Making a note of Trauma Registry records that might prove interesting, I exited the file. Finally, I ran a list command to see what old data reports, memos, or notes in my directory I could remove to free up space on the hard disk. That was when I spotted a file I did not understand.
The name of it was tty07. It was only sixteen bytes in size and the date and time were December 16, this past Thursday, at 4:26 in the afternoon. The file's contents was one alarming sentence:
I can't find it.
Reaching for the phone, I started to call Margaret at home and then stopped. The directory Chief and its files were secure. Though anyone could change to my directory, unless he logged in with my user name and password, he should not be able to list the files in Chief or read them. Margaret should be the only person besides me who knew my password. If she had gone into my directory, what was it she could not find and who was she saying this to? Margaret wouldn't, I thought, staring intensely at that one brief sentence on the screen.
Yet I was unsure, and I thought of my niece. Perhaps Lucy knew UNDO. I glanced at my watch. It was past eight on a Saturday night and in a way I was going to be heartbroken if I found Lucy at home. She should be out on a date or with friends. She wasn't.
“Hi, Aunt Kay.” She sounded surprised, reminding me that I had not called in a while.
“How's my favorite niece?”
“I'm your only niece. I'm fine.”
“What are you doing at home on a Saturday night?” I asked.
“Finishing a term paper. What are you doing at home on a Saturday night?”
For an instant, I did not know what to say. My seventeen-year-old niece was more adept at putting me in my place than anyone I knew.
“I'm mulling over a computer problem,” I finally said.
“Then you've certainty called the right department,” said Lucy, who was not given to fits of modesty. “Hold on. Let me move these books and stuff out of the way so I can get to my keyboard.”
“It's not a PC problem,” I said. “I don't guess you know anything about the operating system called UNIX, do you?”
'I wouldn't call UNIX an operating system, Aunt Kay. It's like calling it the weather when it's really the environment, which is comprised of the weather and all the elements and the edifices. Are you using A-T an' T?”
“Good God, Lucy. I don't know.”
“Well, what are you running it on?”
“An NCR mini.` “Then it's A-T an' T.”
“I think someone might have broken security,” I said.
“It happens. But what makes you think it?”
“I found a strange file in my directory, Lucy. My directory and its files are secure - you shouldn't be able to read anything unless you have my password.”
“Wrong. If you have root privileges, you're the super user and can do anything you want and read anything you want.”
“My computer analyst is the only super user.”
“That may be true. But there may be a number of users who have root privileges, users you don't even know about that came with the software. We can check that easily, but first tell me about the strange file. What's it called and what's in it?”
“It's called t-t-y-oh-seven and there's a sentence in it that reads: 'I can't find it.'
“I heard keys clicking.
“What are you doing?”
I asked.
“Making notes as we talk. Okay. Let's start with the obvious. A big clue is the file's name, t-t-y-oh-seven. That's a device. In other words, t-t-y-oh-seven is probably somebody's terminal in your office. It's possible it could be a printer, but my guess is that whoever was in your directory decided to send a note to the device called t-t-y-oh-seven. But this person screwed up and instead of sending a note, he created a file.”
“When you write a note, aren't you creating a file?” I puzzled.
“Not if you're just sending keystrokes.”
“How?”
“Easy. Are you in UNIX now?”
“Yes.”
“Type cat redirect t-t-y-q -” “Wait a minute.”
“And don't worry about the slash-dev ' “Lucy, slow down.”
“We're deliberately leaving out the dev directory, which is what I'm betting this person did.”
“What comes after cat?”
“Okay. Cat redirect and the device “
“Please slow down.”
“You should have a four-eighty-six chip in that thing, Aunt Kay. Why's it so slow?”
“It's not the damn chip that's slow!”
“Oh, I'm sorry,” Lucy said sincerely. “I forgot.”
Forgot what? “Back to the problem,” she went on. “I'm assuming you don't have a device called t-t-y-q, by the way. Where are you?”
“I'm still on cat,” I said, frustrated. “Then it's redirect… Damn. That's the caret pointing right?”
“Yes. Now hit return and your cursor will be bumped down to the next line, which is blank. Then you type the message you want echoed to t-t-y-q's screen.”
“See Spot run,” I typed.
“Hit return and then do a control C,” Lucy said. “Now you can do an ls minus one and pipe it to p-g and you'll see your file.”
I simply typed -Is- and caught a flash of something flying by.
“Here's what I think happened,” Lucy resumed. “Someone was in your directory - and we'll get to that in a minute. Maybe they were looking for something in your files and couldn't find whatever it was. So this person sent a message, or tried to, to the device called t-t-y-oh-seven. Only he was in a hurry, and instead of typing cat redirect slash d-e-v slash t-t-y-oh-seven, he left out the dev directory and typed cat redirect t-t-y-oh-seven. So the keystrokes weren't echoed on t-t-y-oh-seven's screen at all. In other words, instead of sending a message to t-t-y-oh-seven, this person unwittingly created a file called t-t-y-oh-seven.”
“If the person had typed in the proper command and sent the keystrokes, would the message have been saved? “ I asked.
“No. The keystrokes would have appeared on t-t-yo-h-seven's screen, and would have stayed there until the user cleared it. But you would have seen no evidence of this in your directory or anywhere else. There wouldn't be a file.”
“Meaning, we don't know how many times somebody might have sent a message from my directory, saying it was-done correctly.”
“That's right.”
“How could someone have been able to read anything in my directory?” I went back to that basic question.
“You're sure no one else might have your password?”
“No one but Margaret.”
“She's your computer analyst?”
“That's right.”
“She wouldn't have given it to anyone?”
“I can't imagine that she would,” I said.
“Okay. You could get in without the password if you have root privileges,” Lucy said. “That's the next thing we'll check. Change to the etc directory and vi the file called Group and look for root group - that's r-o-o-t-g-r-p. See which users are listed after it.”
I began to type.
“What do you see?”
“I'm not there yet,” I said, unable to keep the impatience out of my voice.
She repeated her instructions slowly.
“I see three log-in names in the root group,” I said.
“Good. Write them down. Then colon, q, bang, and you're out of Group.”
“Bang?”
I asked, mystified.
“An exclamation point. Now you've got to vi the password file - that's p-a-s-s-w-d - and see if any of those log-ins with root privileges maybe don't have a password.”
“Lucy.” I took my hands off the keyboard.
“It's easy to tell because in the second field you'll see the encrypted form of the user's password, if he has a password. If there's nothing in the second field except two colons, then he's got no password.”
“Lucy.”
“I'm sorry, Aunt Kay. Am I going too fast again?”
“I'm not a UNDO programmer. You might as well be speaking Swahili.”
“You could learn. UNIX is really fun.”
“Thank you, but my problem is I don't have time to learn right now. Someone broke into my directory. I keep very confidential documents and data reports in there. Not to mention, if someone is reading my private files, what else is he looking at and who is doing it and why?”