Why you Should Care

Why you Should Care

By ghost | 4937 Reads |

0     0

Why You Should Care About Hacker Attacks When I ask people to make sure their passwords and computers are secure, they often respond with a shrug and "Oh, I don't care if my systems are secure or not. I don't have anything to hide. Hackers wouldn't care about my computers, there's only boring stuff there anyway."

This attitude is very dangerous, and unethical cyberpunks LOVE these people.

Contrary to what most folks believe, hackers are not after your data, or your private email, or whatever. Hackers are in it for the thrill of the hunt, and the glory of the kill. They want to damage your system so they can tell all their cyberpunk friends how great they are. They are also after systems they can use as resources in their never-ending quest for CyberGlory. They want to move in, take over, and steal your server and your bandwidth to do their dirty work.

Hackers vs. Crackers There are two types of hackers: ethical pros, who wear the "hacker" label with great pride, and CyberRambos, punks who are more correctly called "crackers". Ethical pros are highly skilled computer professionals who hire out their skills to organizations concerned about their own network's safety. Essentially, ethical hackers will, with your full knowledge and permission, try to break into your site to find the weaknesses, and then help you fix them. Ethical hackers also are software developers who write security and firewall software, and "hack" as a way to test their products. Ethical hackers never break into a site without the owner's permission, and they do so only to help make the site more secure in the end. They do no damage, and they have very strict ethical codes governing their work.

We don't worry about ethical hackers here.

We do worry about the other kind, the kind I call CyberRambos, the ones ethical hackers despise and hate, dubbing them "crackers" because they "crack" (break) systems instead of just finding holes in them. Crackers are usually teens or early twentysomethings who break into other people's computer systems for a variety of reasons, mostly having to do with ego, showing off, status, thrills, and the challenge of doing Bad Things without getting caught. They have websites and newsgroups where they boast of their conquests to other CyberRambos. They give themselves trendy "handles," have websites full of anti-authoritarian rants, and generally just make cybertrouble, as teenagers in any subculture will do.

Damage Crackers Can Cause Usually, crackers do not care about reading your email or stealing your data. They want to break into systems to show off their prowess. To prove that "Kilroy Was Here" they will cause damage–wipe disks, change user account info, anything that will get noticed and allow them to claim their trophy. A popular form of cracking is to break into a web server, and change the home page of that network –so when someone innocently tries to access www.linux.com or somesuch, instead of the Linux info you wanted, you get porno, or simply a gloating message in crackerspeak. Another thing crackers want, and want badly, is bandwidth. They need internet access and lots of it to support their cracking efforts. So they break into a server, and rather than announce their presence to claim a trophy, they will "hide" and secretly start setting up shop on your server. They will install software, rearrange config files, and then start using your server and your network access as a base of operations to crack into other systems.

Crackers and UC San Diego The second form of cracking, breaking in to steal resources and bandwidth, is the most common type of cyber vandalism on the UCSD campus. This is partly due to the large amounts of bandwidth available to University servers. If a cracker breaks into the Psychology department server, for example, he has the whole UCSD campus network to play with. This is true of any university campus, not just UCSD.

UC San Diego in particular is an attractive target because of its affiliation with the SuperComputer Center–crackers think that if they break into a UC San Diego system, they are one step closer to a "Mecca" of Crays and other super mainframe computers. Cracker Heaven! The thought of all that CPU power is a big draw, and it is not uncommon for campus network managers to see floods of cracker attempts from kids who have heard about the supercomputers here.

Security and The UCSD Psychology Department First of all, the Psychology Department has not had a cracker break-in on a workstation since August 1999, and has not had a server break-in since June 1998. Security on the main UNIX server is maintained through consultation with top Network Operations gurus; and since I arrived in June 1998, workstation security is slowing increasing as we all become aware of the dangers. Logs are closely monitored, and servers are patched as much as possible.

In order to give you an idea of the types of risks, here are the details for the three break-ins we have had here in recent months:

The workstation breakin was the most embarrassing: a 12-year-old kid sat down at a lab NT server and managed to change the password on the system so no one else could get in. He then started surfing the network, poking around local fileservers and folders. The youngster's mother was sitting two feet away and never noticed a thing.

How did this happen? The kid was the brother of a research subject; the researcher had the subject off in another room during the testing and had left the mom and the brother alone in a room to wait. The room happened to have a computer in it. The computer happened to be live on the network, and to be the server for that lab. The kid knew enough to break in and start cracking. Presto!

Fortunately, no damage was done, and I was able to return the system to a working state fairly quickly. The ironic part of this whole thing: in order to gain access to the system again after our little friend worked on it, I had to do some hacking. The first thing I had to do was break his password. I used standard hacker tricks, and guessed correctly: he had used a really bad password, and I was able to hack his hacking within minutes!

The two server breakins actually happened before my arrival: one just days before, and one about six months before. In both instances, the bad guys used an existing user account to get it–someone had chosen an easily-guessed password on their account at another institution, and then used the same bad password for their psy account here. Both times, the server had to be completely shut off the campus network until it could be rebuilt to Network Operations' satisfaction.

Some Guidelines For Protecting Yourself and The Network First: Choose good passwords. Our security is only as good as our weakest password. Don't let it be yours!

Second: Make sure that you know who has access to your lab and office computers. Are students or strangers ever left alone with networked computers? Think about your lab routines; modify them if necessary so only authorized personnel have access to your computers.

Third: Don't share your password. If someone needs access and they do not have their own password, send me a note and I will set them up with one. If you have files you need to share, contact me and we can set up a secure shared folder on your computer or on the server, instead of you giving out your password.

Fourth: Some labs have a single lab login and password for shared resources. I know this is convenient, but it is also very insecure. If you use this method for shared access, come talk to me. I can often come up with alternate methods to do the same thing, without several folks sharing the same account. (That is, after all, my job.) One example: I can set up a lab GROUP, instead of a lab user, and make all the individual accounts members of that group. You can then access resources belonging to that group with your own private password. I can easily add members as you get new lab folks in, or delete them from the group as they move on, without having to change the password for the entire lab.

Fifth: If for some reason you do have a single lab password, please make sure you change it every time someone who knows the password leaves, graduates, whatever.

Sixth: If you set up a shared folder on your computer, always make sure you use a password to protect it.

Finally: If you have any questions at all about security here in the Psychology Department, please feel free to contact us.