>From Lan Times, 08 Feb 1993
TIPS FOR TRACKING HACKERS
     Hackers will make mistakes or leave traces in four areas:
1. Inbound- While attempting to break into a network through a
private branch exxchange (PBX) hackers will give themselves away
by using "war dialers" (PC Programs designed to break password
codes and search for possible 800 numbers).  War dialers leave
behind a large number of incorrect user ID/password pairings.
2. Outbound- On the way out of a system, hackers will give themselves
away by using phantom extensions, rarely used access codes, and/or
rarely used equal access codes.
3. Greed- When hackers are really good, they will leave no traces
except for greed.  These hackers are revealed through usage patterns
that deviate from normal business habits.
4. System Changes- The most potential damage exists when the system's
programming is changed to facilitate hacking.  Any picking at pass-
words for the PBX/computer maintenance port or unauthorized use should
be tracked and acted upon immediately.  This is where LAN and telecom
managers need to work as a team.
HACKING: NOT JUST A 'PHONE PROBLEM'
U.S. losses for '92 are estimated at $500 million to $6 billion
     American businesses are well aware of hackers on computer networks
and the millions of dollars in damage they cause.
     Until recently, illicit network access was limited mostly to
employees' personal use (or misuse) of network resources.  Managers
learned they could cut abuse by using passwords, access codes, and
reporting systems to uncover expensive WAN access.  Those simple days,
however, are gone.
     External abuse is mushrooming.  With the increased sophistication
of telecom privates branch exchanges (PBXes) and the arrival of voice/
data integration, hackers have found easy access to corporate networks.
     Know thy enemy.  It often happens in the middle of the night or
over the weekend.  Hackers use computers with auto-dialing modems to
break security passwords and gain access to your network through the
phone system.  Once in, they can steal data, crash your system, or use
or resell your wide area services-leaving your company with the bill.
     Hackers use various methods to access LANs.  One method is through
the direct-inward, system-access feature on some PBXes.  By using a
computer to break password codes, hackers can obtain entry in just
minutes.
     Unfortunately, some companies make this process ridiculously
simple for thieves by failing to take advantage of even minimal
security features, such as password protection.
     Another method used to gain access is through remote diagnostic
numbers used for telecom or computer administration.  Sophisticated
systems have features that allow service personnel to remotely diagnose
problems.  Unfortunately, this same capability can also let hackers in.
     Let's look at a hypothetical, but very possible, situation.
Suppose hackers intensely attacked a network for 48 hours and accessed
expensive destinations, such as Pakistan.  If each session lasted about
three minutes, the total hacking exposure would be $15,000 per trunk,
or $1,500 per line.  If you had 250 nodes, or lines, in one location,
you could be hit for $375,000 in one weekend.
     Here's another example:  Imagine coming to work on Monday and
discovering that the modem pool is locked up, showing a continuous,
72-hour connection.  Without talking to the telecom manager, you
believe the incident is a data hack that was interrupted by LAN
security or simply a hung trunk, so you do nothing.  Yet, it turns
out to be a voice hack through the modem pool that lasted all
weekend.  Cost to your company?  About $60,000, which you discover
when the phone bill arrives two weeks later.
     The lesson:  Data an dvoice are integrated.  Work with the telecom
people in your organization to defend against hackers.
     Experts extimate the total 1992 U.S. losses caused by hackers range
from $500 million to $6 billion.  Additionally, long-distance carriers
insist on payment for th efraudulent wide area access.
     Chances are one in 18 that a PBX in the United States will be
hacked, according to John Haugh, communications fraud expert and author
of "Toll Fraud and Telabuse."
     Keeping hackers out.  The possibilities seem endless for hackers.
They attack modem pools, bridges, telecommuting facilities, a carrier's
software-defined network connections, and a PBX's equal access code
programming.
     Todeal with the ever-increasing inventiveness of hackers, users
need the ability to stop, as well as track, them.  Reasons for
tracking are not obvious, but they are still important:
   LAN and telecom managers need to prove to their entire companies
the extent of the hacking problem.
   Hackers share information via publications, electronic bulletin
boards, and catalog services.  System users and maintenance providers
are not offering the same amount of defensive information exchange.
   Prosecuting hackers has been limited by a number of factors,
including lack of evidence.
   Hackers have moved across the network environment, looking for new
ways to hack th esystem.  Tracking helps predict where hackers might
make their next move.
     Hacking is an enormous, expensive problem for computer systems
managers.  To defend your organizatin, you need a solution that stops
and tracks hackers, yet doesn't interfere with legitimate users or
maintenance of the system.
-/Vuarnet International/-
      617/527.oo91
  24oo-16.8k HST/V32bis