Hundreds of Windows computers at Cornell are attacked by hackers
By Bill Steele
A nationwide hacker attack on computers running Windows 95 and Windows NT operating systems struck computers on campus last week. Andrea Beesing, manager of the university's Network Operations Center, estimated that several hundred computers were affected.
"These attacks will crash the machine, either with an error message or a blank screen," Beesing said in a bulletin to campus network administrators. "The immediate solution is to reboot the system."
The most widespread attack occurred between 8:30 and 10 p.m. Monday, March 2, Beesing said.
According to Tom Young, an assistant director in Cornell's Academic Technology Services who is responsible for desktop systems, the campus community was largely unaware of the attack. Most users probably thought they had experienced an ordinary crash, he said, and a number of people called to ask if there had been a power glitch on campus.
Nevertheless, Young emphasized, the university regards the event "as abusive and a threat to university resources." He said, "Anything that interferes with someone's computing resources should not be called a prank or a joke or an experiment."
"These attacks are obviously very time-consuming and disrupt the ability of students and faculty to get their work done," said Peter Siegel, director of Network and Computing Systems for Cornell Information Technologies, "but we have already identified the fixes and encourage the campus to apply them as soon as possible."
Similar attacks have occurred in recent days at about 25 universities, including Northwestern, Massachusetts Institute of Technology, Princeton, University of Minnesota and several University of California campuses, as well as at U.S. Navy and NASA sites. Apparently several different hackers are involved.
The attacks are of a type known as "denial of service," meaning that they make the computer unusable, rather than changing or destroying data. The recent incidents involved a variation on what computer experts call a "teardrop" attack, in which the hacker sends a large number of deformed packets of information to the computer. In trying to deal with what seem to be errors in the incoming data, the computer uses up more and more of its memory until it is overloaded and crashes. The new version apparently allows hackers to direct the attack to a large number of computers at the same time.
Because the tools are widely available to hackers, such attacks can be expected to continue, computer security experts say. However simple patches, or corrections, are available that will make computers using the Windows 95 and NT operating systems immune to this and several other types of attack. Cornell Information Technologies has constructed a web site with general information on forms of attack on Windows systems and preventive measures at http://www.cit.cornell.edu/security/windows/index.html.
Media Contact
Get Cornell news delivered right to your inbox.
Subscribe