Eduardo Rodr'iguez & Jos'e M. Piquer
Departamento Ciencias de la Computaci'on,
Universidad de Chile. Blanco Encalada 2120
Santiago, Chile.
Moreover, even if we heard a lot of stories about the activities of hackers in the Internet, they all seemed far away from our country, surrounded by mountains and the sea at the end of the world. And our computers are mainly used by students and professors in a supposedly secure academic environment. Our confidence was completely misplaced.
In this paper, we describe the activities of a hacker in our hosts during the last few months of 1992 and the beginning of 1993, and the conclusions and experiences he (she, them?) left us with. This was our first serious hacker problem, with an intruder that had only two powerful weapons: time and patience.
We named that hacker "Morgan", because the Chilean coasts were devastated more than two centuries ago by an English pirate of that name when our country was a Spanish colony (nothing personal against England :-)
He entered the campus network from many sites (always hacked sites) and from here to other hosts in many other countries.
During the time he was our uninvited guest, he showed perseverance and regularity in his procedure. Based on that, we can affirm that he used the same method to attack other hosts. We obtained evidence of this from only one other host, located in Europe. In general, system administrators don't like to talk about their security problems.
This paper has two authors, however it is a report of the work of the whole system administration staff of the Department of Computer Science.
To Become a USENIX Member, please see our Membership Information.