Posted in excerpt, Spotlight, Thriller on June 9, 2016

bullseye breach



Ripped from recent headlines, this gripping cyber-attack tale has all the elements of an international thriller, including a floating corpse in the Gulf of Finland. Meet an underground criminal supply chain, its innocent victims, and an unlikely midwestern IT group with an ingenious way to fight back against the theft of millions of credit-card numbers. If data breaches were not routine by now, this story would be unbelievable.

Instead, it’s a snapshot of life in today’s interconnected world, and an unforgettable Internet safety education. IT security has never been so riveting!


amazon buybn buy


“Beneath every inch of the Internet superhighway is a vast sewer system, the underground home of cybercriminals who—”

Jerry Barkley abruptly paused in the middle of his speech on cybercrime, because he suddenly realized he was the only man in the room not wearing a suit. He gazed across the audience at the Retail Council monthly luncheon tucked in a second floor conference room in the Minneapolis Convention Center. These executives and their staffs represented the entire gamut of retail stores in Minneapolis, from Fortune 500 companies to small businesses. Some wore custom-tailored Italian silks, some wore off-the-rack polyester, but they all wore suits. Jerry didn’t feel inferior as much as he just felt out of place. Most of his friends were people in low places, regular folks who valued him for his independent spirit and practical knowledge of computers and networking. They didn’t care that he wore tennis shoes and slightly faded khakis. Besides, for this lunchtime talk he wore his very best sweater, the one with all the swirly colors that reminded him of modern art. As far as Jerry was concerned, he was plenty dressed up for the occasion.

There were just a few women in the room, and most of them wore suits or businesslike dresses. Wait—there was a cute brunette wearing blue jeans back at the Bullseye Corp. table. Jerry didn’t realize he had broken into a big grin when he saw her, but when she smiled back and their eyes met, the shock quickly brought him to his senses.

“—Uhh, so these cybercriminals could be anywhere in the world with an Internet connection, and while you’re sleeping, they’re wide awake and thinking of new ways to rip you off. I cannot emphasize enough the importance of standing guard against credit-card fraud…”

This last comment caught the attention of Bullseye CEO Daniel Berger, who was wearing a splendid blue suit from London that probably cost more than Jerry’s car. Bullseye was a giant among big-box discount retailers, with over 2,000 stores in the US and Canada. Berger leaned over and whispered to his chief information officer sitting next to him, Liz Isaacs.

“Liz, do we have a credit-card problem?”

“Hardly,” she replied. “It’s negligible and decreasing each year. Our biggest crimes are shoplifting and employee theft.”

“That’s what I thought. So why am I here listening to this? What I’m really interested in is the spring shopping forecast.”

But Berger knew exactly why he had to be there—because the Bullseye board of directors wanted him there. Mostly at the insistence of one director in particular, Henri Carpentier, who was on a security kick. Carpentier also sat on the board of a multinational bank, so he heard plenty of scare stories. And he liked to retell one of his own stories from his days as chief operating officer at digital media conglomerate WooHoo, Inc. about an Alaskan politician. Berger was tired of hearing it.

Ordinarily Berger would have fought coming to something like this, but he was already in the doghouse because of the company’s performance. For one thing, the Canadian store rollout was a nightmare. There were problems with construction, zoning, operations, sales, pricing—everything. When he soft-pedaled the situation at the last board meeting by saying the Canadian stores were “performing slightly below expectations,” the other board members rolled their eyes. The US-store quarterly numbers were also troubling, and that was after a subpar 2012 holiday season. Berger was counting on record 2013 holiday sales to save his butt. Credit-card fraud? The only security he needed was his own job security.

“…And of course the concept of the Trojan horse goes back to ancient Greece, where the Athenian army tricked the people of Troy by offering them a large wooden horse as a token of their surrender. The Athenians pretended to sail away, so the Trojans rolled the giant horse into the city, proud of the gift that honored their victory. But hidden inside that wooden statue were Athenian soldiers. When night fell they crawled out of the horse, opened the gates of the city, and let in the Athenian army to conquer Troy at last.

“Today’s clever cybercriminals also use trickery. If you see an email with an attachment you can open for a screensaver or maybe a link for free Viagra, don’t open it. It probably has a little program buried inside that will sit dormant for a while until it unleashes its payload. That’s why I always warn my customers to ‘Beware of geeks bearing gifts.’”

Jerry stopped for a second to let the laughter roll in, but it didn’t. There were scattered groans around the room but most people sat expressionless. A few smiled politely, but the only audible chuckle came from the Bullseye table. “At least that lady in the blue jeans got a kick out of it,” thought Jerry. “What’s wrong with these people?”

Berger leaned over to Liz again and asked, “What do you think of this guy?”

“Well,” said Liz, “how can you take him seriously? He’s wearing tennis shoes!”

Liz Isaacs was impeccably dressed in an Armani muted-gray cashmere blazer, an ivory blouse by Gucci, and a vintage Dior plaid skirt. She had been dressing for success since grade school. Nearly six feet tall and strikingly pretty with brown hair down to her chin, Liz could have been a model, but she wanted a CEO’s corner office some day and all the status that came with it.

“And that sweater,” she continued. “Have you ever seen anything so horrendous?”

“That’s one of ours,” piped in Jesse Jonsen—the one in the blue jeans. “We sell those at Bullseye.”

All Liz could do was glare at her. Liz saved a more intense dirty look for Berger, one that said, “How dare you sell this crap in our stores? It never would have happened when I was a buyer!”

Liz hated Berger because he put profit ahead of the product. She joined Bullseye twenty years earlier as an assistant buyer because she loved the quirky charm of their products. Buyers traveled the world to find small factories that could produce low-cost household products and clothing that had their own unique style. She would never forget her first trip to Taipei to look for a line of women’s spring shoes. The idea was to create low-end “chic” merchandise that women could blend with their designer clothes.

But since Berger took over, that feeling of fun with a strong fashion sense disappeared. When the recession hit, he cut most overseas travel. And instead of investing in fun products or advertising, he expanded the grocery sections and turned Bullseye into a convenience store on steroids. The greedy pig.

Jesse didn’t care about fashion, not since she was a teenager anyway. She wore a black off-brand blazer with a red turtleneck. And of course, blue jeans. She was more concerned with comfort than dressing for success. She took her job more seriously than her appearance. Her dark brown hair was cut in a pixie style, which—combined with her youthful face—made her look like a teenager, even though she was in her early thirties. Jesse was also a good foot shorter than Liz, so when the two of them walked down the hallway together, people joked it was “Bring Your Daughter to Work Day.”

Liz was still riled up. “That sweater is totally inappropriate,” she said. “I haven’t seen anything this bad since…” And then she looked over at Berger’s ill-fitting toupee. He looked every bit the CEO, trim and fit for a man in his mid-fifties, tailored suits, good tan. But that stupid hairpiece…

“Ryan, what do you think of the presenter?” asked Liz, determined to quit talking before she said something that might offend Berger.

Ryan MacMillan was director of server operations at Bullseye, Inc., reporting directly to the CIO. An important title that meant Ryan was a Windows system administrator. At age thirty-seven, he did his best to blend into the corporate culture with his crisp new Dockers and buttoned-down pinstripe shirts. He enjoyed the tech challenges and prestige from overseeing thousands of servers deployed across the country. Especially the prestige.

“This guy’s a total idiot,” said Ryan. “He still wears his phone on his belt. Nobody does that anymore. I don’t. Besides, I know all this stuff. The only reason this meeting isn’t a total washout is the company paid for lunch. And the chicken was pretty good. This time.”

“We don’t have to worry at Bullseye because we have state-of-the-art security and an outfit in India monitoring all our Internet traffic 24/7. If anything looks suspicious, they’ll contact Jesse.”

“Whoopee,” thought Jesse. Before the recession she headed Bullseye’s fraud department. Those were the good old days, when her team was one of the best in the country. But then Berger outsourced the entire department to Bangalore to save a few bucks. His bonus went up again that year. Jesse was reduced to monitoring the monitors. Her job wasn’t fun anymore.

“Well I think he’s making some good points,” said Jesse. “The criminal mind never stops. They enjoy finding new ways to take advantage of clueless people. That’s a big part of their motivation—along with the money, of course.”


About the Author

Greg Scott is a veteran of the tumultuous IT industry.  After working as a consultant at Digital Equipment Corporation, a large computer company in its day, Scott branched out on his own in 1994 and started Scott Consulting.  A larger firm bought Scott Consulting in 1999, just as the dot com bust devastated the IT Service industry.  Scott went out on his own again in late 1999 and started Infrasupport Corporation, this time with a laser focus on infrastructure and security.  In late summer, 2015, after “Bullseye Breach” was published, he accepted a job offer with an enterprise software company.

He currently lives in the Minneapolis/St. Paul metro area with wife, daughter, and two grandchildren.  He holds several IT industry certifications, including CISSP number 358671.

Scott graduated from Wabash College in Crawfordsville, Indiana, in 1979 with a double major of math and speech.  He earned an MBA from the University of St. Thomas in Minneapolis in 1996.

In the 1990s, he wrote a popular column on the back page of IT industry publication ENT Magazine titled, “NT Heartland,” and another column in Enterprise Linux Magazine titled, “Converts Corner.”

Inspired by The Goal, by Eliyahu Goldratt, a business textbook disguised as a fiction story about the resurgence of a rundown factory, Scott decided to write what would become Bullseye Breach after becoming frustrated from too many sensational headlines about preventable data breaches.

Website * Twitter