Crackers Redux: New Attacks Ape Hannover Hackers Tactics

A familiar pattern emerges in recent attacks on Unix and Linux machines.

If the recent compromises of Unix and Linux machines at supercomputing centers and research universities around the country do nothing else, they should prove once and for all that there is nothing new under the sun.

To security world veterans, the pattern of attacks likely sounds eerily familiar. It is nearly identical to the methods and tactics used by the "Hannover Hackers," who broke into Unix machines at the Lawrence Berkeley National Laboratory in Berkeley, Calif., and several other universities and military facilities in 1986. Cliff Stoll, then a volunteer system administrator at the Berkeley lab, tracked the intruders for months, eventually bringing in the FBI and CIA, and chronicled his adventures in a book, "The Cuckoos Egg: Tracking a Spy Through the Maze of Computer Espionage."

Now its all being played out again, 15 years later. After years of advances in security technology and techniques, well-trained professionals still have a difficult time defending their networks from the unwanted attentions of determined crackers. Stolls story had the Cold War intrigue of a John le Carré novel, ending in the discovery of a German spy ring and the conviction of six people. Its unlikely this latest episode has similar roots, but the lessons are the same.

In fact, intrusions at Stanford University were discovered through virtually the same means that Stoll used to hunt the Lawrence Berkeley Lab crackers: failed log-on attempts and systems running slower than usual.

The most recent attacks, which occurred over an indeterminate period this spring and involve dozens of machines at several high-performance computing centers, took advantage of a handful of known vulnerabilities in Solaris and Linux and provided the intruders with full access to the virtually unlimited computing resources these centers possess. There was nothing innovative or even remotely original about the attackers methodology; they began by using the oldest of cracking techniques: password sniffing.

Next page: Patches available.