ASSOCIATES (vol. 4, no. 3, March 1998) - associates.ucr.edu
*INFO FROM THE SUPERHIGHWAY COMPUTER SECURITY AND THE LIBRARY* by Linda Putnam Documents Department Florida State University lputnam@mailer.fsu.edu I became very interested in this topic when I found out that someone has been breaking into the Tallahassee Freenet System. For those of you who are unaware of it, the Tallahassee Freenet was started by the Leon County Public Library. Even though the physical location of the system has changed, there is a great deal of input and cooperation between the Freenet staff and the Public Library staff. The break-in was discovered when the Director of the Tallahassee Freenet tried to log on to the system and was kicked out. During the search for how and why this happened, the volunteer "techies" found that someone on the system had broken in and was systematically deleting files from the system. You can imagine (maybe you can't) the upset and frustration this caused. This hacker was having a wonderful time deleting files all over the place. This happened on February 16, 1998 and the attempt to disrupt the use of the system was very successful. Tallahassee Freenet had to shut down for several days to clean up and restore files. Thousands of users of the Tallahassee Freenet lost home directories, system files and most of their messages whether they were saved or unsaved, read or unread. No one knows the actual total of lost messages and destroyed data. You can imagine how everyone felt when they had to take the system off-line to kick the hacker out. This was the third in a series of break-ins by what is assumed to be the same hacker. Damage was done all three times but the February 16th break-in was the worst. During the first break-in, he downloaded all of the passwords causing everyone using the system to have to change their passwords. That time the system stayed off-line for several days until security could be put into place which would hopefully keep the hacker out of the system. Unfortunately, hackers know more ways to break into a system that System Administrators have to protect their systems. Investigation has shown that this same hacker has entered computers from Florida State University as well as some from the State of Florida. Tracing a hacker is a very complicated process, so investigators have only traced this one as far as Europe. Officials are closing in, but you can imagine how quiet they are keeping most of their search information because they want to be able to prosecute this hacker when he or she is finally traced. This is only one of the recent break-ins among computer systems in the United States and around the world. If you have been following the news, you have heard of the break-ins at the Pentagon, the CIA, and NASA. One prankster changed the home page of the CIA Web to a pornographic picture. It was quickly discovered and fixed. It took a little longer to trace the hacker. This particular hacker, from Japan, has been training other hackers, and some of these "trainees" have given interviews about what they consider to be their sport. Anyone interested in reading one of the interviews can find it at http://www.antionline.com/PentagonHacker/ The excuse used by the hacker who was interviewed to justify his actions was that the hackers are plugging holes in the system. BUT...they are also creating back doors so that they or anyone else who figures out the password can get back in. You may want to read this article as the hacker says that if the U.S. takes action against hackers, they will start a campaign of destruction against U.S. computer systems. As you can see, hacking is a problem for System Administrators everywhere, whether at a local level where hackers are having fun breaking into a LAN (Local Area Network), stretching their skills by breaking into a system like Tallahassee Freenet, or becoming a real "pro" by breaking into one of the federal databases. Administrators need to be aware of what is happening in the field and what they can do about it. Listed below are some of the sites which I have found which hold good information about protecting your computer system. Nothing is foolproof because as soon as the "techies" find a way to block them the "hackers" find a way around them...but these things help. http://www.research.att.com/ An AT&T Bell Laboratories Research World-Wide Web Server http://www.checkpoint.com/ CheckPoint Software Technologies Ltd.: Home of FireWall-1 http://www.telstra.com.au/info/security.html Computer and Network Security Reference Index http://www.csl.sri.com SRI Computer Science Laboratory http://www.raptor.com Raptor Application Firewall for Network Security http://www.greatcircle.com Great Circle Associates Home Page http://www.tis.com Trusted Information Systems Home Page http://www.tezcat.com/web/security/security_top_level.html Network/Computer Security Technology http://www.netpart.com/ NetPartners Home Page http://www.ASG.unb.ca/ ASG World Wide Web HomePage ORGANIZATIONS http://www.cs.purdue.edu/coast/coast.html The COAST Project and Laboratory http://csrc.ncsl.nist.gov NIST Computer Security Resource Clearinghouse http://first.org Forum of Incident Response & Security Teams http://www.geek-girl.com/ids Intrusion Detection Systems (IDS) Archives by thread http://www.lerc.nasa.gov/Unix_Team/Dist_Computing_Security.html Distributed Computing and Network Security http://www.alw.nih.gov/Security/ General Computer Security Information http://catless.ncl.ac.uk/Risks RISKS-LIST: RISKS-FORUM Digest http://nii-server.isi.edu/gost-group/ Global Operating Systems Technology Group http://www.cs.ruu.nl/cert-uu/ CERT-UU Computer Emergency Response Team Home Page http://www-ns.rutgers.edu/www-security/ Rutgers WWW-Security Index page People http://www.win.tue.nl/win/math/bs/wietse/ Wietse's Home page ftp://ftp.win.tue.nl/pub/security/index.html Wietse's collection of tools and papers http://www.deter.com/unix/ Matt's Unix Security Page http://www.access.digex.net/~bdboyle/firewall.vendor.html Commercial Firewalls and Related FW Products Misc. http://www.geek-girl.com/bugtraq/ Bugtraq Archives by thread http://www.ensta.fr/internet/unix/sys_admin System administration, system monitoring and network monitoring. http://www.alw.nih.gov/Security/security.html Unix Computer Security Information.