Six Days Ago
Dr Robert Moorcroft entered his office in the North Wing of HTL’s head office campus. He hung up his white lab coat behind the door and poured himself syrupy coffee from the glass flask. While he had been in the meeting reviewing the latest results of the pharmaceutical company’s new Alzheimer’s drug, the ochre liquid had stewed on the percolator machine’s heating element for most of the morning. He decided it should still be passable.
His mobile phone bleated from the holster on his belt. Unhooking it, he noticed the display showed a mobile number, but not one stored against a contact in the phone.
Immediately thoughts that Madeline, his beautiful wife of eighteen years, had been involved in another car crash raced through his mind. She’d had three in the last four months, but none had been serious. While she hadn’t yet been formally diagnosed, he was intimately familiar with the early signs of dementia, and suspected he should talk her into scheduling a check-up at the local GP surgery. He was dreading facing her initial reaction and the inevitable changes it would cause to their lifestyle, when, no doubt, the diagnosis would be confirmed.
“Hello?” he said into the phone.
“Dr Moorcroft?” The deep male voice sounded serious.
“Yes, who’s this?” And, before he could help himself, “Is Madeline all right?”
“Madeline? No, I’m not calling about your wife, Dr Moorcroft.”
“Who is this?” And, more importantly, how did whoever it was know Madeline was his wife?
“I’m not at liberty to say. You may call me Mr Smith for the sake of expedience.”
“I’m putting this phone down unless you immediately explain yourself, Mr Smith.”
“I work for GCHQ in Cheltenham. Does that name mean anything to you?”
“Yes, but only from the news. Something to do with government spying. MI5 or MI6.”
“Yes, that’s us. Among other things, we’re the agency responsible for providing intelligence analysis based on electronic communications to the other government departments.”
“Okay. But why the hell are you calling me?” And, although Moorcroft didn’t give voice to the thought, why call him on his mobile?
“One of our responsibilities is to protect British economic interests. As part of this remit, we’ve built up a liaison service with many of the larger UK headquartered multinational organisations.”
“Yes?”
“Let me cut to the chase. Does Project Myosotis mean anything to you, Dr Moorcroft?”
It meant a lot. It was HTL’s internal codename for their major Alzheimer’s prevention drug research program; Myosotis being the Greek name for the flowers more commonly known as forget-me-nots. It was the research project the whole company’s future was staked upon. Project Myosotis was about two years away from clinical trials, but initial results were incredibly promising. Moorcroft’s unspoken hope was that, by the time clinical trials were in play, Madeline’s dementia might become a treatable case.
“Maybe,” he said cautiously. “But how do you know this name? It’s not in the public domain.”
“As part of our electronic surveillance program, we’ve been intercepting some traffic relating to Chinese hacker groups. They may be working for large Chinese corporations or could even be state sponsored; it’s hard to tell. It seems that they’ve been targeting IP addresses registered to HTL, Dr Moorcroft. We believe they are attempting to infiltrate your company’s security defences and steal your secrets. I’m calling you now to bring this to your attention so that you can defend yourself appropriately. As I said, it’s not in Britain’s best economic interests for our country’s intellectual property to be stolen by the Chinese.”
“Are you sure HTL is being attacked?”
“Dr Moorcroft, we uncovered the term Project Myosotis from these intercepts. It seems to mean something to you, so I’d suggest that they’re making some progress.”
“But that’s impossible. Our Security and IT departments assure me that we have implemented the very best cyber defences.”
There was silence on the other end of the line. Moorcroft slowly digested the implications.
Smith attempted to placate him. “Even the best defences can still be compromised, Dr Moorcroft. It may be that the hackers have only gained peripheral access. I’m sure your firewalls and intrusion detection systems would have notified you of any unusual activity.”
“Yes, I’ll check with IT.”
“Good. And you could also . . .”
“What?”
“Well, I was going to suggest that you have a penetration test performed, but I’m sure your IT department has those done regularly.”
“Penetration test?”
“Hiring someone to test your cyber defences, as if they were a hacker attempting to break into your systems. It’s the best way to know for sure if you have any weaknesses. If they find anything, they’ll report it to you and you can put new defences in place.”
“I’ve not heard of our IT department doing that, but then I’m not close to their day-to-day activities.”
“Well, there’s pentesting and then there’s pentesting.”
“What do you mean?”
“Given the nature of your business, your company lives and dies by its patents and other intellectual property, yes?”
“Yes.”
“Well, then maybe you should retain the services of one of the best penetration testers in the industry. They’re not all the same, you know. And, if you do it without anyone knowing — especially IT — then it would be a true test. A bit like when you do a fire drill. You don’t warn employees it’s coming, otherwise it makes a mockery of the test itself.”
“I see. That makes sense.”
“It’s like turkeys voting for Christmas. The last thing most Security or IT departments want is to be embarrassed by poor pentest results, so they don’t necessarily do it justice. They just hire large IT security companies to make it look like they’re doing the right thing. But it’s a skilled job and it always comes down to the individuals doing the test.”
“Hmmm.”
Smith had a point. But the most important point was that GCHQ had intercepted the term Project Myosotis from the Chinese. This was serious. As Head of R&D, Moorcroft had every right to protect the company’s interests. No, more than that, as a registered company director, he had a responsibility to protect the company.
It had nothing to do with Madeline’s condition, he told himself.
“Is there anyone GCHQ recommends, Mr Smith?”
“Not officially, but . . .” Smith gave Moorcroft the names and contact details for three independent penetration testers.
“I really appreciate your bringing this issue to my attention, Mr Smith.”
“You’re welcome. Hopefully, you’ll never hear from me again.”
Smith ended the call. And only then did Moorcroft remember that Smith had called him on his mobile number. He supposed Smith had done it to prove how resourceful GCHQ was.
Moorcroft took a slurp from his coffee and almost spat the disgusting, lukewarm, bitter liquid out all over his desk.
He picked up his desk phone and dialled the number at the top of the list.
YOU ARE READING
Social Engineer
Mystery / ThrillerA Wattpad Featured Story! A pharmaceutical company under cyberattack from China. The chemical formula for their Alzheimer's drug at stake. Can elite hacker Brody Taylor fortify their cyber-defences before it's too late? And can hackers ever be trus...
