Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

CTO as a security guard

The next Monday, Jules, Shuri and Adira met again.

"I gave it some thoughts" Jules started, "We'll need a intermediate CA too since the production team will have to create certificates every day. Making the root CA easily accessible would be too risky."

"Agreed, we'll have an intermediate CA signed by the root CA that will be accessible by the production team. The intermediate CA will expire from time to time and that's the only moments we'll need to have access to the root CA" Adira said.

"If nothing goes wrong, yes" Shuri added. "We'll need access to the root CA if the intermediate CA is hacked in order to revoke it."

"So, the main question is to protect the root CA" Jules continued, "I think I'll keep it on my computer whose hard drive is encrypted and which has a strong password. I'll be the only one to know the password for the root CA's private key."

"That's a simple way to solve the issue" Shuri replied.

"But you'll have to make sure your computer is always up-to-date. The whole company security will depend on you and that computer" Adira insisted.

"That's my life's project we are talking about, of course I'll be careful! And I'll use my password manager to create a secured password and keep it safe" Jules replied.

The team decided to go for that. The company had a greater success than expected and by the end of year 1 was already selling more than 5000 units a month.

By the end of year 2 though, it seemed that some data got corrupted. Shuri's first analysis showed that some devices where connecting with two different certificates. Since certificates are loaded in the device only once on the production line, it meant that something was off with the PKI.

With the help of Adira, they quickly realised that some of the certificates where created by an unknown CA that somehow got signed by the root CA.

"No way!" Jules said, "I am the only one to have access to the root CA and I certainly did NOT sign any other CA than ours!".

"I understand Jules," Adira said, "and yet here we are. I will need to have access to your computer in order to check it. Of course, you are welcome to stay with me and do it with me."

"Ok, let's do that!" Jules said.

After a few research, they found something suspicious.

"Do you see that process?" Adira asked, "I think it's a key logger. Basically, it registers everything you type and sends it somewhere on the internet."

"How did it ended up there?! I obviously didn't install it!" Jules objected.

"It seems it got install 8 mounth ago. Did anything weird happen 8 mounth ago?" Adira asked.

"None that I can remember" Jules answered.

"Can we check your emails at that time?" Adira asked.

"Sure!" Jules volunteered.

Adira looked a bit in the emails that arrived around the date they found and quickly asked:

"Do you remember that email? Did you click on the link? If so, what happened?"

"Ho, yes! That's link to get a demo version of a software I wanted to test ! I installed it but the demo was very limited and buggy so I gave up quickly." Jules replied.

"That's because it's not a legit software !" Adira remarked, "I seems it comes from Evil Corp. It's a fishing email. By installing the pretend demo, you actually installed the keylogger, it probably also duplicated everything on your computer. Then they waited for you to use the root CA which you did 6 month ago to renew the Intermediate CA. At that point they got the password for the root CA and signed they certificate."

"Well, let's revoke their intermediate CA then!" Jules thought.

"Yes, that's a way to stop the bleeding but I am afraid the damage is done" remarked Adira.

"I don't know. I'll talk to Vernes about it" Jules concluded.

Half an our later, Jules was meeting with Vernes.

"We found what happened" Jules started, "We got hacked and found a way to close the door. Everything should go back to normal."

"I don't think so" Vernes said, "Our reputation is in a bad shape. Evil Corp's copy of the Hole-in-one is raising and they are flooding social networks with posts showing the problem. Half of the planned orders got cancelled. I am afraid that's the beginning of the end."

"That bad uh?" Jules asked, raising an eyebrow.

"I am afraid so. If I am correct, we'll have to get rid of people in a few months. And even with that, I don't think we'll survive" Vernes answered, sad.

"Fine, I'll talk to Dad" Jules said, shame resonating in his voice.

"Good luck with that" Vernes concluded, defeated.

That evening, Jules went to see his parents, Emmett and Clara, for dinner.

"Dad, I suppose you heard the news about Hole-in-one?" he asked.

"Yes we did son. I hope you'll recover" Emmett replied.

"Of course they will!" said Clara promptly.

"I am afraid not" Jules said, "Vernes is quite pessimistic about it. He thinks we'll go bankrupt within few mounth."

"Great Scott!" Emmett yelled.

"Dad" Jules started, "I hate to have to ask you that…"

"Say no more!" Emmett interupted, "I knew that day would come".

"And I spent long nights convincing your stubborn father!" Clara added.

"The keys of the Delorean are at the entrance. Go, warn yourself with every details needed to avoid this disater and come back quickly to avoid disrupting the spacetime continuum too much!" Emmett continued.

"Thanks Mom!" Jules said while hugging his father.

Jules went two years back in time, sent himself an email explaining everything and used the Delorean again to disappear back to the future.