Electronic vandals have found a new way to break into computers previously thought to be impenetrable, leading authorities to issue a strong security warning over the worldwide Internet on Monday.
The technique is called “spoofing” because it fools a computer into thinking that another friendly computer is requesting access. The result can be high-level computer “hijacking,” according to the warning from the Computer Emergency Response Team, a government-funded group headquartered in Pittsburgh.
“Intruders can use … spoofing to gain root access for any purpose,” the warning said. The full extent to which the technique has been used for theft or eavesdropping or to otherwise compromise networks was not known Monday.
“There are many people reading this right now and deciding what they have to do to prevent attack or finding out if they’ve been attacked,” Roger Safian, head of a computer emergency team at Northwestern University, said after he received the alert by electronic mail Monday afternoon.
A crisis over spoofing has been building since Christmas Day, when someone electronically broke into and proceeded to steal files and software from the workstation of a computersecurity researcher at the San Diego Supercomputer Center. The center is one of four major hubs on the nation’s foremost Internet backbone built by the National Science Foundation.
The theft took place even though the computer was protected by what are known as firewalls - electronic gates that permit only selected outside users or specific kinds of data (e-mail, for instance) between smaller computer networks and the unmanaged Internet.
Firewalls, in recent years, have become the bulwark against computer break-ins. But not anymore. “A steady string of incidents” involving spoofing is suspected now, said Robert Borchers, who oversees the science foundation’s four supercomputer centers. “We’re working hard to get those holes patched,” he said. “I just checked my own machine. I think I’m safe, maybe.”
While the estimated 3-million-plus computers in the world that maintain full-time connections with the Internet are potential spoofing targets, spoofing is not considered a threat to classified or military systems that operate outside the Internet or to personal computers that make only occasional Internet connections.
Safian said the trickery of spoofing involves attacks on the computers that serve as traffic cops on the Internet.
These computers, called routers, relay units of data in “packets” that are marked with the computer addresses of both sender and recipient.
He said computer intruders - commonly referred to as hackers - who take over a router can do whatever they want with the packets and with the computers that the router can reach into.