I got a call from the network administrator at Pacific Blue Micro today. PBM is a client of mine, and apparently somebody with too much time on their hands decided to hack into one of their Silicon Graphics machines using my account.
They took advantage of a weakness in IRIX and gained access via a brute force type of attack. It would have gone unnoticed but for Super Eric, a former PBM employee and programmer extraordinaire. Eric noticed that I seemed to be logged in at 3 am, a rather odd time. He also noted that I was connecting from UU Net in Salt Lake City, not Deltanet in Orange County. Either I had moved to Mormon country or something was afoot.
So Eric did a “cd /usr/ronr” to see what was in my directory. Lo and behold, it was a C compiler, files for a network sniffer, and other Naughty Stuff. Clue #2.
At this point he decides to make an inquiry:
talk ronr Who are you?
What could have been a stimulating conversation was abrupty ended when Mormon Ron kicked Eric off the SGI. A lesser person might have just called it a night, but not Eric. Eric obtained the superuser password, logged back in and halted the machine.
Game. Set. Match.
You know that advice your mother is always giving you about changing your passwords frequently, choosing hard-to-guess passwords, and never ever using the same password on more than one system? Well I ignored… um… let’s see… yep, all of that advice. So the Mormon Hacker had all my important passwords, because they were all the same. Not good. I had them all changed in a big hurry, and now instead of a simple English word, each of them is a random mixture of numbers, punctuation, and upper/lowercase letters.
We’ll see how long I can keep that schtick up.
Even worse, if Eric hadn’t happened upon this guy (who already had root access on the SGI) when he did, the network sniffer he was about to install would have revealed the passwords of anyone who logged into the network.
But the story has a potentially happy ending. You see, logs are our friends. They tell us where people came from. Like this guy. He connected to Pac Blue from UU Net in Salt Lake City. And even though he was a dial-up user and we don’t know who he is, UU Net will be able to find out. Because they have logs telling them who was logged in to which POP at what time. So our Mormon Hacker is going to get a visit soon from someone with a badge and a gun.