Information Technology Reference
In-Depth Information
were present in each system, and the person methodically took advantage of
these circumstances. As Stoll reports, “the person we followed was patient and
plodding, but hardly showed creative brilliance in discovering new security flaws.”
9
Given that he used relatively wellknown techniques, the scope of the intruder's
activity is impressive. The intruder lived in Germany and used the local tele
phone exchange to obtain access to a nearby machine. This computer then al
lowed him to enter various national and worldwide networks. (Long distance
charges were borne by some of the installations under attack.) After several
stages, the intruder was able to connect to the LBL computers (where monitor
ing of his activities started), and this gave the intruder access to the Internet for
access to many machines and networks throughout this country. Altogether, he
made use of a remarkable diversity of machines and involved an impressive
range of locations through interconnected networks.
As a postscript to this story, the identity of this intruder finally was determined
only through a longterm, concentrated effort by Clifford Stoll and others. Various
monitoring and tracing capabilities were utilized in the work, but tracking the indi
vidual still required great effort and resourcefulness. The presence of an intruder
was first determined during an investigation of an accounting error, because the
intruder had created a new account with no corresponding billing number. He ob
tained access to this accounting information through a subtle error in a standard
text editor and was then able to gain system manager privileges. To trace his
progress, investigators attached printers to users' lines, so they could read every
thing the intruder typed. They constantly monitored all of his account's activities,
and they traced his telephone calls. The complete story of the monitoring and
eventual identification of the intruder makes fascinating reading. If interested, read
the full account in one of the sources listed in the notes.
Since the LBL example occurred, both security measures and hacking techniques
have progressed significantly. One way that organizations and companies now
increase their defense against unwanted visitors is by installing protective mea
sures such as firewalls.
5 Stoll writes a fascinating account of his efforts to track down an intruder to the Livermore
Berkeley Laboratory computers in his article “Stalking the Wily Hacker,”
Communications
of the ACM
, Volume 31, Number 5, May 1988, pp. 484-497. His story has also been de
scribed in a program produced for Public Television. Various other accounts of this material
have also appeared in several publications.
6 Ibid., p. 494.
7 Ibid.
8 Ibid., p. 484.
9 Ibid., p. 485.
