Hacker breaks into West College network

An unidentified computer hacker broke into the Colrain accounts of several residents of West College. The hacker had full access to the accounts since the beginning of Spring Break.

Suspicions of a hacker were first roused in residents of West College around the beginning of April. According to Brett Linck ’99, a West resident, the signs that he noticed of having been hacked included the identification of the most recent login from an off-campus source as well as strange and unfamiliar past commands at the Colrain prompt. Other West residents began to notice these strange attributes during the last week of Spring Break.

“Dan Suver ’99 had been hacked once already at that point,” said Linck. “I think I was the second person. It’s hard to tell. Unless you look, or notice where you’ve had your last ‘successful log-on’ from every time you go into Pine, you won’t know. If you use something like Pegasus or Eudora, you’ll never really know unless you take the time to check through Pine.”

Sarah Carr ’99 also recounted a similar course of events. “I first noticed that my account had been hacked in to during the second week of spring break. I e-mailed Scott Kaplan ’99, a Computer Center Consultant manager, and then talked to him about it when I returned to campus.”

“I first reported them to Jesup during the second week of spring break,” said Linck. “I had noticed that all kinds of weird stuff was happening in my account when I logged in from home.”

As a result of the concern that the West residents voiced, the problem was reported to student computer-support staff. Through these students, the computer professionals at Jesup were then contacted.

Jesup officials discovered that the residents of West had been hacked by an outside source, and that foreign files had been attached to their network accounts. As far as the students were made aware, the files contained programs that allowed the hacker to track the activities that the users performed on Colrain. Whenever a command was typed in Colrain, the hacker would be relayed the keystrokes, and could thus pick up on passwords, user names and any changed information.

According to Perry Hanson, Chief Technology Officer, the problems originated after an unknown person hacked into a student’s computer in West and acquired the student’s user name and password information. The hacker was able to gather similar information about other students as well through this account.

The cause of this problem stemmed from the lack of protection of the accounts. Over the past summer, during the renovation of West, new network gear was added and rewiring was performed. However, the installers failed to protect the ports, rendering them vulnerable to hackers.

“We made a mistake,” said Hanson, who realized that the oversight resulted in the exploitation of the students’ accounts. Hanson admitted to his responsibility of ensuring the security of the accounts, but was quick to assert that this was an isolated case, and that the College has many systems in place to protect student accounts.

He also pointed out that the staff at Jesup is perpetually busy installing new systems and improving old ones in an effort to inhibit these breeches in security. More recently, the department was busy over Spring Break filtering e-mail for the Melissa virus. To date, not a single case of the virus has been reported to the Jesup professionals.

Peter Charbonneau, a Network and Systems Administrator, provided a more detailed explanation of the problem. According to Charbonneau, breaking into the system is difficult. Security patches are regularly added in order to plug any “holes” in the network that may allow hackers to enter.

Charbonneau speculated two ways which the hacker may have acquired this information. The first was that a Williams student either gave this information or made it accessible to the hacker. Or, the second and more probable explanation, was that a foreign system hacked into a “hackable network,” one that was prone to being hacked.

A network becomes hackable when it is no longer is protected. In the case of the West residents, it seems that during renovation the port privacy option was not switched on. The 3Com network ports have this feature available in order to restrict access, via a computer on the network, from an outside source. Without this feature on, a hacker would be able to enter the network and retrieve the user names and passwords of other students’ in that segment of the network. Once this information has been obtained, the hacker has the power to enter the students Colrain accounts through the Internet, thus bypassing the need to go through a student’s computer, Charbonneau explained.

With access to a Colrain account, the hacker can perform all the functions that are available to the student user. This invasion of privacy allows the hacker to read the e-mail of the user, configure the account, or even upload files into the account like what occurred in the case of the West residents, he said.

According to Ashley Frost, a Networks and Systems administrator, the files that are put into the accounts are usually there in order to store information or to run programs. Frost claimed that hackers “don’t care about personal mail.”

Frost explained that the hacker only wanted to gain an extra layer towards their destination. The object of their attack is us, but as a means for achieving a greater end and not for personal reasons. Many hackers run programs from different sources so that they become harder to track after executing their objectives. The student accounts thus function as hosts.

The Jesup administrators were first made aware of the problem in early April and had the problem fixed by mid-April. The design of the network is such that it is composed of segments. These divisions of the system are usually defined by individual dorms or floor and are isolated from one another. All of the computers in West are on the same segment, so that potentially a hacker could connect to any computer in the dorm. Although this arraignment resulted in the extensive occurrences of hacking in West, it did prevent the hacker from breaking into accounts from the other parts of campus.

Last week a student reported a break-in, but it was determined that the student had changed his password before the protection was implemented when the hacker had a record of the change. No problems have been reported since the student changed his password for a second time.

Although for a while no more instances of hacking were reported, the students voiced their concern over the lack of action that the computer professionals displayed. The residents in West were most disturbed by how uninformed they were of the situation.

“They knew it was not secure, but they didn’t do anything,” said West resident Samantha Grant ’01. According to Grant, Jesup was being evasive. “Jesup should have contacted me, not the other way around,” she claimed.

Students at Williams are not exempt from being adversely affected. Hackers still have the opportunity to break into student accounts. When a Colrain account is accessed over the Internet, the signals sent to the servers at Williams are in clear ASCII text, meaning that they are not encrypted. Hackers can intercept your user name and password information with the use of sniffers, programs designed to do such a thing. The means of protecting ourselves are available; Secureshell, an encryption program on Colrain, allows for secure transactions, and the college offers anti-virus programs over the network.

But, perhaps the simplest method of prevention is regularly changing your password. Doing so will help decrease the possibility of someone breaking into your account.

Computer hacking can be roughly described as the unsolicited break-in of a foreign system into a host system, which the invader manipulates, or uses available resources to its own advantage.