| Title: | -={ H A C K E R S }=- |
| Notice: | Write locked - see NOTED::HACKERS |
| Moderator: | DIEHRD::MORRIS |
| Created: | Thu Feb 20 1986 |
| Last Modified: | Mon Aug 03 1992 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 680 |
| Total number of notes: | 5456 |
By now you've probably seen the press reports of the German hackers'
breakin into NASA's network, SPAN. This is a huge extended DECnet
using lots of inter-company gateways, etc. Apparently they planted
a trojan horse in one VMS4.5 system which didn't have a recommended
patch installed... Note that SPAN is NOT a classified network;
everyone and her kid sister has access to it.
Besides the obvious lack of DECliteracy on the part of the reporter,
does anyone want to comment on what actually may have happenned,
or where there was a security hole?
<begin forwarded article>
COPY OF ARTICLE FROM THE GUARDIAN DATED TUESDAY, 15TH
SEPTEMBER 1987.
QUOTE - FRONT PAGE HEADLINE ARTICLE
YOUTHS HACKED INTO SECRET NASA NETWORK
EXCLUSIVE
by Gareth Parry
Young West German computer hackers have successfully
broken into a top secret world-wide computer network which
connects the North American Space Agency's scientific
research centres with its counterparts in Britain, France,
Germany, Switzerland and Japan.
The attack has been kept secret by the intelligence
services, although the scandal was discovered months ago,
because it is feared that the knowledge the youths may
have gained puts them, and the integrity of various
American and European space development programmes in
extreme danger from Eastern bloc agents.
The space programme involved cover a wide range of
applications. Nasa, for example, is working on space
platform technology, while Britain is looking at remote-
sensing satellites - a form of spy satellite project.
France is building up towards a manned satellite, and
Japan's projects concentrate on the computing aspects of
space communication.
The youths have told West German interior ministry
interrogators that they planted a programme known to
hackers as a Trojan Horse in the world-wide computer
network, Span, "for fun". They have denied accusations
of espionage.
The Trojan Horse enabled them to reap at will any or all
the secrets of Western space technology at a key-stroke.
The Trojan Horse can wait for a top security user to log
on with a secret password, and then record his key strokes
in a file, revealing everything that is said.
The attacked computers are the 4.4 and 4.5 state of the
art models made by Digital Equipment Corporate (DEC), one
of the most important and respected computer companies in
the world. DEC's latest computers, the VAXes and their
super-sophisticated software are interlinked with secret
Western technology, and Western governments claim the
VAXes can be used for designing, making and operating
weapons.
DEC recently disclosed that it has been given top security
validation by the National Computer Security Centre, an
agency operated by the United States government.
The company's VMS machines - virtual manning or standard
deck operation computers - were given two security
classifications. C2, signifying "controlled access", and
B2 "Trusted Path Requirements".
Despite this, the German hackers managed to penetrate
systems, implant Trojan Horses, giving unauthorised users
access; use the penetrated computer for their own
purposes; and alter accounts and security checks in such
a way that their presence went undetected.
Security sources said yesterday that the hackers "visited"
no fewer than 135 computer centres worldwide, leaving
their Trojan Horses and a general key word for their own
purposes within the system.
With the Horse and the keyword installed it was easy to
enter any associate of the Span network. The hackers
later delightedly observed that in some cases their
"modifications" had already been automatically taken into
the back-up versions which allow a security start-up if
any organisation fears that its defences have been
breached.
The West German hackers, who call themselves Data
Travellers, worked together on their target for more than
six months. Some of the groups are understood to be
insiders in some the agencies working with DEC computers,
and therefore had access to all the highly-classified
operating systems manuals.
This insider involvement enabled them to detect a hitherto
undiscovered flaw in the computer system which they used
as a "doorway" into computers of the same type.
That flaw was, however, known to some experts, and its
implications were discussed in the German computer
security magazine Datenschutz-Berater of Pulheim. The
magazine showed how people who penetrate high-technology
computers could be at risk from desperate political
agencies hungry for rival countries' computer known-how.
The hackers' activities would have continued unhampered
but for a security manager of a German research laboratory
alerted by the Datenschutz-Berater article. He noticed
abnormalities in a computer system, and carried out his
own intensive investigation for several days. He
discovered that Trojan Horses could be isolated.
Two of the hackers were identified - the insiders. Then
the security manager made a move which later appalled the
security services: he revealed details of his discovery,
including the names and employers, in a "mail-box" in the
general computer network. His message ended ".... in
hope that some-one, somewhere ... might perform physical
violence on them".
The named youths felt exposed and in danger. They went
to Datenschutz-Berater, which informed DEC and other DEC
computer users.
DEC said it was aware of the flaw in its system and had
counteracted it.
This May it informed all customers of a "mandatory patch".
This patch amends an operating system and effectively
erects a bar against Trojan Horses and other penetrations.
Intelligence sources say however, that, as with most
computer hacking crimes, the blame lies not with the
computer but with lax security by users. A DEC spokesman
said last night that the company was still conducting an
intensive internal inquiry. The whereabouts of the
hackers if unknown.
Ms Teresa Tomsett, a DEC spokeswoman in Britain, said:
"There will always be organisations which challenge to
break through security levels, but our engineering and our
servicing people are all very well trained.
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 560.1 | Good for a laugh, though! | SNDBOX::SMITH | William P.N. (WOOKIE::) Smith | Fri Sep 18 1987 18:45 | 8 |
Well, I could tell he was in trouble when he equated remote sensing
with spy sats. "Martha, somebuddy orter _do_ something about them
Landsat and SPOT thingies, or our National Security is in big trubble!"
Then there are the top secret operating systems manuals. So that's
why we lock up the lab every night!
Willie
| |||||
| 560.2 | Great timing to be sure. | FROST::HARRIMAN | I've heard this song before | Fri Sep 18 1987 19:59 | 7 |
Hmph! That's why we got the mandatory SECURESHR patch last may!
Still no illumination on what kind of horse it was, tho? I must
say the timing is about as wicked as can be with DECworld still
going on and DEC in the world's limelight.
/pjh
| |||||
| 560.3 | But wait, there's more | MAY20::MINOW | Je suis Marxist, tendance Groucho | Fri Sep 18 1987 20:01 | 3 |
See VAXWRK::VMSNOTES, note 1125 for some background. Martin. | |||||
| 560.4 | SNDBOX::SMITH | William P.N. (WOOKIE::) Smith | Sat Sep 19 1987 02:19 | 5 | |
You got the patch last may???? I just got a note about it last
week.... I thought that was even better timing.
Willie
| |||||
| 560.5 | RIKKA::PALO | Fred Garvin Band lives... | Sun Sep 20 1987 09:20 | 21 | |
This whole situation demonstrates how sensitive sites *need* to be
concerned with the security of their systems. This means access to
operations rooms where consoles be, protections on terminals, (even
syspasswords), enforcing secondary passwords on accounts, breakin
logging, alarms on sensitive files, *active monitoring* of images being
executed via Accounting. These and more are crucial in this type of
environment --- that's why VAX/VMS went through the pains to get TCB
certifications -- unfortunately, a lot of sites don't want that
secure of a site (don't want the expense of maintaining it nor the cpu
cycles expended). Perhaps it's just a matter of education?
Analogy - think of FORD motor company getting (successfully?) sued
because a customer was hurt in an accident without his seatbelt
fastened. He could argue well, I know I could have put it
on, but FORD should make them automatic! Imagine the others who would
scream if they *were* automatic.
Frustrating being a vendor in a crazed-consumer (consumer-crazed?)
market!
\rikki
| |||||
| 560.6 | Now I wonder if it was authentic... | FROST::HARRIMAN | I've heard this song before | Mon Sep 21 1987 12:17 | 10 |
re: .4
Yeah, it was sometime back there. Came in over the network with
explicit instructions that we HAD to install it and it involved
security blah blah blah etc. But they wouldn't say WHY. So we put
it in (it could have been the Trojan horse itself for all we knew)
and there we be. Haven't heard a thing since then, until now.
/pjh
| |||||
| 560.7 | It wasn't by accident !! | RTOIC1::CSCHMIDT | Scio, Me Nil Scire | Fri Oct 02 1987 13:09 | 22 |
Re: base note
This thing has caused quite some publicity over here in Germany.
As far as I know it was considered normal risk with all the people
that deal with computer security in other countries.
In the October 2nd issue of "Computerwoche" , there's an article
clarifying the status of the "hackers". Two of the six people that
claim to have accidentally found a security hole in VMS, were actually
employees of public research institutions, whose job is (was ??)
system maintenance.
So they were insiders to VMS and had all the manuals available !!
The bug apparently is that unpriviledged users, trying to open
SYSUAF.dat in VMS4.4 and 4.5 can still access that file, although
they got an error message before. So anybody that hasn't installed
that patch yet, had better installed it immediately !!
The "hackers" used their special knowledge to get access to the SPAN
network and plant their Trojan Horses. In addition they got access
to some information by trying passwords like "SECRET","Challenger"
and the like.
/christoph
| |||||
| 560.8 | My 2 cents | USRCV1::GREENE | Who says money can't buy it!? | Fri Oct 02 1987 18:15 | 11 |
RE: base note
My *lack* of respect for journalists just went up another notch.
It makes me wonder, "If they screw up facts about computers this
bad, why should I believe the details about anything else they report?"
Who knows maybe the alien, two-headed, baby is possessed by Elvis'
spirit? ;-}
Dave
| |||||
| 560.9 | Ever play "telephone" as a child? | ERIS::CALLAS | Strange days, indeed. | Mon Oct 05 1987 14:58 | 6 |
Good question. Why *do* you believe anything they say? Remember,
reporters are only human. They only write down what other people tell
them, and if those people weren't terribly articulate, stuff gets
garbled.
Jon
| |||||
| 560.10 | The Art of Hacking in Old Germany | NBOIS::BLUNK | Bruce P. Blunk | Mon Oct 26 1987 08:50 | 44 |
This is a very complex subject.....!
German telivision did a special report concerning this Hacking problem
in a news show called "Panorama"! The report, of course, mentioned
DEC but was not too negative in the presentation. The facts were
more accurately presented than those in the article in the U.S.
paper. Various articles have appeared in Newspapers as well as
Computer Publications.
I attended a customer course in the DEC Training Center in Munich
a few days after the public disclosure of the hacking incident.
The course was, appropriately: " VAX/VMS Security Management". I
thought the customers would be extremely upset, but they weren't.
Most of them were experienced DP people and most believed that there
is always a way to get into a system somehow (there is no perfect
security). They were impressed that DEC Europe (Germany) did NOT
try to cover up the whole situation and was doing everthing possible
to protect customer and Digital systems.
The U.S. newspaper article did state that "as with most computer
hacking crimes, the blame lies not with the computer but with lax
security by users". I have found this to often be very true. Good
security begins at home! We can have the most secure computer centers
in the world but if one node in the net is wide open then we have
problems! I have seen University uVAX's connected to various networks
where many users had SET priv and the computer room wide open (if
there even is a computer room), with no professional system management
to insure the installation of important patches etc etc.
Perhaps the disclosure of the Hackers in Germany will increase the
awareness of the importance of Computer Security in all aspects
of Data Processing. The problem becomes more complex as networks
grow. How can we determine the security level of every computer
in the network? This Hacking incident was relatively harmless but
what would happen if someone got into a STAR Wars system.....?
Do we really have everything under control?
As Murphy says in his fourth corollary:
"It is impossible to make anything foolproof because fools are
so ingenious".
Happy Hacking:
Bruce Blunk
in Old Germany
| |||||