Forwarded From: anon <uniqueat_private> http://www.sjmercury.com/business/tech/docs/004195.htm Posted at 6:59 a.m. PST Friday, January 22, 1999 Hackers break into software distribution site BY ELIZABETH CORCORAN The Washington Post Unidentified hackers corrupted a widely used program at a major software distribution center Thursday morning in hopes of gaining entry to computer systems around the world, said officials at the CERT Coordination Center at Carnegie Mellon University. The damaged program, known as a ``TCP wrapper,'' is typically used by system administrators to control services on computers running the Unix operating system. System administrators at organizations from schools to companies usually download current copies of this kind of program and install it on their machines. Around 1 a.m. EST, hackers installed a so-called Trojan horse in one such program, opening the equivalent of a trapdoor in the program's security and giving intruders easy access to all the services and information stored on that computer. In addition, when a system administrator installs the rogue program, it sends a message to the hackers, giving them the address of the compromised machine. CERT officials, who monitor instances of malevolent hacker attacks, said they did not know how many computers might already be running copies of the Trojan horse program. Before the corrupted program was detected, 52 computers around the world had made copies of the program. Such computers, in turn, typically distribute the software to others. ``This is a rather unique situation,'' said Jeff Carpenter, CERT's incident response team leader. Those who have installed the corrupted program now have an open door into their computer systems that malevolent hackers can easily exploit. But, he added, there might not be many copies of the program running. Carpenter said CERT has posted information on its World Wide Web site that system administrators can use to determine whether they have a damaged copy of the program (the site is www.cert.org ). Although CERT does not try to track down hackers, it does cooperate closely with law enforcement officials, he said. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:17:05 PDT