[Tired of typing? Then make CNN.com your homepage. Click Here.][advertising information] Click Here Click Here ------------------------------------------------------------------------ [CNNin] [COMPUTING] MAIN PAGE --------------------------------------------------------------------- WORLD How hackers cover their tracks U.S. LOCAL January 25, 1999 [graphic] POLITICS Web posted at: 6:39 p.m. EST (2339 GMT) From... WEATHER [InfoWorld] BUSINESS by Stuart McClure and Joel Scambray SPORTS (IDG) -- Ever wonder how hackers can spend so much time online and SCI-TEC[Image] rarely get caught? After all, everything they do on the Internet computing should be logged, right? Web hits, FTP sessions, Telnet connections, space newsgroup postings, burps, and coughs should all be traceable, ENTERTAINMENT right? Then how do they pillage and plunder with such ease? BOOKS In the good old days, compromising university or government accounts TRAVEL and using them to bounce around the Internet was widespread. Hackers FOOD still use these techniques, but they cover their tracks. Temporary HEALTH guest accounts, unrestricted proxy servers, buggy Wingate servers, and anonymous accounts can keep hackers carefree. STYLE IN-DEPTH Hackers can become invisible on the Internet by obtaining a test ---------------- account from an ISP. A hacker can call a small ISP, profess custom news interest, and open a guest account for a couple of weeks by giving false information. Then, using Telnet, the unwanted guest can Headline News connect to any other compromised account. brief daily almanac University computers are notorious for MORE COMPUTING CNN networks their easy accessibility to the public. INTELLIGENCE on-air Hackers can take advantage of the lack of transcripts monitoring to store the majority of their [IDG.net] IDG.net scripts and tools on the university system. home page news quiz And many universities give out free shell or Internet accounts to "students" InfoWorld home page CNN WEB supplying little more than a valid name and InfoWorld forums home SITES: student registration number. page [CNN Websites] From there they can exploit old Wingate InfoWorld Internet PATHFINDER servers that allow Telnet redirection by commerce section SITES: default. Discovered in early 1998, this bug Get Media Grok and permits unfettered Telnet access to anyone The Industry Standard on the Internet through a Wingate proxy Intelligencer delivered server. The bug has been fixed, but many for free MORE SERVICES: sites have not yet applied the fix. Reviews & in-depth Scanning a list of Wingate servers video on discovered at a popular hacker Web site, we info at IDG.net demand found at least five (out of 127) machines IDG.net's personal video archive still vulnerable to this bug. If you use news page audio on Wingate, be sure to download Version 3.0, demand which fixes this and other problems. Subscribe to IDG.net's free daily news email newsletter for IT services Anonymous surfing leaders free email Proxy servers let small organizations accounts protect their internal systems. But an Questions about computers? Let desktop improperly configured system can be IDG.net's editors help headlines vulnerable. Be sure to scan the external you pointcast interface of your proxy servers. Check for Search IDG.net in 12 pagenet open ports, especially ports 80 (unless you languages are Web publishing), 3128, 8080, and 10080. Out of 282 systems we scanned, more than News Radio DISCUSSION: one half (151) provide proxy services to message boards the world. All Internet users have to do is [*] Fusion audio chat change proxy settings in their Web browsers primers feedback to an available proxy server, and it's [*] Computerworld clear sailing. Minute SITE GUIDES: Some Web sites offer free anonymous Web help surfing, which is a boon for all of us contents privacy paranoids out there, but a nightmare for law enforcement. search Both CyberArmy and Anonymizer offer free, albeit slow, anonymous Web surfing. Connecting to a Web page through their free services will mask your identity. Connecting through Anonymizer's ISP you get the FASTER ACCESS: following identity: europe japan Connect from sol.infonex.com [209.75.196.2] (Mozilla /4.5 [en] (TuringOS; Turing Machine; 0.0))logged. WEB SERVICES: And from CyberArmy's redirector server you get this identity: [Image] [Image] Connect from s214-50.9natmp [216.22.214.50] (Mozilla/4.01 (compatible; NORAD National Defence Network))logged. [barnesandnoble.com] TuringOS and NORAD National Defence are spoofed origins that mask the originating system. [Image] Lucent also has a proxy server meant to protect your privacy. Like [Image] the others, the Lucent Personalized Web Assistant can make you [Image] anonymous by tunneling all of your Web traffic through its proxy server. The only difference with Lucent is you must provide your e-mail address to sign in. Anonymous service providers such as Anonymizer and Lucent have the right intentions -- protecting your privacy -- but like any umbrella they can be abused. Services such as these can be a hacker's dream. Anonymizer offers Internet security and privacy for corporate customers and individuals, and effectively makes them invisible. They don't store cookies, they block Java and JavaScript access, and they remove all identifier strings. To its credit, Anonymizer severely limits to whom they give shell accounts. But at $7 a month, anyone with a good story should be able to obtain one. They keep logs for 48 hours but don't record the source IP address. To guard against abuse, Anonymizer will shut down service to a particular Web site if abuse is reported. But with no source IP logging, it must shut down service to that site for all customers. Privacy cheerleading Don't get us wrong, we are the first to jump on the privacy bandwagon whenever it rolls by, but at what cost? Even if all of the software bugs contributing to anonymous connections are fixed, more and more ISPs will inevitably offer anonymous connectivity. How will you defend your site against the possible onslaught of phantom hack attempts? Will logged IP addresses quickly turn into ghosts offering little more than a place to begin? Let us know at security_watch@infoworld.com. Stuart McClure, a senior manager at Ernst & Young's Information Security Services, and InfoWorld Technology Analyst Joel Scambray have managed information security in academic, corporate, and government environments for the past nine years. Message Board: Latest Headlines * Internet: Hackers * Earthquake rocks western Colombia; Related stories: at least 407 dead * Pope wraps up * Congress considers easing Mexico trip, cryptography rules - January declaring 'I feel 21, 1999 Mexican!' * Security elite form SWAT * Major powers on teams to attack viruses - brink of Kosovo January 19, 1999 ultimatum * Expert confirms 'Russian New * Thousands of Year' danger - January 11, pilgrims await 1999 pontiff in Gateway * Trojan horse gathers user City data, e-mails it to China - * Tight-lipped January 8, 1999 senators emerge * RSA wants you to crack this from closed-door code - December 23, 1998 session * MCI WorldCom network virus * Sarah Delany, may be inside job - December co-author of 22, 1998 `Having Our Say,' * Workplace computer virus dead at 109 infections on the rise - * Privacy groups to September 15, 1998 announce boycott Related IDG.net stories: of Intel products * Falcons rookie Note: Pages will open in a new Dwight reaching browser window cult-hero status * UConn stops * You've been hacked! Now, Georgetown, what? (The Industry maintains perfect Standard) record * Recent Rootshell hack * DiMaggio saw reveals that ISPs may be the report of his weakest link (InfoWorld death on TV Electric) * Compaq's Alta * IBM unveils hack-proof Vista plan crypto (The Industry * White knight for Standard) Lucas? * DES code cracked in record * Bourses open in time (Network World Fusion) positive mood Free registration required to view this site. * RSA show to highlight raft Today on CNN of security products (InfoWorld Electric) * Security Corner: Everything you ever wanted to know about hacks (InfoWorld Electric) * Security Watch: People are still hacking (InfoWorld Electric) * Want to prevent break-ins? Just ask a hacker (Computerworld) Related sites: * Wingate * CyberArmy * Anonymizer * The Lucent Personalized Web Assistant External sites are not endorsed by CNN Interactive. Search CNN by [Infoseek] Enter keyword(s) go help ------------------------------------------------------------------------ Click Here Back to the top © 1999 Cable News Network. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines.