• Choose a category
• All
• Classic-Fiction

At first I asked Neill to send me just a list of all the security holes he had forwarded to DEC over the past two years. I told him I was going to go through the list and mark the ones I was missing. I explained that VMS Engineering’s records were disorganized—the bugs had been sent to different developers, and a lot of old emails had been deleted—but our new security database would organize our efforts to address these problems.

Neill sent me the list of bugs I requested, but I asked for only one or two of the detailed bug reports at a time to avoid any suspicion on his part.

In an effort to build even more credibility, I told Neill I wanted to share some sensitive vulnerability information with him since he had been so helpful. I had the details of a security hole that another Brit had found and reported to DEC a while back. The bug had made big news when it hit the media, and DEC had frantically sent out patches to its VMS customers. I had found the guy who discovered it and persuaded him to send me the details.

Now I sent the data to Clift, reminding him to keep it confidential because it was DEC proprietary information. For good measure, I sent him two more bugs that exploited other security issues he didn’t know about.

A few days later, I asked him to reciprocate. (I didn’t directly use that word, but I was counting on the effectiveness of reciprocity as a strong influence technique.) I explained it would make my life much easier if, in addition to the list, he could send me all the detailed bug reports he had submitted to DEC over the last two years. Then, I said, I could just add them to the database in chronological order. My request was very risky. I was asking Neill to send me everything he had; if that didn’t raise his suspicions, nothing would. I waited a couple of days on pins and needles, and then I saw an email from him, forwarded to my USC mailbox. I opened it up anxiously, half-expecting it to say, “ ‘Good try, Kevin.’ ” But it contained everything! I had just won the VMS bug lottery!

After getting a copy of his bug database, I asked Neill to take a closer look at the VMS log-in program, Loginout. Neill already knew that Derrell had developed the Loginout program and I was curious to know whether he could find any security bugs in it.

Neill emailed me back some technical questions about Purdy Polynomial, the algorithm used to encrypt VMS passwords. He had spent months, maybe even years, trying to defeat the encryption algorithm—or rather, optimizing his code to crack VMS passwords. One of his queries was a yes/no question about the mathematics behind the Purdy algorithm. Rather than research it, I just guessed the answer—why not? I had a fifty-fifty chance of getting it right. Unfortunately, I guessed wrong. My own laziness resulted in revealing the con.

Instead of tipping me off, though, Neill sent me an email claiming that he had found the biggest security bug to date—in the very VMS log-in program I had asked him to analyze. He confided that it was so sensitive that he was willing to send it to me only in the post.

How stupid did he think I was? I just responded with Derrell’s real mailing address at DEC, knowing the jig was up.

The next time I logged in to Hicom to check the status quo, a message popped up on my display:

Ring me up, Mate.

Neill.

That made me smile. But what the hell? I figured: he already knew he had been hustled, so I had nothing to lose.

I called.

“Hey, Neill, what’s up?”

“Hey, mate.” No anger, no threats, no hostility. We were like two old friends.

We spent hours talking, and I shared all the intricate details of how I’d hacked him over the years. I decided I might as well tell him, since it wasn’t likely to work on him again.

We became telephone buddies, sometimes spending hours on the phone together over several days. After all, we shared similar interests: Neill loved finding security bugs, and I loved using them. He told me that the Finnish National Police had contacted him about my hacking into Nokia. He offered to