[ISN] University systems a haven for hackers

From: InfoSec News (isnat_private)
Date: Sat May 04 2002 - 04:18:40 PDT

  • Next message: InfoSec News: "[ISN] Two Dozen Highline H.S. Students In Hot Water For Falsifying Grades"

    By Robert Lemos 
    Staff Writer, CNET News.com
    May 2, 2002, 4:20 PM PT
    VANCOUVER, British Columbia -- College is intended to nurture the
    quest for knowledge, but many universities are also unwitting breeding
    grounds for hacking and online piracy.
    In a presentation here at the CanSecWest security conference, David
    Dittrich, senior security engineer with the University of Washington,
    said university politics and a lack of emphasis on computer security
    have made college networks rife with online piracy and hacking.
    The networks "are a real fertile ground," Dittrich said in an
    interview after the presentation. "There is a responsibility that the
    universities are not meeting."
    While some universities have good security checks in place, the
    majority of academic networks are tempting targets for hackers because
    of their lack of security, abundance of bandwidth and overworked
    At the University of Washington, for example, Dittrich, two other
    security engineers and several network engineers have to deal with
    network outages, compromised computers, rogue libraries of pirated
    media and software, and students who can't get online to get their
    homework done because of all of the illicit traffic.
    Responding to recent complaints from two students that their computers
    were exhibiting strange behavior, Dittrich and the other engineers
    found that at certain times of day, the university's bandwidth was
    being overwhelmed by sudden spikes in usage.
    He found that a handful of computers on the network had been
    compromised and that a distributed database of pirated software and
    movies had been installed.
    This time, nine systems on the network had more than 520GB of pirated
    software and movies stored on them, including the just-released
    "Scorpion King." That was just this week; in total, more than 70
    systems have been found to have been used for digital piracy and
    so-called distributed denial-of-service (DDoS) attacks. The files
    could be accessed only through Internet chat "bots"--automated
    programs--that would allow only those in the know to download the
    Such piracy is not always set up by outside hackers, Dittrich said.  
    Several of his server investigations have revealed that students have
    been hosting the pirated software. In fact, a snapshot of the traffic
    on the network showed that 37 percent of the data consisted of
    transfers by the file-sharing program Kazaa, and another 15 percent
    belonged to another file-sharing program, Gnutella.
    The problems are not new.
    In 1999, Dittrich had to clean up nearly 80 Solaris systems and 40
    Linux systems that had been compromised and on which online vandals
    had installed DDoS tools. In 2000, 200 systems had been hit with the
    Code Red worm and another 150 or so with the Nimda worm.
    "It's not large percentage-wise," he said, "but it is large in
    In all, thousands of the university's 50,000 systems could be
    vulnerable to one of the dozens of flaws commonly exploited by online
    vandals. That multiplies when the systems are used to scan other,
    non-university systems. Four systems owned by PowerBot, a Swiss Army
    Knife of hacker utilities, automatically found 9,000 systems last
    summer outside the university that were vulnerable to the attack used
    by Code Red.
    The problems are not isolated to the University of Washington. Right
    after Dittrich's talk, another administrator approached him asking for
    advice because her network is wide open to exploitation.
    The fear, she said, was that if the school's computers were used to
    attack another company, that company might sue for damages. The
    security administrator asked that she and her college not be
    Such problems may continue until a lawsuit is brought against a
    university or the various academic departments in the university get
    serious about security, Dittrich said.
    "Not everyone hears the message," he said, especially when nothing
    happens to the universities in the way of punishment if they don't
    secure their systems.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Sat May 04 2002 - 07:19:57 PDT