OBERMAN@LLL-ICDC.ARPA ("Kevin Oberman, LLNL, 422-6955, L-156", 415) (09/16/87)
>This was printed as the lead story in "The Guardian" of Tuesday 15th >September. It's a follow up to the **Important Message** posted at >the beginning of August. Aren't the mistakes cute ! (Story omitted) While the mistakes are `cute', the large part of the story seems accurate. Namely that several systems were compromised and that, while the hackers didn't seem to make any effort to be destructive, the next such crackers may NOT be so nice! While the network was not "Top Secret", or even classified, the users of the system involved must be aware that a great deal of valuable data was a few keystrokes from destruction. And even if the files were all recoverable from BACKUPs, the time lost and disruption of normal operations would have been high. Even without distruction of any data, the system users have most certainly been inconvenienced a great deal in the effort to determine exactly what has happened. And the lives of network and system management personnel all over the world will just be made more difficult as security departments and upper management seek assurance that it can't happen to them. And I'm not willing to make that assurance. It looks to me that it can happen to anyone on any system with connections to a reasonably large network. While most breakins can be attributed to `lax system security', that's like attributing most airplane crashes to `pilot error'. While the final responsibilty rests with system management personnel, it is important to remember that we all make mistakes and the next breakin might be into your system (or mine). Don't just think that breakins only happen to the other guy! Every manager must keep up to date on what is happening in items related to system security and every organization must determine how much time and money they are willing to pour into the problem. I'm not sure that any amount of money or effort can make a system on a large network (such as SPAN or the Internet) really secure. At best it makes it secure from the attacks seen in the past. But hackers are sometime bright, imaginative people. And time is not always as important to them as it is to you. They WILL come up with new schemes for getting where they don't belong. Stories like the one from the Gaurdian just make the hackers of the world anxious to see if they can do the same thing! Please! No flames on my use of the term `hacker'. We've been through that before! I've rambled a bit and tossed in some personal opinions that all may not agree with, but I think that I think that a number of the issues are ones that both computer management personnel and their bosses should be thinking about. Thanks for your time, R. Kevin Oberman Lawrence Livermore National Laboratory arpa: oberman@lll-icdc.arpa (415) 422-6955 Disclaimer: These opinions are mine. With any luck my boss will never find out about them. And if he does, he'll probably chalk them up to too much time spent in front of a terminal. I'm a rotten typist and a worse speller, so forgive any silly errors.
SCFA5@VAX2.SUSSEX.AC.UK (09/16/87)
This was printed as the lead story in "The Guardian" of Tuesday 15th
September. It's a follow up to the **Important Message** posted at
the beginning of August. Aren't the mistakes cute !
Youths hacked into secret Nasa network
EXLUSIVE
By Gareth Parry
Young West German computer hackers have successfully broken into a top
secret world-wide computer network which connects the North American
Space Agency's scientific research centres with its counterparts in
Britain, France, Germany, Switzerland and Japan.
The attack has been kept secret by the intelligence services,
although the scandal was discovered months ago, because it is feared
that the knowledge the youths may have gained puts them, and the
integrity of various Americain and European space development
programmes, in extreme danger from Eastern bloc agents.
The space program involved cpver a wide range of applications.
Nasa, for example, is working on space platform technology, while
Britain is looking at remote-sensing satellites - a form of spy
satellite project.
France is building up towards a manned satellite, and Japan's
projects concentrate on the computing aspects of space communication.
The youths have told West German interior ministry interrogators
that they planted a programme known to hackers as a Trojan Horse in
the world-wide computer network, Span, "for fun." They have denied
accusations of espionage.
The Trojan Horse enabled them to reap at will any or all the
secrets of Western space technology at a key-stroke. The Trojan Horse
can wait for a top security user to log on with a secret password, and
then record his keystrokes in a file, revealing everything that is
said.
The attacked computers are th 4.4 and 4.5 state of the art models
made by Digital Equipment Corporation (DEC), one of the most important
and respected computer companies in the world. DEC's latest computers
the VAXes and their super-sophisticated software are interlinked with
secret Western technology, and Western governments claim the VAXes can
be used for designing, making and operating weapons.
Dec recently disclosed that it has been given top security
validation by the National Computer Security Centre, an agency
operated by the United States government.
The company's VMS machines - virtual manning or standard deck
operation computers - were given two security classifications.
C2, signifying "controlled access" and B2 "Trusted Path
Requirements."
Despite this, the German hackers managed to penetrate systems,
implant Trojan Horses, giving unauthorized user access; and alter
accounts and security checks in such a way that their presence went
undetected.
Security sources said yesterday that the hackers "visited" no
fewer than 135 computers world-wide, leaving their Trojan Horses and a
general key word for their own purposes within the system.
With the key word installed it was easy to enter any associate of
the Span network. The hackers later delightedly observed that in some
cases their "modifications" had already been taken into the backup
versions which allow a security start-up if any organisation fears
that its defences have been breached.
The West German hackers, who call themselves Data Travellers,
worked together on their target for more than six months. Some of the
groups are understood to be insiders in some of the agencies working
with DEC computers, and therefore had access to all the
highly-classified operating system manuals.
This insider involvement enabled them to detect a hitherto
undiscovered flaw in the computer system which they used as a
"doorway" into computers of the same type.
That flaw was, however, known to some experts, and its
implications were discussed in the German computer security magazine
Datenschutz-Berater, of Pulheim. The magazine showed how people who
penetrate high-technology computers could be at risk from disparate
political agencies hungry for rival countries computer know-how.
The hackers' activities would have continued unhampered but for a
security manager of a German research laboratory alerted by the
Datenschutz-Berater article. He noticed abnormalities in a computer
system, and carried out his own intensive investigation for several
days. He discovered that Trojan Horses could be isolated.
Two of the hackers were identified - the insiders. Then the
security manager made a move which later appalled the security
services: he revealed details of his discovery, including the names
and employers, in a "mail-box" in the general computer network. His
message ended "...in hope that someone, somewhere ...might perform
physical violence on them."
The named youths felt exposed and in danger. They went to
Datenschutz- Berater, which informed DEC and other DEC computer users.
DEC sid it was aware of the flaw its systems and had counteracted
it.
This May it informed all customers of a "mandatory patch". This
patch amends an operating system and effectively eracts a bar against
Trojan Horses and other penetrations.
Intelligence sources say however, that, as with most computer
hacking crimes , the blame lies not with the computer but with the lax
security by users. A DEC spokesman said last night that the company
was still conducting an intensive internal inquiry. The whereabouts
of the hackers is unknown.
Ms Teresa Tomsett, a DEC spokeswoman in Britain, said: "There
will always be organisations which challenge to break through security
levels, but our engineering and our servicing people are all very well
trained".
---------------------------------------------------------------------------
Jeremy Maris
Experimental Psychology, | JANET: SCFA5 @ UK.AC.sussex.vax2
University of Sussex, | EAN : SCFA5%sussex.vax2 @ EAN-RELAY.AC.UK
Falmer, | EARN : SCFA5@vax2.sussex.AC.UK
Brighton, | ARPA : SCFA5 @ vax2.sussex.AC.UK
E.Sussex BN1 9QY | ARPA : SCFA5%sussex.vax2 @ UKACRL.BITNET
UK
Tel: +44 (0)273 678060SCFA5@VAX2.SUSSEX.AC.UK (09/19/87)
This was printed as the lead story in "The Guardian" of Tuesday 15th
September. It's a follow up to the **Important Message** posted at
the beginning of August. Aren't the mistakes cute !
Youths hacked into secret Nasa network
EXLUSIVE
By Gareth Parry
Young West German computer hackers have successfully broken into a top
secret world-wide computer network which connects the North American
Space Agency's scientific research centres with its counterparts in
Britain, France, Germany, Switzerland and Japan.
The attack has been kept secret by the intelligence services,
although the scandal was discovered months ago, because it is feared
that the knowledge the youths may have gained puts them, and the
integrity of various Americain and European space development
programmes, in extreme danger from Eastern bloc agents.
The space program involved cover a wide range of applications.
Nasa, for example, is working on space platform technology, while
Britain is looking at remote-sensing satellites - a form of spy
satellite project.
France is building up towards a manned satellite, and Japan's
projects concentrate on the computing aspects of space communication.
The youths have told West German interior ministry interrogators
that they planted a programme known to hackers as a Trojan Horse in
the world-wide computer network, Span, "for fun." They have denied
accusations of espionage.
The Trojan Horse enabled them to reap at will any or all the
secrets of Western space technology at a key-stroke. The Trojan Horse
can wait for a top security user to log on with a secret password, and
then record his keystrokes in a file, revealing everything that is
said.
The attacked computers are th 4.4 and 4.5 state of the art models
made by Digital Equipment Corporation (DEC), one of the most important
and respected computer companies in the world. DEC's latest computers
the VAXes and their super-sophisticated software are interlinked with
secret Western technology, and Western governments claim the VAXes can
be used for designing, making and operating weapons.
Dec recently disclosed that it has been given top security
validation by the National Computer Security Centre, an agency
operated by the United States government.
The company's VMS machines - virtual manning or standard deck
operation computers - were given two security classifications.
C2, signifying "controlled access" and B2 "Trusted Path
Requirements."
Despite this, the German hackers managed to penetrate systems,
implant Trojan Horses, giving unauthorized user access; and alter
accounts and security checks in such a way that their presence went
undetected.
Security sources said yesterday that the hackers "visited" no
fewer than 135 computers world-wide, leaving their Trojan Horses and a
general key word for their own purposes within the system.
With the key word installed it was easy to enter any associate of
the Span network. The hackers later delightedly observed that in some
cases their "modifications" had already been taken into the backup
versions which allow a security start-up if any organisation fears
that its defences have been breached.
The West German hackers, who call themselves Data Travellers,
worked together on their target for more than six months. Some of the
groups are understood to be insiders in some of the agencies working
with DEC computers, and therefore had access to all the
highly-classified operating system manuals.
This insider involvement enabled them to detect a hitherto
undiscovered flaw in the computer system which they used as a
"doorway" into computers of the same type.
That flaw was, however, known to some experts, and its
implications were discussed in the German computer security magazine
Datenschutz-Berater, of Pulheim. The magazine showed how people who
penetrate high-technology computers could be at risk from disparate
political agencies hungry for rival countries computer know-how.
The hackers' activities would have continued unhampered but for a
security manager of a German research laboratory alerted by the
Datenschutz-Berater article. He noticed abnormalities in a computer
system, and carried out his own intensive investigation for several
days. He discovered that Trojan Horses could be isolated.
Two of the hackers were identified - the insiders. Then the
security manager made a move which later appalled the security
services: he revealed details of his discovery, including the names
and employers, in a "mail-box" in the general computer network. His
message ended "...in hope that someone, somewhere ...might perform
physical violence on them."
The named youths felt exposed and in danger. They went to
Datenschutz- Berater, which informed DEC and other DEC computer users.
DEC sid it was aware of the flaw its systems and had counteracted
it.
This May it informed all customers of a "mandatory patch". This
patch amends an operating system and effectively eracts a bar against
Trojan Horses and other penetrations.
Intelligence sources say however, that, as with most computer
hacking crimes , the blame lies not with the computer but with the lax
security by users. A DEC spokesman said last night that the company
was still conducting an intensive internal inquiry. The whereabouts
of the hackers is unknown.
Ms Teresa Tomsett, a DEC spokeswoman in Britain, said: "There
will always be organisations which challenge to break through security
levels, but our engineering and our servicing people are all very well
trained".
---------------------------------------------------------------------------
Jeremy Maris
Experimental Psychology, | JANET: SCFA5 @ UK.AC.sussex.vax2
University of Sussex, | EAN : SCFA5%sussex.vax2 @ EAN-RELAY.AC.UK
Falmer, | EARN : SCFA5@vax2.sussex.AC.UK
Brighton, | ARPA : SCFA5 @ vax2.sussex.AC.UK
E.Sussex BN1 9QY | ARPA : SCFA5%sussex.vax2 @ UKACRL.BITNET
UK
Tel: +44 (0)273 678060