University Wire
11-30-1998
(The Stanford Daily) (U-WIRE) STANFORD, Calif. -- For the second time in two months, a computer hacker broke into University computers, this time stealing passwords for almost 300 e-mail accounts.
An outside hacker logged into the Electrical Engineering departmental computer, compromising all accounts on the server, as well as 61 Leland system accounts.
"It looked like the hacker was going for power and wanted to control the system, not necessarily what was on it," said David Brumley, a specialist in the Computer Security Office.
The hacker, using a stolen password, broke into the system at around 7 p.m. on Oct. 31 and stayed in the system for six days, Brumley said. The intruder used a "sniffer," a software program that can intercept user names and passwords, to initially get into the system. Once in, the hacker installed programs on the system to collect user passwords.
Brumley said that although there were no reports of tampering with e-mail accounts, the security office did shut down all the Leland accounts affected, forcing students to go to Sweet Hall to change their passwords.
"That upset a few people, but it's an evil necessity," Brumley said.
The Electrical Engineering Department, which has control over its departmental accounts, has warned everyone with accounts on its server to change their passwords immediately to avoid further complications.
The security office was able to trace the hacker to an Internet service provider but was unable to proceed further without outside assistance.
The University elected not to call the FBI, because minimal damage was done. Brumley said there was no tampering with user accounts, but the department did have to reinstall the system software, as is customary for an incident such as this.
The number of computer security incidents has increased recently, due to more widespread use of automated scanning programs, according to Brumley. These programs allow hackers to look for vulnerabilities in hundreds of machines at a time.
Just last week more than 18,000 scans were performed on Stanford computers. Each scan is counted as coming from one source but could encompass many computers.
The intrusion on the electrical engineering server is far from an isolated incident.
Earlier this month hackers broke into computers on the Leland system to extract more than 5,000 user passwords, in what was considered the first major break-in to the Leland system.
In June, 3,000 researchers at the Stanford Linear Accelerator Center fell victim to hackers and were left without Internet access for a week.
Last April a hacker found his way into the system in the Durand Building and stole 240 e-mail passwords.
Although past incidents have involved hackers deleting doctoral theses from the system, Brumley said the goal of hackers is not always to gain access to Stanford data.
Sometimes they use a computer system as a "jumping spot" to break into other systems, such as banks, so that their actions will be harder for the victims to trace.
Generally, however, hackers can only gain initial access to Stanford computers by logging into a machine on campus.
The PC-Stanford software package, which includes Kerberos security protection, provides users with a secure login.
The Kerberos system encrypts a user's login information so hackers cannot access it.
"It's more or less technically infeasible for someone to crack Kerberos protection," Brumley said.
Dennis Michael, manager of the Leland systems in Sweet Hall, said the problem is that campus computer users are not logging in with the protection of Kerberos.
"We're trying to get rid of clear-text passwords so that sniffers won't work," he said.
(c) The Stanford Daily via U-Wire
No comments:
Post a Comment