Students' computers hacked

[William Knowles <wk () c4i org>]

http://www.chronicle.duke.edu/vnews/display.v/ART/2004/01/22/400fd304cd30b

by Andrew Collins
January 22, 2004

Some students coming back from fall study abroad have discovered to
their dismay, what others in the University have known for months:  
Duke computers are under siege from hackers.

Since August 2003, the Office of Information Technology has had to
reinstall the operating systems of hundreds of hacked computers--the
computer equivalent of a lobotomy. Although not unprecedented, the
recent surge in hacking has inconvenienced many and shows no signs of
abating.

Former study abroad students report that a disproportionately high
number of their fellow travelers have been hacked. A possible reason
is that since they were gone last semester, some of these returning
students may have failed to take precautions OIT recommends to guard
against hacking.

Junior Vinitha Kaushik said she did not pay adequate attention to an
OIT security patch download page that greeted her when she returned to
her computer from a France study abroad program. "They put the patch
in the middle of a registration form," she said. "All I really wanted
to do was get back on the Internet when I got back to school, so I
skipped the middle part." Kaushik's computer was promptly hacked.

OIT security officer Chris Cramer said computers become vulnerable
when individuals fail to create an administrator password or when they
fail to download security updates for their operating systems. Most of
the University's recent hacking cases have resulted from a lack of an
administrator password, he said.

The identity of the hackers--and Cramer said there are almost
certainly multiple people involved--is largely impossible to trace.  
Many of the suspected hackers are thought to be from foreign
countries, including Brazil, while others are suspected to be from
within the United States.

The Federal Bureau of Investigation has not taken up any Duke cases
yet, Cramer said, because the amount of damage from each hacking is
relatively small.

Cramer said there are three main motivations to hacking Duke
computers: fun, data storage and as a means to attack other computers.  
Although the hackers' amusement factor may be impossible to gauge,
hacked Duke computers have been used for data storage and,
occasionally, to launch attacks on other computers.

"Typically, these are teenagers--younger teenagers--just looking for
thrills," Cramer said. "The folks who break into the machines are
[often] looking for some computer where they can store movies, music,
pornography, et cetera, all these illegal materials, so that other
people can download them."

The standard OIT protocol for dealing with hacked computers is to wipe
clean the hard drive and reinstall the operating system. This
reinstallation service is free but leads to five to seven days of
computer deprivation, as well as the inconvenience of having to back
up important data and reinstall programs.

Hacking victims, predictably, voiced their displeasure about their
computer lobotomies. "It's awful," Kaushik said. "I live in Edens
[Quadrangle]; the computer lab isn't even close and applications and
resumes are due."

"It's just sort of a pain... actually, it's a big pain," said junior
Kate Hansen. "I don't have a burner, so all my music and picture files
are gone. I was only able to salvage some [Microsoft] Word files and
stuff."

For those who did not save their original CD-ROMs for application
packages such as Microsoft Office, the operating system reinstallation
can become quite expensive. Duke Computer Store manager Clarence
Morgan said the computer store cannot replace lost disks.

OIT insists on reinstalling hacked operating systems because of the
relatively unlikely possibility that a hacked system could attack
other computers on the network. Failure by a hacked individual to
bring his or her computer to OIT within a week results in a severed
internet connection, Cramer said.

"Unless you really know what you're doing, the safest thing to do is
reinstall the operating system and then restore that data to a clean
computer," Cramer said. "You can attempt to get the hacker off your
system, but it's never as simple as just changing your password,
because usually the hacker has installed back doors--ways they can get
back in."

Some students are complaining about shorter-than-advertised periods
between initial notification and losing their internet; others say
their computers have remained in the shop longer than five to seven
days. Despite the grumbling, most praised OIT workers' helpfulness and
others have even identified positive aspects to being temporarily
stripped of their computers.

"My roommate's computer got hacked into too," said Hansen of her
fellow study abroad veteran, junior Jessica Laun, "so we actually have
real conversations."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.