BOFH: Somebody know this body?

Accident or murder?

  • alert
  • submit to reddit

Application security programs and practises

Episode 15

"Ah, Simon, Steven, there's a man here from security wants a word with you?" the head of IT asks nervously.

"Really?" the PFY says. "What's he want?"

"Found a body," security says, stepping into Mission Control from behind the head.

"A body?" the PFY says, in his well-practised innocent manner.

"A body," security repeats.

"Where?" I ask.

"Third floor showers."

For a moment there I'd wondered whether the PFY really was the hard faced bastard he sometimes appeared to be and hadn't made the anonymous call to security about the Boss' sub basement predicament, but even our ducting system isn't watertight enough to push someone up four floors...

"And you're coming to us to see if we have security footage?"


"Swipe card records?"


"Motion sensor logs?"

"No," security repeats. "I popped up to see if you knew something about it."

"Showering?" the PFY asks, acting slightly offended.

"The body."

"Oh, I shouldn't think so. Who was it?"

"Bloke from accounts payable. Henderson."

"And you thought of them why?" the head of IT asks.

"We thought he'd died from natural causes," security says, nodding at the PFY.

"Natural causes?"

"Yeah, electrocution, drowning, poisoning..."

"They're not natural causes!" the head gasps.

"They are if you call me at 4am whining about the quality of toner," I snap. "Not that this bloke...uhm..."

"Henderson," security supplies helpfully.

"...did that."

"So you thought of them because?"

"Because he was a beancounter and because he had one of these in his hand," security says, holding up a USB key.

"A USB key," the PFY says. "What's on it?"

"I was hoping you'd be able to tell me that – it's encrypted."

"Ah...shouldn't the Police be doing that?" the PFY says, choosing the cautious route.

"They should be, but I've been asked to take a look at it because Henderson was being monitored internally. It seems he was a little enthusiastic in processing the payments he's been authorising the last few months. Paying them two or three times in some cases..."

"And THAT'S why you thought of us – you thought he'd been overpaying us?"

"No, the payments were all to an auditing company for 'consultancy' fees," the head of IT says, getting in on the act. "But our company doesn't want its name in the E-Crime reports since the CEO's a charter member of the E-Crime Awareness Committee, and it might look bad..."

"So let's get this straight – your sole reason for suspecting that we had something to do with it was because the guy was carrying a USB key?"

"He was naked," security adds.

"Oh please tell me he was 'carrying it' in his hand!" the PFY says, dropping it on his desk while suppressing a gag reflex.


"Oh, right then >PLUG!<" the PFY sighs. "Okay, >clickety< so it's a USB Key-based encryption system with... >tap< >tap< hundreds of trillions of possible keys and >clickety< would most likely take several weeks of computing time to crack."

"Really?" the head of IT gasps.

"Nah, it's a raw image of an encrypted ZIP file – >tap< >tap< and an very early version of ZIP at that.""

"So when will you have it cracked?" security asks.

"Now," the PFY says, opening a spreadsheet onto the window. ">clickety< Hm... >tapity-click< It's just a spreadsheet of payments – hardly worth putting into a zip file at all – certainly not worth encrypting >tappity<"

"Nothing else hidden on the device?!?"

">clickety< Nnnnooo, doesn't look like it. >tappity< By the look of it the key was brand new – or newly low-level erased and the Zip file raw copied over it – the rest is blank. So it looks like you're back to square one – perhaps someone at the audit company thought he knew too much?"

"Yes, it's possible – but at least we know we're not going to be handing over any data which might embarrass the CEO," security says. "We can hand this over to the Police safe in the knowledge that no further invoices will be triple paid. And now that that's cleared up.. >RING< Hello... Yes... Yes... really? Okay, yes... good, goodbye then."

"What is it?" the head asks expectantly.

"A friend of mine keeping me posted about the coroner's report – it was natural causes."

"You mean electric..."

"No stroke. The coroner reckons he probably dropped the key, bent over to pick it up and BAM, lights out matron!"

"So it wasn't them?" the head asks dubiously looking at the PFY and myself.

"Nope, just a random event – could have happened to anyone," security says, grabbing the USB key and wandering off sheepishly with the head of IT in tow.


"So you opened your own auditing office," I say to the PFY once they're gone. "Ballsy! But the stroke thing – a piece of luck or overdose of blood thinners in the water fountain?"

"ME?!"" the PFY gasps. "I thought it was you?"

"Hell no. But the double payment stuff sounds good!"

"Yeah, all the rage in Iraq. Apparently Henderson was paying the same bill on successive months by appending a suffix to the invoice number. On the third month he'd divert suspicion simply by paying the bill plus the overdue penalty so the numbers didn't recur. And the best part was he had a set of SQL statements which he'd trigger from his desktop to do it without leaving an audit trail in the finance package."

"That's pretty bloody clever...But how do you know all this?"

"It was all in that ZIP file on the USB key."

"But that was only a spreadsheet!"

"No, that was off the Beancounter's fileshare. The real ZIP file was much more interesting – he's kept notes and everything!"


"I think it's time we got our names on the employee list at that auditing place..." the PFY says, picking up the phone and bashing in a number...

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Attack of the clones: Oracle's latest Red Hat Linux lookalike arrives
Oracle's Linux boss says Larry's Linux isn't just for Oracle apps anymore
THUD! WD plonks down SIX TERABYTE 'consumer NAS' fatboy
Now that's a LOT of porn or pirated movies. Or, you know, other consumer stuff
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story


Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.