In the heart of Madrid’s financial district, inside the cavernous, glass-walled headquarters of the Cuerpo Nacional de Policía’s Cyber Division, Inspector Lara Mendes stared at her screen. On it was a single, unassuming line of text:
But every night, on the firewall logs, a tiny, inexplicable ping still appears. It hits an IP address that doesn’t exist, addressed to a mailbox that was supposedly deleted. correo 365 policia
The email was short, brutal, and perfect. In the heart of Madrid’s financial district, inside
The culprit was a woman named Elisa Romero. She was not a hacker. She was a 58-year-old administrative sub-inspector who had been passed over for promotion four times. For twenty years, she had watched arrogant inspectors and corrupt colonels climb the ranks while she typed their reports. She knew the protocols better than anyone. She knew the loopholes. And when the force moved to Microsoft 365, she saw not a tool, but a battlefield. The email was short, brutal, and perfect
For three years, the force had used a bespoke, ultra-secure email server. It was a fortress. But six months ago, under pressure for modernization, they had migrated to a Microsoft 365 environment. The migration was meant to streamline operations, allow for cloud-based evidence sharing, and, as the Minister of the Interior put it, “drag the police into the 21st century.”
The attachment in the email, a seemingly innocuous PDF named Nomina_Diciembre.pdf , had already executed a zero-day exploit. It burrowed through the colonel’s home computer, found his old VPN credentials to the national police database—credentials he should have returned but didn’t—and began to crawl.
No one sleeps well in the Cyber Division anymore. Because in the cloud, nothing is ever truly deleted. And ghosts don't need badges.