Stanford Computers Exploited

Hackers exploited computers belonging to Stanford University to bring down some of the Internet's most heavily used websites last week, according to news reports--and Harvard computer experts say the University could also be vulnerable to similar attacks.

Despite news reports that insinuated Stanford computers were central to last week's attacks, which brought down popular sites like eBay.com, Amazon.com and Yahoo!, Stanford computer security officers say the university's involvement was minimal.

"Basically, what happened was that a small Stanford network was used as an amplifier on the attack against eBay only," said David J. Brumley, assistant computer security officer for Stanford University. "It was used for about 15 minutes only and then we shut it down."

Harvard computer officials acknowledge universities are particularly susceptible to such attacks.

Franklin M. Steen, director of Faculty of Arts and Sciences computer services, said he is aware of the possibility of attack on Harvard's computer systems.

"People have tried this here, too," he said. "They might succeed and they might not. Unfortunately, this is part of everyday life. People are persistent."

The challenge is not new, Steen said. While last week's incident has received news coverage because the attack was aimed at well-known sites, hackers have tried to use Harvard's systems to mount similar attacks in the past.

"We've been battling it for months," Steen said.

Harvard's computers are managed in the same way as Stanford's, where a central computer group is responsible for the main system, but academic departments maintain their own internal systems.

The computers used by the hackers were not on the Stanford campus, but at a small oceanographic division in a nearby county.

"Hopkins was the name of the Internet link that was used," Brumley said. Stanford runs the Hopkins network for a national oceanographic organization.

"All the [networks] on the main campus have been proofed against this type of thing," said Stephen E. Hansen, Stanford's computer security officer.

But the hackers took advantage of the normal workings of the system.

"Unfortunately, the bad guys out there scan for networks configured to allow this," Hansen said.

The attackers brought down eBay and other sites using a method called "denial of service," or DOS. On a regular computer network, one computer sends a packet, or a bit of information, to another computer, and waits for a "ping" in return to verify that the information was received.

The hackers pretended to be sending messages from the sites they intended to attack. When many computers simultaneously responded to sites like eBay, the overload of information shut down the real, unsuspecting sites.

This method also amplified the amount of information arriving at eBay, making the assault even more powerful.

In order to prevent such an attack from happening again, the Stanford system administrators have turned off the function that lists the broadcast, or return, address. On all other Stanford systems, this function is already off, but somehow Hopkins was overlooked, Brumley said.

The computers' response was not a malfunction, however, and there were no interruptions in service on the main Stanford network, though Hopkins slowed considerably, bringing the assault to administrators' attention.

While Brumley said that this function was overlooked on this particular system, he does not foresee any specific changes in security management in the future.

"We have a dedicated staff," he said, "and we continuously monitor the system."

Stanford's computers were only a few of "hundreds, if not thousands" used in the attack, Brumley said.

But Stanford administrators were among the few to admit that their computers were exploited.

At Harvard, computer officials say they expect few changes in coming months, except for the constant security upgrades they ordinarily make.

"We have to make adjustments constantly," Steen said. "We have to stay a day ahead."

But so far, Harvard computers have been secure.

"You think you write your e-mail and you're comfortable with that, but behind the scenes some people are trying to shut it down," Steen said. "We watch each one of these things."