University of North Texas
Campus e-mail system repaired after
hackers break in

By Nicole Scolaro

Staff Writer (North Texas Daily)

While students are away, hackers will play.

A computer hacker broke into the Jove system, resulting in an eight-day campus-wide Jove
shutdown, hardware maintenance repairs and more than one headache for students and faculty in
August.

"A series of things went wrong," said Maurice Leatherbury, director of academic computing. "It
was a combination of hardware, cracking and having to recover from problems resulting from
hardware being installed incorrectly."

On Aug. 12, the computing center received a message that the Jove system had been cracked
into. When the system was checked, Leatherbury said it looked clean. 

"But by early the next week, someone had deleted e-mail files and had potentially got the list of
passwords," he said. 

The password list was the most serious problem as it is used by other systems to validate logins.
Jove was immediately shutdown to re-install the operating system, which Leatherbury said was the
only way to clean up any viruses that were left by the hacker. 

"We didn't know whether other programs in our central system were cracked or not, so we
brought it all down," he said.

When it was determined only Jove was affected, the rest of the system applications were brought
back up after two and a half days. Students could still use the web browser and Netscape, but
couldn't log onto Jove, he said.

Group e-mail delivery with gateway dependencies were affected, and 10 days of files were lost
when backup failure occurred. 

"Students lost 10 days worth of files they had saved," Leatherbury said.

If students had not checked their e-mail prior to the shutdown, all their mail was safe. If they did
check it and had some messages saved, he said those were lost. Leatherbury said the Jove system
was only shut down for eight days, but lab assistants and students said it was more like three
weeks. 

"I couldn't check my mail," said Plano sophomore Angela Chan. "I went to the ISB [Information
Sciences Building] once a week for three weeks, and there was always a sign saying shut down
until further notice."

Southlake junior Dan Erickson said the system shutdown was an inconvenience for him.

"I had people I was waiting to hear from," he said. 

Lab assistant Jack Moore, Denton senior, experienced first hand the effects the shutdown had on
the computer labs.

"The big thing was students couldn't check their mail," he said. "Home computers couldn't access
the system at all." 

India graduate student Vidya Gadamanugu, computer lab assistant in the General Academic
Building, also noticed the lack of students using the computers.

"Most of the time, students used the lab to check their mail. It was basically empty," she said.

Leatherbury said computer labs that were completely closed had nothing to do with the Jove
shutdown, rather many labs were using the break for system upgrades. 

As for the Jove crisis, hardware difficulties of wrong memory, crossed wires and controller board
problems added to an already slow recovery process. 

Leatherbury said the service representative from the Sun Service Bureau, service providers for
NT, brought the wrong memory and when they finally reinstalled the operating system, the drives
had been reversed. The wrong disk was wiped out as a result, forcing them to start over from
scratch, he said. 

Maintenance repairs to the system had no out-of-pocket costs because the equipment was still
under warranty, Leatherbury said. 

Time was the only cost to the faculty and staff members who worked late to repair the damage. 

"We were lucky at the time it occurred, not as many people were affected as if it happened this
week, for example," Leatherbury said. 

Chris Dunlap, an employee from the Internet service provider Verio, said in a phone interview,
there were several ways a hacker could have broken into the Jove system.

A hacker could set up a "chrontab," which is a schedule maintenance program specified to do
certain things at certain times, such as copy someone's password, Dunlap said. 

From there, the hacker had access to the system and could copy the entire Jove password list. He
said an alternate route would be for the hacker to make himself look like "Route," the main user
system, and copy the list from there. 

However, Dunlap said most schools have their password lists protected. A hacker would have to
have a "crack" program to be able to read the list after copying it. 

Still another way to crack into Jove would be to use the program "tcpdump," which watches when
people log on and log off systems, can watch what people actually type in. From there the hacker
wouldn't have a problem copying the password list or deleting any files he came across. 

Front index


Copyright 1997 - The North Texas Daily

Comments and suggestions about this site are welcome. Visit our input page or send mail to
mercutio@unt.edu