ITS officials hot on the trail of Pantheon hacker

After forcing all students, faculty, and personnel to change their account passwords on Wed., Oct. 15, in response to a security breach, Information and Technology Service (ITS) officials are meticulously following the trail left by the hacker who broke into the Pantheon server.

"When someone walks around a yard and it's wet outside, they leave footprints," Philip Long, Director of Academic Computer Services, said. "We look for similar indications in various places on the machine. Once we were alert to the problem, we focused our attention, and we believe we've found footprints."

These "footprints" show that the the hacker most likely worked from a computer outside of Yale. "What we've learned suggests that this was an off-campus attacker," Long said. "Until you have someone in hand, or have complete records, then you can't know for sure what's going on. But we have a good sense of what has occurred."

Systems analyst Aleks Margan, BK '91, who oversees the operation of the Pantheon Server, first detected the security breach during a routine observation of the system on Tues., Oct. 14. Margan was unavailable for comment.

"Our staff observes the machine on a regular basis, and some unusual behavior caught the attention of one of our staff members," Long reported. "The attack was disguised, but once the staff member began to look at what was going on, he saw that this was a process attempting to gather Net ID's and passwords and other kinds of information."

"They were used to launch attacks against other institutions," Long commented. The four students whose accounts were definitely attacked were contacted immediately of the intrusion.

But Long insists that reading students' personal e-mails was not the hacker's main goal. "The attack was probably a jumping-off point to attack sites outside of Yale," Long explained.

Since ITS knows that more e-mail accounts may have been penetrated, all Yalies were forced to change their account passwords. "Your account may already be secure, but this assures security," Long said.

All Yalies who have logged in since the discovery of the attacks have had to change their Net passwords. Those who use other e-mail programs or POP are also encouraged to change their passwords.

Most students have grudgingly accepted the password change. "It's definitely not good that someone broke into the system. But since it happened, I guess making people get new passwords makes sense," Orla McCabe, DC '99, said.

"The best way students can secure themselves against this type of thing is by chosing good passwords and changing passwords," Morrow Long, security officer at ITS, said.

Yale isn't alone in facing threats to computer security. "It was only 10 days ago that we were contacted by another institution saying that some accounts on their Pantheon server had been compromised," Philip Long stated. "We're under attack constantly. But it's unusual for the attack to succeed."

Morrow Long noted that the webpages of NASA, CIA, and the U.S. Department of Justice have been broken into recently by hackers who used the tactics used by the Yale hacker.

Phillip Long is confident that the security breach has been repaired. "We've learned quite a bit about what happened, and that's important because it allows us to say that we have closed the hole." However, Morrow Long added that "unfortunately, it is much easier to do this type of activity now than it was [in the past]."

When the hacker is identified, he or she will face serious disciplinary action. "The attack is a violation of Connecticut law as well as university policy," Phillip Long said. "We've contacted the computer emergency responsive team, which is a federally funded site that tracks hacker attacks nationwide and looks for patterns."

Back to News...