Security Scene Errata


http://spyglass1.sjmercury.com/breaking/docs/043153.htm
Posted at 9:58 a.m. PDT Thursday,
August 13, 1998

Thousands of passwords accessed by cyber prowler

BERKELEY, Calif. (AP) -- Using an Internet program called ``John the
Ripper,'' a hacker has broken into computer accounts at universities and
companies around the world to steal encrypted passwords. 

'John The Ripper' does not help in breaking into a network.
It only cracks passwords obtained once the intruder or admin have access
to the system.

The FBI is investigating the case, in which 48,000 passwords were decoded
from a list of 186,000.  Authorities believe the hacker is operating from
somewhere in Europe because the first known case involved computers at
European universities. 

From there, the hacker reportedly broke into accounts at a Silicon Valley
company, an Internet service provider in Indiana, the University of
California at Berkeley, UCLA, the California Institute of Technology, the
Massachusetts Institute of Technology and Harvard University. 

``The technology he was using is not sophisticated, but what's interesting
here is the scope,'' said Doug Tygar, a computer expert at Carnegie Mellon
University who will join the UC Berkeley faculty this fall. 

``I'm impressed by his persistence to keep something running for that
long,'' Tygar told the San Francisco Chronicle in a story published today.
``The stamina to collect this number of passwords is pretty
awe-inspiring.''

The cyber intruder apparently did not seek out classified information or
break into government accounts, but trotted the globe electronically for
passwords in a quest for greater access. He or she gained access to the
Internet through Telenordia, an Internet service provider in Sweden, and
left a computer trail through England, Denmark and South Korea. 

The hacker was not detected until June 29, when a graduate student told UC
Berkeley officials his account had been broken into. 

Two other high-profile incidents have also renewed concerns about computer
security. In March, hackers attacked computer nationwide running Microsoft
network software at NASA, the Navy and colleges. Last month, two
Cloverdale teens pleaded guilty to hacking to U.S. government computers.