Student breaks Athena securityBy Timothy Huang,
Simson L. Garfinkel and
Several students discovered a Project Athena security breach on Sept. 18 at the cluster in the Julius A. Stratton '23 Student Center Library, according to Project Athena Director Steven R. Lerman '72.
An MIT student, who Lerman declined to name, had written and left running a "Trojan horse" program on one of the terminals in the cluster. The program emulated the normal Athena login procedure, but actually recorded the usernames and passwords of students attempting to use the terminal.
The term "Trojan horse" is commonly used to describe programs which appear to perform one function but actually perform another, such as recording a person's password.
Project Athena staff immediately disabled the program and identified the offending student when the "Trojan horse" program was discovered. No serious damage resulted from the incident, although the potential for damage was great, according to Lerman.
The offending student obtained some usernames and passwords, he said. Affected students have been advised to change their passwords.
Lerman does not know how long the program was running in the cluster. There is no evidence that the student used any of the passwords he obtained, according to Lerman.
The offending student has stated that he will never again violate Project Athena's security policies. Lerman added that Project Athena condemns too strong?such use of its resources.
Lerman will decide on an appropriate punishment for the student. He is considering revoking the offending student's Student Center cluster account.
There is no precedent for such disciplinary action because there have been no security violations of this type before, Lerman added. The Committee on Discipline (COD) will consider the case and issue a ruling only if the student decides not to accept Lerman's decision, he said.
The COD will not review the breach in Project Athena's security unless a complaint is filed by a member of the MIT community, according to COD Chairman Elias P. Gyftopoulos '58. "We do not take the initiative to create a case against a student," he said.
"I think that the response to the individual incident has to be tailored to the particular incident," said Project Athena Technical Director Jerome H. Saltzer '61. "You can't generalize. I think that rifling through a person's files without permission is something very comparable to going through their desk without permission."
"It is certainly unethical" for a student to write a "Trojan horse" program, Saltzer said. "That is the reason why the Athena statement of principles of responsible use points out explicity that one should not do this."
"To do a really simple `Trojan horse' program is an easy task," said Henry N. Holtzman '86, MIT Media Laboratory's system programmer.
A "user can never tell that he has been `Trojan horsed' " by a "good Trojan horse" program, he said. A bad "Trojan horse" program is one that gives "bogus error information," he continued.
"If somebody wrote a good Trojan horse, it would have been the curiosity that it could be written. But why would they run it? To actually go ahead and set up a break-in has got to be some sort of mania," Holtzman added.
Lerman said that the UNIX operating system used by Project Athena is not very secure. "Students should change their passwords periodically ... about every month. Also, students should use long passwords: at least four, [but] preferably eight, characters," he said. "Passwords should not be common words like names. Instead they should consist of strange characters."
"I think that the protection provided by the Athena systems is very comparable to the protection provided by a doorlock in a dormitory," Saltzer said. "If you come to a locked door, you know that the owner of the room doesn't want you to enter it. If you have burglary tools ... [or] happen to know how to pick locks, we don't provide terribly high security locks on our dorm room."
"As a dorm resident, you would not keep millions of dollars in diamonds in your dorm room," he continued, "because you know that the security is not appropriate. But at the same time, you might keep your textbooks there.
"I think that the protection afforded by the Athena system is similar in that it provides a way for users to mark information as private and those privacy marks should be respected by everybody else, even if someone happens to have special knowledge that would allow him to bypass the usual protection systems."
Others working with computer systems at MIT feel that no amount of computer security is sufficient. "In general, whenever people are dealing with any computer system, they should assume that anything stored on the computer is readable by anyone," said William C. Saphir '86, chairman of the Student Information Processing Board.
"Users should not assume that anything on the computer is protected from anybody else. As long as people take this attitude, then no damage can really be done," Saphir added.
Sensitive files, such as administrative records, are not kept on Project Athena. They are kept on systems with guarded terminals and no telephone dial-up access, according to Lerman.
MIT is currently developing a policy pertaining to theft of computer resources or information, according to COD Chairman Gyftopoulos. He declined to comment on the proposed policy because it "may change as the result of" current discussion.
"Eventually, the Institute is going to have to develop a position that is uniform and understood. At this point, many of the organizations such as Athena have suggested positions with respect to [malicious] behavior," Saltzer said, "and I believe that the privacy committee has said things in the past which are consistent with this approach."