Novell server hacked, used to scan for vulnerable computers
It was apparently set up by employees for gaming purposes
Computerworld - A company server that some workers at Novell Inc. apparently used for gaming purposes was hacked into and then used to scan for vulnerable ports on potentially millions of computers worldwide, according to an Internet security consultant.
The scans, which have been going on since Sept. 21, are targeted at TCP Port 22 -- the default port for Secure Shell (SSH) services. SSH programs are used to log into other computers over a network or to execute remote commands and move files between machines in a secure fashion. Scans against the port are often an indication that hackers are looking for vulnerable SSH systems that they can break into and take control of.
Kevan Barney, a Novell spokesman, today confirmed that one of the company's systems had been compromised. But he added that the server was not part of the company's corporate network nor was it a production server.
Chris Brandon, president of Brandon Internet Security, an Alexandria, Va.-based firm that reported the problem to Novell yesterday, said he was first alerted to the hack when a client reported scanning activity several days ago.
According to Brandon, the scans were traced back to a server with an IP address assigned to Novell. The hacked system appeared to be running a mail server for a gaming site called Neticus.com, and the main game Web page for Neticus.com was hosted on a separate server that also belonged to Novell.
Going by the large number of IP blocks scanned by the attacking server, it is safe to assume that "millions" of computers may have been probed for SSH-related weaknesses, he said.
"The employees that set it up apparently had no idea of security," Brandon said. "But what is really surprising is that Novell would allow employees to set up game servers on their corporate network and then allow the public to access it."
Logs documenting the scans from the Novell-owned computer were made available to Computerworld by Brandon. One of them is available online at www.mynetwatchman.com/LID.asp?IID=178119669. The source IP address listed in the incident report at that site belongs to Novell, based on Network WhoIS records, he said.
Barney said that both servers -- the one hosting the gaming Web site and the server that scanned for vulnerable ports on other machines -- were test systems outside the company's firewalls. He also denied that the server hosting the main game Web page was actually being used by gamers. Instead, it appears to have been used only to host game-related information, he said.
"There was no major breach of security here," Barney said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts