The Information Superhighwayman

If you have ever read my resume on this site you will notice that I passingly refer to being sacked from British Telecom three times. Occasionally people ask for the story of this but since I was always covered by some weird ethical code and the like I have always kept quiet. It is now more than ten years since the final event so I feel it is a good time to tell the story – Mostly because it sadly amusing to see how one of the largest telecoms companies in the world could be quite so stupid. Part of the problem with writing this is that I don’t actually believe it myself. This may come across as a little bitter – It should do, because I am. I don’t think I come out too badly in this story so I am not too worried about telling it.

Firstly I must say that if I am being completely truthful I was only actually fired once, and this is about that time. The other two times I left it was a mutually agreed situation – In the first one, I told my managers that I flat out refused to lie for them any more and in a company who’s whole culture is based on lying to customers that is a bad thing – In the second case, I left because accounting every half  hour I worked to a customer cost-centre (when it often made no sense at all) was just ludicrous. In both cases, as soon as I left my contract was immediately picked up by another part of BT  with promises various changes so I actually ended up with an unbroken lump of employment for them.

So let us go back to a time just before the last Millennium. I had just returned from a few months secondment building a new Internet Service Provider for BT’s new mobile company (Genie, now O2) and I had in my hand a glowing letter from the Chairman of Cellnet saying how wonderful me and my team were for delivering the impossible in such a short timescale. We did good on that job, even though I didn’t want to do it. Back at the office I was finally at the point of being part of the sign-off process for any solutions that BT sold to customers. In theory, before any solution was sold I got to security evaluate it first and could refuse to sign it off and send it back for design corrections if it failed. I was also working with internal security and in theory should have been happy, but I wasn’t. In the past I had been able to do what I wanted, to be proactive and to look for problems that needed solving; now I wasn’t allowed to breath without it being charged to a customer. Any autonomy I once had was gone and I was fixing things on my own time and not being paid for them which was getting somewhat ridiculous. I told my managers I was not renewing my contract when it came up and I thought that was that.

A week before I was due to leave I got a call from BT Operations begging me to come and work for them. They piled on the sweeteners; a nice big pay rise, all my billing to a single cost centre, just two months and no more and I could move back to my favourite office. I agreed to this, I decided not to go ahead with another job I had decided to move to and I made sure the paperwork was all sorted out.

The following Monday, I turned up at my new job and had a tea. The office was basically a football-pitch sized machine room that took up a whole floor of a building with just me and 2 operators in it. There were a few offices in there from the days that this was the major PSS centre for the UK but they had basically been abandoned Marie-Celeste like in the 80′s. I had worked here before when I worked on Genie and had made a little cubby-hole in a long since abandoned conference room, the two ops had also moved in there.

At mid-day the ops both got a call and vanished. I never saw them again. Nobody had told me what they wanted me to do so I just sat around drinking tea and watched machines humming. At 3pm I got a call from my new boss saying he was coming around at 4pm for a meeting. At about this point I attempted to login to the Ops system and it wouldn’t let me so I got a little suspicious and phoned some people. Nobody was saying much but somebody said they had heard that word from the board said they were about to fire me, but nobody knew why. I couldn’t find out any more so I sat and waited. My boss arrived at 4, and curtly told me I had been fired and he had to escort me out of the building. I asked why, he said he didn’t know, he’d just been told to do it. He asked for my security card which I didn’t have on me that day and that was that – I was at the front gate and very confused.

The next day I expected to hear more. I didn’t – At least, I didn’t hear anything from my bosses but I did hear a lot from other parts of BT. I received mails asking me to review secure networks, I had calls from customers asking me how to mend things, I had calls from various people within BT wanting advice. I made excuses when I had to and just waited to hear something official.

A week went by. I heard nothing. No letter, not even an email. Nothing to tell me formally I had been sacked and nothing to tell me why. I contacted S-Com, my agency who were cagey (rightly so since they owed me a month’s salary in notice period). I am assuming they knew nothing and were keeping quiet hoping I wouldn’t notice that I was out of a job. I decided to contact a few people in BT, had a few shady meetings in pubs but the upshot was that nobody knew a thing. Nobody had been told I had been sacked, most people were astonished and assumed I was still working there – I still had my fixed network connection into BT and I could still access all of their systems except for one I had been deleted from and my mail addresses still worked.

I decided to arrange a meeting with BT Internal Security, I was curious to know if they knew anything so I popped to Milton Keynes for dinner and we had a chat. They’d not heard a thing and even when they dug around they could find nothing. As far as they were concerned I was still working for BT. I asked them if I could see how much access I still had without them arresting me and they said sure as long as I wasn’t silly or naughty.

Over the next month I tested various networks. I could access all of the customers I ever worked on which included governments, law enforcement, most of the major banks, various ISPs and a whole load of internal things. I tested my card and my ability to just walk into a building – Nobody ever challenged me, I had a nice cup of tea in the room that housed the central Bank Clearing System and the national salary payment systems (CHAPS) and yes, I could still login to them. I could also wander into Telehouse and the like at any time I wanted. I was still getting many calls from customers and internal BT people and in the end I just pointed them at somebody else and didn’t explain why.

At this point, I was thoroughly pissed off. BT owed me nearly £10,000 and my agency S-Com (who had sent me a crate of champagne just 2 months earlier) claimed they knew nothing about it. I sent them a copy of the purchase order and the reference numbers but they just refused to reply after that. Nobody seemed to have a clue why I was fired they just know I was. There were various rumours but none of them really seemed right. I’d just been fired from on-high.

So we have one exceptionally disgruntled ex-security manager, who was owed money, who was being constantly ignored and treated like shit by BT and who still had access to every customer, internal system and building of importance. I had to change my phone number after six months, people were still calling me about things. It took them two years to disconnect my lines into BT and to this day there may still be personal  machines of mine housed on the internal networks that I can access. As far as I know, my card was never disabled and as far as I know, nobody in BT and certainly no customers were ever told I had stopped working there. My email address eventually stopped working in about 2004 when they changed systems.

To my credit, I never did anything to them – But that’s not really the point, I could have caused untold amounts of hugely embarrassing damage. I am not sure if relying on the continuing ethics of somebody you treat like utter shit is really a good policy but apparently in this instance it worked for them.

It’s at times like this I remember the old mantra:

“WE ARE THE TELEPHONE COMPANY. WE DON’T GIVE A FUCK”.

As I kneed myself in the face yesterday whilst trying to sit down on a North American toilet, I came to a startling realisation about why North Americans know very little about the world. In the spirit of international relations I am going to share this with you so that now, rather than pointing at them and laughing, you can just weep a little to yourself about their plight. This is a tragic tale.

It’s quite simple really… North American toilets just aren’t made as a comfortable place to read. They are too low and it seems offputting and potentially perilous to be quite so physically close to all that water in the bowl.

In England people have traditionally retreated to the bog to sit and read and get away from the other people in the house. It’s sometimes the only privacy they ever get. People started to read on the toilet because we tended to use ripped up newspapers to wipe our frozen botties in outside loos. It gave us something to do whilst we were trying to shiver out a poo in the wind and rain and even though now our toilets tend to be inside and somebody invented Andrex¹ the reading habit has carried on and no English toilet² would be complete without a pile of toilet books. The upshot of this is that North Americans have never been exposed to books like “The Book of Heroic Failures” (volumes 1, 2 and 3), “The World’s top 20 Serial Killers”, “Not a Lot of People Know That” (by the esteemed Mr Caine) nor in fact, any Gyles Brandreth books at all.

You know… This is probably why Americans don’t have pub quizzes too. It’s all starting to make sense now.

¹: Does anyone else still object to the slogan “240 sheets per roll”? It’s not true, at best you can get about 30. If you are a vegetarian, your mileage may vary.

²: Note, toilet, not bathroom, the toilet has the throne position here not the bath – And come to think of it, most American bathrooms don’t even have a bath, especially the ones in cafes – What sort of a rip off is that? Grrr!

³: Did you spot that I moved from they to we mid-posting? I can’t be bothered to correct it since it amused me.

I read the most amazing article today about McDonalds admitting it was adding milk and wheat to their french fries. (Can we call them chips now please? This is an English Weblog – In fact where I come from they fry them in beef fat anyway).

Admittedly, I find it a tad strange that McDs are adding such things to their chips but that’s not my problem with the article. My problem is with comments such as:

“I am vegan. I have eaten their vegetable burger with fries for many years. I will never do it again. I really hope their vegetable burgers were animal free.”

What? What fucking retarded vegan would eat at McDonalds anyway? I can understand if they were forced in there once and had to eat something to be social or because they were starving but come on, this one has eaten there “for many years” and not had the nouse to actually check with McDonalds that their stuff was animal free? This is McDonalds, not some trendy vegan restaraunt in Covent Garden.

Then it struck me… Half way down the article there is a quote:

“Nadia Sugich, a vegan, is also suing McDonald’s. Vegans do not eat any animal products at all (vegetarians include dairy and eggs in their diet, vegans don’t). Had she known the product contained milk she would not have touched them.”

Silly me – How did I miss that? It’s just an excuse to sue somebody. Obviously these people expected a certain duty of care and dedication to their high standards of vegan care FROM A FUCKING HAMBURGER SHOP!

Well I am sorry and I have no issue with most vegans, but in this case I hope the courts force them to pay costs and tell them to fuck off and get a life.

A while ago I pondered starting a weblog devoted to security. I occasionally feel the need to write something about this subject and I was worried that my one loyal reader would probably get bored stiff if I wrote too much in amongst my generally pointless rants.

My problem is that I know more about security than you. I am pretty safe in saying this unless you are one of a handful of people, all of whom I could name and none of which would be reading my weblog. Don’t get me wrong – If you are an expert in Linux, I bet you know tonnes more about Linux security than I do and I know 12 year olds who know more about modern hacking tools and methods than I ever will. The problem is that these specialisms don’t make good all around security experts; experience and exposure does and if nothing else, I have a lot more of that than most.

I got an email from an old adversary of mine today and part of my reply got me thinking about how I view a profession I used to be very much involved with. I quote:

“My former industry is full of self-publicists who are dreadful at
what they do; I care nothing at all for them and their paranoia
fuelled money making machine. I’ll stick with breeding camels and
just drag myself back into security when I need to eat occasionally,
but even so I don’t much think that will last.”

I’d like to write about security. As an odd kid working out better ways of nicking things or how to open locks I wasn’t meant to open, I have always been interested in the topic and I have devoted most of my adult life to it. When I was at school and a teacher of mine suggested that I manage the school computer systems as an alternative to trying to pull them to bits to see how they worked; I had no idea that a few years later I would be in the position to happily ignore fax requests for help from the FBI because they refused to give me a cool baseball cap or getting hate mail for working with the government to get Universities to prosecute hackers under the then new Computer Misuse Act (an action on my part which was  very misunderstood since I was actually more on the side of the students trying to make sure that they received a fair trial where the Rules of Evidence applied). Incidentally, we haven’t even hit the 1990s nor the start of the Internet in the UK yet.

I am not blowing my own trumpet here, I don’t like blatant self publicity and it’s certainly a bad trait in a security person anyway. That said, I am going to talk about me. It’s my weblog and if you don’t like it, then stop reading. I am making a point that I don’t like being told I am wrong by somebody who got a degree in Computer Security from Wigan Polytechnic in 2005 and then spent a few months getting a bunch of commercial “qualifications” consisting of seemingly random letters from computer-equipment manufacturers and then gets employed by some company and given a job title with the word manager, or consultant in it.

In my previous jobs I was surrounded by ‘em. I’d go to meetings to be told I was wrong by people who didn’t  have a clue what they were talking about. I wasn’t wrong, I am rarely wrong about things I profess to know something about. At BT, we had a chap who I will call John (mostly because that is is name). He didn’t go to University, he didn’t have a single security qualification and he knew very little about computers, networks or telephony. He had, however, spent more than 10 years as a soldier in Northern Ireland on constant active duty. I had been told by my colleagues that John was a jobsworth and something of a tosser and although his job was to give security advice for high-profile projects, he shouldn’t be consulted. I ignored them and decided to talk to him one day  about a system I was building for one of the country’s biggest banks. It was a pretty good design and there weren’t too many flaws that I could see but as soon as he saw it, he started asking questions that other people hadn’t thought of and prompted me to make a lot of changes for the better. He didn’t know about anything like as much about technology as the people I was surrounded by but he did have a much better appreciation of security in general and he knew what questions to ask and wasn’t afraid to ask them. Although he doesn’t know it, it was him who prompted me to get more military training to increase my skill set. I would say thanks but he’ll never  read this; I don’t think he knows how to use a web browser.

It’s become an odd industry. We are talking security here and security is meant to be quite important in the modern world. There are billions of pounds flying around the world at any given moment and as you see every time the government accidentally sells a few million people’s personal details at a carboot sale, there are people who actually worry about this sort of thing. Who is protecting all this money? Who’s looking after your personal  details? Generally speaking, it’s the people with the Wigan Poly degree I am afraid. They don’t have a clue what they are doing and in the rare cases where somebody who does have a clue gets to contribute, the babbling rabble who are shouting out “We can do it for you on a Linux box for 50p” will win the day anyway since it all ultimately comes down to money.

I am not going to start a security weblog. I am not sure there is much I could write that hasn’t already been butchered by the Wigan Polytechnic Press. I may still write about security things but I will just do them as normal rants.

Now you know.

Prometheus’s lesser known little brother stole butter and a frying pan from the Gods. His monumentous achievement was overshadowed by the cheek and audacity of his older sibling’s theft but none the less, was a major milestone in the relationship between man and his Deities.

Sharon came up with one of the most concise summaries of LOST I have ever heard, today:

<Pluteau> Shaun the Sheep is great!
<Pluteau> we’ve recently started watching it
<Pluteau> big fans now
<Pluteau> Shaun rules
> Well I want the episode where Shaun gets stuck on an island, after a plane crash…
<Pluteau> yeahyeah, he’ll go into the jungle, see a polar bear, get locked in
a cage, find a girl-sheep, try to escape on a submarine, realise he’s
actually dead, then forget any of this happened and go into some random story
about his parents
> Actually, Sharon, that may be one of the most concise summaries of LOST I have ever heard though, well done.
<Pluteau> thank you

And on a complete sidenote – I was reading a little about Fingerbobs today and discovered this little gem I knew nothing of:

“At the end of the series Jones [who played Yoffy] was so sick of making the show that he destroyed the finger puppets while the camera was still rolling.”

BAD YOFFY! POOR FINGERBOBS!