With so many data breaches at major retailers in recent years, it is often hard to keep track of who has been hit by hackers lately. Inspired by recent events, IT veteran and author Greg Scott put together Bullseye Breach, a story about how Russians steal 40 million customer credit card numbers from a fictional Minneapolis retailer named Bullseye Stores.
Below is an excerpt from the book.
“Hi. This is Special Agent Connor Duncan with the FBI in Minneapolis and I need to speak to Daniel Berger right now, please.”
Evelyn seemed ready for this. “Mr. Berger’s unavailable at the moment. Is there something I can do to help you?”
“Probably not. Somebody’s using your store to steal credit cards on a massive scale. I need to talk to your CEO right now about that.”
“Sir, before we go any further, please know that this call is being recorded and we prosecute prank calls.” Connor detected an edge to Evelyn’s voice. This was to be expected—this was not a run of the mill customer call.
“Evelyn, I need you to put away your flowchart and connect me to a manager. Right now. I won’t ask again.”
After a few minutes, a manager named Glen came on the line. “Um, Special Agent Duncan is it? How may I help you? And do you know how many calls we get every day that say they’re with the FBI?”
“I don’t care how many calls you get. As I just told Evelyn, somebody’s using your store to steal credit cards on a massive scale. I need to talk to your boss’s boss’s boss right now.”
“I’m sorry, sir, but we can’t do that.”
“You can’t or you won’t?”
“We don’t have a direct line with Mr. Berger’s office.”
“He has a phone, doesn’t he?”
“I’m sure he does, but we can’t send callers right to him. That’s why Bullseye operates this call center.”
“Okay, fine. I just told you somebody’s using your store to steal credit-card numbers on a massive scale. Now what are you going to do about it? I suggest you shut down all your credit-card operations right now.”
There was silence on the phone for about five seconds.
“Um, sir, I don’t know who you are, but this is not funny.”
“No, it definitely is not funny. I told you who I am and I told you what needs to happen. If you can’t call your CEO, maybe there’s a manager above you who can.”
“Our call center is in North Dakota. That’s why we don’t know how to call Mr. Berger.”
“Uff-da!” said Connor, and he promptly hung up. “What a waste of time. I’ll call their PR person. At least they’ll be at corporate headquarters and not out in the middle of nowhere. Here it is, Brittany Chatsworth.”
He dialed and someone picked up on the third ring. “That’s more like it.”
“Brittany Chatsworth, Corporate Communications. How may I help you?”
“I’m Special Agent Connor Duncan. I’m with the Minneapolis FBI office and I specialize in financial crime. I need to talk to your boss right now, because we have reason to believe your company’s in the middle of an international credit-card racket. Every time one of your customers swipes a credit card, the number goes over to Russia and pops up again locally in the form of bogus plastic.”
“Yep, oh my. I have messages from seven major banks so far today. They’ve all found new batches of credit cards up for sale from somebody in Russia. All those credit cards have only one thing in common—they were all used at your store. Recently. Like after Black Friday.”
“And by golly! So what are we going to do about this, Ms. Chatsworth?”
“Agent Duncan, I’m sure we’re not a party to some fraud ring, and I know our computer security is the finest in the world.”
“I’m sure it is, Ms. Chatsworth, but if I don’t get through to a decision-maker quickly, I have an emergency warrant in my hand to shut you down. All it needs is a signature from any pissed-off federal judge who shopped at your store last week. Give me your fax number and I’ll send you a copy.”
“Let’s start over. Ms. Chatsworth, ma’am, I need to speak with Mr. Daniel Berger please. It’s urgent.”
“I’m sorry, but he truly is unavailable. He’s out of the country at some very important meetings.”
“And I’m sure he’s enjoying himself. In that case, may I please speak to the person in charge of all your technology? Please? Ma’am?”
“Why certainly, that’s an excellent idea. That would be Liz Isaacs. She’s our CIO. She gets out of her executive council meeting in a little over an hour.”
“Ms. Chatsworth, I’m only a fifteen-minute walk from your lobby. But I have a message from my boss in Quantico about Federal Judge Marvin Thornton, right here in Minneapolis. Apparently he has a problem with a credit card. As long as I’m waiting, should I stop at the Federal Building on the way to your lobby and tell him where his problem started?”
“While we were talking, the Russians stole about a thousand more card numbers from your customers. What’s it gonna be?”
This story, "Book excerpt: Bullseye Breach" was originally published by CSO.