I just saw a reference to one of my favorite papers on computer security. It’s Ken Thompson’s Turing Award Lecture, Reflections on Trusting Trust. In it he describes what the Jargon File calls a truly moby hack: the insertion of an invisible back door in Unix.
If you haven’t read this you should do so without delay. It’s short and will astound you. The even shorter version is that Thompson added code to the C compiler to recognize when the Unix login function was being compiled and insert additional code that would accept a special password in addition to the user’s normal password. That’s the back door but there’s nothing very exciting or clever about it. The clever part is that he also added code so that the C compiler would recognize when it was compiling itself and insert the code to add the back door. Finally he recompiled the compiler, removed the two additions from the source and recompiled the compiler again.
At this point, the compiler would insert the back door whenever the login function was compiled and if the compiler itself was compiled it would insert the two pieces of code into the new compiler. However, if you looked at the source code for the compiler there was no indication of what was happening in the binary.
The modified compiler was distributed to the Unix Support Group and although Thompson says that it was never deployed outside the Labs, there is a story that BBN somehow ended up with a copy. I recall, but can not find the reference, that the support group eventually discovered that the compiler had been hacked by looking at the assembly code.
Again, if you haven’t read Thompson’s paper I urge you to. Of course, after you do, you will never trust any piece of software again.