Many people have discovered that good locks aren't always enough to stop burglars. It also helps to have good neighbors. That also applies to stopping computer hackers, says Barbara Skoblick, Cornell Information Technologies security officer.
One of the first things Skoblick did after being appointed to the newly created post was to form a "neighborhood watch" of campus computer system administrators and others responsible for computer security. The plan has already paid off by detecting several attacks by hackers who broke into computer systems on campus and, in at least one case, caused severe damage, destroying valuable files.
"Basically it's so people know who to notify [about a hacker attack] so the word gets out," Skoblick explained, "to see if the attack is isolated or campuswide."
Skoblick brought the group of about 40 people together at first as an e-mail mailing list, and she called the first face-to-face meeting three weeks ago. At that meeting one member reported a computer break-in from a site in Sweden. Discussion at the meeting and over the next few days via e-mail revealed that the same hacker had invaded several other sites at Cornell.
"The Swedish attack had probably been going on for a few months but nobody realized it had been so widespread until we discussed things in the meeting," Skoblick said.
Skoblick was able to persuade the Swedish Internet service provider from whose site the attack was launched to investigate.
"If a problem becomes serious, we can block the entire domain from access to campus," she said. "Threatening to do that usually gets their attention."
A report also was filed with Cornell Police. The attack violated both American and Swedish law, Skoblick said, and filing a report here enables Swedish authorities to take action.
The attack was not trivial.
"They did a lot of damage on campus," Skoblick said. "One person lost research data."
A computer in the Materials Science Center and one used by the IthacaNet service were attacked by other hackers last month. (IthacaNet, a Web site on the city of Ithaca, operates from a campus computer donated by the university.)
And on Aug. 13 a computer break-in occurred on a Cornell Cooperative Extension computer. A report was posted to the mailing list describing the "security hole" the weakness in the operating system that the hacker had exploited to break in.
"Seven or eight other system administrators discovered people trying to break in using the same security hole," Skoblick reported. "So everybody ran and checked their systems for this hole. I think it's really helping."
Hackers generally invade computers running the Unix operating system, which is complex and can be vulnerable if it is not managed carefully.
"Many users just take the computer out of the box and set it up with all the default programs running," Skoblick said. "Some even keep the default passwords that came with the system." Hackers know all the default passwords and try them first.
While Unix systems may be the most often attacked, any computer connected to the Internet is a potential target, Skoblick noted, especially one running an Internet service such as a Web server or FTP file server.
Ironically, she said, the most common computer break-ins are not accomplished through high-tech wizardry but simply by guessing passwords (see below).
"A lot of the security problems are the result of people having really bad passwords," she said. "They use their names or their net ID. Another problem is when people share their passwords. Parents let kids use their passwords."
Sharing passwords, even with family members, is against university policy, she said, and could be considered unauthorized use of university facilities.
A secure password is important even if you don't care what happens to your own data, she pointed out. "It's not just you you're protecting, it's everyone else on the system," she said.
Skoblick, who previously supervised e-mail and Usenet operations for Cornell Information Technologies, is the first person to hold the job of network security officer.
Skoblick is planning to meet with computer administrators and users around campus and offer assistance in beefing up security. She also will be advising Cornell Police on how to deal with computer crimes.
"Mostly what I'm trying to do now is build awareness," Skoblick said.
If you have or even think you have a computer security problem, contact Network Resources at 255-0001, or e-mail Barbara Skoblick at bs10@cornell.edu . Information on reporting other types of computer abuse, as well as guidelines for what constitutes responsible use, can be found at http://www.cornell.edu/Computer/responsible-use/Index.html.
When trying to guess a password, hackers try the obvious first, but they won't stop there; they may try a wide variety of words based on whatever information they can collect about a user. Some of the things you should not use as a password are:
Whatever your password is, do not write it on a piece of paper and leave it in a desk drawer. And you should change your password from time to time.