Computers Lie and Cheat

In the 70s, we had a Scrabble game where I worked, probably on an IBM 360 mainframe running VM1 or similar. The program may have come from what is called netnews, a very early and nerdy-type of what is now called social media.

The computer’s play was excellent and rarely beatable, so much so that I decided to look at the source code.

If you’ve played the board game, you’ll remember that each player draws seven tiles from a pool of face-down letters. When it’s your turn, you figure out a word (must be in Merriam-Webster or some other previously-agreed-upon dictionary), play it on the board, tally your score, and then draw replacement tiles from the pool.

But the computer doesn’t know English or any other human language so the program had to have a built-in dictionary of words for it to consult when playing its tiles. That built-in dictionary included many large words with lots of high-scoring letters as well as shorter and simpler ones.

Looking at the word-choice algorithm where the computer searched that dictionary against its letter-tray for the best-scoring word, there was a short segment where it compared the computer’s score to the players. That was rather odd because that comparison had nothing to do with actually finding the best word to play. In fact, the code already knew its best play for its seven tiles.

Further study revealed that if the player was ahead by some percentage and could not be overtaken by the computer’s best word, the program swapped out its complete tray of letters, drew seven new ones from the pool, and then repeated the search and score comparison. This continued until the computer “found” a really great play that would give it the lead.

The computer cheated!

That was the first, but not the last, instance of computer malfeasance I’ve encountered. Over several decades in the computer software business, I’ve run into a small number of other wrong-doings, usually to perpetrate the theft of goods or funds, that had been clandestinely programmed into “production” software. In some cases, the thievery amounted to hundreds of thousands of dollars, and the corporations rarely called the police or any other law enforcement entity. Their reasons were 1) it was embarrassing, 2) the loss was covered by insurance, and 3) “if we told people about it, more would try.”

But let’s be accurate: the computer is not cheating. Someone programmed it to do that.

Programmers are problem solvers. Figuring out how to cheat the system is a challenging problem that some may occasionally relish but few will admit.

WOPR (War Operation Plan Response) Computer (WarGames)

Another “hack” is famous in the Unix community. As you’ve no doubt experienced, when you login to a computer, you are asked for a username and a password. The computer then checks them against the authorized list and you are admitted or refused.

The login algorithm and its list of usernames and passwords must be carefully scrutinized for possible errors (or cheats), and usually by several, independent people. Only when everyone has studied the code and pronounced it safe will it be put into production.

Ken Thompson, one of the early Unix programmers, wanted to give himself a backdoor into the computer. That’s a username and password that will always work, no matter what. Normally to achieve something like that, the login program would have to be hacked–corrupted to always admit that one login–but with many people checking the code for any such infraction, it would seem to be impossible.

Ken, however, was also responsible for the compiler. That’s a separate program that converts the source code into executable binary. And it’s then the binary that actually runs on the computer and authorizes logins.

To create the backdoor, he added code to the compiler to recognize the login source code, and when it was being compiled, his addition would “insert” his secret back door credentials automatically. The resulting binary contained his addition, the backdoor. (Security checking of the compiler was not considered a requirement because it was big, and ostensibly, it had nothing to do with computer security. Hence, nobody looked.)

Ken’s “hack” is actually implemented via a second-level and even more devious trick. For additional details, you can read his somewhat lengthy description, or a much shorter one with fewer details.

  1. Ken’s description of his “cc hack” and related issues. (Click to read.)
  2. A shorter but just as interesting description. (Click to read.)

In the decades since, programmers have come up with a great many new, clever, lucrative or damaging, depending on the intent, cheats for computers.

When someone tells me “the results are accurate because a computer tallied it,” I know from first-hand experience that is no proof. And like when a child tells a lie, the more it is repeated, the more suspicious I become.

Leave a Reply

Your email address will not be published. Required fields are marked *