More about hackers and the publicity stunt-nice try CIA.
Sam:
In case you are interested.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[Source: The Economic Times-for private use only]
NEW DELHI 6 JUNE
THE MUCH publicised hacking of the computer network of the Bhabha Atomic Research Centre (BARC, www.barc.ernet.in) and the downloading of several electronic message files used a common-knowledge loophole in a mailer operating system called Sendmail.
The publicity stunt was probably to further upstage the US Central Intelligence Agency which had failed to predict the nuclear tests. The claim that the nuclear weaponmaker cannot protect a 'simple web server' is empty as the information put by BARC on the webserver was in public domain and for free circulation. There was no need to hack for that information.
A single e-mail message from the five megabytes downloaded was passed to the Internet newsagency 'Newsbytes', which showed it to scientists from the University of Tokyo's Institute for Nuclear Studies, who said it had nothing to do with weapons but was advanced nuclear physics.
There was no critical data that was wiped out from the BARC computer server simply because the Centre physically isolates sensitive data from the web and e-mail server which are prone to such attacks, says Dr Dekne, senior computer scientist at the Centre.
Formulaes and cascading mathematical equations are usual in e-mails among nuclear scientists. However, the Centre does have a code of conduct for its employees governing what they can send by email and what they cannot. Less than one per cent of the people in BARC have designated e-mails and the few users are governed by code of conduct.
Usually, an organisation that puts information on a web server raises a ''firewall'', a software screen that allows only qualified users to enter the internal network. While the firewall uses various ways of challenging a user attempting to enter, its strength depends on what it is trying to protect. It has to be broken through first before breaking through the Sendmail.
As this is well known, only a bad network planner will place sensitive data on that route. ''But we are no fools. We have several levels of isolation before reaching our internal network. Even then, sensitive information is physically nor placed on the computer,'' says Dekne.
BARC is served by the country's first Internet service provider, the Education and Research Network (www.doe.ernet.in). Ernet director Dr S Ramakrishnan says the loophole in the Sendmail program is also true. ''We have been poached into in the past too through the same route. There is a worldwide effort to stregthen the familiar Sendmail.''
While the hacker's attack has been confirmed by BARC's reaction in the press and the breaking into a homepage is not critical, the incident does leave doubts about the firewall of the Centre's email server, however, non-critical. ''In any case, if this case raises awareness within the country about the importance of security measures in cyberspace, it would have done a ton of good,'' says Dr Ramakrishnan.
Such security breaches are not uncommon in advanced countries including the US. MILNET (military network) has been broken into regularly. The Cuckcoo's Egg is a well known book on this. Breakins through Sendmail are monitored by the Carnegie Mellon Univeristy's Computer Emergency Response Team (CERT, www.cert.org). It issues a bulletin to warn computer system administrators of security loopwholes in operating systems and implementation of various systems and programs. The centre was set up after the Great Internet Meltdown in 1989 because of security breach.
|
