[ISN] Students' computers hacked

From: William Knowles (wk@private)
Date: Fri Jan 23 2004 - 08:01:21 PST

  • Next message: William Knowles: "[ISN] Linux Security Week - January 26th 2004"

    http://www.chronicle.duke.edu/vnews/display.v/ART/2004/01/22/400fd304cd30b
    
    by Andrew Collins
    January 22, 2004
    
    Some students coming back from fall study abroad have discovered to
    their dismay, what others in the University have known for months:  
    Duke computers are under siege from hackers.
    
    Since August 2003, the Office of Information Technology has had to
    reinstall the operating systems of hundreds of hacked computers--the
    computer equivalent of a lobotomy. Although not unprecedented, the
    recent surge in hacking has inconvenienced many and shows no signs of
    abating.
    
    Former study abroad students report that a disproportionately high
    number of their fellow travelers have been hacked. A possible reason
    is that since they were gone last semester, some of these returning
    students may have failed to take precautions OIT recommends to guard
    against hacking.
    
    Junior Vinitha Kaushik said she did not pay adequate attention to an
    OIT security patch download page that greeted her when she returned to
    her computer from a France study abroad program. "They put the patch
    in the middle of a registration form," she said. "All I really wanted
    to do was get back on the Internet when I got back to school, so I
    skipped the middle part." Kaushik's computer was promptly hacked.
    
    OIT security officer Chris Cramer said computers become vulnerable
    when individuals fail to create an administrator password or when they
    fail to download security updates for their operating systems. Most of
    the University's recent hacking cases have resulted from a lack of an
    administrator password, he said.
    
    The identity of the hackers--and Cramer said there are almost
    certainly multiple people involved--is largely impossible to trace.  
    Many of the suspected hackers are thought to be from foreign
    countries, including Brazil, while others are suspected to be from
    within the United States.
    
    The Federal Bureau of Investigation has not taken up any Duke cases
    yet, Cramer said, because the amount of damage from each hacking is
    relatively small.
    
    Cramer said there are three main motivations to hacking Duke
    computers: fun, data storage and as a means to attack other computers.  
    Although the hackers' amusement factor may be impossible to gauge,
    hacked Duke computers have been used for data storage and,
    occasionally, to launch attacks on other computers.
    
    "Typically, these are teenagers--younger teenagers--just looking for
    thrills," Cramer said. "The folks who break into the machines are
    [often] looking for some computer where they can store movies, music,
    pornography, et cetera, all these illegal materials, so that other
    people can download them."
    
    The standard OIT protocol for dealing with hacked computers is to wipe
    clean the hard drive and reinstall the operating system. This
    reinstallation service is free but leads to five to seven days of
    computer deprivation, as well as the inconvenience of having to back
    up important data and reinstall programs.
    
    Hacking victims, predictably, voiced their displeasure about their
    computer lobotomies. "It's awful," Kaushik said. "I live in Edens
    [Quadrangle]; the computer lab isn't even close and applications and
    resumes are due."
    
    "It's just sort of a pain... actually, it's a big pain," said junior
    Kate Hansen. "I don't have a burner, so all my music and picture files
    are gone. I was only able to salvage some [Microsoft] Word files and
    stuff."
    
    For those who did not save their original CD-ROMs for application
    packages such as Microsoft Office, the operating system reinstallation
    can become quite expensive. Duke Computer Store manager Clarence
    Morgan said the computer store cannot replace lost disks.
    
    OIT insists on reinstalling hacked operating systems because of the
    relatively unlikely possibility that a hacked system could attack
    other computers on the network. Failure by a hacked individual to
    bring his or her computer to OIT within a week results in a severed
    internet connection, Cramer said.
    
    "Unless you really know what you're doing, the safest thing to do is
    reinstall the operating system and then restore that data to a clean
    computer," Cramer said. "You can attempt to get the hacker off your
    system, but it's never as simple as just changing your password,
    because usually the hacker has installed back doors--ways they can get
    back in."
    
    Some students are complaining about shorter-than-advertised periods
    between initial notification and losing their internet; others say
    their computers have remained in the shop longer than five to seven
    days. Despite the grumbling, most praised OIT workers' helpfulness and
    others have even identified positive aspects to being temporarily
    stripped of their computers.
    
    "My roommate's computer got hacked into too," said Hansen of her
    fellow study abroad veteran, junior Jessica Laun, "so we actually have
    real conversations."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jan 23 2004 - 11:09:34 PST