Bullet Proof Security

While this story may well be an urban legend, Trinidad history lends some credibility to the story, although the reported outcome is different from the story below. The original source is unknown, but Tech Support Tales is one source.

Thanks to Shelley Tselepis for reminding me of the story.


This falls into the "Why did it have to happen on my shift?" category.

A friend of mine is a chief engineer at SuperMac, and he related this story to me.

SuperMac records a certain number of technical support calls at random, to keep tabs on customer satisfaction. By wild "luck", they managed to catch the following conversation on tape.

Some poor SuperMac TechSport got a call from some middle level official from the legitimate government of Trinidad. The fellow spoke very good English, and fairly calmly described the problem.

It seemed that was a coup attempt in progress at that moment. However, the national armoury for that city was kept in the same building as the Legislature, and it seems that there was a combination lock on the door to the armoury. Of the people in the capitol city that day, only the Chief of the Capitol Guard and the Chief Armourer knew the combination to the lock, and they had already been killed.

So, this officer of the government of Trinidad continued, the problem is this. The combination to the lock is stored in a file on the Macintosh, but the file has been encrypted with the SuperMac product called Sentinel. Was there any chance, he asked, that there was a "back door" to the application, so they could get the combination, open the armoury door, and defend the Capitol Building and the legitimately elected government of Trinidad against the insurgents?

All the while he is asking this in a very calm voice, there is the sound of gunfire in the background. The Technical Support guy put the person on hold. A phone call to the phone company verified that the origin of the call was in fact Trinidad. Meanwhile, there was this mad scramble to see if anybody knew of any "back doors" in the Sentinel program.

As it turned out, Sentinel uses DES to encrypt the files, and there was no known back door. The Tech Support fellow told the customer that aside from trying to guess the password, there was no way through Sentinel, and that they'd be better off trying to physically destroy the lock.

The official was very polite, thanked him for the effort, and hung up. That night, the legitimate government of Trinidad fell. One of the BBC reporters mentioned that the casualties seemed heaviest in the capitol, where for some reason, there seemed to be little return fire from the government forces.

O.K., so they shouldn't have kept the combination in so precarious a fashion. But it does place, "I can't see my Microsoft Mail server" complaints in a different sort of perspective, does it not?


To: "David F. Rhoades" 
cc:  
From: David_Simpson @ SuperMac.com ("David Simpson") @ smtp
Date: 04/11/97 11:03:12 AM
Subject: Re: Bullet-proof security

                      RE>Bullet-proof security                    
4/11/97

David,

I worked at SuperMac at the time this situation occured. This story is mostly true, but whoever wrote it added some embellishments to the story. We never caught the call on tape, we didn't really know that the combination to the lock was for the armoury, there was no gunfire in the background, we didn't verify the location of the phone call thru the phone company. Basically they called us several days in a row asking for a back door into the Sentinel program and each time they were told the truth that there is no back door into the program. When we asked them where the person was who knew the password, we were told that they were "unavailable". Over a period of several days they talked to several people in the department - but I never spoke to them directly. At this time I don't remember who actually spoke to them, but there were several engineers.

David Simpson
UMAX Computer Corporation Product Support


Last modified 1997-04-16
Henning Schulzrinne