|
|
October 26, 2004
My office the honeypot
Hey, here's a funny story from work.
I'm working on this project that lives on its own dedicated Linux server. It's a state-of-the-art setup; essentially, eight different computers, or "nodes", are hooked together to create one big number-crunching behemoth. The server has a gigabit Ethernet connection, so it's very fast. Our project lives on the server and uses its processing power to calculate underwater microphone data, in order to localize noise sources on sumarines.
But in the past week, I'd been having some big connectivity problems; I would connect to the big machine from my desk, only to have the connection inexplicably dropped every 10-15 minutes when I would try to do something. After a few days of this I got fed up and went to the company's network administrator to let him know about the problem. He pulled up the firewall data and found the problem: the server had been transmitting data to the outside Internet(s). Lots of data. Continuously. In fact, about a gigabyte's worth in about a day. There was so much traffic that it was even choking off my office connection. Ruh-oh! There was no reason for that to be happening; none of our work was Internet(s)-intensive. What was going on?
All of a sudden I'm Nancy Drew, and there's trouble down by Mystery Lake!
After some detective work, my fears were confirmed: it had been hacked. Somebody out there on the Internets had been repeatedly trying to break in all month by trying different common usernames and passwords, and had hit on a successful combination. Then, using the account access, they apparently began using the big server to launch denial of service attacks against various unknown targets.
The thing is, this is not an uncommon security problem, nor is it one that's difficult to guard against. If you make sure that everyone has a difficult-to-crack password, and keep the operating system well updated with all the latest security fixes, attacks like these are easy to fend off. Otherwise, people can gain access to your machine, and use that access to gain access to the super-powerful "root" account, which basically gives them run of the entire system.
So, if you're like my company, and you set the super-powerful "root" account's password to... wait for it... "Password" (ugh), and then put that server out on the Internets, you're pretty much asking for trouble. And we were hax0red. Big time.
It's hard to tell where the attackers are from, since captured machines from around the world can be used to do their dirty work. For all we know it was a bunch of Latvians trying to pull a shake-down, or perhaps Matthew Broderick (although, thankfully, my "Global Thermonuclear War" project appeared untouched). At any rate, we had to unplug the big server and will have to re-install the operating system to remove the offending installed programs.
The moral of the story: don't set your password to "Password." That's moronic.
James - 11:18 PMGood advice. In my group, "root" is the much preferred choice of password. None of our machines are on the Internet, so it's safe from the cracker perspective. Our problem is mainly clueless employees "tweaking" system settings and b0rking the entire system.
Brian D - Oct 27, 2004 - 7:14 AMOn the flip side, our tech guy just changed our admin password. It's like 15 characters long, and includes numbers, symbols, and both regular and capitalized letters. Why couldn't it just be "buttons" or "ashleesimpson4eva" or something?
Andrew F - Oct 27, 2004 - 8:13 AMIf it weren't for you meddling Furdells, my plan to hax0r and b0rk the entire universe would have succeeded!! Whatever the hell that means.
LiAps - Oct 27, 2004 - 8:33 AMHere's the real story behind the story:
James had the option of describing himself as Encylopedia Brown, either of the Hardy Boys, even Bert Bobbsey... but he chose Nancy Drew?!
I suppose it could've been weirder - he could have gone with Dick Grayson.
Big Pinz - Oct 27, 2004 - 11:18 AMI had "Hardy Boys" at first, but that doesn't make sense since there's only one of me. And I can't remember their first names. So, I decided to prove to the world that I'm confident enough in my sexuality to metaphorically compare myself to Nancy Drew. Huzzah!
James F - Oct 27, 2004 - 11:50 AMFair enough.
By the way, is "Super Password" an acceptable password? It would be just like a regular password, only more super.
Big Pinz - Oct 27, 2004 - 2:08 PMWierd. I just read this and my post today mentions global thermonuclear war as well. Sweetness.
Criminal masterminds and James and Pup shares the same mind. Brillant!
Pup - Oct 27, 2004 - 4:34 PMWhat's wrong with a Nancy Drew reference? I read the whole series as a kid, which may explain James' quick recall: it's genetic. Besides, there was one case entitled "The Secret of the Latvian Shake-down."
Mom - Oct 28, 2004 - 10:26 AM