Cyber Attack
September 8, 2004
STARKVILLE, Miss.–A computer security major at Mississippi State used cyber-investigative techniques he learned in the classroom to thwart the improper activities of a would-be hacker from another institution.
When Wes McGrew recently noticed his campus e-mail and Internet activities had slowed to a trickle, he became suspicious. Installing special software, he quickly determined that a computer recently added to the university network had been hacked before security patches could be added, and was attacking machines with a Microsoft database vulnerability.
“At this point, it was not clear if the problem was a worm or if an actual human being was behind the attack,” said McGrew, a Collinsville native and master’s degree student in MSU’s department of computer science and engineering.
After additional cyber sleuthing—utilizing skills learned in MSU’s Center for Computer Security Research—McGrew successfully connected to an Internet Relay Chat server and joined a chat room controlled by the suspected hacker.
McGrew said the hacker immediately confronted him, “asking who I was and saying that I was going to die.” The hacker also attacked McGrew’s computer, knocking the MSU student’s secured laptop off the server, but causing no damage.
Not intimidated, McGrew reconnected, fended off another attack by the hacker, and then consulted with Keri Chisolm, assistant manager of systems and networks in MSU’s department of computer science and engineering. She tracked down the source of the offending chat server and located the hacker’s machine at an out-of-state institution.
“She informed me where the hacker’s machine was located and recommended that I ask him how things were going there,” said McGrew. “So, using another computer, I connected and asked him that question.
“The change in the behavior of the attacker was obvious after I mentioned his school and that ended the attacks against me,” McGrew added. “The hacker evidently was concerned that I was going to get him into trouble, and apparently removed his ‘bot’ software from any compromised machines on the msstate.edu domain.”
Known as bot software, the remote attack tools can seek out and place themselves on vulnerable computers, then run silently in the background—letting the attacker send commands to the system while its oblivious owner works away. Attackers are able to control compromised computers through chat servers and peer-to-peer networks, stealing information from infected systems.
After getting the hacker’s attention, Chisolm informed other MSU network security staff of the situation and steps immediately were taken to notify proper authorities at the institution that served as the hacker’s base of operation.
“Wes McGrew, Keri Chisolm and others from our Center for Computer Security Research found activity on the network that didn’t seem right, investigated using tools we provided, and tracked the hacker down,” said Ray Vaughn, professor and director of the MSU center.
“We are proud of our students and their ability to act on their own to investigate suspicious activity and take appropriate action,” he added. “Wes and Keri did exactly the right thing in this situation. We are informing the hacker’s institution that their machines also have been compromised.”
McGrew added, “It is important to have security patches applied to all networked computers and to keep an eye on suspicious activity to ensure that past attacks are over, and to quickly detect new attacks.”
Under Vaughn’s guidance, the university obtained prestigious National Security Agency certification in 2001 as one of the first 26 national Centers of Academic Excellence in Information Assurance Education. MSU computer science and engineering students regularly train under 8-10 faculty members in a new security center laboratory featuring approximately $200,000 in the latest equipment.
Professor Julia Hodges serves as head of the department.