oA the university daily kansan
news
friday, april 30, 2004
kansan.com the student perspective
It's Fab Friday
1420 Crescent Rd.
Jayhawk
Bookstore
843-3826
your source for art supplies - at the top of the hill
Now Dine-In • Carry-Out • Sidewalk Café
- The Art & Business of Entrepreneurship:
Hacking glossary:
Black Hat: A hacker who tries to destroy systems.
White Hat: A "Robin Hood" hacker who points out network weaknesses.
Additional Events:
Coffee & Conversation with the Artists
Panel discussion with Philip Glass, All-Stars Julia Wolfe,
filmmaker Kevin Willmort, and Lawrence business owner Chris Hepp Alderson Auditorium, 4th Level, Kansas Union. FREE
Friday, April 30, Noon-1:30 p.m.
Coffee & Conversation with the Artists
Immediately following the concert in the Lied Center's second floor lobby
Script Kiddie: A
Rootkit: A tool that allows hackers to break into systems
"wannabe" hacker who uses prefabricated code to break into systems.
CODE WAR: Despite recent security breaches, security technicians' work vital
CONTINUED FROM PAGE 1A
his intended major. He's worked for the department since graduating from the University of Kansas in 2000.
Joshua Noronha, a sophomore from Goa, India, is the student help. He said he joined the crew to add to his design and programming skills and gain real-world networking experience.
In their office, a 50-inch plasma screen shows codes that represent all of the suspicious activity that occurred on the network overnight. These three can recognize most of the codes by sight. Each morning they comb through the previous night's entries — about 1,200. Most of the numbers indicate a virus or a worm that is eating its way through e-mails. Once the crew finds an infection they unleash a program that destroys it. Other times they find the obvious tracks of what they call "script kiddies." These are people who use prefabricated code to break into computer systems. Tinsley compared the script kiddies' use of hacking programs to a boy who recites a Shakespearean sonnet to his girlfriend and then claims it as his own.
The plasma screen, a few feet from his office, represents a window into his world. It is a new world, as far as his department goes, a little more than two years old. Within it, Crawford, Tinsley and Noronha serve as consultants and detectives. They write code and programs. The crew takes each day as a new adventure with new difficulties. It's a world of firewalls, code and cyber forensics that, if everything works, is completely invisible.
Crawford particularly dislikes script kiddies. To him the kiddies, who are sharply derided in both the worlds of hacking and of network security, are pale shades of the better and bigger criminals.
"The truly skilled hackers we can't see," Crawford said. "It's them we have the hardest time finding.
An imperfect armor
For all their work, the defense isn't always perfect. They were the first line of defense last month when officials discovered a security breach at Watkins Health Center. No one knows yet if any information was actually removed, only that an unknown user was found on the server. Jeff Lanza, a special agent with the FBI, said the bureau was still investigating.
They were also there when a server containing personal files of international students was broken into during spring 2003. Lanza said this case was closed, and declined to comment further.
One step outside the world of Crawford, Tinsley and the University's network lies the general state of modern networking security.
Gary Minden, a professor in the School of Electrical Engineering and Computer Science specializes in networks.
"Protecting today's network requires a wide range of technologies." Minden said.
These included basic programs called "firewalls" that separate a local network from the Internet. Eventually just having firewalls wasn't enough.
"Some viruses can be detected and stopped at firewalls." Minden said. "Others must be stopped at the individual computer."
Another threat to network security comes from the simple errors written into programs.
"Programmers make mistakes, and, most often, don't consider all the devious ways someone will try to take advantage
CONTINUED ON PAGE7A
Hacking History
The evolution of network security has followed a twisted path of hacking heroes, films and local growing pains.
1986- Congress passes the Computer Fraud and Abuse Act.
1988- Famed hacker Kevin Mitnick is charged with electronically breaking into Digital Equipment Corp.
Neil Mulka/Kansas
1995- Angelina Jolie stars in the movie Hackers.
1998 Two Chinese hackers are sentenced to death after they are caught stealing 260,000 Yuan ($31,400) from a bank network.
2002- Chuck Crawford is hired as director of Information Technology Security.
2003- A hacker breaks into the personal files of KU international students.
2004- A security breach is found in the computer system of Watkins Health Center.
Sources:
www.cnn.
com,
Jason Tinsley, and
The
Kansan
archives