A pothole on information highway Hundreds of computer break-ins expose the weaknesses in Internet'd security

November 01, 1993|By New York Times News Service

SAN FRANCISCO -- The vision of a national information superhighway is being threatened by a group of anonymous computer intruders who have broken into hundreds of university, government and commercial computers in recent months, bedeviling many of the nation's computer managers.

The attacks, which became public several weeks ago when an on-line service in New York City was forced to shut down for three days, have alarmed security experts, who say this has exposed fundamental weaknesses in the security of Internet, an international computer network that is widely viewed as the forerunner of the nation's data highway.

"The pervasive nature of this thing is startling but not surprising," said Peter Neumann, a computer scientist and security expert at SRI International, a research center in Menlo Park, Calif. "The vendors and the system administrators are way behind the power curve. The fact is everyone on the Internet is getting hit."

The intruders have been able to obtain passwords for hundreds, or even thousands, of computers that are attached to Internet, which connects more than two million computers at universities, corporations and government sites around the world.

"The extent of this isn't appreciated by the people who should know better," said Alexis Rosen, president of Panix Public Access system, a New York City on-line service, which was attacked last month.

The problems are sobering because similar security technologies are being used by most of the interactive television experiments of cable television and telephone companies eager to sell services like on-line banking and home shopping.

"People see the glitter and the glamour of the information highway, but they don't see the risk," said Eugene Spafford, a computer scientist and director of a Purdue University security center. "The vast majority of people have never really bothered to think carefully about what they may have to lose and what exposure they are taking for themselves by connecting to the network."

On Oct. 18, the staff of Panix Public Access found that an intruder had secretly inserted a rogue program into one their computers. The program was designed to watch network data communications, and record password information in a secret file.

In recent years, dozens of small commercial on-line service providers like Panix have sprung up around the country to give computer users access to Internet. In addition to electronic mail, this permits users to read computer bulletin boards, and exchange software and documents.

Computer site administrators said they had no accurate estimates of how many systems had been compromised in the attacks, or whether information had been stolen.

The attacks, government and private security specialists both said, raise questions about the use of passwords as a method for protecting network security in the future.

A number of security experts said technology now exists that would help minimize the kind of intrusions that rely on stealing passwords.

For example, there are systems that require a password to change every time it is used. Other systems require users to rely on special credit card-sized computers that create a unique password for each connection.

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.