==========Nyx spider (hacker) attack 4/97========== [Text of message displayed to all web page hits on any www.nyx.net web page during the attack.] 16-Apr-97 To all Nyx users and spider, from Andrew Burt (Nyx admin): Nyx is currently under attack from a spider (hacker). I don't know when I'll be able to get Nyx back up. Here are the facts: 1. The first sign of trouble was on Monday, 14-Apr-97, about 1:00 PM MDT, when I noticed a command removing all files on Nox. I killed off that command (knowing it was a spider (hacker), but figuring it was perhaps accidental). I was wrong. It was malicious: Moments later, the same command was restarted, but after the system was crippled so I'd be unable to stop it. The same commands were started on all four Nyx machines. Certainly not an accident. Key files were targeted with the specific intent of crippling all the machines while the files were removed. Before I got the machines shut down, huge numbers of files were removed all four systems; none would boot, etc. This was pre-meditated and savage. "Cybercide" is a word that comes to mind. 2. I have no idea who did this and no idea why. None whatsoever. To spider: If you're trying to make a point, whoever you are, I have no idea what it is, since I haven't a clue what your beef against Nyx is. I can only assume you're a very lonely individual who's been roughed up by life and your only way to feel good is to destroy a system that helps a heck of a lot of people, stands for the Hacker Ethic, free speech, and most of the same ideals that hackers say they stand for. Nyx is open to everyone, for free, with very little restraint placed on what users can do -- the only restraints being those that permit the system to continue to run for everyone's benefit. Nyx is about as hard to crack into as stealing candy from a baby, so there's no challenge here. Or perhaps I angered you, but I have no idea what I did, so if this is in protest/revenge, it's not meeting that goal, since I have no idea what the problem is. (Spider: I mean, consider the character of Paul Lazzaro in Slaughterhouse Five. He wants revenge on everyone, but he wants them to know it's _his_ revenge. "That's _me_ in there with those knives," he says.) 3. Nyx's return to life is complicated by our backup situation: Nyx has a lot of disk space, and no tape drive of its own. We borrow one from the university, so our backups are on as-time-permits basis; many disks are not backed up at all. Thus many of the backups were months old or nonexistent. After we move and are 100% on our own, this will change, and we will set up regular backups. But this is the situation right now: old, incomplete backups. 4. I began the restoration process. I spent most of the rest of Monday, all day Tuesday, and Wednesday morning on this. I had most of the files restored/recreated (barring what was just plain lost forever). During this process, Nyx was broken into again (enough of the system was up so I could log in and do work) and it all started again. 5. I don't have time for this. I operate Nyx as a hobby, and have, grand total, no more than five hours a week to spend on Nyx (in a good week). Most of that recently has been spent working on getting Nyx on her own feet -- looking at office space, forming a non-profit corporation, arranging phone lines, raising funds, and a myriad other tasks that are extraordinarily time consuming. In a good week I wouldn't have time to play with a spider. I know some spiders think I'm some well known computer security guy and wouldn't it be fun to play. If I had nothing else to do, maybe it would be -- but while you might have all day with nothing else to do, I work. I do several very time-consuming things, and Nyx can never have more than a few hours a week, in the best of times. Right now, I don't even have that time at all. For the near future, I have about one hour a week of "Nyx time", and I have to spend that on paperwork/etc. stuff for the move. I have absolutely NO TIME to do anything with Nyx vis-a-vis system administration. Period. None. Nada. Zero. Tearing a system down takes so much less time than building/fixing one -- on the order of 100 or 1000 times less (e.g., for one minute damaging Nyx, I might have to spend hours or days fixing it). It's an unfair fight and I can't compete, it's that simple. What do you want me to say, "you win"? Sure. It's not a fair contest, so you win. 6. Nyx will stay down for a while. I first figured, ok, spider, you've had your fun. But kicking a system while it's still down clearly implies that I'm not going to be able to get Nyx back up until you've decided this baby has had its brains bashed in enough. (Yes, Nyx is defenseless just like an infant, and your actions are as impressive as taking a hammer to a baby's head.) I will continue to work on the incorporation issues and all that other time consuming stuff. This means that Nyx will stay down until (a) you [spider] magnanimously inform me that you're allowing Nyx to operate and (b) I get the time to rebuild the systems again. This may be a week, a month, six months, I don't know. 7. We will be back. Eventually we'll be in our own office space where people other than me can gain physical access, so more folks than just me can work on restoration, but that's months off. If we have to wait that long, we will, but I hope we won't.) Anyway, WE WILL BE BACK, don't anyone worry about that. WE WILL BE BACK. I won't let some sorry spider kill Nyx because he can't hack real systems. (I mean, if he could hack the NSA, he would, right?) But it may take a while before we're back. Keep checking this spot for updates (and alt.online-service.nyx for those who can). 8. We'll be even better. Being free of DU will enable us to do lots of things we couldn't before, so we'll be better than before when we're back. And we're attracting some high-profile users, too. For example, some of you know I'm a science fiction writer. One project will have us as the home of an on-line, professional science fiction e-zine. (Not meant as a commercial venture, but to bring famous SF writers to the net.) Right now, they're suffering along with everyone else. 9. Nyx still needs your donations -- in fact, we need them more than ever, since, not being up, I can't keep communicating with you all to tell how things are going with the move, etc. [To spider: Perhaps you feel Nyx is selling out or something. But look up the words "non profit". We will continue to be a donation funded, nobody-makes-any-money outfit. We will continue to stand for the ideals of free speech and free access that makes Nyx unique on the net. (Yes, spider, unique. Don't figure anyone else will pour as much time into something like Nyx purely because he believes in it. Nyx has been around for ten years, and what other system is as free as Nyx? Hell, I don't know, maybe this is being done by some ISP who's afraid of Nyx and what it stands for.) So, we need your donations. Send checks, payable to "Nyx Net", with your Nyx usercode in the "memo" field, to: Nyx Net c/o Prof. Andrew Burt Department of Mathematics and Computer Science University of Denver Denver, CO 80208 This attack is *seriously* hurting our fund raising (we have $5,000 out of $20,000 needed by May 31st) so please send your contributions. 10. Bottom line: To Nyx users: We'll be back, please give us time, and be generous with donations if you can be. As for a place to discuss what's happening, we can use alt.online-service.nyx (assuming you have other net access; I'm sorry for the those who don't). To the spider: Get in touch with me, by mail to aburt@du.edu [proving you're you, of course] so we can iron this out. As Billy Pilgrim says in the aforementioned Slaughterhouse Five, "So it goes." ==========[Synopsis of what happened late November 1992.]========== A vandal, completely irresponsibly wiped out the "password" file (Unix's list of all users) after finding a means to break into the "superuser" level of the system; this crippled the system for days since your friendly sys admin was out of town, and caused him much grief upon return. This vandal claims it was an accident, but that doesn't alter the fact that it should never have happened; the only way to avoid accidents like this is not to be doing anything where an accident could be harmful. His breakin is intolerably irresponsible. [Further note that crackers like this rarely understand what they're doing; they just follow instructions for breaking in often written by the people who are trying to fix the holes. Most crackers are not above average intelligence; indeed, based on the messes they cause, I tend to think of them as below average. Breaking in does not impress me!] Other recent problems have been the rash of crank accounts -- phoney names used to harrass other users or cause other kinds of problems. These events are the direct cause of Nyx moving toward full validation of all users, grrrrr. Grow up, people! Think about someone other than yourself for once! [The following is from an earlier time we had a major "hacker attack", and is still valid, and to be taken seriously, especially the notes about what could happen to Nyx if we have another one.] Nyx is now back up (after being down nearly a week, from 2/7-2/12/92). The problem was caused by some hacking done using Nyx, i.e., someone hacked into a remote system from Nyx. As you know, telnet access from Nyx is [was] prohibited, and ftp outbound is limited to those users who "prove their identity". The use in question was clearly out of bounds with respect to these guidelines. CERT (Computer Emergency Response Team, sort of the internet security action team) contacted DU saying that hackers using Nyx had broken into other systems, and that we should look into it immediately and take action. The decision was made at DU that since Nyx was not "hacker free" it must be shut down as it posed a threat to network security. Note (particularly if you fancy yourself a hacker) that DU is *very* sensitive about Nyx being a public access site, and it has been said repeatedly that if Nyx is viewed as even the most minor threat to the net, it will be shut down immediately and permanently. This is not a new policy, it has been a problem since Nyx was born. Most hackers have had the sense to understand that this is not a joke or just "mere words". I have a file, /.hacking, which I believe has prevented many hackers from causing Nyx's shutdown (given that hackers do exist, and wishing won't make them disappear, my solution is to tell them the facts, particularly about Nyx, and how fragile its life is, and hope they don't act like idiots and ignore it). Clearly, some idiot didn't get the message, and we nearly lost Nyx for good. I had to fight pretty hard to get it turned back on, and there are conditions. Next time I probably won't be as lucky, and Nyx will be gone forever. Hackers: LISTEN TO THIS. DO NOT HACK ON/TO/FROM NYX. See /.hacking for full details. So, Nyxlanders, at this point, Nyx is back up, but on even shakier ground than before. We need to prove that Nyx can be a "good network citizen", so this means that absolutely NOBODY can do anything they know is inappropriate. Luckily, people know what's ok and what isn't -- so just don't do things you know you're not supposed to. So far, there are two problem areas I must address: 1. Shell/ftp/programming access. We will have a new policy regarding shell access for network users. In the meantime, everyone who has not shown proof of ID in person at DU has had their shell access revoked. We are discussing how to provide this authentication, and I'll let everyone know the new rules. Some sort of "proof", e.g., notarized signature. 2. Mail. I'll add a header with the same disclaimer as is on the outgoing news postings, to avoid misrepresentations that Nyx users are related to DU. Clearly, #1 impacts the most number of users, but I had to fight hard to avoid the "just don't let them have shell access" argument. Sorry for the problems, but blame the damn hackers. They knew better, or should have.