In 1997, while working in the Marketing group at IBM Storage Systems Division, Scott conceived of the idea for an Extranet to link IBM’s biggest OEM Storage customers: HP, Apple, Dell, Gateway, etc… together with manufacturing, sales, and R&D, using a new technology called Lotus Domino. Domino was a web interface for Lotus Notes. Scott named this new marketing product the “IBM Edge,” and the name stuck for four years. To give you an idea of this project’s scope, it provided ALL of a customer’s own relevant SAP CRM data and all the information on all the products they’d purchased, including confidential manufacturing and R&D reports for these products, and for some customers, it also enabled electronic ordering. In 1999, this system on the Internet booked over $2B in electronic orders, making it the #2 system in the world behind IBM’s own PC business, or so we were told. It earned Scott an Outstanding Technical Achievement Award (OTAA) and a trip to IBM’s Boardroom, and this isn’t even the interesting part.
During the development of the “IBM Edge” system, and before it went live, Scott asked one of his developers, Nick Bushnell, to start a project to build a Lotus Domino Cracking tool. Scott outlined the program flow, identified all the known hacking tricks he’d developed by hand, 57 in total, and demonstrated how Nick could programmatically expand on these to explore hundreds of variations. At this point, Scott had also informed the Division CTO & Information Asset Security person of the Lotus Domino flaws he’d discovered and asked that she contact Lotus. By this time, IBM had owned Lotus for roughly a year. After two weeks of development, Scott was out sick the day it was completed. They arranged to test it the next day on some internal systems. That evening, Nick and another member of Scott’s team, Matt Wuebbling, chose to run the tool on each of our internal servers and found nothing. They assumed it didn’t work, so they ran it on Notes.net and several other well-known Lotus-owned and controlled websites. Furthermore, when the tool pointed out vulnerabilities at Notes.net, these two tested one of them. They remapped Notes.net/support to a dummy page on one of our team’s external IBM servers.
Now, here’s where the story becomes interesting. Nothing happened, so Nick went home while Matt decided to stay late. Well, he soon learned that Lotus’s servers rebooted at midnight, the changes they’d made had taken effect, and we received 100 legitimate hits an hour for Lotus Support from Europeans to our bogus test page.
That next morning, Scott got a call at home from Matt at 7 AM. At that time, Matt was the kind of guy whose eyes didn’t usually open till at least 9 AM on a “work day,” and he asked Scott when he was coming in. Scott said shortly and asked, “Why?” Matt requested that Scott rush as it was serious, but Matt would provide no more details. When Scott arrived, Matt laid out what had transpired, and then they dove into their server logs to see if Lotus had launched a counterattack.
From Midnight till 6 AM Eastern time, Lotus’s Support page was mapped to our dummy page, which received over 500 hits. Then traffic stopped, and things heated up. For the next 45 minutes, Lotus attempted to hack our IBM server using the same tricks we’d used. Having designed the security scanning program, Scott had already locked down ALL his internal and external servers against the 57 flaws they’d uncovered and reported to Lotus. The fact that IBM owned Lotus and that Lotus tried to hack us and failed was an integral part of Scott’s defense of his team when Lotus had requested later that day that they all be fired and then arrested. Scott dodged a bullet with this hack. It took Scott several very tense meetings with the IBM corporate council, Lotus (via teleconference), the Division CTO, and HR to get things straightened out. In fact, at the first meeting, Scott had walked in and had known everyone in the room except one person. She then introduced herself as the director of HR and requested that Scott sit next to her, and then she said “I’m here for you.” She implied it was to help, but her role, fortunately, never played out.
A week later, Scott met in person with a Lotus executive, the same guy who had wanted them fired. Later that week, IBM Research’s Tiger Team (a couple of white hats) released his team’s code to both groups. One final note: shortly after the above incident, Scott received an Outstanding Technical Achievement Award, one of IBM’s highest awards, for his work on the IBM Edge (internally called “HDD Partner Info”).
