[ISN] Hackers break into software distribution site

From: mea culpa (jerichoat_private)
Date: Sat Jan 23 1999 - 12:11:33 PST

Next message: mea culpa: "[ISN] Firms wage electronic war on industrial espionage"

Previous message: mea culpa: "[ISN] Internet Chat Wars Spill Over"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded From: anon <uniqueat_private>

http://www.sjmercury.com/business/tech/docs/004195.htm
Posted at 6:59 a.m. PST Friday, January 22, 1999 
Hackers break into software distribution site
BY ELIZABETH CORCORAN
The Washington Post 

Unidentified hackers corrupted a widely used program at a major software
distribution center Thursday morning in hopes of gaining entry to computer
systems around the world, said officials at the CERT Coordination Center
at Carnegie Mellon University. 

The damaged program, known as a ``TCP wrapper,'' is typically used by
system administrators to control services on computers running the Unix
operating system. System administrators at organizations from schools to
companies usually download current copies of this kind of program and
install it on their machines. 

Around 1 a.m. EST, hackers installed a so-called Trojan horse in one such
program, opening the equivalent of a trapdoor in the program's security
and giving intruders easy access to all the services and information
stored on that computer. 

In addition, when a system administrator installs the rogue program, it
sends a message to the hackers, giving them the address of the compromised
machine. 

CERT officials, who monitor instances of malevolent hacker attacks, said
they did not know how many computers might already be running copies of
the Trojan horse program. Before the corrupted program was detected, 52
computers around the world had made copies of the program. Such computers,
in turn, typically distribute the software to others. 

``This is a rather unique situation,'' said Jeff Carpenter, CERT's
incident response team leader. Those who have installed the corrupted
program now have an open door into their computer systems that malevolent
hackers can easily exploit. But, he added, there might not be many copies
of the program running. 

Carpenter said CERT has posted information on its World Wide Web site that
system administrators can use to determine whether they have a damaged
copy of the program (the site is www.cert.org ). Although CERT does not
try to track down hackers, it does cooperate closely with law enforcement
officials, he said. 











-o-
Subscribe: mail majordomoat_private with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

Next message: mea culpa: "[ISN] Firms wage electronic war on industrial espionage"
Previous message: mea culpa: "[ISN] Internet Chat Wars Spill Over"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:17:05 PDT