>From Lan Times, 08 Feb 1993 TIPS FOR TRACKING HACKERS Hackers will make mistakes or leave traces in four areas: 1. Inbound- While attempting to break into a network through a private branch exxchange (PBX) hackers will give themselves away by using "war dialers" (PC Programs designed to break password codes and search for possible 800 numbers). War dialers leave behind a large number of incorrect user ID/password pairings. 2. Outbound- On the way out of a system, hackers will give themselves away by using phantom extensions, rarely used access codes, and/or rarely used equal access codes. 3. Greed- When hackers are really good, they will leave no traces except for greed. These hackers are revealed through usage patterns that deviate from normal business habits. 4. System Changes- The most potential damage exists when the system's programming is changed to facilitate hacking. Any picking at pass- words for the PBX/computer maintenance port or unauthorized use should be tracked and acted upon immediately. This is where LAN and telecom managers need to work as a team. HACKING: NOT JUST A 'PHONE PROBLEM' U.S. losses for '92 are estimated at $500 million to $6 billion American businesses are well aware of hackers on computer networks and the millions of dollars in damage they cause. Until recently, illicit network access was limited mostly to employees' personal use (or misuse) of network resources. Managers learned they could cut abuse by using passwords, access codes, and reporting systems to uncover expensive WAN access. Those simple days, however, are gone. External abuse is mushrooming. With the increased sophistication of telecom privates branch exchanges (PBXes) and the arrival of voice/ data integration, hackers have found easy access to corporate networks. Know thy enemy. It often happens in the middle of the night or over the weekend. Hackers use computers with auto-dialing modems to break security passwords and gain access to your network through the phone system. Once in, they can steal data, crash your system, or use or resell your wide area services-leaving your company with the bill. Hackers use various methods to access LANs. One method is through the direct-inward, system-access feature on some PBXes. By using a computer to break password codes, hackers can obtain entry in just minutes. Unfortunately, some companies make this process ridiculously simple for thieves by failing to take advantage of even minimal security features, such as password protection. Another method used to gain access is through remote diagnostic numbers used for telecom or computer administration. Sophisticated systems have features that allow service personnel to remotely diagnose problems. Unfortunately, this same capability can also let hackers in. Let's look at a hypothetical, but very possible, situation. Suppose hackers intensely attacked a network for 48 hours and accessed expensive destinations, such as Pakistan. If each session lasted about three minutes, the total hacking exposure would be $15,000 per trunk, or $1,500 per line. If you had 250 nodes, or lines, in one location, you could be hit for $375,000 in one weekend. Here's another example: Imagine coming to work on Monday and discovering that the modem pool is locked up, showing a continuous, 72-hour connection. Without talking to the telecom manager, you believe the incident is a data hack that was interrupted by LAN security or simply a hung trunk, so you do nothing. Yet, it turns out to be a voice hack through the modem pool that lasted all weekend. Cost to your company? About $60,000, which you discover when the phone bill arrives two weeks later. The lesson: Data an dvoice are integrated. Work with the telecom people in your organization to defend against hackers. Experts extimate the total 1992 U.S. losses caused by hackers range from $500 million to $6 billion. Additionally, long-distance carriers insist on payment for th efraudulent wide area access. Chances are one in 18 that a PBX in the United States will be hacked, according to John Haugh, communications fraud expert and author of "Toll Fraud and Telabuse." Keeping hackers out. The possibilities seem endless for hackers. They attack modem pools, bridges, telecommuting facilities, a carrier's software-defined network connections, and a PBX's equal access code programming. Todeal with the ever-increasing inventiveness of hackers, users need the ability to stop, as well as track, them. Reasons for tracking are not obvious, but they are still important: LAN and telecom managers need to prove to their entire companies the extent of the hacking problem. Hackers share information via publications, electronic bulletin boards, and catalog services. System users and maintenance providers are not offering the same amount of defensive information exchange. Prosecuting hackers has been limited by a number of factors, including lack of evidence. Hackers have moved across the network environment, looking for new ways to hack th esystem. Tracking helps predict where hackers might make their next move. Hacking is an enormous, expensive problem for computer systems managers. To defend your organizatin, you need a solution that stops and tracks hackers, yet doesn't interfere with legitimate users or maintenance of the system. -/Vuarnet International/- 617/527.oo91 24oo-16.8k HST/V32bis