The Trojan Horse

A comely woman at a New England firm was the victim of what might loosely be called a computerized sex crime.

“She would be doing her electronic paperwork,” Tracy Kidder said in Soul of a New Machine, “when suddenly everything would go haywire, all her labor would be spoiled, and on the screen of her cathode-ray tube would appear cold, lascivious suggestions.” Someone had electronically wheeled in a Trojan horse—hidden unauthorized instructions in the computer’s program.

The “sex crime” kept up daily for several weeks, leading an executive to observe that the villain must have “the mentality of an assassin.” It was unfair. Young computer whizzes at the company played horse pranks on each other all the time. But this victim couldn’t strike back. Gallantly, the woman’s bosses set electronic traps to learn from which terminal the masher was mashing. The villain, though, was too nimble. “At one time,” said Kidder, “he made his escape by bringing to an abrupt halt the entire system on which most of the engineer departments relied.” Finally, one of the woman’s protectors chatted casually with a suspect about the computer’s wondrous vulnerabilities to pranks. The obscenities and glitches stopped.

This Trojan horse was just a prankster’s, but the company may have squandered thousands of dollars in human and computer time to kill it off.

Consider, too, the company—Data General, the mini maker that Kidder admired.

Imagine a serious saboteur wheeling his horse into the computer of a company without the same knowhow.

It happens. Donn Parker says Trojan horse tricks are “the most common method in computer-based frauds and sabotage.” A horse, in fact, may have shown up in the first federally prosecuted computer crime in Minneapolis in the 1960s. A programmer told an IBM 1404 to drop an unflattering series of bytes about his personal checking account—overdrawn.

Trojan horses are more of a mainframe and mini problem than a micro one. Normally, professional programmers don’t run desktop computers.

But as computer literacy spreads, this might not matter so much, and besides, unsecured micros make such easy nuts to crack. “They’re peanuts,” Highland says, “not butternuts.” Most micro systems today lack electronic console logs—requiring operator ID numbers—that some bigger computers have to tell who did what on the machines. In other words, there’s no audit trail. John Lewis, an FBI agent teaching a course on computer crime, told me, “I can write a perfectly error-free payroll program on a micro, load it in from a disk, and run it. But I modify one or two lines in there, saying, ‘When you find John Lewis’s name, add $1,000 to net pay.’” You can even have the program zap the evidence immediately after the crime. Significantly, too, you can reprogram a micro in a fraction of the time you’d need on a mainframe.

And in the future the micros, while retaining their ease of programming, will develop more electronic nooks and crannies in which to hide horses. And what about the micros already hooked in at times with the big computers or using down-loaded data from them? If a saboteur or con man is giving fits to the giant machines, then the pygmy machines may suffer along.