Roanoke Times
Copyright (c) 1995, Landmark Communications, Inc.
DATE: WEDNESDAY, February 9, 1994 TAG: 9402090078
SECTION: VIRGINIA PAGE: C3 EDITION: STATE
SOURCE: Associated Press
DATELINE: FAIRFAX LENGTH: Medium
In November, university officials learned someone was trying to get hold of Internet passwords through the school's computer system.
"It was reported to us that two individuals were suspected of trying to break into departmental computers. Because of the nature of the information involved, the FBI was called in," said Jerry Jenkins, director of computing at George Mason.
One person apparently tried to do the same thing at several campuses.
"We were able, working with other universities, to narrow it down to a possibility of a name, and we passed that on to the FBI," said Joe Hutchison, the school's chief computer engineer.
George Mason officials don't know if the suspect ever was charged, Hutchison said.
Internet passwords can give users access to such things as classified government information and private credit card numbers in violation of federal law.
Two small computer systems at George Mason were found to harbor programs used to illegally collect passwords, Hutchison said.
Over several days, the computers were scrubbed clean of the "sniffer" programs, he said.
After the George Mason incident, the FBI reportedly widened its investigation as other Internet users reported a pattern of security breaches. The FBI would not confirm that an investigation is under way.
Investigators reportedly found dozens of Internet computers were illicitly loaded with such programs, which surreptitiously collect passwords and deliver them to unknown parties outside the network.
Increasingly frequent computer break-ins led last week to stiff security recommendations from an Internet security watchdog group.
"This action was no longer an experiment on the part of somebody," said Dain Gary of the Computer Emergency Response Team. "Rather the technique had been copied and widely disseminated."
CERT, a federally funded security organization, offered new security software for computers deemed at special risk. The group also told Internet users who routinely transmit passwords over the network to assume the passwords are compromised.
Many illegal computer "hackers" are trying to collect passwords the way some people collect baseball cards, Hutchison said.
"It's an ego thing. It's `look at how smart I am, look what I can do.' "
Hutchison said relatively few of George Mason's 18,000 Internet users are affected by the CERT directive.
"We passed it on and we are urging anyone who needs to to follow them," Hutchison said.
The Internet was set up at the dawn of the computer age as a bulletin board for government and academic researchers. It has evolved into a giant, global information exchange with about 15 million users.
The network links individual computers with high-capacity data lines. Those links mean people can trade electronic mail, documents, pictures and sounds almost instantaneously.
Security clearances generally aren't required to use the Internet, but users must have an account with the network.
Memo: shorter version ran in the Metro edition.