Mystery attackers strike Linux supercomputers

• Tags:
• Server,
• Stanford,
• Compromise,
• Attack

Published: 14 Apr 2004 09:05 BST

• 
• 
• 
• 
• 

Unknown attackers have compromised a large number of Linux and Solaris machines in high-speed computing networks at Stanford University and other academic research facilities, according to a university advisory.

The attacks, which apparently compromised servers as recently as 3 April, are currently being investigated, according to an advisory posted on 6 April by the Information Technology Systems and Services group at Stanford.

"Stanford, along with a large number of research institutions and high-performance computing centres, has become a target for some sophisticated Linux and Solaris attacks," the ITSS said in its Web advisory. "The attacker appears to be deliberately targeting machines in academic and high-performance computing environments, rather than attacking systems indiscriminately."

Members of Stanford's security team declined to comment, and the university's chief information security officer could not immediately be reached.

It is unclear when the attacks first occurred, with an example of a compromised computer included in the advisory that occurred on 3 April. The unknown attackers use common password-cracking tools to gain access to any account on a server and then gain further access by using security flaws in the software.

"The perpetrators regularly gain access to an unprivileged local user account, presumably by sniffing passwords, cracking passwords from other compromised systems, or by triggering vulnerabilities in remotely accessible services," the Stanford advisory states.

Such local vulnerabilities, as they are called, have led to several compromises on the servers used to host Linux development and distribution in recent months.

• 
• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed