It hit me as I stepped outside the Reagan National Airport terminal. Just five hours earlier I’d been in the bright sunny oven of Phoenix and now stepped into the hazy steam room of DC. Was I crazy? Two days ago I received a cryptic voicemail from a man calling himself John Galt. He said he had important information for my security economics blog readers. He gave me specific instructions to meet him at Fort Marcy Park in suburban Virginia at 2pm today. Was it a hoax? Well, it was too late to back out now.
I calmed down a bit as I drove my rental car up the scenic George Washington Parkway and saw the familiar views of the Pentagon to my left and the monuments over the Potomac to my right. It was good to be back in my old stomping grounds, even for a short time.
As soon as I got out of my car at Fort Marcy Park, I saw the back of a man wearing a beige trenchcoat and dark fedora. I figured it must be John Galt. He looked like he came straight out of central casting for a John LaCarre spy novel. He would have blended right in if this were the winter of 1950 in East Berlin. But this was a muggy 92 degree day in suburban Virginia. As I stepped beside him, I noticed sweat had soaked his obviously fake beard, which looked like it came from a dollar store Halloween costume.
He nodded. “Do you have the package?” he asked.
I opened my computer case and he pulled out the package. I said, “It’s all there. From the Tamale Store in Phoenix – one pork red chile tamale fundido style and one beef green chiletamalecon chilaquiles. And a side of papas con chorizo.”
He quickly grabbed the package.
“Best tamales in town”, he said. I couldn’t argue. He had good taste in tamales. I was hoping this wasn’t the most expensive DoorDash ever.
“Do you have information for me?” I asked.
“Yes. You remember Hanssen?”
A chill ran up my spine. I hadn’t heard that name in years. Of course I remembered him. Robert Hanssen had been one of the most notorious American spies in history. During the latter years of the cold war, the Soviets somehow discovered and killed many spies supplying valuable information to the US. There was obviously a US mole who had been providing the Soviets with the assets’ identities, but we had no idea who the mole was.
Hanssen, the mole, avoided detection for years as an FBI analyst. Certain FBI computer systems, in an attempt to make intelligence easier to share, allowed him to access to information for which he had no need to know. Hanssen used his unlimited access to view and obtain a treasure trove of classified information, including the identity of the spies. Further, the FBI had never done any routine audits of his activity, which would have immediately raised red flags. The FBI would never consider one of its own to be a traitor.
“I hope you didn’t bring me out here just to talk about old times” I said.
“No, I want to talk about Jaaack”, he said. When he said the word “Jack”, it was almost a guttural groan.
“Jack Dorsey? The Twitter hack?”, I asked.
“Yes – don’t you see? They are making themselves gods!”
He was referring to the Reuters report that more than 1000 Twitter employees, including consultants from Cognizant, had so-called “god mode” access to Twitter accounts. Attackers in mid-July took advantage of this ‘systemic’ vulnerability and surreptitiously accessed more than a hundred “blue check marks” (verified Twitter accounts) to push a crypto currency scheme. High profile accounts accessed included Bill Gates, President Obama, and Kanye West. The attackers made off, in a few cases, with the entire user data repository (including private messages) from an undisclosed subset of these accounts.
He went on, “The world is one tweet away from World War III, tweet-induced market melt downs, and political misinformation on a global scale, not to mention an upcoming election where Twitter has become a key forum for political discourse in light of pandemic restrictions. Jack chose to focus on “woke” changes instead of looking at a dynamic, challenging, and dangerous risk landscape! Robespierre would be proud, Jaaack!!”
He was now yelling. Sweat was seeping through his trenchcoat. I heard a woman in the park say, “Let’s get back to the car, kids. Now!”
I mumbled something about being late for my flight and hurried to my car. I started the car and blasted the air conditioner. I noticed my hands were shaking on the steering wheel. I looked back and noticed he was now reaching for his tamales. I started to calm down as the cool air hit my face.
It had been a bizarre encounter. Despite his quirks, I realized the old timer had some good points. Even if the number of reported “god accounts” was even remotely accurate, giving that many people unfettered access makes a serious breach all but inevitable. Privileged users need to be continuously monitored for their activities. Even if your privileged users are trustworthy, if they are duped into sharing their credentials, the results can be just as bad. The most devastating and embarrassing breaches occur from trusted insiders like Robert Hanssen and many others since then.
I may never know who the mysterious man in the trenchcoat was, but I have a feeling I will cross paths with him again. Perhaps he will give me more security tips in the future that I can pass on to my readers.
Like what you’ve read? Never miss a new post by scrolling to the bottom of this page, entering your email address, and hitting the Follow button.
Do you have a tip for the Security Economics investigative team? Send it to firstname.lastname@example.org. All information will be held in the strictest confidence. We’ll even supply the tamales.