[ISN] Tech sleuths track hacker

[InfoSec News]

http://www.dchieftain.com/news/43773-08-25-04.html

Dana L. Bowley 
El Defensor Chieftain Editor
August 25, 2004

A computer hacker who broke into a state agency's system recently and
essentially downloaded the agency's database was tracked down by
researchers from a New Mexico Tech program, state legislators were
told here Monday.

A research assistant in Tech's Information Technology department and
the ICASA program, Srinivas Mukkamala, told seven members of the
legislative Information Technology Oversight Committee who were
meeting in Socorro this week that the intrusion into the agency's
system demonstrates the vulnerability of computer networks, even the
state's.

It also, he said, demonstrates the cutting-edge technology being
developed by the Institute for Complex Additive Systems Analysis
division at Tech.

Officials declined to identify the agency involved other than to say
it is one of the smaller state agencies, with offices in Santa Fe and
Albuquerque, but it has control over a considerable amount of money.

Ultimately, Mukkamala said, no funds were taken and no data was lost
or misused. But the ease with which the system was hacked by a
disgruntled former employee should concern legislators, he and other
ICASA representatives said.

Mukkamala said the individual used programs that are available on the
Internet to enter the system through an open printer port accessed via
the agency's Web page, gain full access to the Web server and from
there enter the agency's information technology administration server.  
Once in the IT server, the hacker established himself as the system
administrator and downloaded virtually the entire database.

Mukkamala said that after the agency discovered the intrusion, it
asked ICASA to do an analysis and try to trace the hack.

"Even though he tried to erase his tracks, we were able to trace the
footprint (back to the hacker)," he said. The suspect turned out to be
a disgruntled former employee who left the agency about a year ago but
still had access information for the system.

There was no information available concerning the law enforcement side
of the case.

Mukkamala said that while he was doing the analysis of the agency's
computer system, he found it so easy to access that "I was able to
walk all through their network."

The ICASA officials used the break-in to demonstrate how vulnerable
computer systems are to attack and how urgently the state needs to
implement a training program for system administrators and users. Most
information system breaches, they said, are the result of poor
policies and procedures directly related to inadequate training.

"A firewall is not enough," Mukkamala told the lawmakers. "Information
security needs to be multi-layered."

He said those layers should include preventive security such as virus
protection and firewalls, intrusion detection scanning, user
authentication systems and enforcement of policies that promote secure
usage.

"A very small percentage of people who call themselves hackers really
understand the workings of IT systems," Mukkamala said, but because of
the availability of hacking tools they can cause havoc with poorly
secured systems.

He said that 75 percent of IT systems with a firewall are vulnerable
to attack, and 95 percent of those without a firewall.

And, he said, while most virus and worm attacks don't cause serious
damage, the disruptions they cause are costly. He noted that the
Melissa virus last year cost business and government an estimated $8.7
billion.

Rather than damage, virus and worm developers are going for speed, he
said, and they're succeeding. Where it once took days for a virus or
worm to spread, now it's nearly instantaneous. He cited the recent
"Slammer" worm, which infected more than 100,000 computers per hour
and spread around the globe in three minutes.

Max Baca, of the IT department at New Mexico Highlands University,
which will be teaming up with Tech on some projects, said up to now
there has been no economic incentive for virus and worm developers,
but that is changing.

"Worm and virus developers are linking up with spammers" to develop
ways to defeat anti-spam software and procedures and to actually force
spam on computer users without the user doing anything.

"So now, there's an economic incentive," Baca said, which is bad news
for IT administrators.

Teresa Hall, associate director of ICASA, while making a pitch for
more funding for her program, urged the committee to recommend funding
for training of state IT administrators and system users.

"I would urge the state to invest in security training immediately,"  
Hall said.

ICASA is a division of Tech and is a cooperative venture between
academia, industry and government dedicated to studying the behavior,
vulnerabilities and predictability of very complex systems, and
developing real-world processes and solutions.