Internet Hacker Breaks Into Eliot House Network

A hacker infiltrated the computer of an Eliot House resident Sunday morning and installed a program that enabled him to gather the user names and passwords of numerous other Eliot residents, officials said. The breach required about 100 users to undergo a "forced re-authentication" process.

No information was lost or damaged, however, according to Coordinator of Residential Computing Support Rick Osterberg '96.

The resident, who wished to remain anonymous, first noticed the breach, which had occurred earlier in the day, on Sunday night.

"The hacker ran a program over the Internet that gave him root, or universal, access to my machine. This allowed the hacker to start a packet sniffer to gather people's Faculty of Arts and Sciences (FAS) passwords when they logged into the network," the resident said.

Packet sniffers gather all information, including usernames and passwords, passing over the network while the program is running. This information is then available to the hacker, according to Osterberg.

The hacker did not appear to be a Harvard affiliate.

The resident said that the hacker "appeared to be from a dial-up account in Michigan."

The resident was running Linux at the time of the breach, which is a free alternate version of Unix popular with students and with hackers.

The resident stopped the packet sniffer program Sunday night and notified FAS Computer Services Monday morning. In turn, Computer Services then ordered the re-authentication process. Any Eliot residents who were logged on to the same portion of the network as the hacker received an explanatory note explaining the breach the next time they telnetted to the FAS network.

The process required the residents to provide their Harvard ID number and their birthdate and then change their password.

Those residents who went through the process downplayed its significance. "It's kind of annoying, but not that big of a deal. I understand that it's not a foolproof system," said Jonathan A. Russell'00.

Not all Eliot residents were affected. Thenetwork is broken into "sub-nets," smaller,isolated sections, and only those users on thesame sub-net as the hacker had their securitycompromised.

The quick response of both the Eliot residentand Computer Services appears to have averted apotentially critical situation.

"We isolated only a very small number of FASaccounts that were actually used, and a thoroughinvestigation of those accounts shows that no datawas lost or damaged," Osterberg said in an e-mail.

Osterberg said that the University is takingsteps to identify the hacker, but stressed thatthe primary goal was to re-establish networksecurity.

"Due to the nature of the Internet, it'ssometimes difficult to precisely pinpoint theoriginal attacker. It's very early in the processright now to know exactly where it will lead.Obviously, in a situation like this, the primarygoal is to stop the security breach, and theninvestigate," he said.

This past week's security breach is not thefirst such incident at Harvard.

"This is not the first time we have had asecurity compromise along with a packet snifferinstalled on our network. We see incidents likethis occurring multiple times per year," Osterbergsaid.

According to Osterberg, the University isconsidering several "long-term" plans to bolsternetwork security. The first is "switchednetworking," a system in which every datajack iscompletely isolated from every other datajack.While this prohibits packet sniffing, it is a verycostly procedure which would require extensiverewiring of hundreds of datajacks.

The second possibility is to implement softwaremaking "encrypted networking" possible. Thissoftware would encrypt all information passingbetween a user's computer and the network. Thesoftware is expensive, however, and may be subjectto government regulations.

The last possibility is simply to educatestudents through outreach programs. These programswould specifically target students who usemulti-user programs, such as Linux, and informthem about possible security attacks. Eliotresidents were quick to praise theadministration's response to the problem.

"I'm just glad that they caught it quickly.Changing your password it is a lot better thanhaving someone use your account maliciously," saidGabrielle B. Dreyfus '01

Not all Eliot residents were affected. Thenetwork is broken into "sub-nets," smaller,isolated sections, and only those users on thesame sub-net as the hacker had their securitycompromised.

The quick response of both the Eliot residentand Computer Services appears to have averted apotentially critical situation.

"We isolated only a very small number of FASaccounts that were actually used, and a thoroughinvestigation of those accounts shows that no datawas lost or damaged," Osterberg said in an e-mail.

Osterberg said that the University is takingsteps to identify the hacker, but stressed thatthe primary goal was to re-establish networksecurity.

"Due to the nature of the Internet, it'ssometimes difficult to precisely pinpoint theoriginal attacker. It's very early in the processright now to know exactly where it will lead.Obviously, in a situation like this, the primarygoal is to stop the security breach, and theninvestigate," he said.

This past week's security breach is not thefirst such incident at Harvard.

"This is not the first time we have had asecurity compromise along with a packet snifferinstalled on our network. We see incidents likethis occurring multiple times per year," Osterbergsaid.

According to Osterberg, the University isconsidering several "long-term" plans to bolsternetwork security. The first is "switchednetworking," a system in which every datajack iscompletely isolated from every other datajack.While this prohibits packet sniffing, it is a verycostly procedure which would require extensiverewiring of hundreds of datajacks.

The second possibility is to implement softwaremaking "encrypted networking" possible. Thissoftware would encrypt all information passingbetween a user's computer and the network. Thesoftware is expensive, however, and may be subjectto government regulations.

The last possibility is simply to educatestudents through outreach programs. These programswould specifically target students who usemulti-user programs, such as Linux, and informthem about possible security attacks. Eliotresidents were quick to praise theadministration's response to the problem.

"I'm just glad that they caught it quickly.Changing your password it is a lot better thanhaving someone use your account maliciously," saidGabrielle B. Dreyfus '01