The Cavalier Daily
Serving the University Community Since 1890

Break-ins threaten computer security

What if someone stole your computing password? They could log in as you, send e-mail as you - and assume your electronic identity.

Stolen passwords are one of the security threats posed by hackers that attempt to gain unauthorized access to computer systems.

This summer, several computer break-ins occurred at the University.

In Clark Hall, there were three related break-ins to the building's Sun workstations - the first in late June, the second in mid-July and the third in late July/early August, said William Shane Brandon, Computer Systems Engineer for the Environmental Sciences department.

Brandon discovered that the hacker had broken in to one of the computers running an old version of the Sun operating system and was using that to break in to other computers.

"They used this machine to attack other machines," Brandon said.

The old operating system on the home base computer made it easier to gain unauthorized access.

"It had a very old operating system," said Computer Center Lead Engineer Hamp Carruth, "Security holes had never been closed."

After discovering the break-in on the computers in Clark Hall, logs were analyzed to identify the people whose passwords had been detected by the hacker, Carruth said. While Carruth knows of no direct damage to these individual accounts, all affected account users were notified by ITC and warned to change their passwords.

The hacker ran a Packet Sniffer program, which can gain access to other people's passwords, Brandon said.

"A Sniffer can read packets [bits of computer data] and interrupt and record a log-in ID," Carruth said.

Much of the University has switches which enable data on the Ethernet to pass directly between two computers, he said.

However, Clark uses an older broadcast Ethernet system, Carruth said.

"Every computer attached to that same piece of cable gets the signal," Brandon said.

This allows someone using a Packet Sniffer to pick up information, such as passwords, from other computers on the same cable.

"A Packet Sniffer is the computer equivalent of a wire tap," said Brian Paco Hope, Systems Administrator for the Computer Science department.

There are plans to update the Ethernet system in Clark Hall when it is renovated, but that is still about five years away, Brandon said.

In addition to notifying the people whose passwords were detected, ITC and the environmental science computer system upgraded the machines and installed patches to make it tougher to break-in, and to make it even more difficult to use one computer to break-in to others, Brandon said.

"We managed to get rid of all the access points for now," he said. "We feel more secure, but I do expect it again.

"I check my logs regularly and we're being very precautious now," he added.

In late August another computer break-in occurred, this one to the UNIX machines in Small Hall.

This time, the unauthorized access was detected fairly quickly thanks to the method of hacking used, Carruth said. The hacker had installed a set-up job that tried to run every minute, causing error messages to be e-mailed to Carruth's office. In response, the machines in Small Hall were upgraded, he said.

"We're now looking at other Silicon graphics machines and trying to bring them up to the same level," he added.

Such hacking is a constant challenge for computer system administrators.

"It's a race to see if we can close the hole before someone can use it," Carruth said.

"Probes [attempted break-ins] occur with increasing frequency," he said.

"We've experienced numerous break-ins, though none really recently," Hope said of the computer science department workstations.

"About four months ago just about everyone running Sun system was broken into," he said.

Most of the computer break-ins that do occur at the University, however, are not malicious toward the University community.

"We usually find that they are used to attack other machines, not to attack the individual," Carruth said

By attacking computers from a computer other than their own, it is more difficult for the location and identity of the hacker to be discovered, Hope said.

"The more systems they hop through, the harder it is for them to be found," he said.

Other hackers are motivated simply by the challenge.

"A lot of hackers do it just for the thrill," Hope said.

However, there is the "potential for someone to really do some abuse," Carruth said.

For example, a hacker could delete computer files, change system properties, or take a person's computing identity, allowing them access to the person's e-mail and password protected files.

To try and prevent this, computer systems administrators employ several security measures.

One of the methods is to encrypt everything sent over the network, so other computers cannot read it.

"What's actually sent over network is scrambled," Hope said.

The Computer Science Department has a program called Trip Wire that checks every file on every system, and sends out an e-mail to Hope if anything changes.

"That's been a really valuable asset for us," he said.

Another security method is to limit access.

"We deny connections to much of the outside world," Hope said.

Such methods "have dramatically reduced the impact of all the different hacker attacks," Hope said.

Individuals can also protect their own passwords using encryption programs.

"One thing people can do is to use a connection that involves some sort of encryption," Carruth said.

Secure CRT, a program that does such encryption, can be downloaded from the ITC Software Central Web site at www.itc.virginia.edu/central, he said.

Comments