Advertisement

Internet Hacker Breaks Into Eliot House Network

User IDs and passwords compromised

A hacker infiltrated the computer of an Eliot House resident Sunday morning and installed a program that enabled him to gather the user names and passwords of numerous other Eliot residents, officials said. The breach required about 100 users to undergo a "forced re-authentication" process.

No information was lost or damaged, however, according to Coordinator of Residential Computing Support Rick Osterberg '96.

The resident, who wished to remain anonymous, first noticed the breach, which had occurred earlier in the day, on Sunday night.

"The hacker ran a program over the Internet that gave him root, or universal, access to my machine. This allowed the hacker to start a packet sniffer to gather people's Faculty of Arts and Sciences (FAS) passwords when they logged into the network," the resident said.

Packet sniffers gather all information, including usernames and passwords, passing over the network while the program is running. This information is then available to the hacker, according to Osterberg.

Advertisement

The hacker did not appear to be a Harvard affiliate.

The resident said that the hacker "appeared to be from a dial-up account in Michigan."

The resident was running Linux at the time of the breach, which is a free alternate version of Unix popular with students and with hackers.

The resident stopped the packet sniffer program Sunday night and notified FAS Computer Services Monday morning. In turn, Computer Services then ordered the re-authentication process. Any Eliot residents who were logged on to the same portion of the network as the hacker received an explanatory note explaining the breach the next time they telnetted to the FAS network.

The process required the residents to provide their Harvard ID number and their birthdate and then change their password.

Those residents who went through the process downplayed its significance. "It's kind of annoying, but not that big of a deal. I understand that it's not a foolproof system," said Jonathan A. Russell'00.

Not all Eliot residents were affected. Thenetwork is broken into "sub-nets," smaller,isolated sections, and only those users on thesame sub-net as the hacker had their securitycompromised.

The quick response of both the Eliot residentand Computer Services appears to have averted apotentially critical situation.

"We isolated only a very small number of FASaccounts that were actually used, and a thoroughinvestigation of those accounts shows that no datawas lost or damaged," Osterberg said in an e-mail.

Osterberg said that the University is takingsteps to identify the hacker, but stressed thatthe primary goal was to re-establish networksecurity.

"Due to the nature of the Internet, it'ssometimes difficult to precisely pinpoint theoriginal attacker. It's very early in the processright now to know exactly where it will lead.Obviously, in a situation like this, the primarygoal is to stop the security breach, and theninvestigate," he said.

Advertisement