Stanford Report, April 21, 2004
Campus computers fall prey to attacks
Stanford computers, along with those of a number of other research institutions and high performance computing centers, were the targets earlier this month of highly sophisticated attacks on computers running Solaris and Linux operating systems. The attacks are thought to have compromised about 30 campus computers, said Sandra Senti, executive director for technology strategy and support for Information Technology Systems and Services (ITSS).
The source of the attacks and what they intended to accomplish remain unknown, Senti said. But the attacks can result in a computer's operating system being replaced with a malicious version that allows the attacker access to a computer's root system and leaves little evidence that the computer has been compromised, according to an ITSS alert.
The ITSS alert, posted online at http://securecomputing.stanford.edu/alerts/multiple-unix-6apr2004.html, carries information about how Unix computer operators might detect compromised systems and prevent future attacks. The attacks usually start with capture of a user's password, the alert said.
Although the attacks weren't directed at users of personal computers, which account for the majority of campus computers, Senti reiterated the need for all campus users to be vigilant about keeping systems up to date with security patches. An automated patch management system is now in use by ITSS and will be made available to other campus users in the future, she said.
Additionally, passwords should never use common words, since attackers can use automated programs to detect common word patterns and variations using dictionaries, she said. Nor should users maintain guest accounts with no password protection, she said.