[Air-l] now there's an ethics problem...

Yanuar Nugroho yanuar-n at unisosdem.org
Tue May 10 05:42:37 PDT 2005


Here is the news ..

y
---------
New York Times --

Internet Attack Called Broad and Long Lasting by Investigators
By JOHN MARKOFF and LOWELL BERGMAN

Published: May 10, 2005

SAN FRANCISCO, May 9 - The incident seemed alarming enough: a breach of a
Cisco Systems network in which an intruder seized programming instructions
for many of the computers that control the flow of the Internet.
Now federal officials and computer security investigators have acknowledged
that the Cisco break-in last year was only part of a more extensive
operation - involving a single intruder or a small band, apparently based in
Europe - in which thousands of computer systems were similarly penetrated.
Advertisement


Investigators in the United States and Europe say they have spent almost a
year pursuing the case involving attacks on computer systems serving the
American military, NASA and research laboratories.
The break-ins exploited security holes on those systems that the authorities
say have now been plugged, and beyond the Cisco theft, it is not clear how
much data was taken or destroyed. Still, the case illustrates the ease with
which Internet-connected computers - even those of sophisticated corporate
and government networks - can be penetrated, and also the difficulty in
tracing those responsible.
Government investigators and other computer experts sometimes watched
helplessly while monitoring the activity, unable to secure some systems as
quickly as others were found compromised.
The case remains under investigation. But attention is focused on a
16-year-old in Uppsala, Sweden, who was charged in March with breaking into
university computers in his hometown. Investigators in the American
break-ins ultimately traced the intrusions back to the Uppsala university
network.
The F.B.I. and the Swedish police said they were working together on the
case, and one F.B.I. official said efforts in Britain and other countries
were aimed at identifying accomplices. "As a result of recent actions" by
law enforcement, an F.B.I. statement said, "the criminal activity appears to
have stopped."
The Swedish authorities are examining computer equipment confiscated from
the teenager, who was released to his parents' care. The matter is being
treated as a juvenile case.
Investigators who described the break-ins did so on condition that they not
be identified, saying that their continuing efforts could be jeopardized if
their names, or in some cases their organizations, were disclosed.
Computer experts said the break-ins did not represent a fundamentally new
kind of attack. Rather, they said, the primary intruder was particularly
clever in the way he organized a system for automating the theft of computer
log-ins and passwords, conducting attacks through a complicated maze of
computers connected to the Internet in as many as seven countries.
The intrusions were first publicly reported in April 2004 when several of
the nation's supercomputer laboratories acknowledged break-ins into
computers connected to the TeraGrid, a high-speed data network serving those
labs, which conduct unclassified research into a range of scientific
problems.
The theft of the Cisco software was discovered last May when a small team of
security specialists at the supercomputer laboratories, trying to
investigate the intrusions there, watched electronically as passwords to
Cisco's computers were compromised.
After discovering the passwords' theft, the security officials notified
Cisco officials of the potential threat. But the company's software was
taken almost immediately, before the company could respond.
Shortly after being stolen last May, a portion of the Cisco programming
instructions appeared on a Russian Web site. With such information,
sophisticated intruders would potentially be able to compromise security on
router computers of Cisco customers running the affected programs.
There is no evidence that such use has occurred. "Cisco believes that the
improper publication of this information does not create increased risk to
customers' networks," the company said last week.
The crucial element in the password thefts that provided access at Cisco and
elsewhere was the intruder's use of a corrupted version of a standard
software program, SSH. The program is used in many computer research centers
for a variety of tasks, ranging from administration of remote computers to
data transfer over the Internet.
The intruder probed computers for vulnerabilities that allowed the
installation of the corrupted program, known as a Trojan horse, in place of
the legitimate program.
----------------------------------
Yanuar Nugroho
http://myprofile.cos.com/yanuar-n
Research Assistant & PhD Researcher
PREST - Institute of Innovation Research
The University of Manchester




More information about the Air-L mailing list