Forwarded From: "Spencer, Will" <wspencerat_private> Hackers Elude Accelerator Center Staff (San Francisco Chronicle; 06/11/98) Officials at Stanford Linear Accelerator Center are rethinking the openness of their computer system a week after hackers forced them to shut down outside access to the federal research facility's computer network. External access to the center's computer system was suspended after staff members failed to catch hackers who had intercepted a password and were moving in and out of more than 30 of the facility's Unix servers. "We traced the hackers around to the point that we weren't gaining on them," said center spokeswoman P.A. Moore. "The person or persons were successful in covering their tracks and in getting into and out of accounts." It is still unclear how the hackers got access to a password and the system, Moore said. But as a result of the breach, she said, officials are rethinking the center's policy of being an open scientific research facility. She said proposals are being considered to restrict the center's computer system. "A number of options are being considered and they range from very mild to more severe," she said. Moore said that most of the center's Internet services were restored Tuesday after security measures were put in place and that staff members were instructed to change their passwords. The shutdown did not create any serious problems, although it caused delays in many projects and denied researchers from all over the world access to the center's Web site, Moore said. Established in 1962, the Linear Accelerator Center is funded by the Department of Energy and operated by Stanford University. With a staff of about 1,300 and 2,000 researchers worldwide, the center conducts basic research on atomic and subatomic physics. The center's researchers use colliders to study matter at the atomic level. "Mostly, we've lost time on experiments," Moore said. "We do not see that any data has been compromised. It's more of a setback than a major disaster." But she said future break-ins will remain a problem for open scientific facility. The center does not conduct any classified research, she said. "Computer hackers are very sophisticated in terms of their knowledge and ease in traveling through cyberspace," she said. "We're vulnerable. By being an open facility, we are a target for vandals." Stephen Hansen, a Stanford University computer security officer, said campus system break-ins average at least two a month. A common tool used by hackers is a computer program dubbed "the sniffer," which allows intruders to decode data in a system, specifically passwords and log-on names. "Sniffers are quite dangerous," Hansen said. "If they are not caught right away, they can lead to break-ins to thousands of accounts, not just locally, but across the Internet." To minimize such break-ins, he said, more system operators are using encryption programs that prevent hackers from determining sign-on names and passwords. However, this is not an easy option for the Stanford center because encryption programs are prohibited in some countries, including France, where a number of center-affiliated researchers live. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:56 PDT