[ISN] Hackers break into software distribution site

From: mea culpa (jerichoat_private)
Date: Sat Jan 23 1999 - 12:11:33 PST

  • Next message: mea culpa: "[ISN] Firms wage electronic war on industrial espionage"

    Forwarded From: anon <uniqueat_private>
    Posted at 6:59 a.m. PST Friday, January 22, 1999 
    Hackers break into software distribution site
    The Washington Post 
    Unidentified hackers corrupted a widely used program at a major software
    distribution center Thursday morning in hopes of gaining entry to computer
    systems around the world, said officials at the CERT Coordination Center
    at Carnegie Mellon University. 
    The damaged program, known as a ``TCP wrapper,'' is typically used by
    system administrators to control services on computers running the Unix
    operating system. System administrators at organizations from schools to
    companies usually download current copies of this kind of program and
    install it on their machines. 
    Around 1 a.m. EST, hackers installed a so-called Trojan horse in one such
    program, opening the equivalent of a trapdoor in the program's security
    and giving intruders easy access to all the services and information
    stored on that computer. 
    In addition, when a system administrator installs the rogue program, it
    sends a message to the hackers, giving them the address of the compromised
    CERT officials, who monitor instances of malevolent hacker attacks, said
    they did not know how many computers might already be running copies of
    the Trojan horse program. Before the corrupted program was detected, 52
    computers around the world had made copies of the program. Such computers,
    in turn, typically distribute the software to others. 
    ``This is a rather unique situation,'' said Jeff Carpenter, CERT's
    incident response team leader. Those who have installed the corrupted
    program now have an open door into their computer systems that malevolent
    hackers can easily exploit. But, he added, there might not be many copies
    of the program running. 
    Carpenter said CERT has posted information on its World Wide Web site that
    system administrators can use to determine whether they have a damaged
    copy of the program (the site is www.cert.org ). Although CERT does not
    try to track down hackers, it does cooperate closely with law enforcement
    officials, he said. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:17:05 PDT