[ISN] After hacking incident, server security boosted

From: InfoSec News (alerts@private)
Date: Thu Dec 06 2007 - 02:04:58 PST


http://media.www.dailypennsylvanian.com/media/storage/paper882/news/2007/12/04/News/After.Hacking.Incident.Server.Security.Boosted-3130557.shtml

By Jessica Sidman
The Daily Pennsylvanian
12/4/07

Although the University improved computer security after a Penn student 
allegedly caused a server crash in February 2006, a similar type of 
attack could still cause problems for even the largest Web servers.

Engineering junior Ryan Goldstein was indicted last month for 
computer-fraud conspiracy after he allegedly helped a New Zealand hacker 
nicknamed "AKILL" carry out the attack using a botnet - a virtual 
network of virus-infected computers controlled from a central, remote 
location.

Hackers can use a botnet for sending spam, identity theft or 
denial-of-service attacks.

Goldstein's alleged hacking caused an inundation of traffic on the 
Engineering School's server, leading to a server crash.

The Engineering staff overlooked the increase in traffic because of 
recent modifications to the Engineering School's network at the time, 
according to an affidavit filed by FBI agent and computer-crimes 
specialist Jason Stroud.

University technicians made several changes at the time and continue to 
make security improvements as they learn of new threats, IT Senior 
Director Helen Anderson wrote in an e-mail.

In addition, Engineering students must now register for permission to 
run CGI script, a technology used in web servers.

But a large attack could still potentially cripple the server.

"Web servers are sized for their normal usage rate plus extra capacity 
for busy times," Anderson said. "A botnet of more than a million 
computers is enough to cause trouble for even the largest Web servers."

Goldstein used a fellow student's username and password to gain access 
to a University server, Stroud reported.

The user logged in 57,958 times in four days, with 13,289 failed 
attempts, from computers in North America, Europe, Africa, Asia and 
Latin America and then downloaded unusual files onto the Penn server. 
The inundation of traffic caused the server to crash.

"It's been likened to trying to drink from a fire hose," FBI special 
agent JJ Klaver said. "You can shut down an entire computer network by 
flooding it with input."

The Penn server attack denied service to 4,000 students, faculty and 
staff members. However, an attack on a corporate server, such as 
Amazon.com, could cause a company enormous economic losses, said Fred 
Cate, the director of the Center for Applied Cybersecurity Research at 
Indiana University School of Law.

Similar attacks can also be used as online vandalism, political protests 
or to hinder corporate competitors.

Goldstein pleaded not guilty to the computer-fraud conspiracy charges, 
and he is still attending classes.

He faces a maximum sentence of five years in prison or a $250,000 fine.

Copyright 2007 The Daily Pennsylvanian


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Thu Dec 06 2007 - 02:26:31 PST