By Joe Harten Hoya Staff Writer

The McDonough School of Business Technology Center experienced a security compromise early last week when an attacker gained access to its system. The MSBTC staff and University Information Systems have combined efforts to investigate the system and ensure future security of the network.

“An intruder got into one of the Unix machines and sniffed around on the network,” Director of MSBTC John Carpenter said. “We discovered it at the beginning of the week but are not sure of the exact time of the attack.”

As far as Carpenter could tell, the hacker did not do any damage to the system. However, the security of the system remains a concern, he said.

“The system was fully locked down and secure,” UIS Systems Administrator for Server and Network Services Brian Reilly said. UIS has some speculation of how the hacker may have gotten into the network, according to Reilly. “It is hard to pin down,” he said.

It would not be practical to attempt to find the identity of the intruder, Carpenter said. While over 100 users were connected to the compromised machine during the attack period, Carpenter and his staff do not believe a student was responsible for the security risk.

MSBTC’s main concern was for the security of the users on their network. “Anytime we have a known security situation our biggest risk is that they got passwords,” Carpenter said. Tech Center staff forced all faculty and students on the MSB system to change passwords and immediately removed the security hazards from the network, according to Reilly.

“[The hacker] can put a sniffer on the network that will collect passwords and can build up a whole database of names and corresponding passwords,” Professor Dorothy Denning of the Computer Science Department said. “Changing passwords is an important thing to do after a security incident.”

UIS and MSBTC took the most conservative measures in response to the incident, Carpenter said. The Tech Center will stop using machines that run the Unix and Linux operating systems, so that the Novell security system can be run universally on all machines, he said.

“The MSBTC and John Carpenter’s staff have been vigilant in handling the box compromise,” Reilly said. “Compromises do happen to systems with good security.”

Attacks like this have happened before, according to Carpenter. A hacker got into the MSBTC system on another Unix-based machine in 1998 in a very similar manner, he said.

Related Links

 GUSA Online Elections Delayed by Fraud Attempts

Have a reaction to this article? Write a letter to the editor.

Comments are closed.