CSE4317 Individual Presentation Topics

"Cracking" and Computer Security [Bowyer, Chapter 4]

  1. The "Maxus" credit card extortion incident. In January 2000, a cracker named "Maxus," apparently based in Eastern Europe, stole over 25,000 credit card numbers from CD Universe. The cracker then contacted CD Universe and threatened to post the numbers on a web site if he or she were not paid $100,000. The company refused to pay, and the cracker posted the numbers. Find as much detail as you can about this incident, including how the cracker managed to get the credit card numbers, what the company did after the credit card numbers were posted to the web and whether the cracker was ever caught. [Additional Assignment #2, page 97, Bowyer, 2nd edition.]

  2. The case of cracker Kevin Mitnick. Kevin Mitnick was called "America's most wanted hacker" in an article in Time magazine. He was arrested in February 1995. He was released from jail in early 2000. Report on his activities before the arrest and since his release. [Additional Assignment #3, page 97, Bowyer, 2nd edition.]

  3. Programmer Timothy Lloyd seeding a "logic bomb." In February 1998, a former programmer for a company which made instruments for the Navy and NASA was charged with creating a logic bomb. The bomb affected the computers at his former place of employment, Omeg Engineering Corp., by deleting all of the company's software. Timothy Lloyd had been fired from his job at Omega about a month before this. Report on why Lloyd was fired, the cost to the company of fixing the damage from the logic bomb, and the results of the charges against Lloyd. [Additional Assignment #4, page 97, Bowyer, 2nd edition.]

  4. Internet Explorer security hole. In March 1997, Worcester Polytechnic Institute student Paul Greene discovered a security hole in Microsoft's Internet Explorer. The flaw would apparently allow someone to set up a web site that could delete files on the computers of people who use IE to connect to the site. Report on this and any more recent security holes found in web browsers. Are the security holes easily fixed? Are there any documented instances of crackers exploiting the holes? More information on Internet Explorer security issues can be found at www.microsoft.com/ie/security/. [Additional Assignment #5, page 97, Bowyer, 2nd edition.]

  5. Techniques of information warfare. Read the book Information Warfare by Winn Schwartau. Report on the techniques of information warfare discussed in the book. Which, if any, of these techniques has been reported to be used to date? [Additional Assignment #6, page 97, Bowyer, 2nd edition.]

  6. Norwegian Supreme Court ruling on cracking. In January 1999, Norway's Supreme Court published a controversial ruling to the effect that simply looking for security holes is not a crime. A crime would not occur unless the system was actually broken into. Critics of the ruling suggested that it might make Norway a haven for crackers. Report on the case that led to this ruling, and on whether it resulted in an increase of hacking activity based in Norway. [Additional Assignment #8, page 97, Bowyer, 2nd edition.]

  7. The Steve Jackson Games incident. The Steve Jackson Games incident has become a classic case study. It is described in detail, from a certain perspective, by Bruce Sterling in The Hacker Crackdown [Bantam Books, 1992]. Report on the facts and the final resolution of this incident. [Additional Assignment #9, page 97, Bowyer, 2nd edition.]

  8. The "Coolio" cracker incident. In March 2000 Dennis M. Moran was arrested for unauthorized access to a DARE.com website. He is a 17 year old high school drop out who called himself "Coolio" on the internet. He lives in New Hampshire but broke into the System in California. After gaining access he defaced the website by adding pro-drug messages and pictures. He was arrested by the FBI and will be tried as an adult in New Hampshire instead of California. He may also face additional charges for the denial of service attacks directed at yahoo, ebay, and other large websites. Report on the details of this incident and the outcome.

  9. Pentagon break-in incident Ehud Tenenbaum, a young Israeli, was hacking his way into the Pentagon and other sensitive computer systems in 1998. He became a folk hero in Israel. It occurred just as the Clinton administration was preparing for a possible military assault on Iraq. During the three-week period, Tenenbaum and others entered unclassified networks, including databases for payroll and personnel information. This was the biggest damage the Pentagon had ever had in their history. Report on the details of this incident, the outcome, and other attempts at breaking into Pentagon computer systems.