Better Watch Out: Hackers' Claws Are Ready to Pound
Computer Crooks Don't Mind Working Over Holidays,
When No One's Watching
Monday, December 20, 1995
by Jared Sandberg
Chestnuts roasting on an open file, Hackers filching all your files.
The holiday season is open season for hackers bent on bearing bad tidings to
users of the Internet. The Computer Emergency Response Team, a federally funded
center that monitors security breaches on the global computer network, warned
this week that "hundreds of sites have been attacked" in recent days.
Such holiday hacking "is very common," one hacker said. "Many places are shutting
down an people aren't monitoring systems as much. It gives hackers more time
to poke around not worry about getting caught."
"This is a great time for machines to sit idle for a week -- which is a hacker's
playground," said William R. Cheswick, a security researcher at AT&T Corp.'s
Bell Laboratories. "This people are Scrooges."
Last year at this time, a group identifying itself as the Internet Liberation
Front broke into computers operating by International Business Machines Corp.
and Spring Corp. The outfit also deluged an Internet sites with "electronic
mail bombs" and warned corporate America against turning the Internet in a "cesspool
of greed."
This year, Grinches are grabbing new software tools to gain access where they
shouldn't be. The tools, such as SATAN -- which some wags point out is an anagram
for Santa -- and Internet Security Scanner, were originally intended to help
system administrators find holes and plug them. But hackers swap such programs
electronically over the network, assisting each other in pursuits that are naughty,
not nice.
"Hello, thanks for connecting to the password cracking help line," wrote one
purported hacker in a real-time "chat" session on the Internet yesterday. "I'm
Bob, how can I help you?"
The Computer Emergency Response Team, which declined to disclose the names
of companies affected or the extent of damage in the latest break-ins, receives
up to 15 reports of security breaches each day and has seen a 75% annual increase
in reported incidents in recent years.
Katherine Fithen, a CERT team leader, said the persistent security problems
result from Internet novices who administer their employers' links to the global
network. But Bruce Fancher, president of Phantom Access Technologies, Inc.'s
MindVox, a New York Internet access provider, countered that CERT and software
vendors are slow to response to problems.
Mr. Fancher said someone keeps trying, unsuccessfully, to set up an account
with his service using a bogus credit card number. "He does it everyday at 3:30
p.m." Another hacker recently succeeded and, posing as a school computer official
sent mail to every single Cornell University student. "That was on Thanksgiving,"
Mr. Fancher said. ?
