Computer databases sometimes contain more treasures than a bank’s vault.
But it isn’t necessary to break down a door to get at them. As Eugene Stevanus
discovered, even if the doors are locked, an electronic tunnel may lead
straight to the crown jewels.
Stevanus installs computer networks for companies in Washington DC.
Many of these businesses work as consultants for the Pentagon, and their
security measures are strict. Visitors like Stevanus have to be escorted
everywhere, even to the lavatory, and files are kept under lock and key.
But at one company, no one thought to apply the same precautions to
the computer network. Stevanus found that the employees had set up one computer
with a modem connected to a telephone line. With a phone call, they could
connect their personal computers at home to the office network. No password
was required, and software on the computer linked to the telephone line
allowed anyone calling in to read, delete or change data or software on
the entire computer network.
Advertisement
Such simple vulnerabilities are common, and the reason is that people
who use computers generally don’t worry about security, says Jeff Schiller,
who looks after a network of computers called Project Athena at the Massachusetts
Insititute of Technology (MIT).
A report on computer security that the National Academy of Sciences
released last month was blunt about the problem. ‘We are at risk,’ read
the opening sentence. According to the report, the US has been ‘remarkably
lucky’ with its computer networks, but ‘there is reason to believe that
our luck will soon run out’. Technically proficient thieves or terrorists,
the report said, could subvert some of the country’s most critical computer
systems, such as those that control telecommunications, aviation and finance.
Computer systems, just like bank vaults, can be secured by a system
of locks, armour and logbooks. But in the case of computers, these devices
are embedded in lines of programming code. New computer systems and software
packages often come onto the market with gaping holes in their armour or
defective locks, but the weaknesses are generally discovered too late.
Passwords are a computer network’s first line of defence. To use the
network, people have to enter their name, then a secret password. The principle
is the same as that of a combination lock: an intruder is unlikely to enter
the right combination by chance.
The problem with passwords is what people do with them. Some put them
on scraps of paper on their computer terminals. Others use their own names,
or that of their partners, so that the password is easy to remember. Trying
out a few obvious passwords is probably the most common and successful technique
of breaking into a computer.
Computer hackers have found ways to deduce less obvious passwords as
well. On computers using the Unix operating system it is possible to read
the encoded versions of passwords. The code cannot be broken, but other
words can be encoded with the same encryption procedure to see if the result
matches any of the encoded passwords. There are now computer programs that
try this with each word in the dictionary. To frustrate this ‘dictionary
attack’, people are supposed to avoid using real words as passwords. Instead,
passwords could include numbers or random letters.
Security Dynamics, of Cambridge, Massachusetts, sells a system that
changes the password for a computer account each minute. The user carries
a ‘smart card’ that displays the constantly changing password, which is
a set of numbers. In the future, computers may grant access on the basis
of truly recognising someone, much like a sentry peering through a peephole
at someone knocking at the door. Computers would be able to recognise the
fingerprints, faces or voices of authorised users.
Breaking the password lock and coming in by the front door is one way
to break into a computer. But bugs in software can create unlocked back
doors no one knows about.
Some of these weaknesses can be amazingly subtle. Early versions of
Unix, for instance, allowed people to enter an unlimited number of characters
for passwords, storing them all in its memory. If a person entered a long
enough string of characters in the attempt to hit on the right sequence
for a password, the computer would write over the real password stored there,
replacing it with the characters being entered from the keyboard. In effect,
one could create a new password in memory, then use it to log on to the
machine. ‘Who would think that such a trick would work?’ says Schiller.
Unix also allows people to log on to a computer as ‘Anonymous’ without
using a password, in order to retrieve specific files that have been placed
there for public distribution. This is a convenient way to send documents
over the network to anyone who wants them. But until a few years ago, the
software allowed someone to log on first as ‘Anonymous’ and then as ‘Root’,
the system administrator. The confused computer was not programmed to ask
for a password in this circumstance, giving the intruder the freedom to
roam at will through the computer’s software.
These bugs could be fixed quickly, says Schiller, because programmers
had access to the original program – the source code – for Unix. But source
code for most commercial software is kept secret by the companies that sell
the programs. ‘Nowadays, if I buy a Sun workstation, I don’t have source
code. There can be a security hole in one of those programs and I am powerless
to do anything about it,’ says Schiller. ‘I can call up Sun, and maybe they
have a patch. But maybe they won’t be able to fix it for a year.’
In the public’s imagination, computer crime has become linked with ‘hackers’,
who try to break into other people’s computers. In reality, most serious
computer fraud probably originates with authorised users who abuse their
privileges. The most sensitive computers are not linked to the outside world;
to get a terminal with access to military secrets, you generally have to
be inside a military installation.
The ‘insider threat’ is not new. Business and governments have always
worried about employees stealing money or selling secret documents. But
computers allow them to do it more easily, and more anonymously. Documents
can be sent in an instant to a remote electronic address, and material that
on paper would fill several thick files can be put onto a single disc and
pocketed.
Audit trails are the key to tracking down those responsible for such
damage. Computers can maintain a record of all transactions and who carried
them out, much as a flight recorded on an aircraft monitors a pilot’s decisions.
These records themselves, of course, must be safe from attack.
Most security measures make computers less convenient to use, and computer
users hate to be bothered with them. Schiller says that giving smart cards
to each user on his network would cost at least $250,000 and ‘that’s a quarter
of a million dollars I don’t happen to have’. Encrypting data, building
security barriers around different classes of files and monitoring who has
access to them can slow down or even frustrate a legitimate user of the
system.
In addition, academics treasure the free exchange of data, and generally
clash with security experts who are obsessed with secrecy and ‘act like
the town cop’, says Schiller. One of the proudest achievements of MIT’s,
computer-science department was the design, in the late 1970s, of a new
operating system called ITS that achieved the exact opposite of security:
free access by all users to the system’s data and software.
Schiller occupies the middle ground in this conflict. Unlike most security
experts, he has no access to classified information, and does not work for
the government. Dressed in jeans, trainers and a T-shirt printed with the
words ‘MIT Network Police’, he reigns cheerfully amid the chaos of stacked
books, bicycles, loose papers and stray filters for his office’s air conditioner.
If a student wants security, he says, the system should provide it, but
MIT is not going to force students to protect their own files.
Schiller receives angry mail almost every day from people who have discovered
someone at MIT trying to invade their computers. They sometimes demand that
Schiller cut the links between MIT’s computers and those of the Free Software
Foundation, a band of programmers led by Richard Stallman (see ‘A crusade
for free software’, ¿ìè¶ÌÊÓÆµs, 29 September 1990). Stallman, one of
the original designers of ITS, firmly believes that computer systems should
be run on the basis of trust and openness. But he has been accused of allowing
renegade hackers free access to his computers, from which they carry out
attacks on other computers. Schiller’s answer to this is that it is the
job of computer managers to close the loopholes in their own computer systems.
* * *
Security scheme with something to hide
The National Security Agency, a shadowy part of the US government that
intercepts electronic messages around the world, may be blocking use of
a superior method for encrypting data. Or it may be protecting businesses
in the US by discouraging them from using a poor method. Unfortunately,
no one can be sure which is true, and the NSA is not saying.
The NSA is refusing to certify the newly developed RSA encryption system
as a national standard. The RSA system uses a procedure called public key
encryption which seems to offer profound advantages over existing systems.
If RSA were certified, it would become widely used as a central element
in procedures to keep electroic data secret.
The RSA system is based on a mathematical relationship between a pair
of numbers, each 155 digits long. The two numbers are generated together.
One of the numbers is used as the key to encrypt a message, the other to
decrypt it.
If two people want to exchange secret data, they both generate a pair
of these numbers. Each person keeps one of the numbers, called the private
key, and sends the other one to his or her partner. The second number, because
it is not kept secret, it called the public key. Each person uses the public
key for encryption, and the private key for decryption.
A crucial advantage of RSA is that the private keys, used to decrypt
messages, are truly secret, for they do not have to be transmitted or shared
with anyone. Under existing systems, encryption and decryption are done
with the same key and both sides must have this key before any messages
can be sent. If the key is lost or stolen, all the messages encrypted with
it can easily be decoded.
In addition, public key systems create a kind of signature that allows
someone receiving a message to identify who sent it. This minimises the
danger of bogus or forged messages. The sender encrypts the message first
with the public key sent by the other person, then the private key. Decoding
this message requires the receiver’s private key, which assures that the
message will remain secret. It also requires the public key distributed
by the other person which proves that the message was encoded with the sender’s
private key, which only the sender has access to.
The only problem with this method is that it is slow. Because of the
enormous numbers involved, it can take 4 seconds to encrypt data that would
take a standard encryption system only half a millisecond. Security experts
says that the RSA system is best used to send short, extremely sensitive
messages, such as the keys for standard encryption systems.
Breaking the RSA code requires the mathematical ability to factor a
number that is 155 digits long into two prime numbers. The best factoring
approaches that are currently known, using hundreds of computer workstations
working for weeks, are now able to factor numbers 70 or 80 digits long.
Because the time required increases exponentially as numbers increase in
size, factoring a number with 155 digits using current techniques would
take about a million years.
Last year, a team of researchers led by Mark Manasse at Digital Equipment
Research Laboratory factored a number 155 digits long after months of computation
carried out on more than 200 computers. It turned out, however, that the
researchers had chosen a special number, sometimes called a rarefied number,
that is easy to factor. For this reason, rarefied numbers are not supposed
to be used in an RSA code.
There are two possibilities for NSA’s attitude toward the RSA system,
says Jeff Schiller of MIT. The system may be so powerful that its widespread
use would prevent the NSA from carrying out its job of spying on foreign
countries. But the agency would not want people to know that. On the other
hand, if the RSA system is flawed because the NSA has found a remarkable
way to factor large numbers, the agency would want to keep it secret as
well. ‘But they won’t tell you,’ says Schiller. ‘It’s very frustrating.’