BOFH: Somebody know this body?
Accident or murder?
"Ah, Simon, Steven, there's a man here from security wants a word with you?" the head of IT asks nervously.
"Really?" the PFY says. "What's he want?"
"Found a body," security says, stepping into Mission Control from behind the head.
"A body?" the PFY says, in his well-practised innocent manner.
"A body," security repeats.
"Where?" I ask.
"Third floor showers."
For a moment there I'd wondered whether the PFY really was the hard faced bastard he sometimes appeared to be and hadn't made the anonymous call to security about the Boss' sub basement predicament, but even our ducting system isn't watertight enough to push someone up four floors...
"And you're coming to us to see if we have security footage?"
"Swipe card records?"
"Motion sensor logs?"
"No," security repeats. "I popped up to see if you knew something about it."
"Showering?" the PFY asks, acting slightly offended.
"Oh, I shouldn't think so. Who was it?"
"Bloke from accounts payable. Henderson."
"And you thought of them why?" the head of IT asks.
"We thought he'd died from natural causes," security says, nodding at the PFY.
"Yeah, electrocution, drowning, poisoning..."
"They're not natural causes!" the head gasps.
"They are if you call me at 4am whining about the quality of toner," I snap. "Not that this bloke...uhm..."
"Henderson," security supplies helpfully.
"So you thought of them because?"
"Because he was a beancounter and because he had one of these in his hand," security says, holding up a USB key.
"A USB key," the PFY says. "What's on it?"
"I was hoping you'd be able to tell me that – it's encrypted."
"Ah...shouldn't the Police be doing that?" the PFY says, choosing the cautious route.
"They should be, but I've been asked to take a look at it because Henderson was being monitored internally. It seems he was a little enthusiastic in processing the payments he's been authorising the last few months. Paying them two or three times in some cases..."
"And THAT'S why you thought of us – you thought he'd been overpaying us?"
"No, the payments were all to an auditing company for 'consultancy' fees," the head of IT says, getting in on the act. "But our company doesn't want its name in the E-Crime reports since the CEO's a charter member of the E-Crime Awareness Committee, and it might look bad..."
"So let's get this straight – your sole reason for suspecting that we had something to do with it was because the guy was carrying a USB key?"
"He was naked," security adds.
"Oh please tell me he was 'carrying it' in his hand!" the PFY says, dropping it on his desk while suppressing a gag reflex.
"Oh, right then >PLUG!<" the PFY sighs. "Okay, >clickety< so it's a USB Key-based encryption system with... >tap< >tap< hundreds of trillions of possible keys and >clickety< would most likely take several weeks of computing time to crack."
"Really?" the head of IT gasps.
"Nah, it's a raw image of an encrypted ZIP file – >tap< >tap< and an very early version of ZIP at that.""
"So when will you have it cracked?" security asks.
"Now," the PFY says, opening a spreadsheet onto the window. ">clickety< Hm... >tapity-click< It's just a spreadsheet of payments – hardly worth putting into a zip file at all – certainly not worth encrypting >tappity<"
"Nothing else hidden on the device?!?"
">clickety< Nnnnooo, doesn't look like it. >tappity< By the look of it the key was brand new – or newly low-level erased and the Zip file raw copied over it – the rest is blank. So it looks like you're back to square one – perhaps someone at the audit company thought he knew too much?"
"Yes, it's possible – but at least we know we're not going to be handing over any data which might embarrass the CEO," security says. "We can hand this over to the Police safe in the knowledge that no further invoices will be triple paid. And now that that's cleared up.. >RING< Hello... Yes... Yes... really? Okay, yes... good, goodbye then."
"What is it?" the head asks expectantly.
"A friend of mine keeping me posted about the coroner's report – it was natural causes."
"You mean electric..."
"No stroke. The coroner reckons he probably dropped the key, bent over to pick it up and BAM, lights out matron!"
"So it wasn't them?" the head asks dubiously looking at the PFY and myself.
"Nope, just a random event – could have happened to anyone," security says, grabbing the USB key and wandering off sheepishly with the head of IT in tow.
"So you opened your own auditing office," I say to the PFY once they're gone. "Ballsy! But the stroke thing – a piece of luck or overdose of blood thinners in the water fountain?"
"ME?!"" the PFY gasps. "I thought it was you?"
"Hell no. But the double payment stuff sounds good!"
"Yeah, all the rage in Iraq. Apparently Henderson was paying the same bill on successive months by appending a suffix to the invoice number. On the third month he'd divert suspicion simply by paying the bill plus the overdue penalty so the numbers didn't recur. And the best part was he had a set of SQL statements which he'd trigger from his desktop to do it without leaving an audit trail in the finance package."
"That's pretty bloody clever...But how do you know all this?"
"It was all in that ZIP file on the USB key."
"But that was only a spreadsheet!"
"No, that was off the Beancounter's fileshare. The real ZIP file was much more interesting – he's kept notes and everything!"
"I think it's time we got our names on the employee list at that auditing place..." the PFY says, picking up the phone and bashing in a number...
Sponsored: Becoming a Pragmatic Security Leader