With the growth of the Internet as a major form of communication, millions of people across the world can now exchange ideas and transmit information via computer in a matter of seconds. However, the recent spate of hacker-related incidents at Harvard, and throughout the world, have students and administrators worried about the security of the Internet.

"Hackers like to attack prominent targets like Harvard," Franklin "Frank" M. Steen, director of Harvard Arts and Sciences Computer Services, writes in an e-mail message. "We understand this, and security is a high priority."

Nearly two months ago, a hacker used the computer of an Eliot House resident to gain access to the user names and passwords of other Eliot House residents.

"Network security for those residents in Eliot was immediately re-established after we learned about the compromise," says Rick Osterberg '96, coordinator of residential computing support. "Since we now have the tools in place, we were able to immediately require all of the affected Eliot House residents to re-authenticate to the FAS central systems and change their passwords."

A week later, a Rhode Island man pleaded guilty to hacking into a Dunster House computer in October of 1996. Although the incident was not initially reported to FAS Computer Services, Osterberg says students have nothing to be worried about. "[I am] under the impression that the compromised system was sanitized and does not represent a threat currently," he says. "Any accounts on FAS central systems that may have been compromised as a result of that incident have long since been secured, due to the periodic enforced password changes that now take place."

Steen adds, "We act on every security incident that we discover or are informed of. We then take steps to eliminate the problem and protect other systems at Harvard."

Yet, as these incidents have shown, most hacking threats at Harvard come not from within the University, but rather from the outside world.

Therefore, the University continuously explores ways to increase network security. However, administrators say that implementing every available option is not always feasible because of the high cost of equipment and human labor. Furthermore, administrators say they must be careful to balance security with usability.

"There are some extreme measures that could technically be taken to provide an extremely high level of network security," Osterberg says. "However, those measures would significantly impact the usability of the network."

Harvard students were subjected to heightened security this fall when they tried to access their e-mail accounts. Students had to change their passwords and pass a quiz about proper computer use before they could check their e-mail messages.

"Changing your password is one of the most important things you can do to maintain the security of your own FAS e-mail account," Osterberg says. "Each insecure individual account is a weak link in the chain, which may allow a malicious outside user to gain access to our system. By doing what we can to maintain the security of the individual accounts, we increase the overall security of the system as a whole."

To this end, administrators have been busy educating students about network security. Besides the quiz, a newsgroup called harvard.comp.security has been created so students can discuss computer security issues.

"We're becoming more active in making security bulletining available to the user community through that newsgroup," Osterberg says. "I believe we've seen a large increase in overall awareness of computer security issues, which to me means that our outreach is starting to work. There is more to be done, of course, but we're starting to make progress."

What is Hacking?

So what exactly is hacking? Although this term is widely used, there is no precise definition that is understood by all. Osterberg uses the term hacking simply to mean "breaking in."