Ivan Rubio Perez on Fri, 1 Jun 2001 18:20:30 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[nettime-lat] Hackers Target College Computers.


he Associated Press, Fri 1 Jun 2001 
 
WASHINGTON (AP)  Dave Dittrich is not happy: A software pirate has hacked
into computers at the University of Washington and installed a
file-sharing program on one machine. 

It means one-stop shopping for stolen  and now free  software, and plenty
of headaches for Dittrich, the university's computer security expert. 

Lawyers for the software publisher are sending threatening e-mails, and
Dittrich must clean up the mess. The lawyers do not worry him. Getting
outgunned again by the hackers  that bugs him a lot. 

``The tools these days for intrusions are pretty much automatic,''
Dittrich said. ``A system can be fully compromised in about a minute.'' 

It's becoming more prevalent, where novice hackers hone their skills amid
a higher education culture known for lax security and free exchange of
ideas. 

``They're good practice grounds because their vulnerabilities are usually
pervasive and their monitoring is usually woefully inaccurate,'' said
Richard Power, editorial director at the Computer Security
Institute. ``It's kind of like hacking with training wheels.'' 

University computer systems also attract experienced hackers. Huge hard
drives make it easy to store illicit software and fast Internet access
affords the perfect staging ground for devastating attacks on corporate
Web sites. 

Larger universities also offer other enticements. 

``There's a lot of sensitive information that can be gleaned from a
university that's not classified in any way,'' Power said. ``You couldn't
get it with a frontal attack on a military weapons lab research
facility. But you may get it indirectly by going through university
research labs.'' 

For the hacker looking to get a credit card in another person's name,
there is plenty to glean from university student databases. 

``A lot of universities use your Social Security number to track you in
their databases,'' he said. 

Many security attacks on companies are first tried on universities, where
hackers can practice in relative anonymity. One example was the February
2000 assaults on eBay, CNN.com and other Web sites. Hacked university
computers  and many others  were used to send an overwhelming number of
messages to the Web sites, making them inaccessible to customers. 

The tool used in that attack was ``tested and developed on university
networks (and) aimed at university systems,'' Dittrich said. 

Among the prime targets are universities with world-class computer science
programs such as Purdue and Stanford. 

``The university computing center is very strapped for resources, and most
of the groups are on their own,'' said Steve Hare, managing director of
Purdue's computer security research group. ``You have some good groups
that have high security awareness, and some others that are just barely
getting by and get hacked frequently.'' 

David Brumley, a member of Stanford's computer security team, said hackers
break into one of the school's computers each day, on average. 

``We might have a slow week, then turn up with 20,'' he said, adding that
many of the compromised computers are used to store copyright material. 

Joel de la Garza, a security investigator with Securify in Silicon Valley,
said universities cannot lock down their computers in the same way a
company could. 

``Universities are in an interesting position, because they typically have
to provide an academic research network. They want to maintain a
marketplace of ideas in digital form,'' de la Garza said. ``The attackers
know this, and they attack universities with high-speed Internet
connections.'' 

In the past two years, as computer attacks have become more frequent and
severe, more universities have taken steps to counter the threat,
including creating computer security offices, de la Garza said. 

Attacks on universities are so common that compromised college computers
have become a form of hacker currency along with credit card numbers and
pirated software in a ``digital black market.'' 

In chat rooms, hackers will trade ''.edu'' university computers  a
reference to the last three letters of their Internet address  for
''.mil'' addresses denoting hacked U.S. military computers. 

``Most people will give a lot of '.edu's for '.mil's,'' de la Garza
said. ``But a lot of kids are getting smarter and not wanting to get the
'.mil's, because you'll get raided. A university will tolerate certain
things. The military doesn't.
 




_______________________________________________
nettime-lat mailing list
nettime-lat@nettime.org
http://www.nettime.org/cgi-bin/mailman/listinfo/nettime-lat