The SCICON researchers checked through their security logs--computer files that record all the comings and goings of users on the system--and quickly realized that the dated and timed messages had all been originated "out-of-hours," at times when no authorized users would be active. Further investigation showed that some new user IDs and passwords had been added to their system that no one could account for. The implications, Gliss said, were all too obvious: hackers had penetrated SCICON security and were using their computers as a launching pad to other systems.
What Gliss now needed to know was if Steffen had any idea who might be involved. If SCICON couldn't guarantee the security of the system, the entire contract with the German government would be at risk. Gliss needed to find out who the hackers were, how they got on, and how to stop them. Contacting Steffen was a long shot, but he was a leading member of Chaos and knew most of the hackers in Germany. Perhaps he could make some calls.
Steffen thought about it: He reasoned that because the hackers were breaking into the SCICON site in Hamburg, they were probably based in the city. It made sense to call a nearby computer; that way the phone bills were cheaper.
Two days later he called Gliss and said that he had identified the hackers--two Hamburg students. They had agreed to meet Gliss and help--provided that he promise not to prosecute, so Gliss gave his word.
Later that week he met the two students, code-named Bach and Handel, in Hamburg. Their story was worrying: the two students had exploited a devastatingly simple flaw in the VMS operating system used on VAX. The machines, like most computer systems, required users to log in their ID and then type their password to gain access. If the ID or the password was wrong, the VMS system had been designed to show an "error" message and bar entry. But the two hackers told Gliss that if they simply ignored all the "error" messages, they could walk straight into the system--provided they continued with the log-on as though everything was in order. When confronted with the "error" message after keying in a fake ID, they would press Enter, which would take them to the password prompt. They would then type in a phony password, bringing up a second, equally ineffectual "error" message. By ignoring it and pressing Enter again, they were permitted access to the system. It was breathtakingly easy, and left the VAX open to any hacker, no matter how untalented.
For SCICON staff the situation was disastrous. To deliver their contract on time, they would need to find the flaw in the operating system and fix it. At first they turned to DEC for help, but with time running out, SCICON's programmers began looking for a solution themselves, tearing apart the VAX operating system line by line. They were looking for a bug in the program that would prevent it from operating correctly, or an omission in the commands that would allow hackers to simply ignore the "error" message.
To the SCICON team's surprise, they didn't find one. What they discovered instead was a piece of program code that appeared to have been deliberately added to the operating system to provide the secret entrance. To the SCICON researchers it looked like a deliberate "back door."
Back doors are often left in computer programs, usually to facilitate testing. Generally, they allow writers of things like computer games to jump quickly through the program without having to play the game. For example, in the mid-1980s a game called - Manic Miner involved maneuvering a miner level by level from the depths of his mine up to the surface, the game becoming progressively harder at each level. The programmer whose job it was to test the game needed a shortcut between levels, so he introduced back doors that would take him directly to any one of his choosing. Inevitably, some players stumbled onto the hidden routes, which--ironically--increased the game's popularity.
Often back doors, or "cheat modes," are deliberately built into games, encouraging the player to try to break the rules. Some computer magazines give tips on how to find the cheat modes; some games, such as the popular Prince of Persia, are said to be impossible to win without using them. Back doors might also be introduced for more mercenary reasons: legend has it that programmers include back doors on arcade games they create, and then supplement their incomes by playing the games at venues such as nightclubs and casinos, which offer prizes.
