I worked with Bob Morris (rhm) at Bell Labs back around 1980. We were on a Bell Labs Navy contract, and Bob was on loan to the project from his usual research hacking. We were doing signal processing stuff, decoding sonar data. Anyway, I was a UNIX hacker kid (I was about 20 at the time) and he was a really sharp gadfly/rascal BTL CS research guy. We were colleagues and there was some friendly sniping back and forth between us.
Everyone at Bell Labs was sharp, but he was a an especially talented special expert on loan. Anyway, I was doing random UNIX hacking and I was also the sysadm for a couple of PDP-11s that we all timeshared for our UNIX hacking. This is a story that I've kept secret for 30 years.
This all was before the days of viruses, and the ARPANET existed, but not at Bell Labs. Occasionally hackers would break into other people's systems, usually just for fun.
We made heavy use of modems to send data all around (uucp, usenet, remote login, etc), so there was some concern about system intrusion, and as I said, this was a Navy contract (with Secret and Top Secret elements). We had lots of security in the buildings and labs (big locks, guards, rs232 wires in secured tubes, etc.). We had some secret/secured UNIX systems and some not.
On a whim, I had decided to install a little security hack on a couple of my non-secure UNIX systems - a nightly cron job that did a "find / -perm 04000 -uid 0 -ls" or whatever it was, to find all the suid root programs on the system, and write the list to a log file, and to diff yesterday's and today's, and make sure nothing changed. One Saturday morning, I logged into my system from home (as a sysadm, I had a "foreign exchange" phone in my bedroom that acted like the extension that was sitting in my office at work). I see an email from cron that said that /bin/login had changed overnight!
I was shocked, I called my boss and I started looking around the system to see what I could find (I was the admin and had root access). I found some suspicious files in Bob Morris's $HOME. He had some files encrypted with UNIX crypt, and one was exactly the size of the login.c source, and one was a bit bigger. I knew that UNIX crypt encoded files on a byte-for-byte basis, so this was very strange, but I didn't know how to crack crypt.
I had friends in BTL research, and I called one and they said to call Jim Reeds (I think) because he was a main BTL crypto guy, so I did. BTL was pretty big (at least 30k engineers) and the pure research folks (like Reeds, and Morris for that matter) were in an ivory tower, and didn't necessarily listen whenever Bell Labs development folks called them, especially 20-year-old kids like me. So I call Reeds and I tell him my story. I'm in this BTL department, we're doing a contract with the Navy, it looks like someone hacked my /bin/login, I have some encrypted files. He didn't sound too interested. I told him the files were in Bob Morris's $HOME. He said, "send the files right over here."
In a few hours, he'd decoded the files. I guess if you already have a crypt-cracker, it would be especially easy if you knew that one file was an existing login.c and the other was probably a small hack to it. So Bob had hacked /bin/login to save usernames and passwords in a file somewhere, I think xored with -1 or something. Nothing fancy. There were also uucp logs of his sending either the login.c or his password booty to some another Bell Labs research system (allegra, I think, for those who remember).
Bell Labs had many layers of management, and occasionally funny business would occur and the supervisors, department heads, directors, vps, etc would get together to pow-wow about what to do, and I think this was one of those cases. In the end, it resolved pretty quietly, and I don't know what the upshot was, but Bob stayed on our project and I think it was "no harm, no foul." I don't think I ever asked him "what the hell were you thinking?"
When I heard a few years later that rtm (Bob's son) was in hot water for the famous Morris worm, I thought to myself, like father, like son. I don't mean to imply anything negative about either guy, I thought they were both just hacking for fun and without destructive intent. I just wanted to share this story, and I look back very fondly to my days at Bell Labs and working with Bob, who was a legendary hacker, really smart, and quite a rascal.
