October 17, 2002
Big Brother hacker is watching you
The scanners are watching.
They are out there, scanning us all for vulnerabilities.
Not Martians gazing at Earth through giant telescopes. Rather, bad guys are peering at our computers through the Internet. Their objective is to find computers they can take over to store and illegally share copyrighted movies and software, to send out huge volumes of spam e-mail messages, or to use to attack some other Internet target.
“The scanning is constant,” says Kirk Bailey, C&C manager of strategic computer security services. “Every computer on the Internet is probably probed an average of once every 10 minutes. What they are looking for are the simple, well-known weaknesses that computer owners should have fixed as part of proper installation and maintenance.”
One of the most serious vulnerabilities is default passwords on administrator accounts. Operating systems such as Windows 2000, Windows XP, Macintosh OS-X, and the many versions of Linux and Unix have administrator accounts with authority to add, delete, or change almost anything on the computer. “When you first set up the computer, these accounts often have a simple default password or no password at all. You are supposed to immediately change the password when you set up your system, but some people don’t,” says Bailey. Once the bad guys get access to an unprotected administrator account, they can do anything they want.
Alexander Howard, in C&C security operations, reports that the number of systems compromised on campus has steadily increased in the past few months. The consequences for the computer owner can be serious:
• A faculty member setting up his brand new, powerful workstation was eager to try it out and connected it to the network before completing all the configuration steps. Within 10 minutes, the computer had been attacked. The operating system and software had to be completely reinstalled.
• A lab set up several new computers for its researchers. Over the next weekend an overseas business penetrated one of the computers and used it to send out millions of spam e-mail messages, heavily burdening the UW’s entire e-mail system.
• The owner of a workstation was puzzled when his programs started crashing because of a lack of disk space. At about the same time, he received a call from C&C about complaints that his computer was being used to illegally distribute copyrighted movies. Examination of the hard disk revealed many large files, including feature length movies. To prevent a reoccurrence, the system administrator had to completely erase the disk and reinstall the operating system and software.
• 20 UW Windows 2000 systems (all with only default passwords) were taken over to flood the networks of a college in the Midwest in an effort to shut down its computer services. The college responded by blocking all Internet traffic coming to it from the UW.
The consequences for the UW can be serious. Traffic in huge files burdens the UW networks. Spam sent from UW computers slows e-mail for everyone and creates the appearance that the UW condones spam. Illegally distributing copyrighted files risks legal action aimed at the UW or the computer owner, or both.
“This is definitely a situation where an ounce of prevention is worth a pound of cure,” says Bailey, who suggests everyone take the following precautions:
• Set up good administrator passwords before connecting to the networks.
• Apply all security patches as soon as you bring up the computer.
• Turn off or remove software you are not intending to use, such as send mail.
• Keep up with software and operating system updates.
• Do regular backups.
More information about security can be found on C&C’s Computer Security Web site at http://www.washington.edu/computing/security/