Hackers Target College Computers for WaReZ distribution

posted onJune 3, 2001
by hitbsecnews

WASHINGTON (AP) - Dave Dittrich
is not happy: A software pirate
has hacked into computers at
the University of Washington
and installed a file-sharing
program on one machine. It
means one-stop shopping for
stolen - and now free -
software, and plenty of
headaches for Dittrich, the
university's computer security
expert.

Lawyers for the software
publisher are sending
threatening e-mails, and
Dittrich must clean up the
mess. The lawyers do not worry
him. Getting outgunned again by
the hackers - that bugs him a
lot. ``The tools these days for
intrusions are pretty much
automatic,'' Dittrich said. ``A
system can be fully compromised
in about a minute.'' It's
becoming more prevalent, where
novice hackers hone their
skills amid a higher education
culture known for lax security
and free exchange of
ideas...

By D. IAN HOPPER, Associated Press Writer

"They're good practice grounds because their vulnerabilities are usually pervasive and their monitoring is usually woefully inaccurate," said Richard Power, editorial director at the Computer Security Institute. "It's kind of like hacking with training wheels."

University computer systems also attract experienced hackers. Huge hard drives make it easy to store illicit software and fast Internet access affords the perfect staging ground for devastating attacks on corporate Web sites.

Larger universities also offer other enticements.

"There's a lot of sensitive information that can be gleaned from a university that's not classified in any way," Power said. "You couldn't get it with a frontal attack on a military weapons lab research facility. But you may get it indirectly by going through university research labs."

For the hacker looking to get a credit card in another person's name, there is plenty to glean from university student databases.

"A lot of universities use your Social Security (news - web sites) number to track you in their databases," he said.

Many security attacks on companies are first tried on universities, where hackers can practice in relative anonymity. One example was the February 2000 assaults on eBay, CNN.com and other Web sites. Hacked university computers - and many others - were used to send an overwhelming number of messages to the Web sites, making them inaccessible to customers.

The tool used in that attack was "tested and developed on university networks (and) aimed at university systems," Dittrich said.

Among the prime targets are universities with world-class computer science programs such as Purdue and Stanford.

"The university computing center is very strapped for resources, and most of the groups are on their own," said Steve Hare, managing director of Purdue's computer security research group. ``You have some good groups that have high security awareness, and some others that are just barely getting by and get hacked frequently."

David Brumley, a member of Stanford's computer security team, said hackers break into one of the school's computers each day, on average.

"We might have a slow week, then turn up with 20," he said, adding that many of the compromised computers are used to store copyright material.

Joel de la Garza, a security investigator with Securify in Silicon Valley, said universities cannot lock down their computers in the same way a company could.

"Universities are in an interesting position, because they typically have to provide an academic research network. They want to maintain a marketplace of ideas in digital form," de la Garza said. "The attackers know this, and they attack universities with high-speed Internet connections."

In the past two years, as computer attacks have become more frequent and severe, more universities have taken steps to counter the threat, including creating computer security offices, de la Garza said.

Attacks on universities are so common that compromised college computers have become a form of hacker currency along with credit card numbers and pirated software in a "digital black market."

In chat rooms, hackers will trade ".edu" university computers - a reference to the last three letters of their Internet address - for ".mil" addresses denoting hacked U.S. military computers.

"Most people will give a lot of '.edu's for '.mil's," de la Garza said. "But a lot of kids are getting smarter and not wanting to get the '.mil's, because you'll get raided. A university will tolerate certain things. The military doesn't."

SNP.

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs