[IWAR] HACK Stanford SLAC

From: 7Pillars Partners (partnersat_private)
Date: Wed Jun 10 1998 - 09:12:02 PDT

  • Next message: 7Pillars Partners: "[IWAR] MIL US Army restructures"

    Note the atypical behaviour shift.  --MW
    
    Hackers breach Stanford computer security
    
     BY MICHELLE LEVANDER
     Mercury News Staff Writer 
    
     Brazen hackers repeatedly broke into the Stanford Linear
     Accelerator Center's computer system last week, prompting alarmed
     officials to take the unusual step of shutting down computer access to
     the outside world for a week.
    
     In what is believed to be the facility's worst computer security breach
     ever, a group of sophisticated hackers ``sniffed'' -- or intercepted -- a
     password to SLAC over the Internet and used it to gain access to
     more than 30 of the federal research facility's most important Unix
     servers, officials confirmed Tuesday.
    
     The shutdown of Internet services -- which lasted until Tuesday --
     brought chaos for hundreds of international researchers, cutting them
     off from collaborators around the world.
    
     Scientists at SLAC comb through huge files on a daily basis, said
     spokeswoman P.A. Moore, who called the lost time on experiments
     an ``incalculable'' setback that would put people behind in their work
     by at least several weeks. But she said it appears no permanent
     damage was done to data or programs at the facility, which does
     unclassified research.
    
     SLAC researchers explore the structure of matter at the atomic scale
     by running experiments on the facility's giant colliders, including a
     two-mile-long linear accelerator. The laboratory -- one of half a
     dozen high-energy particle generators in the United States -- is
     operated by Stanford University under a contract from the U.S.
     Department of Energy. It has a staff of 1,300 and an additional 1,600
     international researchers working there at any given time.
    
     At Stanford's main campus, hackers have broken into the computer
     system before using ``sniffers'' -- or networked computers with
     special software -- and gone undetected for months. Such hackers,
     often teenagers who have easy access to sniffer kits, increasingly are
     causing problems for universities, research centers and companies,
     said Stanford computer security officer Stephen Hansen. At Stanford
     alone, there is about one incident a month involving sniffers, but
     security officials have never shut down the entire university's access to
     the Internet to address the problem.
    
     Computer security officer Bob Cowles told employees in a letter that
     the extreme measure was taken at SLAC to protect the lab's
     computing infrastructure.
    
     If the hackers weren't stopped, the compromised SLAC servers
     could potentially have been used as a staging ground for attacks on
     other government facilities and research centers -- one reason SLAC
     closed itself off from outside world, one Stanford computer security
     official said.
    
     The hackers gained unauthorized access to the highest-privilege
     ``root'' accounts on the Unix systems, giving them a kind of
     super-user access that allowed them to enter every account on each
     system without a password, modify the system and create hidden
     ``back doors'' that would allow them to conceal their presence and
     re-enter the system undetected.
    
     And, unlike most hackers, who disappear when detected, these bold
     intruders were persistent and continued to create new breaches even
     as computer security personnel were plugging the old ones. 
    
     ``My impression is the hackers were trying to put more holes in as
     quickly as they (security personnel) were trying to take them out,''
     Hansen said.
    
     SLAC officials are still assessing possible damage, but so far, they
     said, they believe no computer files or software were damaged.
     Stanford officials said more than one person was involved.
    
     SLAC has long been vulnerable to a clever hacker, Moore said. It
     has operated under an ``aura of trust'' among scientists who use its
     computers, she said.
    
     The break-in, she said, has prompted a soul-searching debate within
     the scientific community about how much it should tighten security --
     and limit freedom.
    
     For example, until now a SLAC researcher working at a lab in
     France could log onto SLAC systems remotely. 
    
     Since France doesn't allow encryption, the password and user name
     typed in by the researcher were transparent to anyone and easily
     could be captured by a ``sniffer'' on its way to SLAC. In fact, this
     break-in could have occurred under a very similar scenario.
    
     Now, SLAC scientists are debating whether to require researchers to
     take the cumbersome and hugely expensive step of paying for
     long-distance phone calls from abroad to transmit large volumes of
     data.
    
     ``We now have to assess the trade-offs of an open community vs. a
     more Internet-secure community,'' Moore said. ``It's a debate that's
     taking place heatedly among different scientists.''
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:28 PDT