Hackers break into 232 campus computers


By Walter E. Staton
Arizona Daily Wildcat
Thursday, February 19, 2004

Hackers programmed a campus computer over the weekend to obtain passwords from other systems on campus and break into 232 machines.

One computer was initially hacked into Saturday, which was infected and used to scan other computers around campus. As part of the scan, a program guessed and then collected administrator passwords, said Geoff Poer, a network systems analyst at the Center for Computing and Information Technology.

Poer could not specify which computers were targeted, or if any files were viewed or modified by the hackers.

The Security Incident Response Team at CCIT was notified of the problem when network administrators noticed the program scanning their computers. They found the culprit computer on Monday and immediately began to "put out the fires," Poer said.

Administrators with hacked systems are being contacted and advised to reset all the passwords on the machine.

Once the administrator password is hacked, "You have to assume every other user/password combo is compromised," Poer said.

Each of the hacked computers will be scanned for what Poer calls a "root kit," or the program used to scan other computers.

Poer said he hopes everything will be taken care of by the end of the week.

Students' computers were not likely targets, as most of the computers attacked were servers. Student information and other sensitive records are kept on systems that would not have been susceptible to this attack, Poer said.

SIRT suspects the attack was made possible by a vulnerability discovered in the Windows operating system last Wednesday.

The team said it is common for hackers to attack the UA network once new weaknesses have been found, hoping to do their damage before network administrators on campus can download and install security patches.

Saro Hayan, a CCIT network systems analyst, said this particular incident was preventable.

"You've got to do your job as a system admin," Hayan said, adding that they are the ones who are responsible for keeping their computers up to date.

But hackers are getting faster at finding exploits and using them, making it difficult to keep up, Poer said.

There are ways to update computers automatically, but not all systems, especially older ones, are able to do this.

Poer said it is unlikely they will catch whoever performed the attack.

"We're not going to even try," Poer said.

The hacker did leave a list of all the machines and passwords obtained, but that will not aid SIRT in locating the culprit.