Autor: Lech Borkowski (lbs_at_phys.ufl.edu)
Data: Tue 24 Jan 1995 - 07:58:25 MET
comments, anyone?
LB
------------------------------------------------------------------------------
The New York Times, January 23, 1995
Data Network Is Found Open To New Threat
by John Markoff
San Francisco, Jan. 22
A Federal computer security agency has discovered that unknown intruders have
developed a new way to break into computer systems, and the agency plans on
Monday to advise users how to guard against the problem.
The new form of attack leaves many of the 20 million government, business,
university and home computers on the global Internet vulnerable to
eavesdropping and theft. Officials say that unless computer users take the
complicated measures they will prescribe, intruders could copy or destroy
documents or even operate undetected by posing as an authorized user of the
system.
For computer users, the problem is akin to homeowners discovering that
burglars have master keys to all the front doors in the neighborhood.
The first known attack using the new technique took place on Dec. 25 against
the computer of a well-known computer security expert at the San Diego
Supercomputer Center. An unknown individual or group took over his computer for
more than a day and electronically stole a large number of security programs he
had developed.
Since then several attacks have been reported, and there is no way of knowing
how many others may have occurred. Officials of the Government-financed Computer
Emergency Response Team say that the new assaults are a warning that better
security precautions will have to be taken before commerce comes to the
Internet, a worldwide web of interconnected computers that exchange electronic
messages, documents and computer programs.
It is expected that by the end of this year such businesses as florists,
supermarkets, credit card companies and banks will peddle wares to customers via
the Internet and the new intruders could be able to steal credit card numbers,
merchandise and money.
The response team, based at Carnegie-Mellon University in Pittsburgh, plans
on Monday to post an advisory on the Internet, alerting computer users to the
attacks and urging them to take a variety of protective measures involving
software and hardware security mechanisms.
"This was a sophisticated attack," said James Settle, a former F.B.I.
computer crime expert who is now an executive at the Inet Corporation, a
computer security firm. "Essentially everyone is vulnerable."
The Internet works by breaking computer messages into groups of digital
packets of data, each of which has an electronic "envelope" that provides "to"
and "from" addressing information used by special network computers known as
routers that deliver the data.
The new attack makes use of a flaw in the design of the network to fool the
router computers into believing that a message is coming from a trusted source.
By masquerading as a familiar computer, an attacker can gain access to
protected computer resources and seize control of an otherwise well-defended
system.
Computer administrators at several organizations that have been broken into
by individuals using the technique said they had been contacted by Federal
law-enforcement officials as part of an investigation into the break-ins, but
Justice Department officials refused to comment.
[...]
Classified Government military computer systems are not thought to be at risk
because they are not directly connected to the Internet.
And until now, most companies and other organizations with computers directly
connected to the Internet have assumed they could protect themselves from
intruders by creating various types of hardware and software defenses known as
"fire walls."
But the new type of attack can in many cases easily penetrate these common
defenses, according to officials of the Computer Emergency Response Team.
"Out of all the sites on the Internet, there are only some small fraction
that care enough about security," said Tom Longstaff, manager of research and
development for the security agency.
The security warning to be issued on Monday will include a list of brands of
router computers that can use a computer program to protect against the new
attack, which is called IP, or Internet protocol, spoofing. The new defense
works by recognizing packets that have been forged and rejecting them. But the
advisory will also list brands of routers that have no way of protecting against
the attack.
Computer security experts said there was no good way of estimating what
fraction of the Internet computers have routers or fire wall software capable of
protecting against the attack.
"This is a really tough problem because it is an attack based on the way
things work normally," said Marcus Ranum, a senior scientist at Trusted
Information Systems, a computer security firm.
The flaw, which has been known as a theoretical possibility to computer
experts for more than a decade, but has never been demonstrated before, is
creating alarm among security experts now because of the series of break-ins and
attacks in recent weeks.
The weakness, which was previously reported in technical papers by AT&T
researchers, was detailed in a talk given by Tsutomu Shimomura, a computer
security expert at the San Diego Supercomputer Center, at a California computer
security seminar sponsored by researchers at the University of California at
Davis two weeks ago.
Mr. Shimomura's computer was taken over by an unknown attacker who then
copied documents and programs to computers at the University of Rochester where
they were illegally hidden on school computers.
Most computer security experts say that real security on the Internet awaits
the widespread adoption of encryption technology for scrambling data and
authenticating messages.
Internet veterans also expressed anger at the new style of attack because it
would cause many organizations to strengthen their security systems, thus making
the network less convenient and less useful.
"These guys are striking the basis of trust that makes the network work," Mr.
Ranum said, "and I hate that."
To archiwum zostało wygenerowane przez hypermail 2.1.7 : Wed 19 May 2004 - 15:49:48 MET DST