Computer system security has been on the minds of Oberlin's computer operators this week ever since it was learned that the College's computer system was broken into over the weekend.
Director of Computing John Bucher said the hacker apparently entered Oberlin's system and then broke into at least three different machines on campus, including two students' machines and one machine in the Physics department.
News of the break-in first came to the computing center on Saturday when Oberlin began receiving messages from several systems around the country, including a few federal systems, warning that someone using an Oberlin user ID was breaking into their computer systems.
The hacker had a user ID from within the Korean domain, Bucher said. However, Bucher warned that this does not mean the hacker was necessarily in Korea; he or she could have hacked into the Korean system from a different location.
Since learning of the break-in Bucher said his staff has been busy securing the machines that were broken into and talking with staff at the other institutions that were broken into. "It is a nuisance," Bucher said, "that takes staff time away from what we are really here to do which is serve the campus needs."
Bucher explained that the hacker entered through an operating system called Linux, a free, public system that is most often used by "hobbyists" who set up their personal computer using the product. While Oberlin does not use Linux, many individuals on the Oberlin campus have it on their machines.
Although Linux is a slick program, it is also notorious for having holes that make it an easy target for hackers, Bucher said. Bucher said his staff thinks the hacker entered Oberlin's system by first breaking into several of these Linux systems.
In addition to just entering the system it appears the hacker learned passwords to several student e-mail accounts while in the Oberlin computer system. The hacker apparently ran what is called "sniffer software" to sniff out passwords.
The hacker left behind a file listing passwords he or she had learned from this software. The Computing center has notified these people and asked them to change their passwords immediately.
Bucher said this is an example of why it is important for e-mail users to change their passwords regularly. "The moral is protect yourself," he said. "Change your password."
Bucher said break-ins like this are common. Technical institutions like Stanford, Carnegie Mellon and Case Western Reserve have hired staff people whose primary job is reading logs to make sure computer users are all authorized and legitimate.
Although break-ins like this one are illegal, it is unlikely anything will be done about it. Bucher said it is only after real damage has been done that law enforcement is brought into the situation.
Bucher said his staff has been looking at the computer system's security throughout the week. "It's like when someone breaks into your house. You tighten up security. You raise your awareness a little," he said.
Bucher said he and his staff have to try to strike a balance between security and paranoia. "How far do you go?" he asked. "We could have a system that you had to enter three passwords to e-mail, but would that be too far?"
It isn't clear that the hacker had a motive beyond simple thrill-seeking. Bucher said hackers usually hack either just for the challenge and thrill, or to get information from within a computer system. "There is no evidence this hacker was going after information," he said.
Bucher suspects this hacker was in it for the thrill. "You climb the mountain because it's there," he said. "It is the thrill of breaking in and going somewhere you shouldn't go."
Hacker: A hacker broke into the Oberlin computer system over the weekend, leaving with some email passwords. In response the Computing Center is asking everyone to change their passwords.
Copyright © 1998, The Oberlin Review.
Volume 127, Number 7, October 30, 1998
Contact us with your comments and suggestions.