Note the atypical behaviour shift. --MW Hackers breach Stanford computer security BY MICHELLE LEVANDER Mercury News Staff Writer Brazen hackers repeatedly broke into the Stanford Linear Accelerator Center's computer system last week, prompting alarmed officials to take the unusual step of shutting down computer access to the outside world for a week. In what is believed to be the facility's worst computer security breach ever, a group of sophisticated hackers ``sniffed'' -- or intercepted -- a password to SLAC over the Internet and used it to gain access to more than 30 of the federal research facility's most important Unix servers, officials confirmed Tuesday. The shutdown of Internet services -- which lasted until Tuesday -- brought chaos for hundreds of international researchers, cutting them off from collaborators around the world. Scientists at SLAC comb through huge files on a daily basis, said spokeswoman P.A. Moore, who called the lost time on experiments an ``incalculable'' setback that would put people behind in their work by at least several weeks. But she said it appears no permanent damage was done to data or programs at the facility, which does unclassified research. SLAC researchers explore the structure of matter at the atomic scale by running experiments on the facility's giant colliders, including a two-mile-long linear accelerator. The laboratory -- one of half a dozen high-energy particle generators in the United States -- is operated by Stanford University under a contract from the U.S. Department of Energy. It has a staff of 1,300 and an additional 1,600 international researchers working there at any given time. At Stanford's main campus, hackers have broken into the computer system before using ``sniffers'' -- or networked computers with special software -- and gone undetected for months. Such hackers, often teenagers who have easy access to sniffer kits, increasingly are causing problems for universities, research centers and companies, said Stanford computer security officer Stephen Hansen. At Stanford alone, there is about one incident a month involving sniffers, but security officials have never shut down the entire university's access to the Internet to address the problem. Computer security officer Bob Cowles told employees in a letter that the extreme measure was taken at SLAC to protect the lab's computing infrastructure. If the hackers weren't stopped, the compromised SLAC servers could potentially have been used as a staging ground for attacks on other government facilities and research centers -- one reason SLAC closed itself off from outside world, one Stanford computer security official said. The hackers gained unauthorized access to the highest-privilege ``root'' accounts on the Unix systems, giving them a kind of super-user access that allowed them to enter every account on each system without a password, modify the system and create hidden ``back doors'' that would allow them to conceal their presence and re-enter the system undetected. And, unlike most hackers, who disappear when detected, these bold intruders were persistent and continued to create new breaches even as computer security personnel were plugging the old ones. ``My impression is the hackers were trying to put more holes in as quickly as they (security personnel) were trying to take them out,'' Hansen said. SLAC officials are still assessing possible damage, but so far, they said, they believe no computer files or software were damaged. Stanford officials said more than one person was involved. SLAC has long been vulnerable to a clever hacker, Moore said. It has operated under an ``aura of trust'' among scientists who use its computers, she said. The break-in, she said, has prompted a soul-searching debate within the scientific community about how much it should tighten security -- and limit freedom. For example, until now a SLAC researcher working at a lab in France could log onto SLAC systems remotely. Since France doesn't allow encryption, the password and user name typed in by the researcher were transparent to anyone and easily could be captured by a ``sniffer'' on its way to SLAC. In fact, this break-in could have occurred under a very similar scenario. Now, SLAC scientists are debating whether to require researchers to take the cumbersome and hugely expensive step of paying for long-distance phone calls from abroad to transmit large volumes of data. ``We now have to assess the trade-offs of an open community vs. a more Internet-secure community,'' Moore said. ``It's a debate that's taking place heatedly among different scientists.''
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:28 PDT