by Misha Glenny
If Manningham was associated with ethnic tension and precipitous economic decline, nearby Scunthorpe (population 75,000), lying south of the Humber estuary, was more often regarded either as an English nowheresville or as the butt of jokes provoked both by its name and the perennially poor performances of its soccer team. (In fairness, one should add that at least it did not inherit its original Scandinavian name, Skumtorp, and until its relegation in May 2011 Scunthorpe United FC had been punching above its weight in the second tier of English football.) As far as one can establish, the town has never been cited in connection with large-scale organised criminal activity.
A mere four days before the Reverend John’s return from his charitable work in India, DS Dawson had been working happily at Scunthorpe’s central police station. He was watching the Command and Control log, a computer screen that relays information and crime reports phoned in by the public. The standard fare would include drunken fracas, the occasional domestic, and a kitten getting stuck up a tree. But on that Wednesday afternoon at 1.30 p.m. a message ran across the log that aroused the Detective Sergeant’s curiosity. It was very much out of the ordinary. He turned to his colleague and in his lilting Lincolnshire brogue said gently, ‘Come on then. We’d best go take a look. Seems like there’s something rather fishy going on at Grimley Smith.’
2
MIRANDA SPEAKS OF A BRAVE NEW WORLD
Grimley Smith Associates’ website displays a sepia photograph of their head office in Edwardian times when it functioned as one of Scunthorpe’s first ever car showrooms. Bizarrely the business proudly advertises the Belsize, an early symbol of vehicular chic in Britain whose manufacturer went into liquidation soon after the First World War. But this venerable antecedent and Grimley Smith’s Dickensian name deceive. For GSA, as it is also known, was established as recently as 1992 by a Mr Grimley and a Mr Smith.
The company offers far more complex technical services than the sale and repair of old jalopies. It specialises in chemical-engineering applications for the energy and pharmaceutical industries, and is recognised as one of Scunthorpe’s most successful young companies that now boasts a worldwide presence.
GSA’s two founders comprised the total original workforce, which has since expanded to include several dozen highly skilled engineers. Like all businesses where success drives expansion, GSA grew in an exciting but haphazard fashion. Its engineers would be contracted to mammoth projects in places as far apart as Iran, China and Venezuela. The specialist nature of their work and the zero room for error in their calculations required some powerful computer programs. In particular, they ran so-called CAD (Computer-Aided Design) software that offered intricate 2D and 3D simulation of projects.
By the middle of 2007 the company had reached a stage where it desperately needed to manage its computer infrastructure. Outsourcing its maintenance and security was proving an expensive option, and the company found the management of all its various cyber needs ever more taxing. The directors decided they would commission a fresh approach to the whole system.
In Darryl Leaning, an easygoing local lad, they found just the right person to take on the job. Apart from his technical competence, he was young, scrupulously honest, but perhaps most importantly his relaxed, friendly manner disguised an unusually sharp wit. For it is a little-appreciated fact that the very best computer managers are as talented in managing social and psychological expectations as they are in fixing widgets.
The minute he walked into the office for the first time, Darryl realised that Grimley Smith’s computers needed urgent attention. His overriding concern was that all staff members had ‘administrator rights’ at their workstations. They could install any program they wanted and use any online services they selected (except for pornographic material, which the previous IT regime had centrally blocked).
On a family computer, a single individual (usually a parent) will act as ‘administrator’. He or she can choose, for example, to limit electronically the amount of time other family members spend on the computer, or can restrict the type of website that the rest of the family is permitted to visit.
One of the most important ‘privileges’ that family PCs will confer upon the administrator concerns the installation of new software programs. In this way, parents can prevent children playing games that they consider unsuitable. But they may also exercise this privilege to stop software of dubious origin being downloaded, because the program could contain a virus or other malicious material that would leave the family’s entire digital world vulnerable to attack.
The same principles obtain in a business environment, except usually on a larger and more complicated scale. The first problem Darryl identified when he started work at Grimley Smith was the absence of a central administrator. It was insupportable in a modern business, he argued to the directors, that the staff could upload, download or install anything they desired.
He told them that central control was essential to prevent people from unwittingly allowing viruses to breach the network’s defences. He explained that the employees were, in all likelihood, entirely trustworthy – you don’t put anti-virus software on your system because you suspect your colleagues of wanting to infect it, because on the whole they don’t. The same applied, he continued, to the issue of software installation – and everything else, for that matter. The value of data in a highly specialised company like GSA is effectively incalculable. If it fell into the wrong hands, it might destroy the company.
Certain problems confronted Darryl in his crusade to purge Grimley Smith’s computer system of harmful vulnerabilities: those invisible digital holes through which worms, trojans and viruses could slip unnoticed. First, he understood that people resist surrendering privileges they already enjoy – and, apart from viewing writhing naked bodies, the GSA staff enjoyed a lot. For a young techie, Darryl demonstrated a firm grasp of the psychology associated with computer use. Somehow he had to wean staff off their local administrator rights. He decided the best way to do this was incrementally. He knew that people don’t like losing things they already have, but he further reasoned that equally they like receiving new toys.
So he used the next computer upgrade as an opportunity to introduce the first restrictions. Thrilled with their sparkly and ever more powerful new machines, the GSA employees were prepared to accept that they could no longer download their favourite games or pastimes whenever they chose.
Again demonstrating an innate grasp of psychology, Darryl avoided overtly draconian methods. Facebook was a problem. A lot of employees were draining resources, using the social networking site when they should have been working. But increasingly this was also what the security industry calls an attack ‘vector’, an instrument that virus-makers can hijack in order to spread their wares.
Darryl figured that banning Facebook altogether might lead to rebellion in the workplace, so instead he allowed access to the site between 12 and 2 p.m., when most people took their lunch. By setting the Facebook time himself, he was also able to increase his monitoring of malware and hacking attempts, to ensure that the site did not compromise company security.
Gently he introduced a system of relatively powerful central control, without alienating any of the computer users at Grimley Smith. At the heart of the new order was a complex program called Virtual Network Computing or VNC. This was Grimley Smith’s very own version of Big Brother. If Darryl identified any unusual or threatening behaviour on the network, he could release the VNC from its virtual hibernation to swoop down and investigate in detail what was happening on any of the dozens of computers he now managed.
One morning, when staff logged onto their computers, Darryl sent a message warning everyone from the Managing Director downwards that henceforth anyone might be subject to screening by the Computer Manager. Unbeknownst to most, Darryl’s newly installed VNC was humming away merrily in the background. If he received an alert that somebody had downlo
aded a virus or was trying to install some unrecognised software, the VNC would be activated.
The VNC is a mighty powerful tool. To some, its use will appear like a straightforward business practice, but in the global Internet, deployment of VNC software is fiercely contested. In much of continental Europe, governments and companies are strictly forbidden from accessing any information on their employees’ computers that is not related to work (and even that is not easy). The monitoring of emails is strictly illegal.
Crime detection and civil liberties have always been uneasy bedfellows, but their coexistence has become significantly more troubled since the spread of the Internet, and this will continue in the future. In Germany, if a police officer is tracking a suspect anonymously over the Internet, he or she is legally bound to identify themselves as belonging to law enforcement, if asked by an online interlocutor. This makes very difficult the practice widespread in Britain and the United States of officers posing as underage girls and boys in order to entrap paedophiles who appear to be grooming children online. The deployment of a VNC is politically charged and circumscribed by important data-protection laws. So Darryl Leaning had to handle his pet with great care.
One day in early February 2008 an alert that warned of suspect software flashed up on Darryl’s screen. Unauthorised Application: Messenger. Darryl’s systems were looking out for several different types of unauthorised application. The word ‘Messenger’ suggested that someone was trying to install or operate some form of communications package like Skype. Within minutes Darryl had traced its origin to one of the chemical engineers who represent the backbone of GSA’s business. Walking over to the workstation in question, Darryl decided simply to ask him outright whether he was running any new instant messenger on his machine.
‘And he turned to me quite cooly and said “No!” He flatly denied it. So I replied, “Oh, okay. That’s weird, though, because I just had a warning saying that this computer was running an unauthorised messenger application.”’
Darryl shrugged his shoulders. He wasn’t unduly surprised by the engineer’s reply, because security systems are sensitive devices and, by his own admission, he was running various scanning tools, which look like hacking devices to his own anti-malware software. In any event, Darryl figured, even if the engineer was running the program, he was probably just chatting to his mates in company time. Now at least he would realise that it was the wrong thing to do and that, if he did use it again, Darryl would be watching. So he just forgot about it.
Two weeks later, however, the same thing happened. This time, Darryl decided, he would wake the mighty VNC beast. Diving into the engineer’s computer, he started to search for the communications program – which he quickly identified as Miranda Instant Messaging. Many people now use instant messaging, which enables them to talk in real time to friends by sending a few words or sentences in little text boxes. In most cases Windows Instant Messenger (IM) can only talk to someone else who has the same software. Miranda’s advantage lies in the fact that you can communicate with a variety of different IM programs. It is especially beloved of some obsessional computer users.
Before unleashing the VNC, Darryl checked the engineer’s hard drive to see if he could spot anything peculiar, but the search proved fruitless. It was about 12.15, lunchtime. Just the time, Darryl thought, to run a little VNC session on his machine to ascertain once and for all whether this unauthorised program really was running on the engineer’s computer.
Miranda IM was as nothing compared to what Darryl saw when the VNC began to explore the secrets of the employee’s computer. The engineer had opened ten text documents at the same time and was scrolling through them at unnatural speed. Darryl was open-mouthed. Never had he come across anyone able to work with documents so quickly. All he could see as he watched the engineer’s screen was a blur of numbers, symbols and words. Slowly he realised that the engineer was copying parts of the document and then pasting them into a separate wordpad file.
He could not yet grasp what was happening, or from where all these documents were coming, but as far as he could establish, this did not resemble anything like company work. The name of the file into which he was pasting the text was confusing. It was called ‘Sierra Leone’. The engineer was indeed working on an oil-refinery project in Sierra Leone. Darryl breathed a sigh of relief – perhaps it was legitimate business after all. It was later on that it dawned on Darryl why the engineer had chosen this name. If anyone walked past his computer, he would just minimise the file and all they would see on the task bar was a tab named ‘Sierra Leone’: the very project he was working on.
It would have fooled Darryl, too, had the VNC not then spotted an unregistered drive – F: – which indicated that the engineer was using a portable disk of some type. Darryl sent the VNC into the mystery drive and ordered it to copy the tens of thousands of documents that he found there.
Still unsure how to proceed, and not yet in a position to establish what on earth was going on, Darryl ordered his faithful VNC to explore the innards of the suspect computer one more time. He programmed it to start taking screenshots of the engineer’s PC every thirty seconds. Looking at the computer in real time was baffling. It was impossible to identify what the data actually represented. But when he saw the screenshots – frozen images of the engineer’s activity – he gleaned a pretty good idea of what was going on: these were hundreds upon hundreds of credit-card numbers, bank accounts, personal details, PIN numbers and email addresses. This had absolutely nothing to do with the development of Sierra Leone’s nascent oil-refining capacity.
Darryl then printed one particularly dense page from Bank of America Online, and took it to his MD, Mike Smith. Within minutes Smith had picked up the phone and called the police in Scunthorpe.
When DS Dawson arrived at Grimley Smith, the MD presented him with the printouts. There was a mind-boggling array of data: information on banks, estate agents, insurance companies, theme parks, cinemas, charities and more, including what looked like some information extracted from the US military. He immediately suspected that he was dealing with some form of fraud, but he could not know what the material signified or how he could begin to confirm these suspicions. These were difficult questions.
‘Right,’ said Dawson ‘Let’s get him in the office for a chat, shall we?’
The Grimley Smith managers looked at each other nervously.
‘What is it?’ asked Dawson.
‘He’s a big lad,’ came the reply, ‘and I’m sure he can kick off.’
‘Well, we’ll address that issue when we come to it,’ said Dawson, mustering as much authority as he could.
But when the tall, imposing man walked into the office, he looked shocked rather than angry. He asked the detective who he was and what he was doing there, with a hint of disdain. Dawson explained why he had been called into GSA and asked the man directly what all the documentation signified. With unexpected nonchalance, the man explained that it was part of a report he was compiling for one of the managers in the room. There was a moment’s silence before the manager piped up defiantly, ‘No, it isn’t!’
‘Right,’ said Dawson, ‘put your hands out, sir.’ And he nodded to his colleague: ‘Put the cuffs on him!’
Far from ‘kicking off’, as the managers had feared, the man remained quite calm, if a touch bewildered, throughout. Two hours after seeing the Command and Control report, Dawson had a suspect under arrest in a police cell. But now he had to build a case quickly. If he was unable to come up with prima-facie evidence of conspiracy or fraud within three days, he would have to let his man go, and that would be the end of it.
Dawson returned to Grimley Smith with an officer from the high-tech recovery unit and the two of them got to work with Darryl Leaning. As Darryl had predicted, the portable disks were packed with hundreds of thousands of documents, most crammed full with details of hacked credit cards and ban
k accounts. But there were also email exchanges, one of which related to a Yahoo! newsgroup, which was prosaically called [email protected]. The postings and various messages from this group amounted less to an online tutorial and more to a university degree in how to perpetrate fraud on the Internet.
Dawson next drove to the flat on Plimsoll Way in neighbouring Hull, where the suspect lived. The address was on an estate, seemingly part of a dockside regeneration scheme that was showing the first signs of wear. Grimy water marks stained the cream stone façade, which was pockmarked by rust emerging from the rendering. It was an apt physical symbol of New Labour’s Britain – shiny and bright on the outside, but unable any longer to prevent the rotten interior from punching through the surface.
Inside, the rooms bore the mark of a bachelor. It was by no means a pigsty, but there were items strewn about. ‘Lacks a woman’s touch,’ mused Dawson to himself. Then, in the bedroom, the detective hit paydirt. Sitting on the bed were two laptops, one of which was still running. On top of it there was a large pile of documentation. This included countless Western Union receipts confirming transfers to and from the whole world: New Zealand, Mexico, the United Arab Emirates, Ukraine – wherever.
It was all very well having all these files and documents, but, as we know, Dawson needed evidence of a specific crime to bring a charge. As he picked up a huge bundle of papers, a single sheet fell out and floated to the floor. In the months to come, Dawson would often reflect on the serendipity of that moment. For on that sheet were the details of a gentleman somewhere in West Yorkshire with all his bank-account numbers on it. After studying it, Dawson realised this could be the vital smoking gun, because it included a password. If only he could prove that this person had never handed his password out to anyone, then he might just have a case. And that is why DS Dawson was so keen to talk to the Reverend Andrew Arun John. If John confirmed this, then Dawson could charge the suspect with a specific crime of online fraud, and a judge would almost certainly refuse bail. Dawson could then embark on the Herculean task of wading through this ocean of documentation.
