The Rat wrestles with security advice to slam down computer hackers

The Rat has been watching with interest as the rest of
the world learns a painful lesson in network security.


The New York Times Web site hack got everyone’s attention a few weeks ago, but
that was just one instance in a recent rash of site takeovers, including one of a Web
server in Japan that hosts 24,000 domains.


Government servers haven’t been immune. The New York Times hackers also scored a
hit on NASA’s Jet Propulsion Laboratory. And system administrators for the CIA site
will have to live down the gaping security hole that gave hackers enough elbow room to
open an X Window System session to the CIA server.


The cyberrodent takes comfort in the knowledge that even computer security community
mavens aren’t immune to hacker exploitation. Winn Schwartau, editor of the http://www.infowar.com Web site and author of a number
of works on computer security, had his Social Security number posted to the fake http://www.nytimes.com Web page. Fortunately for
him, it was in Hypertext Markup Language source code and not immediately visible to casual
browsing. Unfortunately for him, hackers put it there, and the page is archived all over
the Internet.


The furry one has advice for his agency readers: Now is a really good time to check
your network security.


The Rat used the Times hack as leverage to get his department head to declare a
three-day stand-down for security while agency information technologists read the latest
Computer Emergency Response Team and Federal Computer Incident Response Capability
reports, ran security checkers, and perused firewall and server audit trails.


All the furry one had to do to gain permission was suggest that the boss’ Social
Security number and direct deposit information could conceivably end up on the agency
intranet.


The whiskered one topped off his 75-ounce latte cup, placed last month’s unread
trade magazines within easy reach, and sent his acolytes to chase down a promiscuous
network card. Then he settled back in his concrete command bunker to launch a script
that would open up his battery of security tools: SATAN, COPS, Crack and a few other old
standbys he’s collected over the years.


After hitting the Enter key, he relaxed and adjusted his caffeine level to an
acceptable range.


According to the Rat’s sources in the cyberunderworld, the New York Times
attackers either exploited a poorly written Common Gateway Interface script or employed a
hacker utility against a known bug in Sun Microsystems’ SunOS to connect directly to
the server’s file system.


Either way, the attackers used well-known—at least among hackers—holes in
system defenses to gain control of the server. It was a derivative hack, or child’s
play, boasted one of the most elite hackers, known in their parlance as a ’leet.


Whoopsie. Somehow the Rat suspects that the New York Times doesn’t think anyone
was just playing. Folks there are thinking of all the page views lost to readers who had
expected to see the Starr report.


The timing made the cyberrodent just the least bit suspicious. The group’s
“Hacking for girlies” handle sounds too much like a phony White House intern
selection system.


The Rat wants to check the White House systems logs just to make sure.  


The Packet Rat once managed networks but now spends his time ferreting out bad
packets in cyberspace. E-mail him at rat@gcn.com.
 

inside gcn

  • cloud migration (deepadesigns/Shutterstock.com)

    What agencies can learn from the Army’s complicated move to the cloud

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group