Computing The Risks -- Internet Travelers Need To Use Safeguards Against Hackers
Maybe you didn't need a reminder of this, but the painful last two weeks for Eskimo North might serve as one anyway: The world connected to your modem is one of both magic and madness.
It's magic to log in and travel the planet, picking up information, browsing publications, playing games, viewing graphics, downloading useful programs and making friends along the way.
And it's madness when someone else, out of ego, spite or a misguided sense of adventure, can sever your link to this outside world.
"It's not a huge surprise, but it's really annoying and frustrating," said Susan Dennis, who was among 3,000 customers cut off from the Internet when a hacker shut down Eskimo North June 30. Service resumed Wednesday night with operators hoping new safeguards would withstand a similar attack.
Dennis, a consultant who designs World Wide Web pages for commercial users, said it has been difficult explaining to her clients that the occasional hacker joyride may be a fact of life on the Internet.
She views the disruption of one of Seattle's oldest and largest Internet providers as a "a giant propeller-head power play" by a hacker showing off.
As Eskimo North struggled to reprogram computers, reconstruct tainted files and circulate new passwords, the service's headaches prompted a new round of discussion about network security.
Subjects raised in advisories, messages, conversations and newsgroup postings have included:
-- Reminders to online users never to give out their passwords, and to change passwords periodically.
-- Advice to commercial users to keep sensitive information, such as customer lists, marketing strategies and financial data, on computers separate from those used for Internet communication.
-- Speculation on whether Internet users could help detect, prosecute or sue hackers who disrupt service.
-- Proposals for a closer alliance among the area's Internet providers to share information about hackers and explore new ways to foil or detect them.
The discussion has even included lamentations that the term "hacker," originally a compliment for persons skilled enough to dissect intricate programs, has come to mean someone who breaks into a system in which he doesn't belong. Purists insist "cracker" is the appropriate term for such an intruder, but acknowledge the media and even some online providers now liberally use "hacker."
Need stronger locks
Meanwhile, Internet enthusiasts want to make sure the Internet itself isn't blamed for the bad conduct of a few who travel there.
To the question, "How vulnerable is the Internet?" posed in this section last weekend, Boeing computer analyst Rich Hand, who has a background in security work, responded:
"This is like asking how vulnerable a particular bank is because a modern highway runs in front of it . . . One can never close all the possible break-in points, but by choosing the stronger lock, the stronger door and louder alarm, one might have a chance of slowing the damage."
More than 2,000 miles away from Seattle, the city of Ottawa, Canada may seem an unlikely place to find the roots of a computer problem that spread disappointment and inconvenience through the Puget Sound area.
But that's the nature of the Internet, where physical distances mean nothing.
Robert Dinse, Eskimo North administrator, said the hacker somehow gained top-level access to a free Internet service based in Ottawa. Once there, he ran a "sniffer" program that recorded users' keystrokes, allowing him to capture, among other things, the login and password of an Eskimo North user.
In Eskimo North, the attacker took advantage of what may have been a weakness in a mail-processing program to gain access to areas usually open only to Eskimo North's administrator.
Once there, he damaged, deleted, and distorted a variety of files, planting "back doors" to allow him to re-enter the system later.
Dinse's first efforts to close the doors were unsuccessful; the hacker returned the next day, even telephoning to taunt Dinse personally.
At first, the hacker seemed to attribute his wrath to the bad online conduct of a former Eskimo North subscriber, but later messages obscured the motive, said Jimmie Farmer, Eskimo technical-support worker. In the end, he said, "We really don't know why he did it."
But the attacker indicated he had done similar things to other services and enjoyed it, Farmer said.
The hacker's entry into the operating systems of five computers at Eskimo North prompted the service to reinstall those systems directly from disks supplied by the manufacturer.
"Nothing can be perfectly safe, but in the last 10 days, we've done all that we can to prevent this from happening again," Farmer said.
Because the hacker had made his way into Eskimo North's password file, subscribers were contacted by telephone and assigned new passwords.
They were also advised to change their passwords on any services they may have contacted from Eskimo North, because those passwords, too, could have been captured by the "sniffer."
Find a good password
Farmer said when he saw a list of subscribers' old passwords, he was dismayed by how many people used a simple variation of their name.
"That's the first thing a hacker would try," he said, adding that a good password isn't a name or word, but a combination of letters, numbers and punctuation marks.
In a posting to the newsgroup "seattle.general," Dinse proposed an association of Internet providers working together to reduce the chance of unauthorized logins.
He apologized to his bewildered subscribers for taking so long to put the system back online, but stressed that security was his first consideration. "You know of other providers that are now dead and gone in part because they could not get a handle on this problem. I do not want to join them," he said.
At least one other local Internet provider, Wolfe Internet Access, advised its users to change their passwords, particularly if they had visited Eskimo North.
Mark Dantche, Wolfe's director of sales and marketing, said his company has taken steps to reduce the chances that it could be hit by the same kind of attack that shut down Eskimo North.
"But nothing is unbreakable," he said, adding that any service foolish enough to call itself "uncrackable," would simply be inviting hackers to try.
Bob Mascott, a system adminstrator for Seattle Community Network, a free e-mail service, said security isn't something that can be installed; it has to be a constant effort. As providers erect new roadblocks, hackers look for ways around them.
"Assume that everything you've done is going to be breached, and when it is, know how can you get the system back up as soon as possible," Mascott said.
But Mascott feels it's important not to give in to paranoia that can become paralysis. "You can't assume that every call is going to destroy you. If you do, you might as well not have the service."
Meanwhile, some local online enthusiasts have been comparing notes and theories on the situation in messages posted to "seattle.general."
Several voice support and sympathy for Eskimo North, though some Eskimo users, logging in through other connections, showed confusion or impatience.
"I have 1,000 two-page carbon invoices with my Eskimo commercial address printed on them . . . very practical concerns are at stake here," noted one businessman who considered seeking another carrier.
Stronger penalties urged
Other postings voiced wrath and disgust for the attacker, with suggested penalties ranging from a civil lawsuit to a lynching. ("Kidding of course," added the writer who suggested the necktie party.)
Despite the ire of online subscribers, and the Justice Department's designation of computer crime as a priority, criminal prosecutions against hackers remain rare. And only the most notorious, such as Kevin Mitnick, nicknamed "Condor," get media attention.
Some computer users were dismayed by reports last week that Mitnick, arrested in February and billed by a prosecutor as "the most wanted computer hacker in the world," was allowed a plea agreement which, his lawyer says, may mean he'll spend only eight months behind bars.
Charged with 23 felonies that each carry a possible 20-year sentence, Mitnick, jailed in North Carolina, pleaded guilty to a charge of illegally possessing phone numbers to gain access to computer systems. The remaining charges will be dropped.
But that's not the extent of Mitnick's problems, insists David Schindler, assistant U.S. attorney in Los Angeles. Schindler said Mitnick will be returned to California, where he faces a parole-violation charge and is under investigation for computer-related crimes in three federal jurisdictions.
Less likely, but still possible, is the potential of criminal charges against Mitnick in Seattle, where he lived for five months last year.
Renting a University District apartment under an assumed name, Mitnick narrowly escaped arrest by authorities investigating the theft of more than $10,000 worth of cellular-phone service.
Ivan Orton of the King County prosecutor's fraud division said if Mitnick gets significant jail time in California, he won't likely be charged here. And even if he were convicted in Seattle, the punishment might not be severe: Orton said fraud-related thefts typically draw one month in jail for each $5,000 stolen.