Stalking the wily hacker

Author:
Clifford Stoll

Lawrence Berkeley aboratory, Berkeley, CA

Lawrence Berkeley aboratory, Berkeley, CA
View Profile

Authors Info & Claims

Communications of the ACM Volume 31 Issue 5May 1988pp 484–497https://doi.org/10.1145/42411.42412

Published:01 May 1988Publication History

Communications of the ACM

Abstract

An astronomer-turned-sleuth traces a German trespasser on our military networks, who slipped through operating system security holes and browsed through sensitive databases. Was it espionage?

References

1 ACM. ACM code of professional conduct. Bylaw 19, Cannon 1-5, ACM, New York.Google Scholar
2 Beals, E., Busing, D., Graves, W., and Stoll, C. Improving VMS security: Overlooked ways to tighten your system. In Session Notes, DECUS Fall Meeting(Anaheim, Calif., Dec. 7-11). Digital Equipment User's Society, Boston, Mass., 1987.Google Scholar
3 Bednarek, M. Re: Important notice {distrust software from people breaking into computers}. Internet Info-Vax Conference (Aug. 4). 1987.Google Scholar
4 Boing, W., and Kirchberg, B. L'utilisation de syslemes experts dans l'audit informatique. In Congress Programme, Securicom 88, 6th World Congress on Computer Security (Paris, France, Mar. 17). 1988.Google Scholar
5 Brand, S., and Makey, J. Dept. of Defense password management guideline. CSC-STD-002-85, NCSC, Ft. Meade, Md., Apr. 1985.Google Scholar
6 California State Legislature. Computer crime law. California Penal Code S. 502, 1986 (revised 1987).Google Scholar
7 Carpenter, B. Malicious hackers. CERN Comput. Newsl. ser. 185 (Sept. 1986), 4.Google Scholar
8 Clark, D., and Wilson, D. A comparison of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif., Apr. 27-29}. IEEE Press, New York, 1987, pp. 184-194.Google ScholarCross Ref
9 Denning, D. Cryptography and Data Security. Addison-Wesley, Reading, Mass., 1982. Google ScholarDigital Library
10 Digital Equipment Corporation. Guide to VAX/VMS system security. AA-Y510A-TE, DEC, July 1985.Google Scholar
11 Dilworth, D. "Sensitive but unclassified" information: The controversy. Bull. Am. Soc. Inf. Sci. 13 (Apr. 1987).Google Scholar
12 D'Ippolito, R.S. AT&T computers penetrated. Internet Risks Forum 5, 41 (Sept. 30, 1987).Google Scholar
13 Grampp, F.T., and Morris, R.H. Unix operating system security. AT&T Bell Laboratories Tech. J. 63, 8 (Oct. 1984), pt. 2, 1649-1672.Google Scholar
14 Hartman, W. The privacy dilemma. Paper presented al the "International Conference on Computers and Law" (Santa Mor. ica, Calif., Feb.). 1988. Available from Erasamus Universiteit, Rotterdam.Google Scholar
15 IEEE. The best techniques for computer security. Computer 16, 7 (Jan. I983), 86.Google Scholar
16 IEEE. Computer 16, 7 (Jan. 1983).Google ScholarDigital Library
17 IEEE. Network 1, 2 (Apr. 1987).Google ScholarCross Ref
18 Israel, H. Computer viruses: Myth or reality. In Proceedings of the lOth National Computer Security Conference (Baltimore, Md., Sept. 21- 24). 1987.Google Scholar
19 Kneale, D. It takes a hacker. Wail Street }. (Nov. 3, 1987).Google Scholar
20 Landau, S. Zero knowledge and the Department of Defense. Not. Am. Math. Soc. 35, 1 (Jan. 1988), 5-12.Google Scholar
21 Latham, D. Guidance and program direction applicable to the Defense Data Network. In DDN Protocol Handbook. NIC 50004, vol. 1. Defense Data Network, Washington, D.C., Dec. 1985, pp. 1-51.Google Scholar
22 Lehmann, F. Computer break-ins. Commun. ACM 30, 7 (July 1987), 584-585. Google ScholarDigital Library
23 Markoff, J. Computer sleuths hunt a brilliant hacker. San Francisco Examiner (Oct. 3, 1986).Google Scholar
24 McDonald, C. Computer security blunders. In Proceedings of the DOE lOth Computer Security Group Conference (Albuquerque, N.M., May 5- 7). Dept. of Energy, Washington, D.C., 1987, pp. 35-46.Google Scholar
25 Metz, S.J. Computer break-ins. Commun. ACM 30, 7 (July 1987), 584.Google Scholar
26 Morris, R.H., and Thompson, K. Password security: A case history. In Unix Programmer's Manual. AT&T Bell Laboratories, 1984, sec. 2.Google Scholar
27 Morshedian, D. How to fight password pirates. Computer 19, 1 (Jan. 1986).Google ScholarDigital Library
28 National Computer Security Center. CSC-STD-O04-85. NCSC, Ft. Meade, Md., 1985.Google Scholar
29 National Computer Security Center. DoD trusted computer system evaluation criteria. CSC-STD-001-83. NCSC, Ft. Meade, Md., 1983.Google Scholar
30 National Computer Security Center. Guidance for applying the Orange Book. CSC-STD-003-85, NCSC. Ft. Meade, Md., 1985.Google Scholar
31 National Computer Security Center. Trusted network interpretation of the trusted computer system evaluation criteria. DoD 5200.28- STD, NCSC. Ft. Meade, Md., 1987.Google Scholar
32 Office of Technology Assessment, U.S. Congress. Defending secrets, sharing data: New locks and keys for electronic information. OTA- CIT-310, U.S. Government Printing Office, Washington, D.C., Oct. 1987.Google Scholar
33 Omond, G. Important notice {on widespread attacks into VMS sys-Google Scholar
34 Poindexter, J. National security decision directive. NSDD-145, National Security Council, Washington, D.C., Sept. 17, 1984.Google Scholar
35 Proceedings of the Intrusion Detection Expert Systems Conference (Nov. 17). 1987.Google Scholar
36 Reid, B. Reflections on some recent widespread computer breakins. Commun. ACM 30, 2 (Feb. 1987). 103-105. Google ScholarDigital Library
37 Schmemann, S. West German computer hobbyists rummaged NASA's files. New York Times (Sept. 16~ 19871.Google Scholar
38 Slind-Flor, V. Hackers access tough new penalties. The Recorder Bay Area Legal Newsp. (Jan. 6, 1988).Google Scholar
39 Smith, K. Unix Rev. 6, 2 (Feb. 1988}.Google Scholar
40 Stallman, R. Gnu-Emacs Text Editor Source Code.Google Scholar
41 Stevens, D. Who goes there? A dialog of questions and answers about benign hacking. In Proceedings of the Computer Measurement Group (Dec.). Computer Measurement Group, 1987.Google Scholar
42 Stoll, C. What do you feed a Trojan horse? In Proceedings of the lOth National Computer Security Conference (Baltimore, Md., Sept. 21-24). 1987.Google Scholar
43 Stoll, C. How secure are computers in the US? In Proceedings of the 11th National Computer Security Conference (Baltimore, Md., Oct. 17). To be published.Google Scholar
44 Thompson, K. Reflections on trusting trust. Commun. ACM 27, 8 (Aug. 1984), 761-763. Google ScholarDigital Library
45 Unix Review. 6, 2 (Feb. 1988).Google Scholar
46 U.S. Congress. Exception to general prohibition on trap and trace device use. 18 U.S.C.A. 3121, secs. (b)(1) and (b)(3), U.S. Congress, Washington. D.C., 1986.Google Scholar
47 U.S. Congress. The federal computer crime statute. 18 U.S.C.A. ~030, U.S. Congress, Washington, D.C., 1986.Google Scholar
48 Whitten, I.H. Computer (in)security: Infiltrating open systems. Abacus(Summer 1987). Google ScholarDigital Library
49 Wood and Kochan. Unix System Security. Sams, Indianapolis, Ind., 1985. Google ScholarDigital Library

Index Terms

Stalking the wily hacker

Recommendations

Defending against the wily surfer: web based attacks and defenses
ID'99: Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1

Intrusions are often viewed as catastrophic events which destroy systems, wreak havoc on data through corruption or substitution, yield access to closely guarded sensitive information, or provide a springboard for hackers to attack other systems.

Yet ...
Read More
The web application hacker's handbook: discovering and exploiting security flaws
Read More
Think Like a Hacker: A Sysadmin's Guide to Cybersecurity
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Communications of the ACM Volume 31, Issue 5
May 1988
114 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/42411
Editor:
Peter J. Denning
NASA Ames Research Center, Moffitt Field, CA
Issue’s Table of Contents
Copyright © 1988 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 May 1988
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 116
  Total Citations
  View Citations
- 6,198
  Total Downloads
- Downloads (Last 12 months)1,607
- Downloads (Last 6 weeks)231
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Stalking the wily hacker

Communications of the ACM

Abstract

References

Cited By

Index Terms

Recommendations

Defending against the wily surfer: web based attacks and defenses

The web application hacker's handbook: discovering and exploiting security flaws

Think Like a Hacker: A Sysadmin's Guide to Cybersecurity