cyphers. Sandman hadn’t made decryption impossible, merely difficult.
Toward that end, I
built a translator to fill holes in the reconstituted tables, gaps where uncertainty
failed to reveal which letter represented what. The translator checked for
errors, refined and reran the process repeatedly until the blanks filled in.
The process was a
variation of stepwise refinement: shampoo, rinse, repeat. I’d decrypted so
much, I no longer doubted the plan’s viability. The more I decoded, the smaller
shrank the unknowns list.
As Sir Conan Doyle
pointed out, the frequency of letters we use in writing varies considerably,
useful to know when solving puzzles and Wheel of Fortune. In many examples, ETAOIN
occur most frequently in ordinary writing and KXQJZ appear least often. In my
code tables, I’d cracked the ‘E’s, the ‘S’s, the ‘T’s and most of the other
letters. Here and there I might not know the occasional Q or J, but that decreasingly
mattered. Over time, I could plug holes as the solution became clear. I was
going to whip this thing.
Ironically, if Sandman had simply treated labels as serial numbers, e.g, No52000, No52010, No52020, etc, he would have robbed them entirely of meaning, making decoding moot. He probably avoided that path, thinking it went too far and might set off alarms within Data Corp’s programming staff.
In the days before I’d
realized the labels were encrypted, I wrote a program to extract a sampling from 25,000 lines of code, sort them, hoping they’d point a way to patterns.
The harvest yielded 3600 unique names, not one of them a recognizable word or
abbreviation. That clue alone suggested something bogus. Programmers might omit
vowels, might use peculiar abbreviations, or sometimes use slang drawn from
popular fiction like grok and borg, foo and plugh.
In 3600 labels, I found not one meaningful word. Patterns, yes, but nothing
recognizable surfaced.
I built frequency
counters, applets to show how often characters appeared. I had to be wary of
vowels since labels were limited in length and the first thing people jettison
when abbreviating are vowels. The tables from the frequency counters not only revealed
which letters were the most crucial, but also helped zero in on likely
character replacements.
The first pass turned
out better than expected. A thousand labels suddenly appeared readable. A few
unknowns became obvious, but in one table I inadvertently mixed M with N.
Correct and rerun. Rinse and repeat. Letter by letter, the coded alphabets unmasked.
Discovering how
Sandman selected which table to use helped narrow the focus. The first
character of a label served as a table selector. If that letter fell within the
first third of our thirty-six alphanumeric characters, he used table 1, or
within the second third, table 2, and so on. That mapping didn’t immediately jump
out from the encryption, but it could be deduced as labels revealed themselves.
Sandman’s Encryption Table
| |
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 |
selector
|
|
| ↪︎ |
JXOHY28RGUPB1WA736SLZQF5MD40CN9VTKIE |
| ↪︎ |
5FXABTS2V71K9Y6G048HUOLEIPQJNZCDMWR3 |
| ↪ |
V52KGBXSLOM7TIWH6P18Q03NYDJZCEUFR94A |
|
7-of-9 and Other Figures
An important issue I
had to deal with was context. If you’ve ever glanced at raw HTML, you saw that
formatting tags were mixed in with common text. You might see something like:
<html><head><title>Student
Body</title></head><body>
This page discusses who shall head
the student body.
</body></html>
Imagine searching
and replacing the keywords ‘head’ and ‘body’ without affecting the HTML tags in
a hundred-thousand lines and upwards of a million words without making a
mistake. The solution is to comprehend meaning, to grasp when head is
part of a formatting tag and when it isn’t.
Much like a human
reader, the translation program needed to comprehend context. It parsed the
text, distinguished actual programming statements, formatting commands,
comments, and assorted runes in what technical people call a non-trivial
exercise.
The smart enough
parser had to recognize if “7,9” referred to two registers, two memory
locations, a mix of the two, coordinates, formatting, a decimal number, part of
a comment, or an actress in a television show.
To minimize errors
as I restored the code, I borrowed a programmer to help check expansions. Late
into the night, our flat conversations sounded like alien air traffic
controllers:
“… Hex two-five-five,
nought, bang paren dog-easy minus splat…”
“… Xor var fox fox, double
word, two-seven baker niner able, no deltas.”
A splat meant an
asterisk, bang an exclamation point, a delta implied a difference, and much of
the rest was hexadecimal. You’re following this, right?
Deltas
had to be identified and dealt with. A final pass matched
the assembled output of the original and my newly created decrypted version.
The Flash Gordon Super Decoder Ring
It took a shade over
two months, but finally I could inform the vice president he had viable source
code, better documented than the original. Since most people couldn’t tell
assembler code from alphabet soup, he awarded me congratulations with a vague
smile. After all, he had to trust what I said it was.
More satisfying was
a phone call I made, one to Sandman.
He said, “I don’t
believe it. Impossible. You could not have done it. I couldn’t
have done it.”
“It’s true. Got a
fax number? I’ll send you a couple of pages plus a cross-reference list of labels.”
“Wow, that’s
stupendous. Awesome. I didn’t think it could be done. I respect you, you know.
This has been extremely satisfying in a way, a battle of brains. Thrust and
parry. Check and mate. You’re as good as they say.”
“You could be a
contender, Dan. Do the right thing, join the universe on
the side of the angels.”
I thought it was end
game, but it wasn’t over yet. When no one was looking, perhaps influenced by
his corrupt skating Queen, Sandman slipped another rook onto the board.
Computer Associates
I continued
development, expanding the product’s capabilities. Some time earlier I had
invented Fx, a technique to carve out an independent partition tailor made for
such a product to run in. I refined it for Data Corp, which pleased the
customers.
On the sales side,
matters were not going well. Sandman was right about one aspect. The business
model Chase maintained in his head did not match the reality of the market. Australian
Boyd Munro had managed to support a high-flying international sales
organization– literally high flying– Boyd and the top officers flew their own
private planes. Their salesmen personally visited companies to sell a product
that leased for a thousand dollars and upwards a month.
Chase owned a
Cessna, but with a product that sold for a fraction of Munro’s in an
increasingly competitive and changing market, flying half way across the
country to make a sales pitch wasn’t feasible. Although we’d solved the
technical and legal catastrophes, the board eyed the bottom line, and S&M–
sales and marketing– loomed in their gunsights.
During my break in
Boston, the vice president phoned. Another situation. Couldn’t he time dramas to
occur when I was in Virginia?
“Leigh, what is your opinion of Computer Associates?”
“My opinion? They
have staying power, can’t argue that. They change with the times. The company
has a chequered reputation, though, considered shady. Rumors persist about a
clash with Tower Systems out in California and that the D-fast and T-fast
products were cloned. Supposedly the president’s brother is the corporate
attorney, so one story says they bully smaller companies in court, grind them
down with legal fees, Software Darwinism, the beast with the biggest claws.”
“Computer Associates
expresses an interest in buying the rights to our product. They want to send a
software specialist to look over the programs. Can you fly here to show it to
him?”
“You want to show a
competitor our source code? In light of what I just explained, if only a small
part is true, does this make sense?”
“Did I mention they are
talking a five with a lot of zeros after it?”
“Five hundred
thousand dollars? You are joking.”
“I do not joke.”
“Have them sign a
non-disclosure agreement, maybe an MOU. Protect yourself.” I could tell from
his reaction he wasn’t listening to anything but a five followed by five
zeroes.
Bankers, hard-nosed but so naïve.
CA’s software guru
turned out to be a Jersey guy with an enviable excess of kinetic energy. The bank’s
coffee klatch girls studied Matt, sizing him up.
“He looks like the Leverage
TV actor, you know, Christian Kane without the smile, don’cha think?”
“I picture that bad boy flying
down the road on a motorcycle, long hair flattened back by the wind.”
“You hear how he talked to the receptionist?
He gives me the creeps. You ever see Andrew Dice Clay?”
“Girlie, we got a male who fogs
a mirror. What more do we need in a testosterone drought?”
Matt communicated
mostly in monosyllabic grunts and nods, then dove head-first into the programs.
The vice president hung about, all but wringing his hands before deciding his
presence wasn’t contributing. Chase on the other hand, sat down prepared to
answer questions. When Matt opened his notebook and began to make copious
notes, I shot a questioning look at Chase. He merely shrugged and motioned me
outside the room.
“The VP said
anything goes. They want to sell it and don’t want us to throw up barriers.”
“What about the
non-disclosure? Your bank had me sign one.”
“You are a
consultant. This is an established company.”
“I don’t believe it.
You wouldn’t give me a hint about the program until I signed sixteen documents.
This guy waltzes in, they open the vault?”
“Pretty much. Look,
they know your feelings; they just don’t see it your way.”
The VP returned and
offered lunch, a largess almost unheard of. Barbecue, Southern buffet, Chinese… Matt waved them all away. “Cold pizza will do.”
Folks in the
Shenandoah Valley like to get to know people they do business with. Matt did
his best to keep a distance. Chase was clearly uncomfortable with this, but the
vice president took it to mean Matt was all business and above frivolity while
the rest of us worried about job security. The fact Matt saved the vice
president forty bucks for lunch didn’t hurt either.
The afternoon turned
into more of the same. Matt pored over the programs, taking extensive notes,
filling page after page. From time to time he stepped out of the room to make private phone calls. About 5:30, we shut down for the evening, unusual for us. We invited
Matt out to dinner. Chase suggested bluegrass, but Matt declined both.
We met again at nine
the next day. Mid-morning Matt turned his attention to my Fx routine and his
interest picked up, so much so that he was copying actual bits of code. How did
this advance negotiations, I wondered. I closed the binder cover and excused
myself, taking it with me.
I stopped in the
VP’s office, and reported I didn’t like the way this was going. I’d developed
this routine on my own, already had it purloined once, and I didn’t want it
stolen again. Because I benefited from royalties, I allowed the bank to use it
but they didn’t own it– I did. My holding out for a signed agreement did not
make the vice president happy.
Lunch saw subs
delivered. By mid-afternoon Matt said he was ready for a meeting. Even I wasn’t
prepared for the audacity of his announcement.
“You know a guy
named Daniel Sandman? We bought rights and title to the package from him. After
minor changes, we shall bring it to market. We’re willing to pay you
$10,000 for whatever rights you think you have and you turn your source code
over to us.”
The blatant gall
stunned us. Finally, Chase said, “The offer of a half million plus was just
bullshit?”
The vice president,
never one to forget proprieties, frowned at Chase but said to Matt. “You viewed
our source under false pretenses?”
Matt shrugged. “You
were under no obligation to show me a fucking thing. I suggest you consider this
proposal quickly and unemotionally. I have no idea how long my bosses will keep
the offer open. With or without you, we’ll bring the product to market within
months.”
“What offer?” said Chase. “This is blackmail.”
“It’s actually
extortion,” said the vice president. “It won’t fly here. We own the product. We
have taken steps more than once to defend it. I cannot imagine what Sandman led
you to believe, but the product is not yours. Now I’d appreciate it if you
return the notes.”
“Forget about it.
The notes are mine, freely allowed by you. You know Charlie Wong, the guy I
work for? And his brother, their lawyer? Believe me, before this is over, we’ll
own it, Fx and all, and you’ll be wishing you had the $10,000 to cover your
first week of legal fees.”
“Fx is not for sale,” I said flatly.
“You think you can stop us?”
The vice president
leaned in. “Our customer base monthly revenue is worth more than you’re
offering. I suggest you leave, before Southern hospitality comes to an end.”
Matt tapped his
fingers a moment and said, “You’ll regret it. Call me a fucking cab.”
The after-conference
turned dismal. We had been humbled, deceived, threatened, misled and misused.
Only our refusal to be bullied gave us the least comfort.
Matt’s feint and his
company’s bluff corroded the bank’s confidence. Computer Associates’ audacity
must surely have some credence, mustn’t it? The vice president sent out a
tendril of query, tried a civilized probe into Computer Associates, which was
met with stony implacability. Gradually, the cold acidic silence ate through
the bank’s certainty and sense of justice. They decided to invest no more
in the product.
I was retained for
the time being because Data Corp still had customers who depended on the
software and they would not abandon them. As manufacturers introduced new
devices and operating system changes, our package continued to adjust and
adapt.
Loose Ends
Chase departed,
moving on to sell elsewhere. He reported an industry insider rumor that
Computer Associates concluded Sandman either screwed them or they found him too
volatile to work with. Either way, they killed off their project. But sadly,
they’d also killed ours.
CA’s retreat came
too late for us. With sales and marketing shut down, the die had been cast.
Within a year or two, requests for updates to the software slowed and then
tapered off altogether. The bank ceased billing the last few customers, letting
them continue to use the product if they chose or migrate to a competitor’s
offering.
Sand Castles
Sandman induced
mixed feelings. He possessed a brilliant, if sadly injudicious mind. Like a
Greek drama or a Russian novel, the characters and the outcome were doomed from
the start. I thought of Sandman less a bad guy and more a pathetic protagonist hemmed
in by a distorted perception of the world.
As a result, he
acted vengefully and criminally. He’d defrauded a bank and its most important
business clients. Goaded by his lover, he blew every chance, every
opportunity to get it right. When the blunders of a cigar-chompin’ deputy gave
him a get-out-of-jail card, he attempted one more dishonest end-run, reselling
a product he no longer owned. It shouldn’t have turned out a tragedy, but
characters seldom get to decide the plot.
I confess I relished
the contest. Like a novel’s protagonist, I had to see it through until its end.
A friend noted I would have fought the battle even if I hadn’t been paid.
As a freelancer,
jokes surrounded me about riding into town, smiting a problem, and riding out
again as winsome daughters clasped their hands to heaving bosoms and cried out,
“Who was that masked man?” Even the industry slang of a hired ‘code-slinger’
evoked the image of a geekish gunfighter. We each enjoy our illusions, but the
challenge felt exciting.
Although a
resoundingly happy ending didn’t materialize, the case looms in my past with a
sense of satisfaction, of skirmishes won and a job completed. One could argue
otherwise, but I like to think it a shadow victory for the good guys who prevented the bad guys from winning.
As much as I enjoyed
the battle of wits, the world would have been a happier place if Sandman had
executed an ethical U-turn into the righteous lane. But if the ungodly, as The
Saint was wont to say, always did the right thing, we’d have no story.
