Abstract
An astronomer-turned-sleuth traces a German trespasser on our military networks, who slipped through operating system security holes and browsed through sensitive databases. Was it espionage?
- 1 ACM. ACM code of professional conduct. Bylaw 19, Cannon 1-5, ACM, New York.Google Scholar
- 2 Beals, E., Busing, D., Graves, W., and Stoll, C. Improving VMS security: Overlooked ways to tighten your system. In Session Notes, DECUS Fall Meeting(Anaheim, Calif., Dec. 7-11). Digital Equipment User's Society, Boston, Mass., 1987.Google Scholar
- 3 Bednarek, M. Re: Important notice {distrust software from people breaking into computers}. Internet Info-Vax Conference (Aug. 4). 1987.Google Scholar
- 4 Boing, W., and Kirchberg, B. L'utilisation de syslemes experts dans l'audit informatique. In Congress Programme, Securicom 88, 6th World Congress on Computer Security (Paris, France, Mar. 17). 1988.Google Scholar
- 5 Brand, S., and Makey, J. Dept. of Defense password management guideline. CSC-STD-002-85, NCSC, Ft. Meade, Md., Apr. 1985.Google Scholar
- 6 California State Legislature. Computer crime law. California Penal Code S. 502, 1986 (revised 1987).Google Scholar
- 7 Carpenter, B. Malicious hackers. CERN Comput. Newsl. ser. 185 (Sept. 1986), 4.Google Scholar
- 8 Clark, D., and Wilson, D. A comparison of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif., Apr. 27-29}. IEEE Press, New York, 1987, pp. 184-194.Google ScholarCross Ref
- 9 Denning, D. Cryptography and Data Security. Addison-Wesley, Reading, Mass., 1982. Google ScholarDigital Library
- 10 Digital Equipment Corporation. Guide to VAX/VMS system security. AA-Y510A-TE, DEC, July 1985.Google Scholar
- 11 Dilworth, D. "Sensitive but unclassified" information: The controversy. Bull. Am. Soc. Inf. Sci. 13 (Apr. 1987).Google Scholar
- 12 D'Ippolito, R.S. AT&T computers penetrated. Internet Risks Forum 5, 41 (Sept. 30, 1987).Google Scholar
- 13 Grampp, F.T., and Morris, R.H. Unix operating system security. AT&T Bell Laboratories Tech. J. 63, 8 (Oct. 1984), pt. 2, 1649-1672.Google Scholar
- 14 Hartman, W. The privacy dilemma. Paper presented al the "International Conference on Computers and Law" (Santa Mor. ica, Calif., Feb.). 1988. Available from Erasamus Universiteit, Rotterdam.Google Scholar
- 15 IEEE. The best techniques for computer security. Computer 16, 7 (Jan. I983), 86.Google Scholar
- 16 IEEE. Computer 16, 7 (Jan. 1983).Google ScholarDigital Library
- 17 IEEE. Network 1, 2 (Apr. 1987).Google ScholarCross Ref
- 18 Israel, H. Computer viruses: Myth or reality. In Proceedings of the lOth National Computer Security Conference (Baltimore, Md., Sept. 21- 24). 1987.Google Scholar
- 19 Kneale, D. It takes a hacker. Wail Street }. (Nov. 3, 1987).Google Scholar
- 20 Landau, S. Zero knowledge and the Department of Defense. Not. Am. Math. Soc. 35, 1 (Jan. 1988), 5-12.Google Scholar
- 21 Latham, D. Guidance and program direction applicable to the Defense Data Network. In DDN Protocol Handbook. NIC 50004, vol. 1. Defense Data Network, Washington, D.C., Dec. 1985, pp. 1-51.Google Scholar
- 22 Lehmann, F. Computer break-ins. Commun. ACM 30, 7 (July 1987), 584-585. Google ScholarDigital Library
- 23 Markoff, J. Computer sleuths hunt a brilliant hacker. San Francisco Examiner (Oct. 3, 1986).Google Scholar
- 24 McDonald, C. Computer security blunders. In Proceedings of the DOE lOth Computer Security Group Conference (Albuquerque, N.M., May 5- 7). Dept. of Energy, Washington, D.C., 1987, pp. 35-46.Google Scholar
- 25 Metz, S.J. Computer break-ins. Commun. ACM 30, 7 (July 1987), 584.Google Scholar
- 26 Morris, R.H., and Thompson, K. Password security: A case history. In Unix Programmer's Manual. AT&T Bell Laboratories, 1984, sec. 2.Google Scholar
- 27 Morshedian, D. How to fight password pirates. Computer 19, 1 (Jan. 1986).Google ScholarDigital Library
- 28 National Computer Security Center. CSC-STD-O04-85. NCSC, Ft. Meade, Md., 1985.Google Scholar
- 29 National Computer Security Center. DoD trusted computer system evaluation criteria. CSC-STD-001-83. NCSC, Ft. Meade, Md., 1983.Google Scholar
- 30 National Computer Security Center. Guidance for applying the Orange Book. CSC-STD-003-85, NCSC. Ft. Meade, Md., 1985.Google Scholar
- 31 National Computer Security Center. Trusted network interpretation of the trusted computer system evaluation criteria. DoD 5200.28- STD, NCSC. Ft. Meade, Md., 1987.Google Scholar
- 32 Office of Technology Assessment, U.S. Congress. Defending secrets, sharing data: New locks and keys for electronic information. OTA- CIT-310, U.S. Government Printing Office, Washington, D.C., Oct. 1987.Google Scholar
- 33 Omond, G. Important notice {on widespread attacks into VMS sys-Google Scholar
- 34 Poindexter, J. National security decision directive. NSDD-145, National Security Council, Washington, D.C., Sept. 17, 1984.Google Scholar
- 35 Proceedings of the Intrusion Detection Expert Systems Conference (Nov. 17). 1987.Google Scholar
- 36 Reid, B. Reflections on some recent widespread computer breakins. Commun. ACM 30, 2 (Feb. 1987). 103-105. Google ScholarDigital Library
- 37 Schmemann, S. West German computer hobbyists rummaged NASA's files. New York Times (Sept. 16~ 19871.Google Scholar
- 38 Slind-Flor, V. Hackers access tough new penalties. The Recorder Bay Area Legal Newsp. (Jan. 6, 1988).Google Scholar
- 39 Smith, K. Unix Rev. 6, 2 (Feb. 1988}.Google Scholar
- 40 Stallman, R. Gnu-Emacs Text Editor Source Code.Google Scholar
- 41 Stevens, D. Who goes there? A dialog of questions and answers about benign hacking. In Proceedings of the Computer Measurement Group (Dec.). Computer Measurement Group, 1987.Google Scholar
- 42 Stoll, C. What do you feed a Trojan horse? In Proceedings of the lOth National Computer Security Conference (Baltimore, Md., Sept. 21-24). 1987.Google Scholar
- 43 Stoll, C. How secure are computers in the US? In Proceedings of the 11th National Computer Security Conference (Baltimore, Md., Oct. 17). To be published.Google Scholar
- 44 Thompson, K. Reflections on trusting trust. Commun. ACM 27, 8 (Aug. 1984), 761-763. Google ScholarDigital Library
- 45 Unix Review. 6, 2 (Feb. 1988).Google Scholar
- 46 U.S. Congress. Exception to general prohibition on trap and trace device use. 18 U.S.C.A. 3121, secs. (b)(1) and (b)(3), U.S. Congress, Washington. D.C., 1986.Google Scholar
- 47 U.S. Congress. The federal computer crime statute. 18 U.S.C.A. ~030, U.S. Congress, Washington, D.C., 1986.Google Scholar
- 48 Whitten, I.H. Computer (in)security: Infiltrating open systems. Abacus(Summer 1987). Google ScholarDigital Library
- 49 Wood and Kochan. Unix System Security. Sams, Indianapolis, Ind., 1985. Google ScholarDigital Library
Index Terms
- Stalking the wily hacker
Recommendations
Defending against the wily surfer: web based attacks and defenses
ID'99: Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1Intrusions are often viewed as catastrophic events which destroy systems, wreak havoc on data through corruption or substitution, yield access to closely guarded sensitive information, or provide a springboard for hackers to attack other systems.
Yet ...
Comments