September 21, 1996 3:00 AM PDT

To catch a hacker

Related Stories

Chess Club waits for next move

September 18, 1996

ISPs search for a cure

September 17, 1996

Hacker bombardment keeps site in check

September 16, 1996

Jury still out on hacking

August 18, 1996

The Net's most wanted

August 16, 1996

Hacker alert sounded

August 8, 1996

Web watchdogs sharpen teeth

July 30, 1996

Hacking cost businesses $800 million

June 6, 1996
Somewhere out there, at the end of a long chain of cyberlinks, a criminal is perpetrating a simple but particularly nasty ruse: one that keeps thousands of people from being able to log on to their Internet services.

But catching the online saboteur isn't easy. In fact, it may not even be possible.

Just ask Daniel Sleator, a computer science professor at Carnegie Mellon University and president of the Internet Chess Club. A little more than a week ago, someone decided to close down the subscription-based chess service by waging the latest tactic in hacking trends, a "denial of service" attack.

In this particular form of the assault, somebody somewhere programs a computer to continuously spew out phony authentication messages to the targeted server, keeping it constantly busy and locking out legitimate users. Experts say that new protocols have been designed to eliminate the problem, but they won't be available for at least a few years. (See illustration below)

Called a "SYN-flood attack" in computer-speak, this type of electronic assault is proving to be far more insidious than previous online threats. Not only is it simple to do, but the way to do it is now widely available from at least two publications on the Web.

Stephen Hansen,
Stanford University
computer security

"The problem is, it's a terrorist tactic," said Stephen Hansen, computer security officer at Stanford University. "You never know who's doing it, when it's going to happen, and might not have any idea why somebody decided to pick on you."

And tracking down the attacker is an equally troubling process.

In the case of the Internet Chess Club, it involves tracing the launched missive from the club's server, backwards. That wouldn't be so tough if the attack had taken a straight path from the originating machine to its target. But nothing on the Internet ever does that, and this is no exception.

Instead, Sleator's local provider, Imagiware, and Imagiware's provider, Netcom, have undertaken the unenviable task of tracking the attack back to its nefarious origins, provider by provider.

The only known way to do that is the painfully laborious procedure of going to the closest provider in the chain and asking its operators to track the previous provider that sent the data, and so on. It would be like requiring a police officer pursuing a stolen car to stop each time she crossed the border into a new city, contact the local force, and ask someone there to continue the chase to the next town in a kind of absurd investigative relay race.

"If you've got 30 routers between the attacker and the target, you can imagine that might take an awful lot of time," said an understated Hansen.

And then there's this unfortunate fact: "By the time you get back to him, he may have moved on to another site entirely," Hansen said. Or, he added, the offensive data is emanating from a hacked computer that has been programmed to send the authentication requests automatically.

That's just what Sleator imagines--finding a lone computer. "I have a vision that it's just a machine there, running a little program that's spewing out this stuff, and there's nobody there, and there's no way to find the person who started this new program," he said.

No chance for vengeance. No chance to press charges for the money the guy cost him in lost customer and technician hours trying to fix track the problem and devise ways to work around it.

Plus, the ploy is so simple that even the publisher of the hacking magazine, 2600, won't even call it hacking. "It's pretty much like running a script. It's going through a formula. Hacking is figuring it out," said Emmanuel Goldstein.

For example, the person responsible for the Chess Club attack, the one against New York service provider Panix, or others that have been violated in the last few weeks could easily have copied the program from 2600 or downloaded it from Phrack, a magazine devoted to hacking.

Both 2600 and Phrack defended their decision to publish the code, saying they were simply exposing a hole in the architecture of the Internet, making people aware of it so that they could patch it.

Hansen, however, doesn't buy it.

"People have known about this particular problem for years," he said. "I don't think we need to give handguns to every kid with a two-digit IQ in order to get the idea that it's a bad thing to give guns to kids with two-digit IQs."

Meanwhile, until there's a real solution, people like Sleator try to find ways to run their services while the attacks continue.

"Any organization that isn't very tightly firewalled off is potentially vulnerable," he warned. "And even those who are firewalled off-- they may have to worry as well."

In a typical connection, the user sends a message asking the server to authenticate it. The server returns the authentication approval to the user. The user acknowledges this approval and then is allowed onto the server.

In a "denial of service" attack, the user sends several authentication requests to the server, filling it up. All requests have false return addresses, so the server can't find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins again--tying up the service indefinitely.


Join the conversation!
Add your comment


This person is bothering me on myspace. I added a code that HID my comments on my myspace, but this hacker comes in and deletes a lot of the comments (other people's comments) on my page EVERY DAY! I CHANGE my password and email everyday but to no avail.

So far, about 300 of the comments on my myspace have been deleted by this hacker! He even deleted a few of my FRIENDS!!!! Even my PICTURES got deleted!

I waited until he stopped but he deleted 20 of the comments on my myspace TODAY.

I think he's going to my home page and deleting the comments there because he obviously can't otherwise because I added a code that hid my comments. My profile is set private.

It's been about a YEAR since he's been bothering me!!!!!!!!!!!!!!!

I could shut down my myspace but i don't want to!

I want to know who's bothering me like this! He thinks that he's some computer genius who can get away with anything....

So I'm using my last card on you. I did everything that I could in regards to hiding stuff and changing passwords/email...EVEN THE MYSPACE CUSTOMER SERVICE people will NOT HELP ME!!!!!!! :(

U can tell that this is serious considering that i will pay anyone if s/he can help me catch this hacker and prevent this from happening!!!!

I want:

1) Someone to catch this hacker
2) Prevent this hacker or anyone from hacking in my myspace and not delete my friends, comments, or mess anything up on my site
3) If u have some helpful idea besides changing my password or just letting this slide, let me know! This is terribly aggravating! :(

Please help me as if you were my real older brother! I am paranoid because hes been bothering me for a long time and as a last resort, i am writing to you.


I will be waiting so please respond if u can help me! THIS IS NOT A GAME!!!!! THIS IS SERIOUS!!!!!

Thank you~
Posted by p1nkl1lac6 (1 comment )
Reply Link Flag
i have a sicko out there who is infatuated and hacking me. I have files all over that are not mine. He is not coming through remote...I shut it down. He knows me...that is what makes it hard to prove. He watches somehow through my camera. He listens to my conversation and has hacked my business. At one time he was an acting administrator for my online school. I cannot shut down my business, I know he is not mean, but it is some sort of sickness, and I know he is capable because he hacks all of the time. Pays for nothing, and sometimes tries to give me stuff. When I cut him off he became angry. i am in the u.s. , he is in u.k. It freaks me out and I only agreed to be friends if he stopped. I need a program, to find what he is; if he is doing it again. He has the hackers disease I think...can anyone tell em what to do?

Posted by anastasiachaparro (1 comment )
Reply Link Flag
try to make a password that tell a story like to three little pig when to the market take that and add


and the hacks will try to brute force it it with take forever

plus change your password recovery words thats how Id get in:)

and have difrent passwords for diffrent things web sites
Posted by the_friar (1 comment )
Reply Link Flag
I could cry a river about it (the hacking happened to me for the first time in my life. At least for the first time so brutally, on such a massive scale) but I won't. It happened just a few days ago.
I will try to be brief so you could easily grasp the problem and help me. PLEASE DO! A few days ago a hacker without conscience got into my yahoo email system and 1. sent some stupid emails to all my contacts 2. also wiped out all I had in all my email boxes, including TRUSH, with the exception of of SPAM (that he did not touch). I am devastated because all sensitive info about myself and my contacts was there.
Yahoo led me on asking for filling out the form with specific questions, requesting the hacker's email full header. I supplied all they wanted but no help. I called yahoo technical support 20 minutes ago only to find out that in order to make Yahoo help me catch the hacker...I must pay $300 !
I am determined to track down the hacker. Very determined. Even though I cannot pay. I happen to be in a very bad financial situation at this time.
So, tell me:
Is there any organization/individual who can help me track the hacker down for free ?
After all those individuals are a plague and the should be caught and punished severely.
Is the tracking going to be possible with some info supplied by me; if so--what info?
I have some idea who the hacker could but since I am by no means sure --I will not talk about my suspicion to anybody. However, I am willing to collaborate with a serious "detective".
Posted by BSavanna (3 comments )
Reply Link Flag
I would like to know how I can catch a hacker without having to contact him. He's harassed me for a while and sent me a trojan and used his network to get my IP address. If you can help me catch him, I will do anything. I had to reinstall my computer because of him. Please tell me what I should do.

I also don't want to contact him because he'll start trouble again. So any help will be good. Thanks.
Posted by TheAlmightyThor (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.