OBERMAN@LLL-ICDC.ARPA ("Kevin Oberman, LLNL, 422-6955, L-156", 415) (09/16/87)
>This was printed as the lead story in "The Guardian" of Tuesday 15th >September. It's a follow up to the **Important Message** posted at >the beginning of August. Aren't the mistakes cute ! (Story omitted) While the mistakes are `cute', the large part of the story seems accurate. Namely that several systems were compromised and that, while the hackers didn't seem to make any effort to be destructive, the next such crackers may NOT be so nice! While the network was not "Top Secret", or even classified, the users of the system involved must be aware that a great deal of valuable data was a few keystrokes from destruction. And even if the files were all recoverable from BACKUPs, the time lost and disruption of normal operations would have been high. Even without distruction of any data, the system users have most certainly been inconvenienced a great deal in the effort to determine exactly what has happened. And the lives of network and system management personnel all over the world will just be made more difficult as security departments and upper management seek assurance that it can't happen to them. And I'm not willing to make that assurance. It looks to me that it can happen to anyone on any system with connections to a reasonably large network. While most breakins can be attributed to `lax system security', that's like attributing most airplane crashes to `pilot error'. While the final responsibilty rests with system management personnel, it is important to remember that we all make mistakes and the next breakin might be into your system (or mine). Don't just think that breakins only happen to the other guy! Every manager must keep up to date on what is happening in items related to system security and every organization must determine how much time and money they are willing to pour into the problem. I'm not sure that any amount of money or effort can make a system on a large network (such as SPAN or the Internet) really secure. At best it makes it secure from the attacks seen in the past. But hackers are sometime bright, imaginative people. And time is not always as important to them as it is to you. They WILL come up with new schemes for getting where they don't belong. Stories like the one from the Gaurdian just make the hackers of the world anxious to see if they can do the same thing! Please! No flames on my use of the term `hacker'. We've been through that before! I've rambled a bit and tossed in some personal opinions that all may not agree with, but I think that I think that a number of the issues are ones that both computer management personnel and their bosses should be thinking about. Thanks for your time, R. Kevin Oberman Lawrence Livermore National Laboratory arpa: oberman@lll-icdc.arpa (415) 422-6955 Disclaimer: These opinions are mine. With any luck my boss will never find out about them. And if he does, he'll probably chalk them up to too much time spent in front of a terminal. I'm a rotten typist and a worse speller, so forgive any silly errors.
SCFA5@VAX2.SUSSEX.AC.UK (09/16/87)
This was printed as the lead story in "The Guardian" of Tuesday 15th September. It's a follow up to the **Important Message** posted at the beginning of August. Aren't the mistakes cute ! Youths hacked into secret Nasa network EXLUSIVE By Gareth Parry Young West German computer hackers have successfully broken into a top secret world-wide computer network which connects the North American Space Agency's scientific research centres with its counterparts in Britain, France, Germany, Switzerland and Japan. The attack has been kept secret by the intelligence services, although the scandal was discovered months ago, because it is feared that the knowledge the youths may have gained puts them, and the integrity of various Americain and European space development programmes, in extreme danger from Eastern bloc agents. The space program involved cpver a wide range of applications. Nasa, for example, is working on space platform technology, while Britain is looking at remote-sensing satellites - a form of spy satellite project. France is building up towards a manned satellite, and Japan's projects concentrate on the computing aspects of space communication. The youths have told West German interior ministry interrogators that they planted a programme known to hackers as a Trojan Horse in the world-wide computer network, Span, "for fun." They have denied accusations of espionage. The Trojan Horse enabled them to reap at will any or all the secrets of Western space technology at a key-stroke. The Trojan Horse can wait for a top security user to log on with a secret password, and then record his keystrokes in a file, revealing everything that is said. The attacked computers are th 4.4 and 4.5 state of the art models made by Digital Equipment Corporation (DEC), one of the most important and respected computer companies in the world. DEC's latest computers the VAXes and their super-sophisticated software are interlinked with secret Western technology, and Western governments claim the VAXes can be used for designing, making and operating weapons. Dec recently disclosed that it has been given top security validation by the National Computer Security Centre, an agency operated by the United States government. The company's VMS machines - virtual manning or standard deck operation computers - were given two security classifications. C2, signifying "controlled access" and B2 "Trusted Path Requirements." Despite this, the German hackers managed to penetrate systems, implant Trojan Horses, giving unauthorized user access; and alter accounts and security checks in such a way that their presence went undetected. Security sources said yesterday that the hackers "visited" no fewer than 135 computers world-wide, leaving their Trojan Horses and a general key word for their own purposes within the system. With the key word installed it was easy to enter any associate of the Span network. The hackers later delightedly observed that in some cases their "modifications" had already been taken into the backup versions which allow a security start-up if any organisation fears that its defences have been breached. The West German hackers, who call themselves Data Travellers, worked together on their target for more than six months. Some of the groups are understood to be insiders in some of the agencies working with DEC computers, and therefore had access to all the highly-classified operating system manuals. This insider involvement enabled them to detect a hitherto undiscovered flaw in the computer system which they used as a "doorway" into computers of the same type. That flaw was, however, known to some experts, and its implications were discussed in the German computer security magazine Datenschutz-Berater, of Pulheim. The magazine showed how people who penetrate high-technology computers could be at risk from disparate political agencies hungry for rival countries computer know-how. The hackers' activities would have continued unhampered but for a security manager of a German research laboratory alerted by the Datenschutz-Berater article. He noticed abnormalities in a computer system, and carried out his own intensive investigation for several days. He discovered that Trojan Horses could be isolated. Two of the hackers were identified - the insiders. Then the security manager made a move which later appalled the security services: he revealed details of his discovery, including the names and employers, in a "mail-box" in the general computer network. His message ended "...in hope that someone, somewhere ...might perform physical violence on them." The named youths felt exposed and in danger. They went to Datenschutz- Berater, which informed DEC and other DEC computer users. DEC sid it was aware of the flaw its systems and had counteracted it. This May it informed all customers of a "mandatory patch". This patch amends an operating system and effectively eracts a bar against Trojan Horses and other penetrations. Intelligence sources say however, that, as with most computer hacking crimes , the blame lies not with the computer but with the lax security by users. A DEC spokesman said last night that the company was still conducting an intensive internal inquiry. The whereabouts of the hackers is unknown. Ms Teresa Tomsett, a DEC spokeswoman in Britain, said: "There will always be organisations which challenge to break through security levels, but our engineering and our servicing people are all very well trained". --------------------------------------------------------------------------- Jeremy Maris Experimental Psychology, | JANET: SCFA5 @ UK.AC.sussex.vax2 University of Sussex, | EAN : SCFA5%sussex.vax2 @ EAN-RELAY.AC.UK Falmer, | EARN : SCFA5@vax2.sussex.AC.UK Brighton, | ARPA : SCFA5 @ vax2.sussex.AC.UK E.Sussex BN1 9QY | ARPA : SCFA5%sussex.vax2 @ UKACRL.BITNET UK Tel: +44 (0)273 678060
SCFA5@VAX2.SUSSEX.AC.UK (09/19/87)
This was printed as the lead story in "The Guardian" of Tuesday 15th September. It's a follow up to the **Important Message** posted at the beginning of August. Aren't the mistakes cute ! Youths hacked into secret Nasa network EXLUSIVE By Gareth Parry Young West German computer hackers have successfully broken into a top secret world-wide computer network which connects the North American Space Agency's scientific research centres with its counterparts in Britain, France, Germany, Switzerland and Japan. The attack has been kept secret by the intelligence services, although the scandal was discovered months ago, because it is feared that the knowledge the youths may have gained puts them, and the integrity of various Americain and European space development programmes, in extreme danger from Eastern bloc agents. The space program involved cover a wide range of applications. Nasa, for example, is working on space platform technology, while Britain is looking at remote-sensing satellites - a form of spy satellite project. France is building up towards a manned satellite, and Japan's projects concentrate on the computing aspects of space communication. The youths have told West German interior ministry interrogators that they planted a programme known to hackers as a Trojan Horse in the world-wide computer network, Span, "for fun." They have denied accusations of espionage. The Trojan Horse enabled them to reap at will any or all the secrets of Western space technology at a key-stroke. The Trojan Horse can wait for a top security user to log on with a secret password, and then record his keystrokes in a file, revealing everything that is said. The attacked computers are th 4.4 and 4.5 state of the art models made by Digital Equipment Corporation (DEC), one of the most important and respected computer companies in the world. DEC's latest computers the VAXes and their super-sophisticated software are interlinked with secret Western technology, and Western governments claim the VAXes can be used for designing, making and operating weapons. Dec recently disclosed that it has been given top security validation by the National Computer Security Centre, an agency operated by the United States government. The company's VMS machines - virtual manning or standard deck operation computers - were given two security classifications. C2, signifying "controlled access" and B2 "Trusted Path Requirements." Despite this, the German hackers managed to penetrate systems, implant Trojan Horses, giving unauthorized user access; and alter accounts and security checks in such a way that their presence went undetected. Security sources said yesterday that the hackers "visited" no fewer than 135 computers world-wide, leaving their Trojan Horses and a general key word for their own purposes within the system. With the key word installed it was easy to enter any associate of the Span network. The hackers later delightedly observed that in some cases their "modifications" had already been taken into the backup versions which allow a security start-up if any organisation fears that its defences have been breached. The West German hackers, who call themselves Data Travellers, worked together on their target for more than six months. Some of the groups are understood to be insiders in some of the agencies working with DEC computers, and therefore had access to all the highly-classified operating system manuals. This insider involvement enabled them to detect a hitherto undiscovered flaw in the computer system which they used as a "doorway" into computers of the same type. That flaw was, however, known to some experts, and its implications were discussed in the German computer security magazine Datenschutz-Berater, of Pulheim. The magazine showed how people who penetrate high-technology computers could be at risk from disparate political agencies hungry for rival countries computer know-how. The hackers' activities would have continued unhampered but for a security manager of a German research laboratory alerted by the Datenschutz-Berater article. He noticed abnormalities in a computer system, and carried out his own intensive investigation for several days. He discovered that Trojan Horses could be isolated. Two of the hackers were identified - the insiders. Then the security manager made a move which later appalled the security services: he revealed details of his discovery, including the names and employers, in a "mail-box" in the general computer network. His message ended "...in hope that someone, somewhere ...might perform physical violence on them." The named youths felt exposed and in danger. They went to Datenschutz- Berater, which informed DEC and other DEC computer users. DEC sid it was aware of the flaw its systems and had counteracted it. This May it informed all customers of a "mandatory patch". This patch amends an operating system and effectively eracts a bar against Trojan Horses and other penetrations. Intelligence sources say however, that, as with most computer hacking crimes , the blame lies not with the computer but with the lax security by users. A DEC spokesman said last night that the company was still conducting an intensive internal inquiry. The whereabouts of the hackers is unknown. Ms Teresa Tomsett, a DEC spokeswoman in Britain, said: "There will always be organisations which challenge to break through security levels, but our engineering and our servicing people are all very well trained". --------------------------------------------------------------------------- Jeremy Maris Experimental Psychology, | JANET: SCFA5 @ UK.AC.sussex.vax2 University of Sussex, | EAN : SCFA5%sussex.vax2 @ EAN-RELAY.AC.UK Falmer, | EARN : SCFA5@vax2.sussex.AC.UK Brighton, | ARPA : SCFA5 @ vax2.sussex.AC.UK E.Sussex BN1 9QY | ARPA : SCFA5%sussex.vax2 @ UKACRL.BITNET UK Tel: +44 (0)273 678060