[TUHS] On UNIX Trojans

I have to say my experience in UNIX systems programming was due to the discovery of a trojan. It also shaped my research into security on UNIX and other systems over the coming decades. At the time, the UNIX system at Johns Hopkins University (there was only one) in the EE department was run by an undergraduate activity called the "University Computing Society." This bunch, headed by Mike Muuss and another covered all aspects of running the computer: programming, operations, hardware, and documentation support. I was just a loose hangar on at the time, writing my first C programs and the like. A couple of student operators managed to get access to what would be the installed copy of /lib/crt0.o (the small snippet inserted at the beginning of all C programs). They inserted a couple of bytes that did an exec of a file "^V" (current directory) and then waited. Most of the time, this is a harmless change as there is no ^V file in the current directory. Then, one day they hit the jackpot and a setuid root program got rebuilt and now they had a way of getting a root shell easily. This went largely undetected as they used it for quasi-productive uses for a while. One day one of the other programmers was rebuilding a program and noticed the few byte increase in size (back then we were running the system on a grand total of 8.5MB so every byte was precious). Subsequent analysis of what changed revealed the trojan. This led to an upheaval in the department and the end of the UCS. They did decide to keep the cheap student labor however, and since I had kept my nose clean and had some extensive, albeit, non-UNIX programming experience, I was brought on board. I spent the next three and a half years looking for and plugging security holes. I went on (after a brief stint at Martin Marietta) to work for Mike at Aberdeen Proving Ground and continued doing random security work including being put on the Army's initial tiger team effort. Also, there used to be a discussion in the security groups about what a "hacker with a Cray" could do for things about brute forcing decryption. I was given use of the new X/MP the Army bought to see if that was a feasibility. I later got to purchase a $25 million Cray 2, but left BRL for Rutgers before that was delivered.