Chapter 120 Permissions: This permission is the key.
The disappearance of money deposited in the bank immediately triggered a huge panic that erupted in Yancheng.
In just one week, the phone at the Municipal Public Security Bureau's Petition Office and Criminal Investigation Detachment never stopped ringing.
"Officer Wang, I need to report a case! The money I deposited at the Chengnan branch has been inexplicably transferred to the account of a complete stranger at the Chengbei branch, but I had no idea..."
"Captain Zhao, my wife's retirement pension savings book had 1,200 yuan in it last month, but when we checked at the bank today, it was all gone! The savings book has always been in a drawer at home, and no one has touched it. How could the money just disappear? You must help us!"
"Comrade! I run a small shop. I don't have much money, but it's all hard-earned! The bank staff said I withdrew the cash at a bank counter in the eastern suburbs, but I didn't even leave the shop that day!"
The victims came from diverse backgrounds, including small shop owners, retired teachers with gray hair, and female textile factory workers.
The only thing they had in common was that the amounts in their accounts were small, ranging from a few hundred to a few thousand yuan. Without their knowledge and with their passbooks properly kept, the money was transferred or withdrawn "legally." The operations took place in various corners of Yancheng and even across cities.
The bank's internal investigation has become even more complicated. Every transaction is clearly recorded in the electronic log, showing the specific terminal number, time, and transaction type as "compliant with procedures." However, when the bank traces the transaction to that terminal, the teller on duty either looks blank and swears they didn't do it, or the terminal was simply under maintenance at the time.
The Municipal Public Security Bureau attached great importance to the case and formed a special task force, headed by Director Zhong, with the participation of all members of the Economic Crime Investigation Team. Jiang Ling's psychological profiling team was also recruited into the task force.
Zhong Ju's expression was grave. He slammed a thick stack of police reports on the table: "You've all seen this? This is not an isolated case! This is an organized, premeditated series of thefts that exploited vulnerabilities in the banking system. It is extremely heinous and has a serious social impact. The Party Committee of the Bureau has decided to establish a special task force for the 7.16 series of financial thefts. I will serve as the task force leader, and Zhao Tiezhu from the Economic Investigation Department will serve as the deputy task force leader."
His sharp gaze swept across the room: "Comrades, this is a new type of high-tech crime, involving computer fields that none of us understand. But no matter how difficult it is, we must find this 'ghost' hiding in the banking system!"
The pressure came down like a mountain.
In the temporary office of the task force, Li Bin, a key technical member of the Economic Investigation Brigade, had been working through the night for several nights.
Several bulky monitors flickered with a faint green light, scrolling not with clear data, but with densely packed bank back-end logs and obscure terminal command codes. The printer hissed, spitting out papers that covered half the conference table.
Li Bin hadn't showered or washed his hair for several days; his hair was greasy and he had heavy bags under his eyes. He and two equally exhausted young economic crime investigators were trying to find some clues from this vast sea of data.
"Check! Check all the operation logs of terminal A07 from 2 pm to 3 pm yesterday!" Li Bin's voice was hoarse, filled with suppressed irritation.
"Old Li... the system is reporting an error, insufficient permissions," a team member mumbled.
"Then go find the bank's IT department and ask them to grant you access. What are you dawdling about here?" Li Bin slammed his hand on the table, causing the ashtray to bounce and spill ash. He took a deep breath, trying to calm himself. "Xiao Zhang, over there, did you find the source of that 'maintenance period login' at the West Suburbs branch's B02 terminal at 9 PM the night before last?"
"I checked the IP range, and it's a general gateway address for the bank's internal maintenance network. The target is too vague, and at that time, the maintenance team said no one was using that gateway." Xiao Zhang's voice was weak.
Frustration washed over Li Bin like a cold tide, wave after wave. He felt like a hunter with primitive tools tracking an invisible man in a primeval forest.
The system logs clearly showed that the "ghost" was there, and the operation had been performed, but when he ran up to it breathlessly, the terminal was either empty or the operator looked completely innocent.
Several groups of bank technicians came, and they kept repeating the same few sentences: "The logs show that the process is normal," "The system has not been hacked," and "It may be an internal access control issue."
Internally? After a thorough internal investigation, no employees with obvious problems were found. Could it really be something fishy?
"Catching ghosts... damn it, catching ghosts!" Li Bin stubbed out his cigarette hard, his greasy hair hanging down his forehead, his eyes behind his glasses filled with bloodshot veins and a kind of desperate confusion. His proud accounting skills and process analysis seemed so pale and powerless in the face of this pile of electronic data that seemed compliant but led to absurd results.
In contrast to the anxious and chaotic atmosphere in Li Bin's office, the atmosphere in the psychological profiling team's office was calm and focused.
A large map of Yancheng is displayed on the wall, marked with different colored pins indicating the locations of bank branches where crimes have occurred and the residences of the victims. On another wall are victim information, a timeline of the crimes, and an analysis of the modus operandi.
Jiang Ling stood in front of the whiteboard, the marker in her hand making a soft scratching sound. She had just completed in-depth interviews with the latest five victims.
Jiang Ling's voice was clear and steady: "Let's start by analyzing the victims. Their identities include small business owners, retired teachers, ordinary employees... Their social relationships don't overlap, and they don't know each other. Common point one: They are mainly middle-aged and elderly. Common point two: Their account activity is highly regular. Retirement pensions are deposited on fixed dates, small business owners make regular deposits, and employees spend their wages daily. Common point three: According to information gathered indirectly, the bank passwords they set were generally very simple, such as birthdays, consecutive numbers, or the last few digits of their phone numbers. This was a common phenomenon in that era, and it also shows their complete lack of awareness of high-tech crimes."
As she spoke, Li Zhenliang wrote down the keywords on the whiteboard: predictable, weak password, low vigilance.
“Operational pattern analysis,” Jiang Ling switched to a red pen and circled on the timeline and map, “First, small amounts, dispersed, with each transaction ranging from a few hundred to several thousand yuan, never crossing the large-amount monitoring red line, and operations distributed across different branches to reduce single-point risk. Second, precise time windows: concentrated in the afternoons of weekdays from 3 to 4 pm, evening maintenance periods, and even off-peak times on weekends. Third, clear path: multiple small amounts of illicit funds are transferred to the same account under the name Sun Ming, and then quickly withdrawn through ATMs in different locations. Fourth, stable and skilled methods: from the first case we discovered, the Zhang Chunhua case, to now, the pattern is highly consistent, with no obvious trial-and-error period.”
The marker struck the whiteboard heavily. Jiang Ling turned around and glanced at the three team members: "Next, we can conduct a preliminary analysis of the perpetrator."
"The perpetrator was extremely familiar with the bank's counter operations. He knew precisely when operators were easily distracted, when back-office management was lax, and how to utilize maintenance periods. This is something that outsiders could not possibly grasp in a short period of reconnaissance."
"He has a certain technical background or knowledge, and can understand the basic logic of instruction flow and authorization authentication within the banking system. He knows what operation records will leave and what can be avoided. But he may not be a top hacker. His methods are more inclined to exploit rules and management vulnerabilities than to directly brute-force intrusion or write high-difficulty viruses."
“He exploited the chaotic internal management of the bank, such as the vague division of authority, incomplete or untraceable operation logs, lax management of physical terminals, and weak security awareness among employees.”
At this point, Jiang Ling turned her gaze to Li Zhenliang: "Liangzi, you do the psychological profiling. Let me see how much your skills have improved in the past three years."
"Yes!" Li Zhenliang responded with great enthusiasm. "The nature and scope of this case are very clear. The team leader has already explained a lot, so I will start sketching the suspect directly."
"Judging from the small, dispersed amounts of the thefts and the lack of haste, this person is extremely cautious, knows how to avoid risks, and is highly planned and patient. His thefts targeted the entire banking system rather than any specific individual, carrying a challenging connotation, and may have stemmed from some resentment or a desire for excitement. I deduce that the perpetrator most likely had deep connections with the banking industry, possibly being a former teller who was fired, an outsourced maintenance worker, a technician from a partner company, or even... a marginal figure still employed but intimately familiar with system vulnerabilities and harboring resentment."
Liu Haoran excitedly raised his hand: "I feel like this person is a key maker. He made a copy of the key to open the bank's system in advance, and then took the opportunity to sneak in and steal money."
Jiang Ling smiled slightly: "Hmm, that's a good analogy."
Following his train of thought, Li Zhenliang continued to refine the psychological profile: "Core profile: Male, 25-35 years old, with a background or fervent interest in electronics, communications, or computers, and highly likely to have worked in banking or telecommunications systems. Arrogant and self-important, disdainful of existing system vulnerabilities, viewing crime as an intellectual game. Possesses strong counter-surveillance awareness, acts efficiently and calmly, and enjoys the thrill of stealth and manipulation. May have economic pressures, such as gambling, debt, or strong material desires as a direct driving force. His social circle may be narrow, but he has a certain influence or seeks recognition within a specific small circle of computer technology enthusiasts."
Zhou Wei shook his head: "Liangzi, your analysis is quite good. But based on this sketch, the scope of the investigation is still quite large. And even if we find this person according to the sketch, what about the evidence? Where is the evidence?"
Li Zhenliang asked, "Since he used Sun Ming's savings card to withdraw cash from ATMs, then send people to continue staking out the dozen or so ATMs in the city and catch him red-handed!"
After saying this, Li Zhenliang looked at Zhou Wei and said, "Come on, you're in charge of defining the scope."
With perfect coordination, Zhou Wei picked up a red pen and quickly circled the locations of the ATMs on the unfolded map of Yan City. "Look," she said, "the ATMs are scattered across several bank branches in the east, west, north, and south of the city, and even extend to neighboring cities."
Zhou Wei observed the savings banks circled in the diagram and quickly made a judgment: "The location selection tends to be of newly opened branches, or branches in relatively remote locations with low foot traffic and potentially insufficient surveillance coverage. This is not random wandering, but the result of careful selection."
In the 1990s, surveillance was not widespread. It was only installed on some road sections and in important monitoring areas, and the surveillance images were very poor, basically only showing a blurry figure.
Zhou Wei pointed to the time record and continued, "The crimes were committed during the lunch break from 11:30 to 14:00 and the evening from 16:30 to 18:00, which are off-peak times when the counters are relatively relaxed. It is obvious that the perpetrators were very familiar with the savings bank's business operations and had scouted the location in advance."
Jiang Ling smiled wryly: "Team Leader Zhao has already set up a stakeout and has been waiting for them for several days."
The Economic Crime Investigation Team is experienced and deploys officers to stake out any bank branches or ATMs where problems occur, but the opponents are very cunning.
After Zhang Chunhua reported the case, major banks were packed with people demanding to withdraw money and check accounts. The perpetrators must have received the news and immediately stopped committing further crimes. Even though the Economic Crime Investigation Team deliberately instructed the banks not to freeze Sun Ming's account in an attempt to lure him into continuing his activities, he remained vigilant and did not take the bait.
Upon hearing this, Li Zhenliang frowned deeply: "If he hides, that will be really difficult to handle!"
Liu Haoran muttered, "Didn't we tell Captain Zhao not to escalate the situation and not to alert the enemy?"
Zhou Wei countered, "Do you think we can control the current situation?"
For a moment, everyone fell silent.
Yes, money is the foundation of life. Anyone would panic if their money in the bank were transferred out without their knowledge.
As the saying goes, good news doesn't travel far, but bad news travels fast.
Since Zhang Chunhua reported the case, the impact has continued to expand, and the bank is facing the risk of a run on deposits and a serious crisis of trust.
Since we can't solve it from the outside, we can only try to find a solution from within the system.
Liu Haoran continued his "key duplication" explanation: "The key question is, what exactly is the 'key' he copied? How was it copied? That's where Lao Li from the technical team got stuck."
The clues seemed to be pointing in the right direction, but how to catch the person who secretly made the "key" remained shrouded in mystery.
Although Jiang Ling took the lead in proposing to investigate the bank's internal system based on her understanding of cybercrime from her previous life, she did not understand computer technology and felt the pressure at this moment.
Although the basic outline of the thief had been sketched out, the task force members still didn't know how he made the key or how he operated it. Therefore, everyone felt somewhat powerless about how to catch him.
Jiang Ling thought for a moment and said, "Time is tight. We can't just wait for Li Bin and his technical team to produce results. We still need to ask for outside help for this case."
Li Zhenliang and the other two looked at Jiang Ling at the same time: "What foreign aid?"
Jiang Ling smiled slightly: "You've forgotten someone."
Li Zhenliang asked curiously, "Who?"
Jiang Ling picked up the phone and dialed a number: "Jiu Shan, are you home yet? Come over here, there's a case we need your help with."
A clear and cheerful voice came from the other end of the phone: "Sister Ling! I'm coming right away."
Li Zhenliang, Liu Haoran, and Zhou Wei slapped their thighs at the same time, their expressions filled with excitement.
"Oh yeah, I almost forgot about Liang Jiushan!"
“He studied computer science, so maybe it will come in handy.”
"Kyoto University's computer science program is one of the best in the country. It would be great to have him give it a try!"
Liang Jiushan was very talented in studying. After being admitted to Yanshi No.1 High School in 1994, he worked hard and completed all the high school courses in just one and a half years. He took the college entrance examination a year early and entered the Department of Computer Science at Kyoto University in September 1996, majoring in software engineering.
Under Jiang Ling's guidance, Liang Jiushan predicted the future direction of computer development in advance. In February 1998, he and several like-minded classmates founded "Star Shield Technology Company". Initially, the business focused on database construction and maintenance. They quickly opened up the market and the company's business flourished.
While waiting for Liang Jiushan to arrive, everyone's conversation revolved around him.
Li Zhenliang's words were full of nostalgia for the past: "Jiu Shan, that kid, is about to be a junior in college. Time really flies. Back then, he was just a junior high school student, and he got into a fight with Qian Darong and ended up in the police station."
Liu Haoran nodded and said, "That's right. Back then, he vowed to go to police academy and become a policeman, but now he's running a company and is a boss."
Zhou Wei said with a smile, "He was still young back then, always following our team leader around, even doing his homework at the police station. You know what, that kid was smart, he could succeed at anything. If he had become a policeman, he would definitely have been a great and capable policeman like our team leader."
Jiang Ling has always had a special feeling for this boy she has watched grow up.
Perhaps because Liang Jiushan's fate was changed because of her, perhaps because Liang Jiushan was particularly close to her, or perhaps because Liang Jiushan was as sunny and innocent as a younger brother, Jiang Ling was happy to guide him.
When Liang Jiushan was filling out his college application, he originally wanted to apply to Huaxia Public Security University, but Jiang Ling told him that the future public security system would need computer and network technology talents the most, and Huaxia Public Security University did not offer a computer major.
Moreover, attending a police academy is not the only way to enter the public security system.
Following Jiang Ling's advice, Liang Jiushan was admitted to the Department of Computer Science at Kyoto University with excellent grades. During his university years, he not only studied theoretical knowledge diligently but also became active on various BBS forums. In the second semester of his sophomore year, he started a technology company with three friends.
It's summer vacation now, and Liang Jiushan had already made plans with Jiang Ling to return to Yan City together, so Jiang Ling immediately thought of him.
Half an hour later, Liang Jiushan arrived.
He had grown even taller, and his appearance remained outstanding, but he didn't care about that. He still dressed like a student, wearing a faded T-shirt and jeans, carrying a bulging laptop bag, and his eyes were clear.
When old friends meet, they exchange a few pleasantries and then get down to business.
Jiang Ling often met with Liang Jiushan in Kyoto and didn't stand on ceremony with him: "Jiushan, this case is very strange, like a ghost story. The money disappeared from the bank's system, and the records all show normal. The technical team has determined that it was a vulnerability in the bank's system, but we have no idea where the vulnerability is or how the other party operated it."
Li Zhenliang added, "It's like an invisible ghost swaggering into the bank's back office. It doesn't need to steal passbooks, ask for passwords, or even the account holder's signature. It can operate on the ATMs, transferring money or having someone else withdraw it. The bank's own records even show that the operation is legal and compliant. We've checked and checked—the terminal number is there, the time is there—but when we go to the site, either the person isn't there, or the machine shouldn't have been operated on at that time! Old Li and his team in the technical team are going crazy from the back office logs."
Liang Jiushan listened quietly, his eyes growing brighter and brighter.
When he heard everyone say "the operation record is normal but the operator cannot be found" and "the terminal was logged in during maintenance", he sat up straight: "Sister Ling, this is 100% exploiting a vulnerability in the bank's internal authentication and permissions system!"
Jiang Ling perked up and gestured for him to explain in detail.
Liang Jiushan spoke faster: "Early bank internal systems, especially the network authentication between counter terminals and back-end servers, were often very crude. I have studied some cases and materials!"
He opened his laptop bag and took out a thick notebook.
He quickly sketched a flowchart in his notebook, explaining as he drew: "A teller needs to log in to the system by entering their employee ID and password to operate the terminal, right? During this login process, the terminal and the backend server need to perform identity authentication. That's where the problem lies!"
"First, the password may be extremely simple or default. In many early systems, to save time or because the administrator was lazy, the initial password might be '123456', 'password', or even the username itself, and it was not forced to be changed for a long time."
"Second, the authentication protocol is fragile. Some older systems use authentication methods where the transmitted passwords are even in plaintext, or the encryption method is very easy to crack."
"Third, and most importantly, there is chaotic access control. There may be some general, high-privilege maintenance accounts with passwords that everyone knows or are used by default. In some cases, certain terminals may have backdoors or default debugging accounts that can be logged in without the teller's authentication information."
After recounting the problems with the current banking system in one breath, he looked at Jiang Ling and said with certainty, "Sister Ling, the 'ghost' you mentioned doesn't need to steal any specific teller's ID card and password. He only needs to find a way to illegally obtain an account and password with operating permissions, or even directly use a backdoor in a terminal that is not locked or in maintenance mode, to remotely or locally simulate himself as the 'legitimate' user and send transfer or withdrawal instructions."
Although Jiang Ling was completely confused, it didn't stop her from grasping the key words: "You mean, the perpetrator only needs to obtain login privileges to operate anywhere?"
Liang Jiushan nodded: "That's right! The backend server only recognizes account passwords or specific login statuses. It doesn't care whether the person sitting in front of the terminal is Zhang San, Li Si, or Wang Ermazi. So of course the log shows 'legal operation' because the command was indeed issued with valid credentials."
Liu Haoran's eyes widened: "This access is the key. He stole the key, so he was able to open the door to the bank's system."
Liang Jiushan looked at him with a bright smile: "Brother Haoran, your analogy is quite apt. What he copied is not a physical key, but an 'electronic key' that can be authenticated by the system."
Li Zhenliang, Liu Haoran, and Zhou Wei were dumbfounded. Although they didn't understand some of the technical terms, they understood the core meaning—it wasn't a ghost, but a thief, a tech-savvy thief who stole the bank's "electronic key"!
Jiang Ling felt a sudden sense of clarity.
Liang Jiushan's point about "access vulnerabilities" perfectly explains all the dilemmas Li Bin encountered: Why were the logs normal but the operators unaware? Why were terminals logged in during maintenance periods? Why were the signatures ambiguous and invalid?
Because the operator was not actually on-site, but instead used a high-privilege account that was not a teller, the system did not enforce the signature process at all!
She stood up abruptly, her eyes flashing with a sharp light, and patted Liang Jiushan's shoulder forcefully: "Jiushan! You've done a great job! This 'electronic key' is the key to breaking the deadlock!"
She picked up the phone on her desk and dialed an internal number.
"Director Zhong, someone has stolen the bank's 'electronic key.' We need to immediately adjust our investigation direction: focus on investigating all personnel who have access to the bank's internal system accounts, especially those with high privileges and general maintenance accounts. Thoroughly investigate whether there have been any password leaks or abnormal logins recently. Have the bank's information department cooperate in conducting an in-depth analysis of the login authentication logs of all terminals, especially the login source and authentication method when those operations occurred."
Liang Jiushan whispered to her, "We also need to investigate all the outsourced maintenance company personnel."
Jiang Lingchong gave him an "OK" sign and said into the microphone, "Director Zhong, I've found an outside helper, a top student from the Computer Science Department of Kyoto University. He'll be here to report to you soon."
Liang Jiushan watched Jiang Ling's every move intently, his heart pounding with excitement.
Jiang Ling, in the past, illuminated his life like the sun.
Now, he can finally help Jiang Ling.
Continue read on readnovelmtl.com