Home
News
Sports
Viewpoint
Scene

Daily Index
Advertise
Contact Us
Submit a letter to the Editor
About The Observer
Past Issues
Search Back Issues
www.nd.edu
www.saintmarys.edu
Breaking News from the Associated Press at the New York Times
Legal Disclaimer
The Observer Website
Vol XXXVII No. 73

Wednesday, January 15, 2003
Hacker breaches University computer systems
By SCOTT BRODFUEHRER
Associate News Editor

   A hacker penetrated a campus server during the Christmas break and could have obtained AFS IDs and passwords for hundreds of users.

According to Gary Dobbins, director of Information Security for the Office of Information Technologies, a hacker modified the Darwin server so that when a user entered his ID and password to authenticate to the server, that information was stored in a file accessible to the hacker instead of granting access to the server. Darwin is a general-purpose server that can be used to access or modify personal files, such as Web pages, and the breach to it occurred on Dec. 21. The breach harvested the passwords of users using the AFS protocol to access the server until Dec. 29, when the intrusion was detected.

Although all users whose AFS IDs and passwords were in the file were notified via e-mail, Dobbins said he strongly recommends anyone who used Darwin, which can be accessed through the addresses darwin.cc.nd.edu or darwin.helios.nd.edu, in the past change their password at the Web site http://www.nd.edu/password.

The breach is still under investigation, but went undiscovered for so long because of the Christmas break and the fact that OIT is in the middle of installing a new security client, TripWire, which will alert administrators to security breaches such as this one. Although the software was installed on Darwin at the time of the attack, it had not been fully implemented to alert administrators of the breach. However, the breach prompted OIT to speed the installation of the software.

"It was as though the attacker knew that this was the most vulnerable time for our servers," said Dobbins.

With the aid of TripWire, Dobbins said he does not anticipate such a long delay between an attack and its discovery being repeated, although further attacks are unavoidable.

"It's like an arms race – hackers are continually becoming more skilled and we are continually updating our systems, and they will always be a step ahead of us," said Dobbins.


All News Stories for Wednesday, January 15, 2003