TIB: Hacker Crashes Thousands of Windows Computers

To: ti-basic@lists.ticalc.org
Subject: TIB: Hacker Crashes Thousands of Windows Computers
From: gussie@alaska.net (Grant Stockly)
Date: Thu, 5 Mar 1998 19:04:46 -0700
Reply-To: ti-basic@lists.ticalc.org

Wednesday March 4 6:42 PM EST

Hacker Crashes Thousands of Windows Computers

By Martin Wolk

SEATTLE (Reuters) - An unknown hacker caused thousands of
Windows-based university and government computers to crash on the eve
of Senate testimony by Microsoft Corp. Chairman Bill Gates,
authorities said Wednesday.

The Monday night attack affected nine of the National Aeronautics and
Space Administration's 10 major field offices as well and major
universities, including the Massachusetts Institute of Technology and
the University of California at Berkeley.

"Basically, what happened is it locked the system," said Mike
Mewhinney, a spokesman for the space agency's Ames Research Center
near Mountain View, Calif. "Obviously, it was something we were
concerned about, and we stepped in to address it as soon as we learned
about it."

While the attack did not cause any significant loss of data, users
were confronted with the so-called "blue screen of death," which
appears with an error message when Windows crashes. The only solution
was to restart the computer.

Jeffrey Schiller, network manager at MIT, said the malicious hacker
exploited a bug in the Windows 95 and Windows NT operating systems
known "Boink," "Teardrop II" or "New Tear," which first was seen in
January.

At MIT, the attacker obtained a list of all computers connected to the
Internet and then sent specific data packets calculated to overload
the computers, causing a "denial of service."

The only computers not affected were those that had installed
Microsoft-supplied patches or were running other operating systems,
such as Apple Computer Inc. Macintosh units. Microsoft group product
manager Ed Muth said the company was concerned by the attack, but he
pointed out it was limited to computers connected directly to the
Internet.

"All of the systems that have more sensitive data are typically
insulated from the Internet by proxy servers or firewalls," Muth
said. "It would be very bad data processing practice not to do
that."

He also said individual users typically would not be vulnerable to the
hack because they are insulated by their Internet service provider.

But he said the company was concerned because publicity from such
incidents "generally reduces the confidence with which people can use
the Internet as part of their computing architecture."

While there were no clues as to the identity of the attacker,
victims pointed out it came just hours before Gates' testimony
before the Senate Judiciary Committee, where he defended the company
against charges that it improperly exploits its vast market power.

MIT's Schiller, an expert in Internet security, said the incident
underscores the vulnerability of networked computers to hostile
attacks.

"What you're dealing with here is someone who is actively trying to
find a way to make your program misbehave," Schiller said. "To me the
Internet is a hostile place, and we have to build our programs to deal
with that."