Information Security News mailing list archives
Sites hacked with IDs, passwords
From: William Knowles <wk () C4I ORG>
Date: Wed, 9 Feb 2000 02:13:54 -0600
http://www.yomiuri.co.jp/newse/0208cr21.htm Akiko Kasamaand Masato Takahashi Yomiuri Shimbun Staff Writers The hackers behind a recent series of invasions of government-run Web sites may have gained access to the sites by stealing the user names and passwords belonging to the engineers operating the systems, according to investigation sources. The hackers may have replaced the user names and passwords with new ones after illegally entering computer servers that operate the Web sites. The hackers are also suspected of erasing communications records--known as logs--in an attempt to remove information that could help trace them. Currently, specialists and investigators are trying to work out how hackers gained access to the Web site servers. The sites broken into include those run by the Science and Technology Agency and the National Institute for Research and Advancement (NIRA), an affiliate of the Economic Planning Agency. The computer servers were running under two kinds of operating systems. Investigators are increasingly convinced that the engineers managing the systems failed to properly set up the servers when they entered their user information into the systems. Observers question whether the system managers lived up to their obligations as operators of Web site servers. System managers are in charge of running and overseeing information systems and computer networks at companies and government offices. Their status is almost godlike regarding computer security. They issue user names to other users, have the authority to decide the framework of each organization's computer security system and are able to erase logs that record the sender, time and place of origin of messages. After the Science and Technology Agency Web site was broken into on Jan. 24 and 26, access to the site was tested using the user name and password of the official system manager. The site, however, could not be accessed as the user name and password were not recognized after a hacker had created a new password. After the NIRA site was broken into on Jan. 26, officials found that the hacker had impersonated a system manager using a user name and password of the hacker's own invention, as the site had not been set up to recognize only the system manager's user name and password. The logs--the only means of tracing the hacker--were erased under the name of system managers on both sites. Hackers broke into two kinds of operating systems in the recent cases. They usually use special hacking software to scout out bugs left during programming on the operating system and the software for creating Web sites. They then input specific commands to obtain user names and passwords. Hackers in the recent cases might have obtained user names and passwords through uncorrected bugs. Nonetheless, the NIRA site case shows that hackers did not hesitate to take advantage of slack site management, the sources said. Hacking into a system to obtain a user name and password involves searching for an unlocked port. Portscanning is a hacking tool that does this automatically. Portscanning was used in more than 12,000 intrusions into the National Personnel Authority and the authority's Kinki regional office sites, which stores government employee exam information. The deleted logs make tracing the hackers in the recent cases difficult. Also, as hackers usually use a number of servers to try to invade a targeted site, tracing failed hacking attempts does not help much in identifying the Web site trespassers. If hacking routes cross national boundaries, jurisdiction and national interest issues also come into play. Although investigators traced illegal entries to the sites of The Asahi Shimbun and The Mainichi Shimbun to a South Korean provider, they were unable to get any further leads. The series of hacking cases has prompted several Internet security companies to begin offering instruction on security measures and to put antihacking goods on the market. Asgent Inc., a security software company based in Chuo Ward, Tokyo, will hold a free seminar on Feb. 16 and 17 targeting company computer system managers and focusing on the skills needed to prevent hacking and transform the contents of hacked Web sites. For more information, call the Asgent at (03)5643-2561. The Japanese unit of Network Associates Inc., based in Minato Ward, Tokyo, has started distributing free samples of CyberCop Monitor, its software for detecting illegal Web site access in real time. The samples will be sent out for free until the end of March to those who complete the application form on the company's Web site at http://www.nai.com/japan. --------------------------------------------------- "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *=================================================* ISN is sponsored by Security-Focus.COM
Current thread:
- Sites hacked with IDs, passwords William Knowles (Feb 09)