Hacker Sting

Recently I decided to join the Association of Computing Machinery. This happened because I found out my company would pay for it. Right now I am waiting for my membership. It will give me a subscription to their ACM magazine. I will also get access to some technical references online. I though I would talk about a story from the Communications of the ACM. This story is over 20 years old. But the topic is one that I think is still of interest today.

A hacker tried to attack the computer system in a lab. The lab decided to let him think he had broken in. They further decided to use this individual to study how hackers operate. They tracked his activities for about a year. This individual used their lab computer to try to reach other systems. He mainly targeted military and defense systems. They thought he might be doing this for espionage purposes.

Over the year, the hacker attempted to attack over 450 computer systems. He did not use any new approaches. He only used techniques that were found elsewhere, like known security holes. They first detected his attack on their systems when they found a new account that was created. He seemed to search their e-mail to find signs that he had been detected. The hacker used X.25 ports to get in. He tried guessing passwords of accounts.

The intruder was evasive. He only stayed connected for a couple minutes at a time. He also disconnected when he noticed that a system manager was online. He was traced when the researchers at the lab set up a sting. They created some bogus files of interest. It caused the hacker to stay connected longer reading them. The hacker also sent in some snail mail correspondence based on what he read in the bogus files.

This hacker relied on some common account names being present in most systems like root, guest, and system. He also used utilities such as who or finger to find the user names of people logged on. Many people store all kinds of passwords in plain text files. This guy was also able to crack encrypted passwords. It did not help that many people chose passwords that could be found in a dictionary.

There is a lot more to this story. I plan to access the original story in the archives when I become a member of the ACM. Come to think of it, I tried to apply for membership quite some time ago. I have not heard from them since. Maybe it is time to call them up.