When students couldn't access their Oberlin accounts and were unable to pass the time surfing web pages, it wasn't because of mundane maintenance or problems with their own computers. What had really occurred had much more sensational origins.
On Saturday, October 16, someone gained unauthorized access to OCCS, the Computer Science department's main Unix server. The unidentified hacker obtained the password of an unspecified Oberlin alumnus which was then used to enter the network and look around the system.
Although the break-in occurred in the OCCS server, visiting Assistant Professor and Systems Administrator for the Computer Science Department Stephen Wong said the College's entire network could have been taken down had the individual simply possessed the proper knowledge and the inclination to do serious damage. He explained that any computer system is penetrable if someone understands it and wants to break in. However, in spite of the fact that the individual did not gain access to the entire system, damage still occurred.
Although the hacker's intentions are not completely clear, after gaining access to OCCS, this person's actions had ramifications both locally and nationally. "It seemed that he/she was trying to break into another system outside of Oberlin College by using OCCS as a launching point," said Wong. After breaking into OCCS, the hacker ran a program which sent an extremely large amount of data across the Internet to the remote system. This created so much electronic traffic between Oberlin College and the hacker's target system, an electronic traffic-jam occurred.
During the first few days of fall break, students experienced frustration trying to check their email both from on campus and remote computers, as well as attempting to surf the web from on campus. They received either extremely slow or no responses because their data could not get past the flood of data being sent by the hacker.
Although fairly rare, break-ins are unavoidable and happen approximately once every two years at Oberlin, but this is by no means an inflexible interval. Just last year the CS department's Linux system was broken into. Whenever something like this occurs, new protective measures are examined to prevent re-occurrences. "Steps are being taken to tighten security on OCCS," said Computer Science Director Christian Koch.
Unfortunately, there is no completely impenetrable security system. Wong explained that security measures can be increased to certain levels, but he said, "No matter what, no computer system is 100 percent secure."
"We don't actually know how the hacker got into the system," he said. The owner of the account could have given out the password to an unauthorized user, or the account could have been hacked into somehow and the password stolen. A popular way to get into systems is to break into someone's account at one institution, and then follow its trail to another location. For example, if the account was hacked into at the an out of state school where the alumnus is now located, or if the password was given to the individual responsible for the break-in, then nothing could have been done as far as prevention is concerned.
"To get someone's password is unfortunately very easy for many hackers," he said. A common tool used by hackers is what he termed a "packet-sniffer." A packet-sniffer can monitor the information moving through a computer network, and then capture unencrypted passwords. With those passwords, the hacker can have access to accounts and can only be kept out if the password is changed. Consequently, if they are using the same password that the legitimate users of the account use, the presence of hackers cannot be determined unless they have done damage. The only possible signs are increased traffic on the network and mysterious files in accounts. However, hackers often take steps to mask their presence as they infiltrate a system.
Soon after the break-in was discovered, the entire computer staff was in the labs and working to get the system back on line. Wong was involved in disconnecting OCCS from the network to kill the malicious program. Although they could not be reached for comment, much of the staff from the Center for Information Technology spent their weekend dealing with the overloaded systems. Their systems actually handle the College's email resources, and those resources was unavailable due to the overload.
"I think it would be said that many, many thanks go out to Shon Martin for all his help with OCCS and Ken Ervin and the rest of the CIT staff for all their heroic efforts to get Oberlin back on-line. There were a lot of people that went above and beyond the call of duty that weekend." Wong said.
Compounding the department's problems, Exciton, the Windows NT server which is used by Computer Science students for their class-work, crashed in the middle of break due to some software incompatibilities. The server was only running because of a fluke in the software's design. "We walked right through this loophole without realizing it," Wong said. Apparently, the software didn't recognize that incompatible versions were being installed together, a problem which wasn't documented, and consequently there was no way he or any other individual in the department could have known about the problem beforehand.
The department cannot fully recover from this problem until they receive replacement software from Microsoft to fix the problem New passwords have been given to all students, and 99 percent of the system is up in terms of their use.
One of the reasons recovery from both the crash as well as the hacking was problematic was that the department did not have the proper backup systems. The department had been promised these systems, but they were caught up in bureaucratic red tape. Since these occurrences they have received assurances that they will be supplied
Wong said, "[These Events] were at some level unavoidable. Servers get broken into and they crash. It's a fact of CS life, it's not a fun fact, but it's a fact."
"Thank goodness it happened during Fall Break," he added.
In other Computer Science news, although not as many applications had been received as had been hoped, offers will very shortly be made to those who were selected for the positions for student assistants in the departments two labs. Wong said the level of knowledge necessary to deal with the break-in and the server crash would exceed that of students and therefore the lack of these assistants.
Copyright © 1999, The Oberlin Review.
Volume 128, Number 7, October 29, 1999
Contact us with your comments and suggestions.