ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Stalking the wily hacker
Full text PdfPdf (1.60 MB)
Source
Communications of the ACM archive
Volume 31 ,  Issue 5  (May 1988) table of contents
Pages: 484 - 497  
Year of Publication: 1988
ISSN:0001-0782
Author
Clifford Stoll  Lawrence Berkeley aboratory, Berkeley, CA
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 32,   Downloads (12 Months): 185,   Citation Count: 8
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/42411.42412
What is a DOI?

ABSTRACT

An astronomer-turned-sleuth traces a German trespasser on our military networks, who slipped through operating system security holes and browsed through sensitive databases. Was it espionage?


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
ACM. ACM code of professional conduct. Bylaw 19, Cannon 1-5, ACM, New York.
 
2
Beals, E., Busing, D., Graves, W., and Stoll, C. Improving VMS security: Overlooked ways to tighten your system. In Session Notes, DECUS Fall Meeting(Anaheim, Calif., Dec. 7-11). Digital Equipment User's Society, Boston, Mass., 1987.
 
3
Bednarek, M. Re: Important notice {distrust software from people breaking into computers}. Internet Info-Vax Conference (Aug. 4). 1987.
 
4
Boing, W., and Kirchberg, B. L'utilisation de syslemes experts dans l'audit informatique. In Congress Programme, Securicom 88, 6th World Congress on Computer Security (Paris, France, Mar. 17). 1988.
 
5
Brand, S., and Makey, J. Dept. of Defense password management guideline. CSC-STD-002-85, NCSC, Ft. Meade, Md., Apr. 1985.
 
6
California State Legislature. Computer crime law. California Penal Code S. 502, 1986 (revised 1987).
 
7
Carpenter, B. Malicious hackers. CERN Comput. Newsl. ser. 185 (Sept. 1986), 4.
 
8
Clark, D., and Wilson, D. A comparison of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif., Apr. 27-29}. IEEE Press, New York, 1987, pp. 184-194.
 
9
Dorothy Elizabeth Rob Denning, Cryptography and Data Security, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1982
 
10
Digital Equipment Corporation. Guide to VAX/VMS system security. AA-Y510A-TE, DEC, July 1985.
 
11
Dilworth, D. "Sensitive but unclassified" information: The controversy. Bull. Am. Soc. Inf. Sci. 13 (Apr. 1987).
 
12
D'Ippolito, R.S. AT&T computers penetrated. Internet Risks Forum 5, 41 (Sept. 30, 1987).
 
13
Grampp, F.T., and Morris, R.H. Unix operating system security. AT&T Bell Laboratories Tech. J. 63, 8 (Oct. 1984), pt. 2, 1649-1672.
 
14
Hartman, W. The privacy dilemma. Paper presented al the "International Conference on Computers and Law" (Santa Mor. ica, Calif., Feb.). 1988. Available from Erasamus Universiteit, Rotterdam.
 
15
IEEE. The best techniques for computer security. Computer 16, 7 (Jan. I983), 86.
 
16
IEEE. Computer 16, 7 (Jan. 1983).
 
17
IEEE. Network 1, 2 (Apr. 1987).
 
18
Israel, H. Computer viruses: Myth or reality. In Proceedings of the lOth National Computer Security Conference (Baltimore, Md., Sept. 21- 24). 1987.
 
19
Kneale, D. It takes a hacker. Wail Street }. (Nov. 3, 1987).
 
20
Landau, S. Zero knowledge and the Department of Defense. Not. Am. Math. Soc. 35, 1 (Jan. 1988), 5-12.
 
21
Latham, D. Guidance and program direction applicable to the Defense Data Network. In DDN Protocol Handbook. NIC 50004, vol. 1. Defense Data Network, Washington, D.C., Dec. 1985, pp. 1-51.
22
Robert L. Ashenhurst, ACM forum, Communications of the ACM, v.30 n.7, p.584-586, July 1987  [doi>10.1145/28569.315736]
 
23
Markoff, J. Computer sleuths hunt a brilliant hacker. San Francisco Examiner (Oct. 3, 1986).
 
24
McDonald, C. Computer security blunders. In Proceedings of the DOE lOth Computer Security Group Conference (Albuquerque, N.M., May 5- 7). Dept. of Energy, Washington, D.C., 1987, pp. 35-46.
 
25
Metz, S.J. Computer break-ins. Commun. ACM 30, 7 (July 1987), 584.
 
26
Morris, R.H., and Thompson, K. Password security: A case history. In Unix Programmer's Manual. AT&T Bell Laboratories, 1984, sec. 2.
 
27
Morshedian, D. How to fight password pirates. Computer 19, 1 (Jan. 1986).
 
28
National Computer Security Center. CSC-STD-O04-85. NCSC, Ft. Meade, Md., 1985.
 
29
National Computer Security Center. DoD trusted computer system evaluation criteria. CSC-STD-001-83. NCSC, Ft. Meade, Md., 1983.
 
30
National Computer Security Center. Guidance for applying the Orange Book. CSC-STD-003-85, NCSC. Ft. Meade, Md., 1985.
 
31
National Computer Security Center. Trusted network interpretation of the trusted computer system evaluation criteria. DoD 5200.28- STD, NCSC. Ft. Meade, Md., 1987.
 
32
Office of Technology Assessment, U.S. Congress. Defending secrets, sharing data: New locks and keys for electronic information. OTA- CIT-310, U.S. Government Printing Office, Washington, D.C., Oct. 1987.
 
33
Omond, G. Important notice {on widespread attacks into VMS sys-
 
34
Poindexter, J. National security decision directive. NSDD-145, National Security Council, Washington, D.C., Sept. 17, 1984.
 
35
Proceedings of the Intrusion Detection Expert Systems Conference (Nov. 17). 1987.
36
Brian Reid, Viewpoint, Communications of the ACM, v.30 n.2, p.103-105, Feb. 1987  [doi>10.1145/12527.315716]
 
37
Schmemann, S. West German computer hobbyists rummaged NASA's files. New York Times (Sept. 16~ 19871.
 
38
Slind-Flor, V. Hackers access tough new penalties. The Recorder Bay Area Legal Newsp. (Jan. 6, 1988).
 
39
Smith, K. Unix Rev. 6, 2 (Feb. 1988}.
 
40
Stallman, R. Gnu-Emacs Text Editor Source Code.
 
41
Stevens, D. Who goes there? A dialog of questions and answers about benign hacking. In Proceedings of the Computer Measurement Group (Dec.). Computer Measurement Group, 1987.
 
42
Stoll, C. What do you feed a Trojan horse? In Proceedings of the lOth National Computer Security Conference (Baltimore, Md., Sept. 21-24). 1987.
 
43
Stoll, C. How secure are computers in the US? In Proceedings of the 11th National Computer Security Conference (Baltimore, Md., Oct. 17). To be published.
44
Ken Thompson, Reflections on trusting trust, Communications of the ACM, v.27 n.8, p.761-763, Aug 1984  [doi>10.1145/358198.358210]
 
45
Unix Review. 6, 2 (Feb. 1988).
 
46
U.S. Congress. Exception to general prohibition on trap and trace device use. 18 U.S.C.A. 3121, secs. (b)(1) and (b)(3), U.S. Congress, Washington. D.C., 1986.
 
47
U.S. Congress. The federal computer crime statute. 18 U.S.C.A. ~030, U.S. Congress, Washington, D.C., 1986.
 
48
Ian H Witten, Computer (in)security: infiltrating open systems, Abacus, v.4 n.4, p.7-25, June 1987
 
49
Patrick H Wood , Stephen G Kochan, UNIX system security, Hayden Books, Carmel, IN, 1986

CITED BY  8
Stewart A. Denenberg, Literacy for computer science majors, Proceedings of the symposium on Computers and the quality of life, p.19-24, February 14-15, 1996, Philadelpia, Pennsylvania, United States
M. Bishop, UNIX security in a supercomputing environment, Proceedings of the 1989 ACM/IEEE conference on Supercomputing, p.693-698, November 12-17, 1989, Reno, Nevada, United States
James Tomayko, Anecdotes, IEEE Annals of the History of Computing, v.23 n.2, p.78-79, April 2001
Thomas C. Richards , Rose Knotts, Top management's view of computer related fraud, ACM SIGSAC Review, v.6 n.4, p.34-43, Winter 1989
Moshe Zviran , William J. Haga, Password security: an empirical study, Journal of Management Information Systems, v.15 n.4, p.161-185, March 1999
Jeffrey C. Mogul, The experimental literature of the internet: an annotated bibliography, ACM SIGCOMM Computer Communication Review, v.19 n.1, p.58-71, Jan. 1989
Vicentiu Neagoe , Matt Bishop, Inconsistency in deception for defense, Proceedings of the 2006 workshop on New security paradigms, September 19-22, 2006, Germany
Richard E. Overill, Development of masters modules in computer forensics and cybercrime for computer science and forensic science students, International Journal of Electronic Security and Digital Forensics, v.2 n.2, p.132-140, May 2009

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.3 Network Operations
          Subjects: Public networks; Network monitoring

  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.1 Public Policy Issues
          Subjects: Transborder data flow
      K.4.2 Social Issues
          Subjects: Abuse and crime involving computers**
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.m Miscellaneous
          Subjects: Security*
  K.7 THE COMPUTING PROFESSION
      K.7.m Miscellaneous
          Subjects: Ethics**


General Terms:
Management, Security

Collaborative Colleagues:
Clifford Stoll: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player