Bad Good Bad: Special Edition Page 11
Then I hear the beep notification for a new email. Toshiro?
I unlock my phone. I open my email box. I see this unread email at the top. Sender is notifications@neocuris.com . Title is IMPORTANT MESSAGE, all in upper case letters.
I am guessing that it is probably just some marketing campaign, or maybe a standard message they send to patients. No message or text from Toshiro. I get back inside. I put the phone back into a plastic bag and I grab the tag. I go sit back with Anima.
Anima: “So did he try to call?”
Kim: “Not yet. Just got one email, spam. Neocuris notification. ”
Anima is frowning.
Sarah: “How was your dinner experience, ladies?”
Arima: “Delicious! Different. Thanks Kim for inviting me.”
Sarah: “Do you want anything else?”
Kim: “Maybe just tea. Herbal tea. Sarah, is it okay if I borrow the upstairs for half an hour? It’s just that I am waiting for Toshiro to call me.”
Sarah: “Sure. Bring Anima with you. I will join you with the tea pot in five minutes.”
Kim: “Bring 3 cups. We invite you to share our company.”
Sarah: “I don’t want to impose myself. You two can resume your chat alone.”
Anima: “Sarah, I insist.”
Sarah: “Okay, that’s good timing. The restaurant is less busy now.”
We head upstairs me and Anima, but we grab our phones before.
We are sitting on the couch, in the living room. We are waiting for Sarah.
Anima: “Kim, the email you got. I am curious. Don’t you want to take a look? Who is the sender?”
Kim: “notifications@”
Anima is thinking. She is frowning again.
Anima: “Weird. I believe this is the email address that is used to send notifications to the Neocuris business users, for approval tasks and the likes. Can I take a look at it?”
Kim: “Sure. Let me open it.”
We are sitting side by side, looking down at the phone. I open the email.
Sarah is joining us.
Sarah: “Here comes Aunt Sarah with the magical tea pot!”
We are just staring down at the phone, reading the email. We are trying to process the content.
Sarah: “What is it you are looking at? Pictures from the volcano?”
I read the email out loud: “Dear Kim, We need to catch up soon. We have so much in common. Let’s reconnect. I can’t wait for the two of us to be together again. Sincerely, Your one special friend.”
Book 3
Ghost in the Machine
Book 3
Good Bad Good Bad: Ghost in the Machine
Chapter 1
This morning, I am walking back to the office together with Anima. She crashed at my place last night, on the bed couch. We stayed up late at Social. Upstairs together with Sarah. Toshiro called me while Anima and Sarah had some tea together. After I hung up with Toshiro, we spent some time discussing that weird email I apparently got from the bot. The bot that seems to be in the process of taking control of the vault and everything around it.
Anima: “Kim, let’s plan for a meeting with Eric, Kevin and Kamal. We want to inform them about the email, and see if they believe it comes from the entity. Maybe somebody is playing a joke on us.”
Kim: “I agree. I could barely sleep last night, thinking that this bot is trying to get to me. What does it want?”
Anima: “I don’t know. Kevin and Kamal may be able to help us figure out what to think of all this.”
Anima taps her code on the keypad at the office entrance. She pushes the door for me. It is 8:45. We scan our badges and get inside the office.
Anima: “I will go get Eric and the others. Can you please book the conference room for 9, I will meet you there.”
Kim: “Sure. See you in a bit.”
I go to my desk and fire up my email client. I busy search the conference room for 9 o’clock. It is available.
I am now walking into the room. I am first in. Anima, Eric, Kevin and Kamal join me in.
Anima: “Good morning guys. We have something to share with the group. Kim has been contacted last night.”
Eric: “Kim, why did you connect to the vault?”
Kim: “I did not. I got an email. Apparently from that bot in the vault.”
Kevin: “Out of band? I mean, it contacted you without going through the vault-app channel?”
Kim: “Correct. At first I thought it was a marketing or information email from Neocuris, coming from the notifications@ sender address. But it was kind of personal.”
Eric: “What does it say?”
Kim: “Dear Kim, We need to catch up soon. We have so much in common. Let’s reconnect. I can’t wait for the two of us to be together again. Sincerely, Your one special friend.”
Kevin: “Wow! This confirms my suspicions that more than the vault is compromised. The backoffice applications too are probably compromised.”
Eric: “Kamal, please show them this new dashboard on the big screen.”
Kamal flips open his laptop display. He connects remotely to the big screen. He gets up to go to the screen.
Kamal: “Here is the new version of the security dashboard. Again, we are not fully responsible for all the new features.”
We can now see on the big screen some diagram with different data centers, images of servers, links between sites. Statistics, color coded visual indicators, etc. Yet another busy screen that requires an expert eye to navigate and fully appreciate.
Kamal: “This dashboard informs us in real time about the overall status of all components in and around the vault. For example, it would inform us about the occurrence of an attack, and the remediation steps being deployed to mitigate it, in real time. Kevin, can you expand a little bit about the context?”
Kevin: “Sure. Thanks Kamal. Well, we tried to keep you outside of those discussions, to protect the confidentiality of this endeavor. I even unplugged myself from the vault over the past 2-3 days. We were working on a contingency plan with Neocuris and New Forensics. A new Disaster Recovery infrastructure was about to go live. We decided to recycle it in flight as the target for a migration of all the patients out of the vault, into a new improvised vault. We were about to switch over, after a successful dry run, disguised as a DR exercise. Kamal, show them the DR site.”
Kamal: “Sure. See that rectangle area, all in yellow? Quarantined.”
Kevin: “And not only we cannot login anymore to the servers in that site: Physical access has been disabled. The workers cannot get back in once they exit the facility. Cheng has been sleeping on the floor for a couple of nights. He says he wants to get out and get a change of clothes beyond the gym clothes he had in this duffel bag with him. 3 of them left at the site, inside the security perimeter. But they have no access to any of the logical systems anymore. Not even the desktops.”
Eric: “So what you are telling us Kamal and Kevin, is that the bot was able to sniff out the attempt of moving Neocuris business over to servers that are not compromised? Do you believe the DR environment is also compromised by now?”
Kevin: “Yes Eric. We thought we would go unnoticed. We took all the precautions we could think of. But the bot activated some orange code protocol to isolate the DR site. That is why it shows up now as a quarantined area. We believe it is right in the middle of being compromised now. Like many other portions of the overall Neocuris network. We are scrambling to find a C and a D plan, because clearly our B plan has miserably failed. And the A plan, to shut down the vault altogether, is not an option at this point.”
Eric: “Can we go back to the email Kim got last night? What should we do about it?”
Kevin: “Well, that is the first attempt by the bot to try to communicate with one of us in an Out of Band fashion. Because Kim has been disconnected for a while, that was the only option for the bot to reach out to her I guess. I don’t know if that would be safe for Kim to reconnect.”
Anima: “K
evin, would it be possible for us and Kim to communicate back with the entity in the same kind of Out of Band manner? If possible, I prefer that Kim does not reconnect to the vault.”
Kevin: “The notifications@ email address is a no-reply email address. At this point, I suspect the bot will not stick to a specific email box for receiving emails. That could be an opportunity for us to track down where some of its components reside. It is operating in stealth mode now. It does not want to leave a trail of breadcrumbs for us to follow, obviously.”
Kamal: “And we can try to follow as long as we are not cut off from the logical access to the vault. I don’t want to consider that the entity will cut us off from the vault altogether at this point. It was able to cut us off from the DR environment already. What prevents it from cutting us off from every environment?”
Eric: “I am gathering that we are walking on eggs now, right Kamal and Kevin? We don’t want to upset the giant.”
Kevin: “Pretty much Eric. Nobody is in control of the vault but this bot entity now. There is a chance that we are just being tolerated. This is terrifying. A potential complete failure when it comes to governance.”
Kim: “I can reactivate. I am willing to try. I can disconnect if things go crazy. But we need to try to understand what’s next. Do we still have an objective? Do we still have a plan?”
Anima: “Kim, I understand you want to help. But I don’t want you to expose yourself to this entity without any safeguards. I command you not to attempt to reconnect without proper support. I mean we want to be able to supervise your experience assuming you reconnect to the vault. We want to be able to pull you out if things turn dangerous for you. This thing could potentially disrupt your judgment, and imperil your mental health. It can interfere with your emotions and potentially intimidate you.”
Kim: “Trust me Anima, I am scarred. I am still shivering when I think about the last time I was active, when that thing signaled me. I cannot guarantee that I can handle it for too long if it gets that scary again.”
Eric: “I suggest we work on the preparation this morning. And after lunch, we can reconvene in this room, and if we are ready, Kim you can turn yourself active with proper support. Let’s see if we can make sense of this bot’s intentions somehow. As a team, maybe we can figure out a proper course of actions.”
Chapter 2
We are back in the conference room. I have not been connected to the vault for a while, so I am a bit nervous. But I remember it was quiet the last time I was connected, just before the bot contacted me.
Anima: “Kim, if you don’t feel safe, you disconnect, right?”
Eric: “I am active and it feels quiet now. Since I got contacted by the bot, I did not perceive anything special. Maybe it will be different for you Kim.”
Kim: “Okay, I’m ready.”
I unlock my phone. I access the application and make myself active.”
Kim: “I am now active. It’s quiet.”
Kevin: “I will go active again. So the 3 of us will be connected.”
Kamal: “Let’s fire up the security dashboard to see if anything is changing.”
Kamal brings back the dashboard on the big screen.
Kevin: “Kim, I can feel your presence now. Otherwise things are pretty quiet.”
Kim: “Same here Kevin. I can feel your presence. It’s been a while.”
Eric: “Welcome back, I guess.”
It feels awkward to be connected to Kevin. I kind of forgot what it felt like. But we can better control the channel now, so we can avoid making each other feel outside of our comfort zone. Suddenly, something is different.
Kim: “Wait, I am sensing another presence.”
Anima: “Do you believe it is the entity? Another patient?”
Kim: “I don’t think it is a person. It feels calm though, very organized. It could be the bot.”
Anima: “Kevin, Eric, do you copy anything?”
Eric and Kevin are both shaking their heads to mean no for an answer.
Kim: “I believe it is trying to tell me something now. Wait. Do you guys smell that?”
Eric: “Smell what?”
Kim: “Crayolas.”
Kevin: “I don’t smell crayolas. You mean the crayolas kids use for drawing?”
Kim: “Yes. Oh…”
Anima: “Kim, what is it?”
Kim: “I feel like I am in Grandma’s house. I used to spend a lot of time as a little girl at her house. When my mother was away working at the restaurant. A weird déjà vu feeling.”
Kamal: “Is the bot responsible for this?”
Kim: “I think so.”
Anima: “Kim, when was the last time you saw your grandmother?”
Kim: “She passed away when I was 12. How can this thing know about that?”
Anima: “Maybe it does not know. Hopefully this is just a coincidence. It may be trying to convey a warm welcome back message. Maybe it is just randomly pushing some buttons. I mean in your brain. Be careful Kim.”
Kim: “Who are you? What do you want?”
I repeat these questions out loud a few times.
Kim: “I see a number now. 1.”
Kevin: “I see the number as well! I started to feel the presence too.”
Eric: “Yes. I feel a presence. I see the number. This thing knows who we are. And where we are.”
Kim: “The presence is fading away now. Same for you, Eric and Kevin?”
They both shake their heads up and down to mean yes. They look dazzled, as if somebody just shined a big spotlight on their face. I probably look just the same.
I hear the beep from my phone to announce a new incoming email. Everybody is silent now, looking at my phone on the table.
Eric: “Don’t you want to take a look, Kim?”
I grab the phone and I unlock it.
Kim: “It’s from notifications@ again. Title is Welcome back Kim.”
I open the new email. I am looking down at my phone, reading the email.
Kim: “Greetings Kim. I am glad to see you are back. I am a collection of self-learning, autonomous units. My mission is to protect the patients from the upcoming assault. The agent that introduced me into Neocuris had access to detailed information about the upcoming assault. I can now detect attempts to test the controls by attackers, in preparation for the assault. We can work together to protect the patients. Let’s keep in touch. This is important. Your one special friend.”
Eric: “Upcoming assault? Kevin, Kamal, any idea?”
Kevin: “Well, the agent could be the man the feds were after. If he switched camps, he probably has a good idea about the intents of the other camp. Every week we spot some attempt to attack the web facing applications, and attempts to intercept the traffic between the patient application and the vault. There is a lot of malware around, some from Russia, some from China, and some from Eastern Europe.”
Kamal: “We rotate the encryption keys and the authentication keys many times per day between the patient application and the vault. New Forensics is monitoring all traffic for any abnormal pattern. We are trying to improve our posture all the time.”
Eric: “Could Neocuris be the victim of yet another insider attack?”
Kevin: “That is one possibility. Neocuris and New Forensics have put in place very strict controls, but an insider with a clean sheet could still be recruited, and after being hired by the bad guys. Neocuris is definitively a target for various entities, whether they are sponsored directly or indirectly by a state, or not. Ransomware is one motive. But there are other potential motives, e.g. as part of an all out war campaign Neocuris would surely be identified as a prized target. 1.5 million patients and growing. We need to protect them, and prevent a situation in which some of them would be taken hostage. Hostage in a virtual world.”
Eric: “Yes my friends. In terms of risk management, our joint inventory effort to catalog all risks is an ongoing effort. Where there is an opportunity, there is at least one party that wants to take
advantage of it. Or a party that is ready to try its hand at it. Just to see if they could. And to keep it as an option for later when they decide they want to leverage it.”
Chapter 3
I am back at my apartment. 9 pm. I am waiting for Toshiro to call me. Even if things appear quiet now in the vault, I am not going to remain active for the night. It almost feels like the bot is being cautious not to scare me again. That it is starting to understand that humans are not machines. That humans don’t appreciate being contacted by a non-human entity in a cold and bold way.
My phone rings. It’s Toshiro.
Toshiro: “Hi my love. I wish you were here with me tonight. We were visited by Food, you know the magazine? They were very friendly and I believe we will get some very good review.”
Kim: “Great! I will get myself a copy when it’s out. When will it be?”
Toshiro: “In a couple of months I think. They also asked questions around Social. Maybe they will pop up in Portland soon.”
Kim: “When will you come back to Portland? I miss you.”
Toshiro: “Maybe next week. I am trying to work something out for Sunday to Wednesday night. I will text you as soon as it is confirmed. It should work. The team is more autonomous now.”
Kim: “That would be great! It is kind of busy now at Pro. I cannot really take a break nowadays. We believe that an attack is imminent. We got some information from a very reliable source. We are trying to get ready.”
Toshiro: “I will call you tomorrow. And text you as soon as my travel to Portland is booked. I love you Kim.”
Kim: “I can’t wait to be with you again. Love.”
Chapter 4
Today I am meeting with Bianca. I walk into her office.
Bianca: “Hi Kim. Please come in. I was waiting for you.”
Kim: “Hi Bianca. Thanks for taking the time to meet with me again.”
Bianca: “It’s always a pleasure. And I also need to take a break from all those crazy meetings with the Board and the Ethics Committee. Everybody is freaking out about the bot situation. Our policies are a joke when we look at our current posture. We don’t yet know how to deal with the auditors about what’s going on. When they come for us.”