IndexIndex PreviousPrevious NextNext

Shocked, Shocked

Letter from Cybersalem #4

From the 1942 film, Casablanca:

Humphrey Bogart as Rick Blaine: "How can you close me up? On what grounds?"

Claude Rains as Captain Louis Renault: "I'm shocked, shocked to find that gambling is going on in here. [A croupier, played by Marcel Dalio, hands Renault a pile of money]

Croupier: "Your winnings, sir."

Captain Renault: "Oh, thank you ... very much." [ Turning to the crowd of patrons at Rick's ] "Everybody out at once!"

In Cybersalem 3 we saw Ed Masi, an Intel VP testifying against Randal Schwartz, admit he had knowingly ignored Intel's policy for passwords, and so violated the same law under which Randal was being tried.  A quote from Tom Tintera, the prosecutor, showed his indignation at those who think they can simply flout the rules for their own convenience, and so most of us have been expecting daily, news from the Washington County D.A.'s office that they are on this case.  I know you have been expecting this, because, as Americans, the alternative, that a D.A. would completely ignore a powerful person committing the same crime for which they would doggedly try to send an ordinary person to jail, would be, well, er, shocking. 

To beguile the time while we wait for the Washington County D.A.'s press conference, let's compare the seriousness of Randal's offense with Mr. Masi's.  We can judge a crime's seriousness by the harm it causes.  (With other criteria considered, such as the expectation that managers should show a good example to their subordinates, Mr. Masi does not do so well, so we will leave them aside.)

Masi's password and the entire the SSD password file had been copied onto the Internet, and were kept in a series of cracker's archives.  That the crack program would be run against these files to obtain weak passwords like Masi's is an easy conclusion, but an unnecessary one.  There is a log giving direct evidence that crack was run. 

"Masi's password was in the file, allright. [ ... ] The Intel password file was in a set of archives in different places on the Net created by a cracker, who freely offered the information therein to his friends.  He, too, ran Crack on the password file--on a machine belonging to one of Intel's corporate competitors!" [1]

Sufficient access to copy the password file implies sufficient access to login, given a valid password, and the Internet crack runs show at least one bad guy had every intention of so doing. 

Almost certainly, then, Mr. Masi's action put his files into the hands of bad guys, almost as if he had copied them onto a floppy and mailed them -- except there would be no delay waiting for the mail. 

Tintera: "So this could hold 1500 pages of information?"

Masi: "Right."

Tintera: "And if someone has your password, is there anything to keep them from copying 1500 pages of information to that disk?"

Masi: "No."

Tintera: "Would you know it?"

Masi: "No. I wouldn't know it."

Tintera: "Your computer can't tell you if that information has been copied?"

Masi: "No." [2]

Well, you know it now. Glad to have been of help. 

How important is it that the information in Ed Masi's files fell into the hands of bad guys?  Tom Tintera makes sure that Mr. Masi hits us over the head with that point. 

Tintera: "And would the possession of your password present a person with an opportunity to gain a business advantage?"

Masi: "Oh, absolutely. Absolutely." [3]

Lest we have the slightest doubt that Masi was jeopardizing extremely important information, he details it:

"As it relates to Intel Corporation, it could be information that dealt with the pricing of future microprocessors, the availability in terms of announcement date and shipments of those microprocessors, the performance versus competition."

"Information then could also include information that would be typically called insider information, information that could be used to conclude what the financial results might be for the upcoming quarter, that sort of information that I would be, as an officer, bound not to use as information to trade in the stock market."

"Information that would deal with the division could include information relative to the division product, competitive sales situations, pricing in those situations, competitive strategies, manufacturing plans." [4]

Substantial resources were devoted to showing that Randal's activities harmed Intel.  These did nothing but show that Intel Security went into an expensive panic, something one might think they would have been at pains to conceal.  Far fewer resources show Vice President Masi's lapse to have been more serious, but Intel Security seems to have been able to handle it not just calmly, but with complete indifference. 

Note 1: Email from Charles Mann to Jeffrey Kegler.  Quoted by permission.  Mann is a Contributing Editor of the Atlantic Monthly and a Contributing Correspondent of Science.  This is from his researches for a forthcoming article and book by him and David Freedman.  I have already revealed much of this in news articles of Dec. 10, 1995 and Dec. 6, 1995.

Note 2: Tr. 7-14-95, page 11, lines 3 to 14. 

Note 3: Tr. 7-14-95, page 10, lines 8 to 11. 

Note 4: Tr. 7-14-95, page 6, line 21 to page 7, line 13. 

IndexIndex PreviousPrevious NextNext