ad info




CNN.com
 MAIN PAGE
 WORLD
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
* TECHNOLOGY
   computing
   personal technology
 SPACE
 HEALTH
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 ARTS & STYLE
 NATURE
 IN-DEPTH
 ANALYSIS
 myCNN

 Headline News brief
 news quiz
 daily almanac

  MULTIMEDIA:
 video
 video archive
 audio
 multimedia showcase
 more services

  E-MAIL:
Subscribe to one of our news e-mail lists.
Enter your address:
Or:
Get a free e-mail account

 DISCUSSION:
 message boards
 chat
 feedback

  CNN WEB SITES:
CNN Websites
 AsiaNow
 En Español
 Em Português
 Svenska
 Norge
 Danmark
 Italian

 FASTER ACCESS:
 europe
 japan

 TIME INC. SITES:
 CNN NETWORKS:
Networks image
 more networks
 transcripts

 SITE INFO:
 help
 contents
 search
 ad info
 jobs

 WEB SERVICES:

COMPUTING

From...
Computerworld

Teens steal thousands of Net accounts

hacking

January 14, 2000
Web posted at: 12:38 p.m. EST (1738 GMT)

by Ann Harrison

(IDG) -- A group of teen-age computer crackers allegedly used thousands of stolen Internet accounts to probe the networks of two national nuclear weapons laboratories, according to law enforcement authorities in California.

At least five crackers, ages 15 to 17, compromised accounts at 17 Internet service providers in the U.S., Romania and Australia and used the accounts to attack nine targets including the Sandia and Oak Ridge National Laboratories and Harvard University, according to Capt. Jan Hoganson of the Sacramento Valley High-Tech Crimes Task Force in California. The crackers managed to gain root access to computers at Harvard, Hoganson said, but just scanned the national lab networks to look for vulnerabilities. The intruders stole 200,000 accounts alone from San Francisco-based Pacific Bell Internet Services for use in the attack.

According to Hoganson, the stolen accounts were used to scan for open network ports at the labs, which could be used for subsequent attacks. Hoganson emphasized that the laboratory networks themselves weren't compromised. He said law enforcement authorities were notified of the scans Dec. 7, by an El Dorado Hills, Calif.-based Internet service provider called InnerCite, which had received complaints from the labs that accounts it hosted were used in the scans.

"The feds say it was an unwelcome visit, but there was no criminal action committed," said Hoganson, who likened the action to nighttime intruders rattling the doorknobs of a locked business. "Fortunately, the ISP preserved the evidence," he said.

Damian Frisby, a detective with the Sacramento Valley High-Tech Crimes Task Force, said the FBI is now contacting other service providers from which accounts were allegedly stolen. He said the young intruders, who allegedly belong to a cracking group called Global Hell, had been tracked down and contacted by authorities after they bragged of their exploits in Internet chat rooms. While no charges have yet been filed, Frisby said he expects that some of the attackers will eventually be charged with unlawful access of a computer and possibly grand theft.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Computerworld's home page
  Computerworld Year 2000 resource center
  Computerworld's online subscription center
  IDG.net's product reviews page
  Reviews & in-depth info at IDG.net
  E-BusinessWorld
  Year 2000 World
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for IT leaders
  Search IDG.net in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

"One of the first things an ISP considers is to shut these people down -- which is great for security and stops the attack, but it makes it hard for us to track them down," said Frisby. "They should contact law enforcement, but they have to make the decision whether to track them down or cut them off, and we can't tell them what to do."

Frisby noted that while some of the compromised Internet service providers had chosen to cooperate with law enforcement, one, PSINet Inc. in Herndon, Va., demanded a search warrant before taking any action. "We don't want to violate anyone's rights, but it delays the process," said Frisby. PSINet wasn't available to comment on the request.

While the investigation is ongoing, Frisby said service providers should guard against the theft of account data by taking care to update operating systems with current security patches and maintain effective firewalls. "It is a hard job to do because there are new exploits everyday," he said.

Frisby added that many of the compromised Pac Bell accounts used passwords that were easy to uncover using standard dictionary programs that search for known words. He said the attackers somehow obtained a list of 200,000 Pac Bell user accounts and were able to successfully steal the passwords for about 95,000 accounts.

Michelle Strykowski, a spokeswoman for Pacific Bell Internet Services, a subsidiary of SBC Communications Inc., based in San Antonio, disputed the number of compromised passwords. Strykowski said 63,000 passwords had been decoded, but Pac Bell was still unsure how the accounts were compromised. She said there has been no indication that the account information has been abused elsewhere and no customers have complained.

According to Strykowski, the company sent an advisory to customers Jan. 7, warning of a security breach and advising them to change their passwords to include uppercase and lowercase characters, symbols and numbers, which makes them more difficult to crack. She said Pac Bell's 330,000 California Internet customers were also advised to change their passwords every 90 days and to not use the same passwords for a number of different accounts.

"Security is a top priority for Pacific Bell, and we are working closely with the police, but these hackers have proved to the Internet as a whole that we must maintain vigilance," said Strykowski, who noted that the Global Hell cracking group had also compromised Web sites at the FBI and the White House. "All other ISPs, like Pac Bell, have to constantly scrutinize security and make recommendations to customers to be responsible Internet users and change their passwords."


RELATED STORIES:
Rebuffed Internet extortionist posts stolen credit card data
January 10, 2000
Pentagon prepares for war by keystroke
January 5, 2000
Reporter's notebook: Hackers are all business at annual congress
January 4, 2000
Governments ready to fight cyber-crime in new millennium
January 2, 2000
Depth Specials - Hackers
January 2, 2000

RELATED IDG.net STORIES:
Diary of a hack attack
(Network World Fusion)
Plug those known holes!
(Computerworld)
How to keep hackers out of your Web site
(Computerworld)
Defending against cyberattack
(Network World Fusion)
Microsoft says 'crack this!'
(The Industry Standard)
Odd coupling links hackers with security firm
(InfoWorld.com)
Hackers shut FBI site
(PC World Online)
Staples files lawsuit against Web hacker
(Computerworld)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RELATED SITES:
Sandia National Laboratories
Oak Ridge National Laboratory
PSINet Inc.
Pacific Bell
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.