Sabotaging Code: 1996 NCAA March Madness Pool
I started at the University of Michigan in 1992, right during the Fab Five era. The Fab Five were five freshman basketball players who in 1991, with a totally new coach, went all the way to the NCAA championship. This was unheard of, and the team had a deserved swagger and aggressive style that was addicting. Even if you’d never seen a basketball in your life, if you were on that campus at the time you were crazy about basketball. It was a golden era. It turns out years later they were breaking rules but that’s a topic for a different blog.
As you can imagine, everyone participated in a NCAA pool. My friend across the hall, Andrew Borteck, was an out-of-his-mind Michigan fan and was clearly the guy on the hall who was going to organize the pool for us. Borteck somehow enlisted me to help [it turns out Borteck now works for NBC Sports as an attorney, a fate that could have been predicted in college].
We had about 120 entries in our pool, no small feat in a pre-email, pre-Internet era. I told Borteck that he’d be crazy to tabulate all of the scores by hand, and that I certainly wasn’t going to waste my time adding everything up. So I wrote a program in Pascal that allowed us to quickly input the teams for each bracket and then it would score them. It worked well and stood up to three or four people complaining that their scores were wrong (they weren’t).
I used the program each of the years I was in college.
My senior year, I lived in a house with six of my fraternity brothers. One of them was David Miller, a brilliant mechanical engineer who finished top 10 or so in our class of about 5,000. Miller is an exceptional practical jokester and loves a good challenge. But in college, while he knew Michigan’s team pretty well, and maybe the Big 10, he was pretty clueless about the rest of the NCAA.
When I printed the results for the first round, Miller was near the top. This was not totally unusual, as the first round has a lot of randomness. But when Miller was leading after the second round, it was a bit suspicious. I also noticed that his score went up by an odd number even though each game earned 2 points. So I decided to take a look at the code, even though it had withstood multiple tests over the last three years.
Sure enough, Miller had inserted a line in the code:
IF Group[Dude].Name="David Miller" THEN Group[Dude].Points:= Group[Dude].Points+7;
Keep in mind that Miller had never taken a programming class. So I was impressed. We had a good laugh, and I pulled out the inserted code. I also moved the code to a different folder on my PC. For the next round, before compiling the code, I searched for Miller’s name in the code. It wasn’t there, so I was in the clear.
A week later, I ran the results for the third round. Miller was second. He flung both hands in the air and declared “I am a basketball GENIUS!”.
Now I was pissed. Miller was a genius, but definitely NOT a basketball genius. I looked through the code and found:
IF Dude = 22 THEN Group[Dude].Points:= Group[Dude].Points+12;
Miller didn’t know how to use the debugger, so he must have opened up the text datafile and counted the rows to see which number player he was.
I then turned to Miller and said the following:
“I am going to secure this code on this PC. And if after I secure it, if you can modify the program within 10 minutes, I’ll let your modifications stand, and if you win the pool, you can keep the money.”
- moved the code to a directory with a name that could not be typed except with special ASCII characters (ALT+num pad) and was not accessible through windows 95 file explorer (had to use a DOS command shell)
- I zipped the source code with encryption, secured by an extremely strong passphrase
- I used a wipe utility to wipe the harddrive sectors that had the original source code file so he couldn’t undelete it/rebuild the file allocation table
- I also used a wipe utility to remove the executable for fear he’d know how to use a disassembler, modify the assembly and then recompile.
- I used the hide attribute on all the files and the folder
While I started to do this, I heard a sound and turned around to find that Miller had binoculars and was looking through a crack in my bedroom door trying to read what I was typing. I quickly plugged the hole. After about ten minutes, I had completed all of this work, I turned to my other housemate Davidoff who was on my bed. Proud of the protection I had implemented, I started to describe to him in detail what I had done. It was then that I realized that someone was outside of my second-floor window. It was odd because there is only a one foot by two foot section of roof under the window. And there is no way to get there. I looked more carefully, and saw it was Miller who had free climbed up the drainspout, perched himself on this impossibly small section of roof and was using his binoculars and ear to the window to spy on me. Of course there was no safe way down, so after we let him beg for a couple of minutes, we let Miller in through the window and I stopped explaining my exploits.
I had a kitchen timer that I used as president of the fraternity to keep our meetings running apace. I set it to ten minutes and the challenge commenced as I pressed the start button and the timer dutifully belched a beep. To my astonishment, he got through one barrier after another. I started to get nervous, the pool was a lot of money for a college kid, and I’d have to underwrite the bet if Miller got through all of the obstacles.
After about 7 minutes, he was at the last obstacle: the password on the zip file. Again, this is before the Internet, so it wasn’t like he could download a program to perform a brute force attack or key-logging or use other methods to defeat the encryption. But he was smart enough and determined enough where I was certain he could figure it out given enough time…which is why I was happy that I only gave him 10 minutes.
Try as he might, he couldn’t guess the password. I was liberated as the timer sounded its alarm. It was over, my program survived. It turned out to be its last test, as I never used it again after that.
As I was writing this, I looked back and miraculously found the code. The picture above is a screen shot of it. It was fun to walk through it and realize how sloppy a programmer I was back then. My 18 year old self would have miserably failed my code reviews by my 22 year old self.