Chapter 32 Finding a needle in a haystack

**031Finding a needle in a haystack**

"How does it feel on your first day at work?"

What Meng Fei didn't expect was that Luo An's WeChat profile picture would actually light up and send greetings.

During working hours at the bank's desk, you are not allowed to turn on your mobile phone at all.

They can only contact VIP customers through work WeChat ID and operate on the computer.

But Meng Fei is not subject to this restriction. He has Internet skills. The most powerful bug system in his brain directly controls the mobile phone in his pocket.

“It feels okay.”

Meng Fei was actually talking about the girl next to him.

"Is the case difficult?"

Luo An only cares about business.

If the experts he selects can successfully solve the case, the relationship between Mantis Software and relevant departments will be further deepened, and they will be more qualified to compete for more projects.

But on the other hand, if everything goes wrong, Meng Fei will suffer a small loss, but Mantis Software’s reputation will suffer a lot.

"Don't worry, big boss, I will take care of it."

Luo An was stunned. I had heard that this guy was reserved and cautious before. Why is he so overconfident now?

In fact, this case is indeed difficult for Meng Fei. Even if he has the system at hand, he will still have some troubles.

But you should always be confident in front of your boss, unless you have trouble with your future.

The case seems very simple, it's just that the money of several VIP customers was transferred away inexplicably.

But it’s complex, and finding the real reason is like looking for a needle in a haystack.

In the past two weeks, small amounts of hundreds or thousands of funds have been transferred from the accounts of VIP customers of Golden Turtle Bank to an illegal account that has been monitored.

The bank did not immediately shut down the illegal account. The shutdown was actually not a big deal. This account was just used by the mastermind behind the scenes to collect money.

If you block this person, you will not only alert the snake, but he will also be able to use other accounts in the future. Then your monitoring may not be able to detect it.

The VIP customers of Golden Turtle Bank are all wealthy people, so they usually don't even notice this small amount of transfers.

When people from the bank called to inquire, they discovered that the money in their accounts had been transferred inexplicably, and they all denied that they had done anything.

Judging from the system records, the money was transferred through legal operations by entering user names and passwords.

Some people may think, oh, I can just check the IP addresses of these operations and find out where the operators are.

In fact, this meaning is for reference only.

Even if people don't hide it deliberately, with NAT forwarding everywhere and countless machines sharing IP addresses, it will be difficult to locate the real culprit through the IP address.

If the other party sets up a proxy and moves the IP overseas, or simply walks on the street and finds a wifi hack to access the Internet, you can easily blame others.

The person in charge of this case is the Cyber ​​Security Section of the Criminal Investigation Bureau. They have already investigated this information and sent it to Meng Fei's mailbox.

Meng Fei browsed through them one by one. He could see that, at least on the surface, the machines that initiated the operation were the customers' own computers.

Since these computers all belong to the users, and the users all deny operating them, there is no clue.

This is a real veteran, a veteran who leaves no trace.

Even if you can check the overseas proxy server, that would be great. At least you know that someone has done something to it.

If it's just VIP customers who really leak their passwords and have them manipulated by others in other places, it's actually not a very serious problem.

But within two weeks, hundreds of VIP customer accounts and passwords were leaked at the same time, which is a bit scary. You don't even know how much was leaked.

The account list of VIP customers is only saved in the bank. Therefore, even if we don't talk about how the password was leaked, the account list can only be leaked from the bank.

If there is a leak, Mantis Software will not be able to escape its involvement. The security system of Golden Turtle Bank was developed and maintained by Mantis Software.

Because of this, the bank requested the Criminal Investigation Bureau to invite an expert from the Expert Academy who is familiar with Mantis software to participate in the investigation.

This must be Meng Fei who just took office.

His mission is not to catch the mastermind behind the illegal money transfer, but to find out how the bank account numbers of VIP users were leaked.

A task like finding a needle in a haystack.

But VIP account managers are the biggest suspects.

Because there is a huge pit here, which is also the weakest point of the entire system.

The VIP account manager's computer can access VIP customer information from the server, which is necessary for their operations.

Just to prevent account managers from leaking this information, the security system uses various technical means to protect them so that they can only see the necessary information. Once they see it, it is difficult to copy or send it out.

If there is a way to break through the restrictions of the security system, account managers may obtain this information and sell it to black organizations.

This does not mean that leakage is impossible through other channels. But based on Meng Fei’s experience, bad guys always choose the easiest link to start with.

He must first be familiar with the operating routines of VIP account managers, and then analyze step by step to see if there is any possibility of breaking through the shield by chance.

Even if it doesn't appear on the surface, if you look closely at every line of code and every instruction, the vulnerability may be hidden.

Maybe it cannot be triggered by normal operations and can be exposed by using some special actions.

For example, there was a very funny vulnerability in Windows in his previous life.

Originally, you had to enter your username and password when logging in. Later, someone accidentally discovered that you can skip this step by switching the input method when entering the password.

Password restrictions become a virtual reality.

Perhaps the source of the leak was that an account manager accidentally did an unusual operation and found that he could see the account list of VIP users and downloaded it?

Meng Fei didn't need to analyze step by step, he directly called up the BUG system in his brain.

"Scan all vulnerabilities that may expose VIP customer account lists."

At this time, he could feel countless codes and logic running through his mind like lightning.

The first few times he used the strongest BUG system, he didn't feel this way, and everything passed by without any awareness.

It can be felt now because as his level increases, his control and understanding of this power from the system is getting stronger.

He could feel the powerful computing power coming from nowhere, analyzing every bit at an incredible speed.

Eventually a series of vulnerabilities were listed.

He shook his head repeatedly.

It's not that these vulnerabilities are unavailable, but that it's too difficult to exploit them.

If you get a development team and work hard for a few months, you may be able to use one or two of them.

It is absolutely impossible for a VIP account manager sitting here with empty hands and working alone to use these loopholes to obtain the customer's account list.

But the results of his analysis this time could only confirm that there was no problem with the client in front of him and the server connected to this time.

He didn't know if other machines would be different.

In theory, the software on these machines is the same.

But no one knows whether different versions of patches will be installed on different machines, or whether the insider will simply install a Trojan horse that directly destroys the security system?

He plans to analyze all the machines used by VIP account managers.

This is not something you can do by just installing an anti-virus software and scanning it once.

Anti-virus software can only recognize viruses and Trojans that it recognizes. If you write a normal-looking program to "steal" information that already exists on your machine, there is a high probability that the anti-virus software will ignore it.

What he needs to scan is all the code that may be run on the machine, whether it is a virus or not.

He needs to know their source, purpose of operation, specific behavior, and whether there are vulnerabilities.

It is equivalent to a comprehensive security test of a lot of unknown software.

This probably involves a total of more than 300 computers in the account manager's office on this floor.

Before the change, even if you didn't count the time spent developing scanning tools, it would be considered good to be able to develop ten of them in a day. This work would take at least a month.

But now he can directly use the BUG system to scan one after another.

Of course, he won't walk around in front of every computer to perform his "magic" in front of everyone. And the time is not so tight.

He would do this in the dead of night when everyone was off work.

So during the rest of the day, I just hung out and browsed websites and flirted with girls on WeChat.

The working time in the morning always goes by extremely fast. Especially when there is a beautiful female colleague sitting next to me.

At this time he heard a cooing sound.

He lowered his head and whispered to the girl beside him:

"Your stomach is ringing."

Xiao Han, who had been busy with work and forgot about time, finally realized what he was doing, and his fair face suddenly turned red.

"Oh, I'm so sorry, I almost missed my meal!"
Chapter completed!