Please
listen carefully and don’t hang up. Those were the first words this unknown male caller said to me when my brother handed me the phone.
It
was the July 4th weekend, 2000, give or take a day, and Mr. X knew to say that first because he was calling me after midnight at my brother’s house in Connecticut. This was beyond creepy because I lived in
California and nobody knew I was in Connecticut except for my immediate family, who were all there with me in the house. I had only arrived the day before as I do most years about this time for our annual family picnic.
Why was this guy calling me?
It was a matter of national security.
The
caller apologized for waking us up and said his name was Dave. He asked me to get a pen and paper because he was about to give me some important instructions that would allow me to confirm his identity. Then
he dropped the bomb and said: “it was a matter of national security.”
By
now some of the other people in the house had started to gather around where I was standing in the kitchen by the wall-mounted phone. What the hell was going on? I signaled to my brother to bring me a pen — stat.
I
was still trying to process what was going on, and strangely, I didn’t
even have the frame of mind to ask Dave how he got this number. He
sounded serious and spoke with an air of authority; I guess I was
already convinced he was on the level.
Okay, I’m ready to write.
Dave
told me he was with the NSA in Bethesda — the National Security Agency.
He couldn’t say anything more until I called him back. This is why I
needed a pen. He was about to give me a series of steps to follow to call him back in a way that proved his identity and cemented the gravity of the situation.
Call Me Back
Dave
instructed me to hang up the phone and dial 411 (information) and ask the operator for the main number to the naval base in Bethesda, MD. I
was to call that number and then work my way through a series of other base operators, asking each, in turn, to connect me to the next one in the chain. He gave me the exact words to say at each hop since I’d be asking to be put through to a secure facility.
The adrenaline had kicked in and I was wide awake.
To
put me at ease, he said he’d call back in ten minutes if he didn’t hear from me — just in case I messed up. But I didn’t mess up.
A
few minutes later I was back on the phone with Dave. Whoa — the NSA.
This was actually real. The adrenaline had kicked in and I was wide
awake.
We Need Your Help
Dave
proceeded to tell me that they were in possession of a laptop
containing files that had been encrypted using my SafeHouse privacy
software. They had a national security situation that required immediate
access to those files and they needed my help; or more specifically,
for me to help them gain access possibly faster than they could do all
on their own. Time was of the essence; hence, the midnight call.
Bad things were about to happen if the NSA couldn’t get into those files.
SafeHouse
was (and still is) a popular Windows utility I developed to encrypt
private files which was distributed as Internet shareware. The free
shareware edition purposely featured weak encryption to comply with
State Department export controls on munitions as well as to encourage
users needing serious privacy to upgrade to the stronger paid edition.
My customers ranged from home users to big Wall Street institutions.
Bad
things were about to happen if the NSA couldn’t get into those files.
Maybe people would die, or at least Dave instilled that impression on me
as he politely asked if I would be willing to give him my source code;
all the while, apologizing for not being able to tell me anything more
about the situation.
I
mention Dave was polite in asking for my code because it’s something
that stood out and struck me as unusually odd — he was way too nice. He
seemed predisposed or prepared for me to say no. And if it had been
anyone else at any other time, he would have been right, but I could
tell something big was up and there simply wasn’t time to debate the
merits of handing over my source code to the NSA.
Of
course, Dave asked right off if there was any chance there might be a
back door to the encryption, as that would save a lot of time. But no.
SafeHouse was designed to the highest standards and best practices using
strong 256-bit industry-standard ciphers.
I’ll
give you the source. Absolutely. Anything you need. No problem. But
there actually was a tiny problem — I didn’t have it with me. I was on
vacation. So I called and woke up Ron in Portland, OR. By then it was
about 1am on the west coast. Ron was a programmer on my team and I knew
he had a copy of the source at home.
Zipped. Emailed. Done.
I
tried to probe — so, can you guys actually break 256-bit encryption?
Dave was mum. Encryption insiders had always speculated about that; I
figured it was worth a try. I didn’t really expect him to answer.
When
did this laptop dude buy SafeHouse? What version did he have? The more I
know, the more I can point you guys in the right direction.
And
that’s when Dave let on that laptop dude had the shareware version.
What — seriously? That changes everything. The shareware version only
supported cheap 40-bit encryption — totally breakable within just a few
days by most determined hackers; and likely, I’d assume, in quite a bit
less time than that by the secret code breakers working in windowless
rooms deep inside the NSA.
I
probed again, this time about their capability at 40 bits; maybe that
reduced level wasn’t such a State secret. But again, Dave was mum.
Dumb-Ass Criminals
But
seriously, this laptop idiot was planning to blow up a building, or
something equally as bad, but wasn’t smart enough or flush enough to pop
for the $39.99 to step up to the maximum-strength encryption?
This
time Dave answered — “surprisingly, it happens all the time. They call
them dumb criminals for a reason. Unbelievable, but true.”
I
continued to work with Dave and his team over the next day or so. I
answered all of their questions and they answered none of mine —
naturally. But they were always polite in these one-sided conversations
that fueled an insane curiosity that I knew would never be satisfied.
The Gift
A
few days later I was back home in California and an unmarked box showed
up at my office addressed to me. Inside, wrapped in white tissue paper,
was a blue NSA coffee cup with a hand-written note on plain white copy
paper that simply said “Thank you. Dave.”
Later
that day I got a call from Dave. He still couldn’t give me any details
because it was all top secret, but he did tell me that everything
“worked out” and they were grateful for my help.
Once
more I tried to probe and asked if “worked out” meant they cracked the
code; but of course, again, he wouldn’t say. Always so silent. He must
be a hoot at parties. Is Dave even his real name?
As
I thanked him for the gift, I couldn’t help not bust his chops about
the covert note that he tucked inside the box. He just laughed and said
“that’s my official NSA stationery.”
I’ve
had that top secret coffee cup for 18 years now. It’s the same one
pictured at the top of this article. I need my coffee every morning, but
I’ve never used this cup. It’s too special. I’m afraid I’d break it if I
started using it on a regular basis, so it stays up on a shelf in my
living room alongside some of my other treasured mementos.
For all I know, they sell those cups in the gift shop.
I’ve
never been to the NSA, and for all I know, they sell those cups in the
gift shop. But to me it doesn’t matter. This cup is a reminder of
something bad that never happened, and I played a small role in that.
But
there’s still one thing that continues to nag me after all these years —
how the hell did Dave track me down 3,000 miles away from home after
midnight on that hot summer’s eve in Bristol, Connecticut?
0 Comments
Please i love feedback, thanks