Attackers infiltrating supercomputer networks

Unknown attackers have compromised a large number of Linux and Solaris machines in high-speed computing networks at Stanford University and other academic research facilities, according to an advisory.

The attacks, which apparently compromised servers as recently as April 3, are currently being investigated, according to an advisory posted April 6 by the Information Technology Systems and Services (ITSS) group at Stanford.

"Stanford, along with a large number of research institutions and high-performance computing centers, has become a target for some sophisticated Linux and Solaris attacks," ITSS said in its Web advisory. "The attacker appears to be deliberately targeting machines in academic and high-performance computing environments, rather than attacking systems indiscriminately."

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

Members of Stanford's security team declined to comment, and the university's chief information security officer could not immediately be reached.

It is unclear when the attacks first occurred. The advisory listed one breach as occurring April 3. The unknown attackers use common password-cracking tools to gain access to any account on a server and then gain further access by using security flaws in the software.

"The perpetrators regularly gain access to an unprivileged local user account, presumably by sniffing passwords, cracking passwords from other compromised systems, or by triggering vulnerabilities in remotely accessible services," the advisory states.

Such local vulnerabilities, as they are called, have led to several compromises on the servers used to host Linux development and distribution in recent months.

[Pascoli]

I don't believe it!

This is linux we're talking about, not win swiss cheese. I could they penetrate linux and unix is beyound me. I thought those systmes could not be taken. Anyone remembers that flawed article on cnet pertaining to windows passwords being easy to crack with brute force, not making any mention of so many other ways on could harden those password by using things such as smart card or more complex cryptography? I am certain the same exits for unix and hopefully youger linux. This goes to show that the weakest link here is the user to a great extent and much after the system itself. I have never had a single viral or worm infection in my winxp and before that win 2k machine, unless off course I am not aware of it, and did that by simply following simple advice from web sites and with no education on computer security. I always use a fire wall, always patched my system, although I understand that that is not so evident in a corporate environment where thing can not be just rebooted, and updated my AV software frequently before they could update themselve.

[David Mohring]

Since when was password guessing a OS flaw?

Concerning
http://securecomputing.stanford.edu/alerts/multiple-unix-6apr2004.html

To gain remote access to the systems, the intruder just sniffed network packets and used bruteforce dictionary based password guessing techniques. Neither methord exploits a flaw in the operating system.

To gain root privilege level access, the intruder used vulnerabilities in the kernel. Both vulnerabilities have been fixed, and distributions have released updated kernel packages months before the intrusion. Microsoft itself has stated, it's the responsibility of customer to insure that security updates have been installed.

Having said that, the Linux community have developed solutions which can greatly mitigate the risk of similar vulnerabilities being exploited. Developed by the NSA, SELinux provides mandatory access control,
http://www.crypt.gen.nz/selinux/links.html
which can be deployed to further lock down and secure public exposed servers.

[bjbrock]

Makes no difference.

Every IT product seems to have overlooked problems which can and do lead to financial damages to the end user or consumer. Some breeches are definitely made easier by poor security policy and/or lack of enforcement. There is one thing that is common to all issues, though. One or more persons screwed up. Either in production or in usage or both. As long as no one is being held accountable, don't expect any problems to go away. It's only going to get worse. A mistake is something that can always happen, but the proliferation of today's problems extend way past excusable mistakes. The majority of problems, at least what is being reported, are resulting from negligence and/or criminal behavior by IT solution providers as well as end users. It would be nice if the jerks who exploit the vendor and user errors could be put out of business, but it probably will never be the reality. So, until both vendor and user are held accountable for their part in the mess, nothing will improve. The world has become so dependent on IT, more than any other single creation by man, that anything less than total responsibility by those involved, should be view as criminal. If everyone went to work in the morning and all PC's suddenly quit working, the world economy would likely crash. Unlikely situation but one that shows the importance of taking care of IT.

And, of course, all the finger pointing and name calling between competing solution providers are totally misdirected resources that could be directed at something positive. No matter what excuse is offered by the solution provider, every solution is proving vulnerable. No one has room to brag or point fingers. All in all, this mess is showing the biggest and only weakness is PEOPLE. Imagine!