May 2, 2002 4:20 PM PDT
University systems a haven for hackers
In a presentation here at the CanSecWest security conference, David Dittrich, senior security engineer with the University of Washington, said that university politics and a lack of emphasis on computer security have made college networks rife with online piracy and hacking.
The networks "are a real fertile ground," Dittrich said in an interview after the presentation. "There is a responsibility that the universities are not meeting."
While some universities have good security checks in place, the majority of academic networks are tempting targets for hackers because of their lack of security, abundance of bandwidth and overworked administrators.
At the University of Washington, for example, Dittrich, two other security engineers and several network engineers have to deal with network outages, compromised computers, rogue libraries of pirated media and software, and students who can't get online to get their homework done because of all of the illicit traffic.
Responding to recent complaints from two students that their computers were exhibiting strange behavior, Dittrich and the other engineers found that at certain times of day, the university's bandwidth was being overwhelmed by sudden spikes in usage.
He found that a handful of computers on the network had been compromised and that a distributed database of pirated software and movies had been installed.
This time, nine systems on the network had more than 520GB of pirated software and movies stored on them, including the just-released "Scorpion King." That was just this week; in total, more than 70 systems have been found to have been used for digital piracy and so-called distributed denial-of-service (DDoS) attacks. The files could be accessed only through Internet chat "bots"--automated programs--that would allow only those in the know to download the files.
Such piracy is not always set up by outside hackers, Dittrich said. Several of his server investigations have revealed that students have been hosting the pirated software. A snapshot of the traffic on the network showed that 37 percent of the data consisted of transfers by the file-sharing program Kazaa, and another 15 percent belonged to another file-sharing program, Gnutella.
The problems are not new.
In 1999, Dittrich had to clean up nearly 80 Solaris systems and 40 Linux systems that had been compromised and on which online vandals had installed DDoS tools. The next year, 200 systems were hit with the Code Red worm and another 150 or so with the Nimda worm.
"It's not large percentage-wise," he said, "but it is large in number."
In all, thousands of the university's 50,000 systems could be vulnerable to one of the dozens of flaws commonly exploited by online vandals. That multiplies when the systems are used to scan other, non-university systems. Four systems owned by PowerBot, a Swiss Army knife of hacker utilities, automatically found 9,000 systems last summer outside the university that were vulnerable to the attack used by Code Red.
The problems are not isolated to the University of Washington. Right after Dittrich's talk, another administrator approached him asking for advice because her network is wide open to exploitation.
The fear, she said, was that if the school's computers were used to attack a company, that company might sue for damages. The security administrator asked that she and her college not be identified.
Such problems may continue until a lawsuit is brought against a university or the various academic departments in the university get serious about security, Dittrich said.
"Not everyone hears the message," he said, especially when nothing happens to the universities in the way of punishment if they don't secure their systems.