By Jesse Greenspan
file photo/Arizona Daily Wildcat
Out of more than 65,000 computers on campus, one to two are broken into everyday.
Arizona Daily Wildcat
Monday December 2, 2002
Unbeknownst to the majority of the UA population, computer hacking has been a serious problem on the university network, as 60,000 to 250,000 people break into the UA network's usual pattern of activity every day.
While most of these hits are simply reconnaissance scans during which hackers look for potential sites to break into, around 10 percent are targeted scans in which hackers attempt to enter the campus network illegally, said Ted Frohling, the principal network systems analyst for UA's Security Incident Response Team.
The members of SIRT maintain a system to check for intrusions on the network.
Though most of these hackers are unable to illegally enter the network, Frohling estimated an average of two to three machines get broken into on campus per day.
However, SIRT has no way of finding out exactly which machines are broken into, and what information was viewed.
"It has been prevalent in the news of late, but I really don't think people know how much hacking goes on in the network," said Bill Phillips, a network systems analyst for SIRT. "People don't understand the level of threat they are exposed to."
Motivations for hacking into the UA network vary, but it is often done as a type of industrial espionage that could be used for economic gain, Frohling said.
"All the people are intentionally doing this," Frohling added.
He and three other SIRT analysts are responsible for dealing with all the network intrusions.
Two weeks ago, a hacker broke into six computers at the UA, preventing them from functioning.
These hackers often come from a foreign country and have no interest in trying to change students' grades, Frohling said.
"As far as I know, there has never been a successful network break-in to change grades at the university," Frohling said.
He has been involved in networking on campus for 15 years.
Other types of break-ins do occur, however, and what makes SIRT's job especially difficult is the fact that the network must remain reasonably open to allow for campus-wide research and education.
"It's an unaccomplishable task (to completely stop network break-ins)," Phillips said. "A lot of that has to do with the philosophy of the network."
The university's approach is the exact opposite to the one most private companies take, Phillips added, as these companies would tend to limit access to all but a few of the network's 65,535 possible ports.
In comparison, SIRT only denies access to 10 or 12 ports.
"We know the hackers will always be ahead of us · but we have to continue trying to do the best job we can so people don't just run rampant over campus," Frohling said.
Although the majority of hackers escape without being caught, hacking is not a risk-free endeavor.
The SIRT staff confers with the FBI on occasion, as in the case of the hacker who broke into UA computers two weeks ago and kept them from functioning properly, Frohling said.
Viruses also periodically cause trouble in computers across campus.
"Viruses have always been a problem, especially in the PC world," said senior systems programmer John Murphy.
The majority of these viruses are spread through e-mail, although they can be spread through floppy disks as well.
"We don't get too many calls about it, but it does happen once or twice a week," Murphy said.
The Center for Computing & Information Technology offers a free antivirus software package online at https://sitelicense.arizona.edu/sophos/sophos.shtml.