Information Technology Reference
In-Depth Information
Stalking the Wily Hacker
Let's take a look at several types of security leaks through one celebrated case
described by Clifford Stoll. 5
In his commentary, Stoll reports that an intruder gained access to the Livermore
Berkeley Laboratory (LBL) computers in August 1986. While trying to track down
the identity of this person over the following 10 months, Stoll (with the support of
LBL and the help of personnel at other sites) followed this individual's attempts
to break into about 450 other computers. More than 30 of these attempts were
successful. Stoll reported that half of the 450 attempts were unsuccessful because
the computers were unavailable. Of the remaining 220 attempted logins,
5% were refused by a distant computer (set to reject LBL connects [no one at
LBL was allowed access to these machines]).
82% failed on incorrect user name/passwords.
8% gave information about the system status.
1% achieved limited access to databases or electronicmail shells.
2% yielded normal user privileges and a programming environment.
2% reached systemmanager privileges. 6
Thus, about 5% of the attacks against Internet computers were reasonably suc
cessful. In this case, the intruder was particularly interested in military or classi
fied information, and one might expect computers involved in such applications to
be more secure than machines used for general computing. It is not unreasonable,
therefore, to expect that the percentage might have been higher for machines with
more general uses. In the same article, Stoll compares his results with other, inde
pendent studies of attempted breakins to systems and concludes, “breakin rates
of 3-20 percent may be expected in typical network environments.” 7
Such rates suggest that although many computers may be somewhat resistant to
intruders, persistence can pay off. Different attacks on the same machine, trying
different user names and accounts, or taking advantage of different characteristics
of a system can allow an outsider to find holes and to take advantage of potential
weaknesses. For example, in reviewing this work of the intruder, Stoll writes
The intruder conjured up no new methods for breaking operating
systems: rather he repeatedly applied techniques documented else
where. Whenever possible, he used known security holes and sub
tle bugs in different operating systems, including UNIX(R), VMS(R),
VMTSO(R), EMBOS(R), and SAILWAITS. Yet it is a mistake to as
sume that one operating system is more secure than another: Most
of these breakins were possible because the intruder exploited
common blunders by vendors, users, and system managers. 8
The intruder also guessed account names and passwords to gain access to other
accounts and machines. Overall then, the intruder gained access to a wide range
of computers around the world by taking advantage of many of the potential se
curity problems mentioned in this topic, including software errors, easily guessed
passwords, and procedural errors. Throughout this work, potential weaknesses
Search WWH ::




Custom Search