L.A. Times Report of Hacker Into Harvard's System False, HASCS Says

Despite a report in the Los Angeles Times claiming that a California teen hacked into a master computer system at Harvard, the University's computer systems are safe and secure.

The article, published Wednesday, reports that a 16-year-old high school student in the San Fernando Valley hacked his way in to over 20 computer systems, including Pacific Bell's Internet server, from which he obtained passwords to 63,000 e-mail accounts.

Though the article claims that the teen accessed "a master computer system at Harvard University," Franklin M. Steen, director of Faculty of Arts and Sciences (FAS) computer services, said this is simply not true.

"Central systems were not broken into," Steen said.

However, after checking some past records, Steen confirmed that a FAS Academic departmental computer system was accessed in early December, though, for security reasons, he would not say which department.

But the California detective on the case revealed that the hacked server was at inertia.harvard.edu, a Web site that currently seems to be down.

The 'main server' rumor seems to have originated in the Times' reporting of the story.

According to Jeffrey Gettleman, the Los Angeles Times staff writer who wrote the story, his information came from Damian Frisby, a sheriff's detective from Eldorado County near Sacramento.

"The police may have overstated it, but I just went with what they gave me," Gettleman said.

Frisby, however, claims that he could not tell whether the server that was accessed was main or not. The FBI, he said, did that research.

As for the effect on the system, both Frisby and Steen agreed that there was almost none.

"It looks like all he did was use the server as storage," Frisby said. "He didn't appear to damage it."

Still, the hacking incident raises questions about who is responsible for the system's safety--and about its overall security.

Steen explained that Harvard Arts and Sciences Computer Services (HASCS) does not take responsibility for securing all individual department computer systems.

"There is no uniform management of security. Each department manages its own security," Steen said.

When there is a problem, however, "the experts" are called in. "They talk to us [HASCS] or University Information Services [UIS] when there is a problem," Steen said.

Departmental systems are not the only ones at risk. Students also have systems in their own rooms, which have been broken into in the past, and HASCS helped out in those instances.

The challenge is maintaining security without preventing access, Steen explained. Harvard does not have a 'firewall' protecting its system, a technology that would restrict any computers outside of the system, because this would harm the usefulness of the system. Most universities do not use firewalls for the same reason--to maximize access and usefulness.

Moreover, hackers often view firewalls as a challenge that they sometimes succeed in overcoming; methods for crossing firewalls are even available on the Internet.

For that reason, Harvard secures its network in different ways. Steen declined to detail these methods, though he did note that they are constantly changing.

"A cycle of new technology followed by new tricks by hackers necessitates constant monitoring of the system," he said. "Security is diligence and knowledge on part of HASCS." Thus, while there are continual attempts to break in, there are systems in place to stop it.

Harvard has not had any serious problems with break-ins on the central systems because of "protections in place," said Steen, who declined to go into detail for security reasons.

Departments or students with security concerns can e-mail security@fas.harvard.edu for help.

"Sometimes it's a symptom of bigger problems," Steen notes of these complaints, "but sometimes it's not a problem at all."