article

Free access

Stalking the wily hacker

Author:

Clifford StollAuthors Info & Claims

Communications of the ACM, Volume 31, Issue 5

Pages 484 - 497

https://doi.org/10.1145/42411.42412

Published: 01 May 1988 Publication History

PDF eReader

Abstract

An astronomer-turned-sleuth traces a German trespasser on our military networks, who slipped through operating system security holes and browsed through sensitive databases. Was it espionage?

References

[1]

ACM. ACM code of professional conduct. Bylaw 19, Cannon 1-5, ACM, New York.

Google Scholar

[2]

Beals, E., Busing, D., Graves, W., and Stoll, C. Improving VMS security: Overlooked ways to tighten your system. In Session Notes, DECUS Fall Meeting(Anaheim, Calif., Dec. 7-11). Digital Equipment User's Society, Boston, Mass., 1987.

Google Scholar

[3]

Bednarek, M. Re: Important notice {distrust software from people breaking into computers}. Internet Info-Vax Conference (Aug. 4). 1987.

Google Scholar

[4]

Boing, W., and Kirchberg, B. L'utilisation de syslemes experts dans l'audit informatique. In Congress Programme, Securicom 88, 6th World Congress on Computer Security (Paris, France, Mar. 17). 1988.

Google Scholar

[5]

Brand, S., and Makey, J. Dept. of Defense password management guideline. CSC-STD-002-85, NCSC, Ft. Meade, Md., Apr. 1985.

Google Scholar

[6]

California State Legislature. Computer crime law. California Penal Code S. 502, 1986 (revised 1987).

Google Scholar

[7]

Carpenter, B. Malicious hackers. CERN Comput. Newsl. ser. 185 (Sept. 1986), 4.

Google Scholar

[8]

Clark, D., and Wilson, D. A comparison of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif., Apr. 27-29}. IEEE Press, New York, 1987, pp. 184-194.

Crossref

Google Scholar

[9]

Denning, D. Cryptography and Data Security. Addison-Wesley, Reading, Mass., 1982.

Digital Library

Google Scholar

[10]

Digital Equipment Corporation. Guide to VAX/VMS system security. AA-Y510A-TE, DEC, July 1985.

Google Scholar

[11]

Dilworth, D. "Sensitive but unclassified" information: The controversy. Bull. Am. Soc. Inf. Sci. 13 (Apr. 1987).

Google Scholar

[12]

D'Ippolito, R.S. AT&T computers penetrated. Internet Risks Forum 5, 41 (Sept. 30, 1987).

Google Scholar

[13]

Grampp, F.T., and Morris, R.H. Unix operating system security. AT&T Bell Laboratories Tech. J. 63, 8 (Oct. 1984), pt. 2, 1649-1672.

Google Scholar

[14]

Hartman, W. The privacy dilemma. Paper presented al the "International Conference on Computers and Law" (Santa Mor. ica, Calif., Feb.). 1988. Available from Erasamus Universiteit, Rotterdam.

Google Scholar

[15]

IEEE. The best techniques for computer security. Computer 16, 7 (Jan. I983), 86.

Google Scholar

[16]

IEEE. Computer 16, 7 (Jan. 1983).

Digital Library

Google Scholar

[17]

IEEE. Network 1, 2 (Apr. 1987).

Crossref

Google Scholar

[18]

Israel, H. Computer viruses: Myth or reality. In Proceedings of the lOth National Computer Security Conference (Baltimore, Md., Sept. 21- 24). 1987.

Google Scholar

[19]

Kneale, D. It takes a hacker. Wail Street }. (Nov. 3, 1987).

Google Scholar

[20]

Landau, S. Zero knowledge and the Department of Defense. Not. Am. Math. Soc. 35, 1 (Jan. 1988), 5-12.

Google Scholar

[21]

Latham, D. Guidance and program direction applicable to the Defense Data Network. In DDN Protocol Handbook. NIC 50004, vol. 1. Defense Data Network, Washington, D.C., Dec. 1985, pp. 1-51.

Google Scholar

[22]

Lehmann, F. Computer break-ins. Commun. ACM 30, 7 (July 1987), 584-585.

Digital Library

Google Scholar

[23]

Markoff, J. Computer sleuths hunt a brilliant hacker. San Francisco Examiner (Oct. 3, 1986).

Google Scholar

[24]

McDonald, C. Computer security blunders. In Proceedings of the DOE lOth Computer Security Group Conference (Albuquerque, N.M., May 5- 7). Dept. of Energy, Washington, D.C., 1987, pp. 35-46.

Google Scholar

[25]

Metz, S.J. Computer break-ins. Commun. ACM 30, 7 (July 1987), 584.

Google Scholar

[26]

Morris, R.H., and Thompson, K. Password security: A case history. In Unix Programmer's Manual. AT&T Bell Laboratories, 1984, sec. 2.

Google Scholar

[27]

Morshedian, D. How to fight password pirates. Computer 19, 1 (Jan. 1986).

Digital Library

Google Scholar

[28]

National Computer Security Center. CSC-STD-O04-85. NCSC, Ft. Meade, Md., 1985.

Google Scholar

[29]

National Computer Security Center. DoD trusted computer system evaluation criteria. CSC-STD-001-83. NCSC, Ft. Meade, Md., 1983.

Google Scholar

[30]

National Computer Security Center. Guidance for applying the Orange Book. CSC-STD-003-85, NCSC. Ft. Meade, Md., 1985.

Google Scholar

[31]

National Computer Security Center. Trusted network interpretation of the trusted computer system evaluation criteria. DoD 5200.28- STD, NCSC. Ft. Meade, Md., 1987.

Google Scholar

[32]

Office of Technology Assessment, U.S. Congress. Defending secrets, sharing data: New locks and keys for electronic information. OTA- CIT-310, U.S. Government Printing Office, Washington, D.C., Oct. 1987.

Google Scholar

[33]

Omond, G. Important notice {on widespread attacks into VMS sys-

Google Scholar

[34]

Poindexter, J. National security decision directive. NSDD-145, National Security Council, Washington, D.C., Sept. 17, 1984.

Google Scholar

[35]

Proceedings of the Intrusion Detection Expert Systems Conference (Nov. 17). 1987.

Google Scholar

[36]

Reid, B. Reflections on some recent widespread computer breakins. Commun. ACM 30, 2 (Feb. 1987). 103-105.

Digital Library

Google Scholar

[37]

Schmemann, S. West German computer hobbyists rummaged NASA's files. New York Times (Sept. 16~ 19871.

Google Scholar

[38]

Slind-Flor, V. Hackers access tough new penalties. The Recorder Bay Area Legal Newsp. (Jan. 6, 1988).

Google Scholar

[39]

Smith, K. Unix Rev. 6, 2 (Feb. 1988}.

Google Scholar

[40]

Stallman, R. Gnu-Emacs Text Editor Source Code.

Google Scholar

[41]

Stevens, D. Who goes there? A dialog of questions and answers about benign hacking. In Proceedings of the Computer Measurement Group (Dec.). Computer Measurement Group, 1987.

Google Scholar

[42]

Stoll, C. What do you feed a Trojan horse? In Proceedings of the lOth National Computer Security Conference (Baltimore, Md., Sept. 21-24). 1987.

Google Scholar

[43]

Stoll, C. How secure are computers in the US? In Proceedings of the 11th National Computer Security Conference (Baltimore, Md., Oct. 17). To be published.

Google Scholar

[44]

Thompson, K. Reflections on trusting trust. Commun. ACM 27, 8 (Aug. 1984), 761-763.

Digital Library

Google Scholar

[45]

Unix Review. 6, 2 (Feb. 1988).

Google Scholar

[46]

U.S. Congress. Exception to general prohibition on trap and trace device use. 18 U.S.C.A. 3121, secs. (b)(1) and (b)(3), U.S. Congress, Washington. D.C., 1986.

Google Scholar

[47]

U.S. Congress. The federal computer crime statute. 18 U.S.C.A. ~030, U.S. Congress, Washington, D.C., 1986.

Google Scholar

[48]

Whitten, I.H. Computer (in)security: Infiltrating open systems. Abacus(Summer 1987).

Digital Library

Google Scholar

[49]

Wood and Kochan. Unix System Security. Sams, Indianapolis, Ind., 1985.

Digital Library

Google Scholar

Cited By

View all

Timmer RLiebowitz DNepal SKanhere S(2024)Honeyfile Camouflage: Hiding Fake Files in Plain SightProceedings of the 3rd ACM Workshop on the Security Implications of Deepfakes and Cheapfakes10.1145/3660354.3660355(1-7)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3660354.3660355
Tsouvalas BNikiforakis N(2024)Knocking on Admin’s Door: Protecting Critical Web Applications with DeceptionDetection of Intrusions and Malware, and Vulnerability Assessment10.1007/978-3-031-64171-8_15(283-306)Online publication date: 9-Jul-2024
https://doi.org/10.1007/978-3-031-64171-8_15
Pijpker JMcCombie S(2023)A Ship Honeynet to Gather Cyber Threat Intelligence for the Maritime Sector2023 IEEE 48th Conference on Local Computer Networks (LCN)10.1109/LCN58197.2023.10223347(1-6)Online publication date: 2-Oct-2023
https://doi.org/10.1109/LCN58197.2023.10223347
Show More Cited By

Index Terms

Stalking the wily hacker

Recommendations

Defending against the wily surfer: web based attacks and defenses
ID'99: Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1

Intrusions are often viewed as catastrophic events which destroy systems, wreak havoc on data through corruption or substitution, yield access to closely guarded sensitive information, or provide a springboard for hackers to attack other systems.

Yet ...
The web application hacker's handbook: discovering and exploiting security flaws
Think Like a Hacker: A Sysadmin's Guide to Cybersecurity

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

Communications of the ACM Volume 31, Issue 5

May 1988

114 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/42411

Editor:
Peter J. Denning
NASA Ames Research Center, Moffitt Field, CA

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 1988

Published in CACM Volume 31, Issue 5

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

118
Total Citations
View Citations
7,094
Total Downloads

Downloads (Last 12 months)1,800
Downloads (Last 6 weeks)264

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Timmer RLiebowitz DNepal SKanhere S(2024)Honeyfile Camouflage: Hiding Fake Files in Plain SightProceedings of the 3rd ACM Workshop on the Security Implications of Deepfakes and Cheapfakes10.1145/3660354.3660355(1-7)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3660354.3660355
Tsouvalas BNikiforakis N(2024)Knocking on Admin’s Door: Protecting Critical Web Applications with DeceptionDetection of Intrusions and Malware, and Vulnerability Assessment10.1007/978-3-031-64171-8_15(283-306)Online publication date: 9-Jul-2024
https://doi.org/10.1007/978-3-031-64171-8_15
Pijpker JMcCombie S(2023)A Ship Honeynet to Gather Cyber Threat Intelligence for the Maritime Sector2023 IEEE 48th Conference on Local Computer Networks (LCN)10.1109/LCN58197.2023.10223347(1-6)Online publication date: 2-Oct-2023
https://doi.org/10.1109/LCN58197.2023.10223347
Lee M(2023)IntroductionCyber Threat Intelligence10.1002/9781119861775.ch1(1-30)Online publication date: 14-Apr-2023
https://doi.org/10.1002/9781119861775.ch1
Kern MSkopik FLandauer MWeippl EHong JBures MPark JCerny T(2022)Strategic selection of data sources for cyber attack detection in enterprise networksProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507022(1656-1665)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3507022
Bobbert YScheerder J(2022)Zero Trust Validation: from Practice to Theory : An empirical research project to improve Zero Trust implementations2022 IEEE 29th Annual Software Technology Conference (STC)10.1109/STC55697.2022.00021(93-104)Online publication date: Oct-2022
https://doi.org/10.1109/STC55697.2022.00021
Vijaya Saraswathi RIftequar Ahmed SSriveda Reddy MAkshay SVrushik Reddy MSanjana Reddy M(2022)An Improved Approach towards Network Security of an Organization2022 International Conference on Electronics and Renewable Systems (ICEARS)10.1109/ICEARS53579.2022.9751998(1-8)Online publication date: 16-Mar-2022
https://doi.org/10.1109/ICEARS53579.2022.9751998
Moore KChristopher CLiebowitz DNepal SSelvey R(2022)Modelling direct messaging networks with multiple recipients for cyber deception2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP53844.2022.00009(1-19)Online publication date: Jun-2022
https://doi.org/10.1109/EuroSP53844.2022.00009
Baroni PCerutti FFogli DGiacomin MGringoli FGuida GSullivan P(2021)Self-Aware Effective Identification and Response to Viral Cyber Threats2021 13th International Conference on Cyber Conflict (CyCon)10.23919/CyCon51939.2021.9468294(353-370)Online publication date: 25-May-2021
https://doi.org/10.23919/CyCon51939.2021.9468294
Spring JIllari P(2021)Review of Human Decision-making during Computer Security Incident AnalysisDigital Threats: Research and Practice10.1145/34277872:2(1-47)Online publication date: 20-Apr-2021
https://dl.acm.org/doi/10.1145/3427787
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Defending against the wily surfer: web based attacks and defenses

The web application hacker's handbook: discovering and exploiting security flaws

Think Like a Hacker: A Sysadmin's Guide to Cybersecurity

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations