The Tech - Online EditionMIT's oldest and largest
newspaper & the first
newspaper published
on the web
Boston Weather: 28.0°F | A Few Clouds

Computer Thefts, Network Invasions Prompt Security Changes in Bldg. 54

Thomas E. Murphy--The Tech
This file cabinet was broken into during a rash of recent larcenies. Security in Building 54 is being tightened to prevent future thefts.

By Susan Buchman

Building 54 has experienced a rash of security breaches in the past six months, with thieves stealing items ranging from the almost valueless to a computer worth tens of thousands of dollars. There have been seven computers stolen in the past six months. In addition, packet sniffers' have compromised the security of network connections. The wave of thefts has led to an increase in security and new access restrictions for the building.

"Generally we've been identifying different ways of making the building more safe and secure and reminding people that it is important to use common sense: keep doors closed and locked when offices and labs are unattended, report any and all suspicious activity, and avoid confrontations with any strangers," said Will Heres, Systems Manager for Earth Atmospheric and Planetary Sciences.

Computers a Popular Target

One of the biggest incident was the theft of two computers from a file cabinet that had been barred shut in a locked room. The key to the room in which the file cabinet was kept was reported stolen on Friday, November 28, 1997. Sometime during the following night the theft occurred.

According to Professor Reginald E. Newell of EAPS, John Lam, a visiting professor from the Hong Kong Polytechnic Institute, had left his personal computer in the file cabinet while he was out of town for four days. Stored on the computer was data Lam had been compiling since 1993 as well as programs designed to interpret that data. While he had backed up the data, the programs, the result of months of work, were lost.

Because none of the information was classified and had been published, it appears that the only goal was the computer itself. The other stolen computer belonged to the EAPS department. The file cabinet was so damaged that it had to be thrown out.

Newell later discovered a metal tool and a pair of gloves, possibly used to break into the file cabinet, in an unused file cabinet in a locked room. How the burglar knew that Lam was out of town or had locked his computer in that cabinet is still unknown.

A few weeks later two more computers were stolen from the 18th floor, also on a Saturday night. The computers stolen contained research and a portion of a student's thesis.

In another theft during the fall, Professor Luisa Molina stepped out of her office for a few minutes and returned to find her purse missing. It was found shortly thereafter, although all the money had been taken.

Security Changes Implemented

Past problems and the theft of a computer valued at $40,000 prompted a change in security measures for Building 54, said Robin C. Elices, administrative officer for Building 54. The department and MIT have combined their efforts to increase security. Recent changes include re-keying the entire building, securing expensive equipment, and restricting access to the building by requiring card access after hours, Elices said. The Campus Police have posted a patrol in Building 54 at all times.

"The tricky part for us is finding a balance between locking down a building and allowing the staff to carry out their work with as little inconvenience as possible," said Heres.

"MIT has an open campus policy which allows faculty, staff and students access to MIT facilities at any given time in order to carry out their work. Unfortunately, the open campus policy also allows strangers to enter our buildings and cause trouble for us from time to time," said Heres.

Newell said that it is impossible to identify strangers who might have malicious intentions on the eighteenth floor because it is very well traveled. Athletes ascend the stairs as a training exercise and then stop on the eighteenth floor for a water break. There has even been an instance of a woman selling photos door-to-door on the eighteenth floor. According to Newell there will now be tighter restrictions on the keys given out within the department.

Sniffers' Pose a Threat

The security problems in 54 have not been limited to the physical realm. "By far the biggest threat to us and the rest of MITnet are password sniffers and the unencrypted transmission of information including passwords," said Heres.

Heres said that it was difficult for the department to implement encrypted connections because researchers needed to access facilities outside of MIT. The department has taken steps to address the issue by working with other sites to implement encrypted sessions, he said.

Professor Newell said that the Federal Bureau of Investigation was called when a password protected workstation was broken into. EAPS researchers are involved in research projects with a number of government agencies. While the FBIwas unable to comment on this particular event, spokesman Peter Ginieres said that the FBI generally gets involved "in a major theft" or if there is a threat to the electronic infrastructure was involved, such as when computers or electronic devices involved in sensitive research are stolen.

"Luckily for us, no real damage has been reported, and no specific project, program, or data set has been targeted," Heres said.

Heres said that the department has been working with Information Services and that "while we're not perfect, the systems managers at EAPS and elsewhere are becoming more and more proficient in detecting and preventing compromises."

Brett Altschul contributed to the reporting of this story.