Home Archive RSS/XML Subscribe Shop

[ISN] Hackers break into software distribution site

From: mea culpa <jericho_at_dimensional.com>
Date: Sat 23 Jan 1999 - 14:11:33 CST
Forwarded From: anon <unique@juno.com>

http://www.sjmercury.com/business/tech/docs/004195.htm
Posted at 6:59 a.m. PST Friday, January 22, 1999 
Hackers break into software distribution site
BY ELIZABETH CORCORAN
The Washington Post 

Unidentified hackers corrupted a widely used program at a major software
distribution center Thursday morning in hopes of gaining entry to computer
systems around the world, said officials at the CERT Coordination Center
at Carnegie Mellon University. 

The damaged program, known as a ``TCP wrapper,'' is typically used by
system administrators to control services on computers running the Unix
operating system. System administrators at organizations from schools to
companies usually download current copies of this kind of program and
install it on their machines. 

Around 1 a.m. EST, hackers installed a so-called Trojan horse in one such
program, opening the equivalent of a trapdoor in the program's security
and giving intruders easy access to all the services and information
stored on that computer. 

In addition, when a system administrator installs the rogue program, it
sends a message to the hackers, giving them the address of the compromised
machine. 

CERT officials, who monitor instances of malevolent hacker attacks, said
they did not know how many computers might already be running copies of
the Trojan horse program. Before the corrupted program was detected, 52
computers around the world had made copies of the program. Such computers,
in turn, typically distribute the software to others. 

``This is a rather unique situation,'' said Jeff Carpenter, CERT's
incident response team leader. Those who have installed the corrupted
program now have an open door into their computer systems that malevolent
hackers can easily exploit. But, he added, there might not be many copies
of the program running. 

Carpenter said CERT has posted information on its World Wide Web site that
system administrators can use to determine whether they have a damaged
copy of the program (the site is www.cert.org ). Although CERT does not
try to track down hackers, it does cooperate closely with law enforcement
officials, he said. 











-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:06:34 1999
Google
 
Web www.infosecnews.org
© Copyright 2007 InfoSec News
Home Archive RSS/XML Subscribe Shop Privacy