University systems a haven for hackers

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1001-898084.html?tag=fd_top

By Robert Lemos 
Staff Writer, CNET News.com
May 2, 2002, 4:20 PM PT

VANCOUVER, British Columbia -- College is intended to nurture the
quest for knowledge, but many universities are also unwitting breeding
grounds for hacking and online piracy.

In a presentation here at the CanSecWest security conference, David
Dittrich, senior security engineer with the University of Washington,
said university politics and a lack of emphasis on computer security
have made college networks rife with online piracy and hacking.

The networks "are a real fertile ground," Dittrich said in an
interview after the presentation. "There is a responsibility that the
universities are not meeting."

While some universities have good security checks in place, the
majority of academic networks are tempting targets for hackers because
of their lack of security, abundance of bandwidth and overworked
administrators.

At the University of Washington, for example, Dittrich, two other
security engineers and several network engineers have to deal with
network outages, compromised computers, rogue libraries of pirated
media and software, and students who can't get online to get their
homework done because of all of the illicit traffic.

Responding to recent complaints from two students that their computers
were exhibiting strange behavior, Dittrich and the other engineers
found that at certain times of day, the university's bandwidth was
being overwhelmed by sudden spikes in usage.

He found that a handful of computers on the network had been
compromised and that a distributed database of pirated software and
movies had been installed.

This time, nine systems on the network had more than 520GB of pirated
software and movies stored on them, including the just-released
"Scorpion King." That was just this week; in total, more than 70
systems have been found to have been used for digital piracy and
so-called distributed denial-of-service (DDoS) attacks. The files
could be accessed only through Internet chat "bots"--automated
programs--that would allow only those in the know to download the
files.

Such piracy is not always set up by outside hackers, Dittrich said.  
Several of his server investigations have revealed that students have
been hosting the pirated software. In fact, a snapshot of the traffic
on the network showed that 37 percent of the data consisted of
transfers by the file-sharing program Kazaa, and another 15 percent
belonged to another file-sharing program, Gnutella.

The problems are not new.

In 1999, Dittrich had to clean up nearly 80 Solaris systems and 40
Linux systems that had been compromised and on which online vandals
had installed DDoS tools. In 2000, 200 systems had been hit with the
Code Red worm and another 150 or so with the Nimda worm.

"It's not large percentage-wise," he said, "but it is large in
number."

In all, thousands of the university's 50,000 systems could be
vulnerable to one of the dozens of flaws commonly exploited by online
vandals. That multiplies when the systems are used to scan other,
non-university systems. Four systems owned by PowerBot, a Swiss Army
Knife of hacker utilities, automatically found 9,000 systems last
summer outside the university that were vulnerable to the attack used
by Code Red.

The problems are not isolated to the University of Washington. Right
after Dittrich's talk, another administrator approached him asking for
advice because her network is wide open to exploitation.

The fear, she said, was that if the school's computers were used to
attack another company, that company might sue for damages. The
security administrator asked that she and her college not be
identified.

Such problems may continue until a lawsuit is brought against a
university or the various academic departments in the university get
serious about security, Dittrich said.

"Not everyone hears the message," he said, especially when nothing
happens to the universities in the way of punishment if they don't
secure their systems.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.