Some arcade back doors are well known. Occasionally, players stumble across them by making some noninstinctive move: for example, on certain computer gaming machines the instinct is to "hold" two lemons (if three lemons wins a prize) and then spin for the third lemon. But this strategy almost never wins. However, if the player doesn't hold the two lemons and simply respins, the three lemons will automatically come up. On another arcade game, one which offers a sizable jackpot, it is said that the player brave enough to refuse it and start the machine again will be rewarded by winning two jackpots.
On a more sophisticated level, back doors are also provided on operating systems for emergencies. Access to these back doors is reserved for the computer manufacturer; procedures for gaining entry to the system from the emergency back doors are highly confidential, highly complex, and not the sort that could be stumbled over by accident.
The back door on the VAXen, though, was out in the open. It wasn't simply for emergencies; its security was far too trivial.
The VAX operating system, VMS, had been subjected to stringent tests and was supposed to comply with the exacting "orange book" security standards established by the U.S. Department of Defense. Under the orange-book testing program, technically qualified intruders attempt to break through the security features of a computer; the tests can take up to six months, depending on the level of security required. It strained belief that VMS could have gone through such testing without the back door being discovered.
Responding to complaints from its users, DEC issued a "mandatory patch," a small program designed specifically to close the back door, in May 1987. But despite the "mandatory" order, many users didn't bother to install it, and for a short time, VAX computers across the world provided hackers with an open house if they knew about the security gap.
Back doors are, of course, deliberate. They aren't simple bugs in the program or errors in the system: they are written by a programmer for a specific purpose. In the case of the VAX back door, the who and why remains mysterious, though it is clear that whoever created it had to have access to the VMS source code, its basic operating instructions. One rather farfetched, though not impossible, idea is that hackers broke into DEC and amended VMS to make it more hospitable. Or perhaps a programmer put the commands in without the knowledge of the company so that he could access VAX machines throughout the world without IDs or passwords. Another more intriguing theory is that the back door was built by the National Security Agency for its own use, though this presupposes that the NSA is in the business of spying on computer users.
Yet some people do suppose precisely that. In their view it is a myth that the NSA is interested in protecting computer security. Instead, it may be actively engaged in penetrating computers or more bluntly, hacking--all over the world by exploiting back doors that only the agency knows about.
It is likely, though, that had the NSA been involved in the VAX scheme, it would have chosen a more devious means of access. Whoever put the back door in, and for whatever purpose, it was probably not intended for Gerrnan hackers. But by 1986, when Koch and Pengo were trawling for information about VAX, the secret of the back door had traveled across the Atlantic and had become known by a small group of hackers in Germany. Bach and Handel, the two students who broke into the SCICON company's VAX, are generally thought to have been among the first to exploit the trick. It was later discovered that their mentor was a student at Karlsruhe University named Steffen Weihruch.
That same year, Karl Koch made contact with Weihruch as well. He had managed to track down the VAX wizard to Karlsruhe and had prevailed on him to tell him his technique. It wasn't dificult: Weihruch was known to be obliging and was rather pleased that his discovery was useful.
Weihruch had also perfected a "tool" to make hacking VAXen even easier. The problem with the back door was that it didn't entirely bypass all security checks: a would-be hacker still had to contend with the security log, which collated the IDs of all users as they entered the system. It was this log-- which was kept on a computer file and could be examined by the system operator- -that had alerted SCICON to Bach and Handel. A hacker coming in the back door would be conspicuous because the ID and pass- word used--the ones entered in the log--could be any combination of random characters; they wouldn't necessarily be a real ID and password, and their inclusion in the log was a clear sign of an intrusion.
