June 10, 2013
He stepped out of his 10th floor apartment at 8:00 am. Elevator indicator turned red as he pushed it. The haste in his stride was evident. Irked by delay, he repeatedly pressed the switch. An hour was needed to trounce rush hour traffic congestion and reach office. Despite availability of multiple elevators, the lift emerged after five minutes.
On his way to car parking level, he tried to prioritize his assignments at work place. The importance was focused on collection. An updated list of dues was required to go hard at sales department. In spite of being General Manager, some key export buyers were serviced directly by him. While pacing towards his car, he remembered the expected fund transfer from ‘Star One’ the company that had assured to pay last week. Customer had promised through bank remittance. However, amount did not show up in company bank account until yesterday evening.
He was aware of mental makeup associated with customers. The exigency always remained until receipt of material and imperativeness would go missing while releasing payment.
The engine was turned on after occupying driver’s seat. Without thinking twice, he called the accountant of ‘Star One’.
“Did you transfer the money?” He asked.
“The bank document was signed by director.” Accountant replied. “Anyway we stopped payment after receiving your email on change of bank account. You will have to give us couple of days to process paper for director signature”
“When did I write an email on change of bank account?” He was left stunned. “There must be an error. Please stop processing a new remittance document. Don’t make payment to any third party account.”
“Do you suspect phishing attack?” Accountant was inquisitive.
“It’s certainly a possibility. I may need some help.” He requested. “Would you please forward copy of this email? I would like to see.”
“I will.” Accountant assured.
On his way to office, he developed heaviness in his head. How could anyone send a message from his email id? Did someone gain unauthorized access to his email or perhaps to his computer too? Possibly the hacker must have had sent similar emails to his other export customers. A customer foolishly sending money to a third party account was not entirely ruled out.
His heart missed a beat.
Strain was visible on his face. A brief break from stress was much needed to get grips with situation. He entered cabin, locked door, reclined on chair and closed his eyes. This had been a practice. He would instruct his assistant not to bother him for a while. Periods of rest helped him to restore his energy level. After some time he opened his eyes. The laptop was pulled to have a look at emails. Star One’s email did not turn up. Annoyingly he called back only to realize customer had already forwarded the email. Possibly, it was deleted by hacker.
The game was on. Hacker was somewhat faster and quicker. Invisible offender had marked him for dire fate. His intellect was challenged by hacker. He had no other choice but to face up. Star one was called immediately to fax the message.
Hacker’s email copy appeared at fax machine.
It was wicked, yet an accurate reproduction of his style of writing. The message was sent from his email id. The sender had requested his customer to settle dues by making bank transfer to a third party account in Singapore until snags in existing bank account are resolved.
The incident turned out to be a traumatizing experience. He was targeted by a mysterious unidentified swindler. Who was he? Was he an insider within the company or an outsider from business circle? Was he known or unknown? Could he be a deceptive friend or silent adversary or mystifying stranger? He had to act quickly. An oversight blunder could happen from any of customers. Without wasting time, he called his key customers and alerted on hacker email. Not all had received such email. The call was followed up with a fax message to ignore hacker email and not to send money to third party accounts.
None of his business contacts had adhered to hacker. He felt lot better once this was confirmed. Concurrently he was consumed by irrepressible eagerness to dig more. The hacker had entered his zone without invite. A stubborn desire to unveil the culprit slithered in. The Singapore based company’s name and bank account details were stated in hacker’s email. Formerly, he had lived in Singapore. He had frequently travelled to that place even after his relocation to Dubai. If need arises, he was ready to travel to crack down the shark.
His knowledge on information technology was relatively low. He called internet service provider to upgrade his awareness.
“How can we help you?” The official from Internet service provider asked him.
“I may need some assistance.” He requested.
“It’s our pleasure to be of your service. Tell me.” Official was courteous.
“An unauthorized email for fund transfer has been sent from my email id. I suspect my email is hacked.” He eagerly explained.
“Why do you suspect? I am certain, your email is hacked.” Official said with conviction. “Did you click any links or open attached files from unknown sender in recent past?”
“I know the risk involved with such emails.” He clarified. “I avoid all junk stuff including fun emails forwarded by friends. I open attached files that are official, mostly from my customers, staff and directors. Emails for password reconfirmation and bank account details are always deleted.”
“Perhaps your password is stolen within your office, friends or family circle.” Official continued. “Do you suspect someone capable of such fraud?”
“I would not like to speculate unless I am sure.” He truly felt so.
“It is advisable to register a police complaint.” Official suggested. “Simultaneously you should change all your online passwords.”
“Is there a way to trace the hacker?” He was curious.
“Why not? There are methods.” Official spoke freely. “Is your internet connection secured or unsecured?”
“It is secured.”
“Very well. Nevertheless, a secured line may not be secured enough to prevent invasion from hacker.” Official shed light on. “Your computer leaves its identity all over the internet whenever you visit a website. Your PC address will be stored in log file of web server. Hacker can encroach with port scanning software capable of knocking the door of every connected computer. Once invaded, hacker will plant a rootkit to gain access to your PC. Your system turns vulnerable as hacker can read everything that is on your hard drive. He will monitor and send your key strokes, user names, passwords back to his hideout. Once all information is pilfered, he will proceed to steal you blind.”
“Do you mean hacking cannot be done if rootkit is not installed?” He inquired.
“I didn’t say so.” Official made it clear. “Hackers have become increasingly sharp with progression of technology. They are capable of picking critical data and information from your system without installing any malware. It could be a sniffer program. Sniffers examine network traffic and grab data that flows into and out of a computer attached to a network.”
He had heard of role of sniffer dogs in crime scenes. The update on sniffer program was new discovery for him.
“I would like to trace my hacker.” He was determined.
“You can try, it’s not impossible.” Internet service provider’s official gave a brief orientation on some basic technical expertise.
He noted down method of scrutinizing system by using MS-DOS and tracking sender’s IP address. The discussion concluded with thanking each other.
He decided to play a game of his own with hacker. The option of changing passwords was kept back at his mind. To be watchful without alerting opponent was his ploy. Meanwhile he created a secondary email id on a false name and placed it in contact list. Next day he sent an email from his primary email id to secondary email to settle a large amount of dues. He expected a follow up email from hacker to transfer funds to Singapore account.
Unusual activity of that nature did not come to his notice for next couple of days. He tried to find out if any suspicious IP connection listed in DOS Prompt. The log suggested no other host name other than his existing. Ten days after first attack, couple of customers reported new round of emails for fund transfer. Only some had received such email. Hacker was cautiously making his moves by randomly selecting customers. His secondary email too was avoided by hacker. Perhaps hacker was smart enough to identify the user behind false email id. During course of his busy day at office, briefly the hacker threat slipped out of his mind.
Invisible fraud’s fear reoccurred while wrapping up for the day. Rest of employees had left office. In this waiting game with hacker, he wanted to win. It would be certainly unpleasant to end up with damages. On contrary, he had the option of temporarily extinguishing his anxiety by changing passwords. Yet, he wanted to turn tides by exposing the hacker. Driven by stress and enervation he tilted his head back on chair’s headrest. Apparently, he closed his eyes.
Next morning, he was bemused by a message that appeared in his primary email id. The sender seemed like his banker. The source had requested him to reconfirm his online secure key code. Secure key, a two-factor authentication device was given by his bank for extra layer of protection in online transactions. The handwritten note containing email, bank passwords and other details was preserved in his wallet, except for security device PIN. Bank’s secure key authentication device was placed in his table drawer. No one else had the access. Secure PIN was registered in his mind.
He felt a chill run down in his spine. After failing in attempts to rip-off customers, hacker had turned his eyes at company’s bank account. Hacker had picked up not just his email passwords, but also perhaps passwords of online bank account. He was threatened and terrified by the loomed indicator. Secure code seemed safe at this moment. He failed to figure out hacker’s logic behind cracking online banking secure key code. Secure PIN was useless without authentication device. The authentication device was safely kept in his table drawer. Weakened by exertion, he made conscious effort to reinforce energy.
This could be the end of stalemate!
He recognized the opportunity to force a checkmate. Internet service provider’s official had given some basic tips to track an IP address. After double clicking the suspicious email, he right clicked file options and selected properties. At the bottom ‘Internet Header’, section was found. While scrolling, he identified senders IP address. The external IP address left him befuddled.
It belonged to his company. The hacker email had originated from within edifice of his office. How could this be possible? Internal IP address was not recorded. If documented it could have had trailed the masked criminal.
A deceitful undercover operator in his organization was covertly eyeing for a bounty. Who could this be? He headed the trading house of 63 employees from various departments such as Administration, Finance, Sales, Commercial, and IT etc. Finance and IT staff were well versed on revenue and technical issues than others. Task was not easy to spot and pinpoint culprit. To be on safer side, he decided to change bank password and answers to security questions. He could not login to bank website as it showed failure with an appeal to connect later. The idea of changing email password was refrained. The trap was kept open to capture the hacker unaware.
He developed severe headache during the course. As usual, he closed his eyes and relaxed for a while to recuperate from stressful situation. After some time he woke up, walked out and locked the office.
The perpetrator assumed to be in close radius. He passed the night with newfound optimism of zeroing in on culprit. A shocker was on waiting as next morning he entered office and turned on his PC. His repeated attempts to login to email and online bank account turned futile. Frightened by likelihood of imminent risk and danger, he scratched his head helplessly. If his memory served right, he had intended to change online banking password. He could not do it as bank website was down. By then it had slipped out of his mind to recheck. The decision to change email passwords was temporarily postponed.
It was not accidental. He smelt a rat. Sure enough, hacker had something to do with this foul play. Hacker must have had changed both email and banking passwords. He sweltered in confusion and panic. Hacker was step ahead. He had underestimated his opponent. His head reeled in twinge, pressure and heaviness as if blood rushed to brain. He needed a break. He instructed his assistant not to disturb him, locked cabin and switched off his cell phone. Lying back on his chair, he looked overhead surface of room. By then, thoughts had begun crossing his mind.
He had worked extremely hard to achieve this level. Owners of company had always appreciated his loyalty, hard work and resolute attitude. As General Manager, he was given all powers. Owners trusted him. Company had become financially sound and profitable under his stewardship. There was an aspect of life that bothered him unrelentingly over the years. Some years back while living in Singapore he had botched desolately in his self-employment venture. Subsequently, he had moved to Dubai in search of job. It was a triumph against difficult odds. He had turned victorious in his work contract. At times, he enviously watched the millions he had earned for company owners. Identical trading activity in Dubai was overwhelming success while working for others. That left him baffled without knowing the reason for his failure in business venture in Singapore. Right from his childhood, he never easily had accepted failure.
The game with hacker was accepted as challenge and he did not want to lose. Adding salt to wounds, hacker had pushed him to limits by irritating to no end. Was he haunted by a forgotten rival from his past life in Singapore?
In a moment of absence of awareness, he shut his eyelids. He did not know what happened thereafter. All of a sudden, a second character emerged from his dissociative identity disorder. The second character was completely unfamiliar, stranger and had no association with his former self. He appeared to be in some kind of trance. Locating passwords and secret answers in wallet was sheer accidental discovery. His plan in swindling cash from customers had crashed. In split second madness, yesterday evening he had changed all online passwords. Stroke of luck had smiled when he found bank’s authentication device in table drawer. Now all he needed was secure key code for online banking. His hunt was on.