Universities easy hacker targets, professor says

Dustin Mcdonough

Many of the most popular Web sites on the Internet have been experiencing problems from computer hackers recently, and ISU experts said a similar strike could be launched from campus or directed at the ISU Web site.

The problem, known as “distributed denial of service” (DOS), has affected several high-traffic Web sites, including Yahoo!, CNN.com, Amazon.com and eBay.

Doug Jacobson, associate professor of electrical and computer engineering, said the attack began when an unknown hacker or group of hackers installed a tool known as “tribe flood” onto a number of computers around the world.

The unknown party then sent a command from one station that told the other remote computers to begin flooding certain Web sites with packages of data that, in effect, have no return address.

“The goal is to take the Web site’s machine off-line and overwhelm it so no one else could use it,” Jacobson said.

DOS attacks have happened before, he noted, but they usually come from one computer and do not have a significant effect on the Web sites they target.

“The difference is that this attack has come from a large number of computers,” he said, “and there’s no good solution for it.”

One problem with DOS attacks is that they look like normal traffic, only there is much more of it than usual, making them hard to identify, Jacobson said.

“The hackers look for sites that are easy to break into and have high rates of use,” he said. Jacobson said because of that, the most popular Web sites are also the most vulnerable to a DOS attack.

Jacobson also said hackers like to launch the DOS attacks from locations with large amounts of computer equipment and relatively low network security, such as universities.

“Universities are a good place to launch these types of attacks from,” he said.

Already, a computer at the University of California at Santa Barbara has been identified as one of the machines used by the hacker or hackers to launch the recent DOS attacks.

Jacobson said the computer at UCSB might not have been used in the attack if the university had better security for its computer systems.

Unless certain measures are taken, a similar attack could be launched by anybody from Iowa State or any other university or similar network, Jacobson said.

“There’s so much equipment on campuses, and it’s run by all different kinds of people,” he said. “Not every computer on campus uses the same security measures. A student or anybody else could launch one of these attacks.”

Mike Bowman, assistant director of the Computation Center, said Iowa State’s Web site is probably just as vulnerable to a DOS attack as the sites attacked recently.

“If somebody launched such an attack against Iowa State, we would probably have the same problems as the other Web sites are having now,” Bowman said. “Actions would have to be taken to block or filter the problems coming to out network.”

Jacobson said in order to prevent DOS attacks from happening in the future, networks will have to be monitored more closely to catch potential problems before they happen, a task easier said than done.

“It’s a difficult problem,” he said. “It’s going to take the entire Web community to solve it. People are going to have to be educated, or it probably won’t be the last time this happens.”