Read Rogue Code for Free Online Page B
Authors: Mark Russinovich
happy if she’d shown an interest in nearly any of the rich men with whom he worked. It was still traditional and common in Brazil for the young daughters of the wealthy to marry men who were contemporaries of their fathers. Such arrangements were mutually profitable to everyone concerned. Through such a marriage her father, Carlos Lopes de Almeida, long president of the Banco do Novo Brasil, would unite his family with another powerful and affluent family. The patriarchs would share the same grandchildren, who would in time inherit. His daughter would be assured of a life that continued in the style in which she’d been raised. All would remain as it was.
Bandeira wondered what Lopes de Almeida would think if he knew about the two of them. He smiled at the thought. He wondered even more just how much of Sonia’s interest in him was a youthful act of rebellion against her father and his traditional ways; certainly more than a small measure. Not that it mattered. He gazed at her and speculated what she’d think and do if she knew his real history, where he’d come from.
“What are you smiling at?” she asked.
He hadn’t realized she was looking at him. “Nothing.”
“Mmmm. I’ll bet it was something.”
I’ll tell her, Bandeira decided. I’ll tell her the whole story and just watch. That, he thought, easing back in his chair, will be something. Better yet, he reconsidered, I’ll show her.
7
TRADING PLATFORMS IT SECURITY
WALL STREET
NEW YORK CITY
9:17 A.M.
As Jeff Aiken and Frank worked in their assigned office on Wall Street that morning, Jeff reflected on how this assignment had come about. He was contacted two months earlier by the director of Trading Platforms IT Security for the New York Stock Exchange and had negotiated the terms of the project as well as the start date. The two had never met, but as was often the case, Jeff’s reputation preceded him, and his name came up by word of mouth. A common bot had been discovered on one of the Exchange’s Web servers, and security had no idea how it got there. The breach should have been impossible.
The director was Bill Stenton, a handsome African American man whom Jeff estimated to be in his early forties. Before meeting, Jeff had done his usual background research and learned that Stenton had been with the Exchange just three years, having come from the IT department of Wells Fargo. Though Stenton was reportedly competent, some of the feedback Jeff got characterized the director as high-strung and even difficult at times.
Jeff couldn’t help noticing that though trading platform security was a major component in maintaining the integrity of the world’s most important financial trading institution, there were three layers of bureaucracy between Stenton and the CEO. That was just one of several indicators to Jeff that the Exchange, despite all its computer and software dependency, didn’t give its core system’s security the attention it required.
When they met, Stenton told Jeff that his IT team was of the opinion that the trading platform had not been targeted specifically by the malware bot, but rather the NYSE site had been accessed by an automated scan searching for a vulnerability. Finding one, it had infected the system. The bot didn’t appear to have impacted any customers or disrupted operations, but there was concern because it had managed to get past the security team’s defenses, and it had been on the server for at least three days before IT stumbled across it while performing routine software upgrades on the system. If something as straightforward as a bot could make it into NYSE’s computers, then certainly malware far more dangerous could break through as well.
“We regularly run internal red team versus blue team exercises, but I’m concerned that we’re overlooking obvious weaknesses,” Stenton said evenly. “What we want is an external penetration test, the very best and most sophisticated you can manage. Our
Bandeira wondered what Lopes de Almeida would think if he knew about the two of them. He smiled at the thought. He wondered even more just how much of Sonia’s interest in him was a youthful act of rebellion against her father and his traditional ways; certainly more than a small measure. Not that it mattered. He gazed at her and speculated what she’d think and do if she knew his real history, where he’d come from.
“What are you smiling at?” she asked.
He hadn’t realized she was looking at him. “Nothing.”
“Mmmm. I’ll bet it was something.”
I’ll tell her, Bandeira decided. I’ll tell her the whole story and just watch. That, he thought, easing back in his chair, will be something. Better yet, he reconsidered, I’ll show her.
7
TRADING PLATFORMS IT SECURITY
WALL STREET
NEW YORK CITY
9:17 A.M.
As Jeff Aiken and Frank worked in their assigned office on Wall Street that morning, Jeff reflected on how this assignment had come about. He was contacted two months earlier by the director of Trading Platforms IT Security for the New York Stock Exchange and had negotiated the terms of the project as well as the start date. The two had never met, but as was often the case, Jeff’s reputation preceded him, and his name came up by word of mouth. A common bot had been discovered on one of the Exchange’s Web servers, and security had no idea how it got there. The breach should have been impossible.
The director was Bill Stenton, a handsome African American man whom Jeff estimated to be in his early forties. Before meeting, Jeff had done his usual background research and learned that Stenton had been with the Exchange just three years, having come from the IT department of Wells Fargo. Though Stenton was reportedly competent, some of the feedback Jeff got characterized the director as high-strung and even difficult at times.
Jeff couldn’t help noticing that though trading platform security was a major component in maintaining the integrity of the world’s most important financial trading institution, there were three layers of bureaucracy between Stenton and the CEO. That was just one of several indicators to Jeff that the Exchange, despite all its computer and software dependency, didn’t give its core system’s security the attention it required.
When they met, Stenton told Jeff that his IT team was of the opinion that the trading platform had not been targeted specifically by the malware bot, but rather the NYSE site had been accessed by an automated scan searching for a vulnerability. Finding one, it had infected the system. The bot didn’t appear to have impacted any customers or disrupted operations, but there was concern because it had managed to get past the security team’s defenses, and it had been on the server for at least three days before IT stumbled across it while performing routine software upgrades on the system. If something as straightforward as a bot could make it into NYSE’s computers, then certainly malware far more dangerous could break through as well.
“We regularly run internal red team versus blue team exercises, but I’m concerned that we’re overlooking obvious weaknesses,” Stenton said evenly. “What we want is an external penetration test, the very best and most sophisticated you can manage. Our
Similar Books
Night Chill
Jeff Gunhus
Mistress of the Catacombs
Drake David
Margaret's Ark
Daniel G Keohane
Caging Kat
Kayleigh Jamison
i 0d2125e00f277ca8
Craig Lightfoot
In Open Spaces
Russell Rowland
Rest Thy Head
Elaine Cantrell
Beatrice and Douglas
Kelly Lucille
The Girl's Guide to Homelessness
Brianna Karp
Love Far Away (A Spicy Contemporary Romance)
Leslie Cooper