Stalking the wily hacker

@article{Stoll1988StalkingTW,
  title={Stalking the wily hacker},
  author={Clifford Stoll},
  journal={Commun. ACM},
  year={1988},
  volume={31},
  pages={484-497}
}
  • C. Stoll
  • Published 1988
  • Business, Computer Science
  • Commun. ACM
An astronomer-turned-sleuth traces a German trespasser on our military networks, who slipped through operating system security holes and browsed through sensitive databases. Was it espionage? 
Internet honeypots: protection or entrapment?
  • Brian Scottberg, W. Yurcik, D. Doss
  • Engineering, Computer Science
  • IEEE 2002 International Symposium on Technology and Society (ISTAS'02). Social Implications of Information and Communication Technology. Proceedings (Cat. No.02CH37293)
  • 2002
TLDR
This paper attempts to flush out the issues on both sides of a technique that may become ubiquitous in the future; honeypots are a controversial technique that essentially bait and capture intruders skirting the fine line between keeping attackers out of a network versus inviting them in. Expand
A case study on hunting a brilliant hacker
  • L.-M. Lin
  • Computer Science
  • Proceedings. 25th Annual 1991 IEEE International Carnahan Conference on Security Technology
  • 1991
TLDR
In December 1989, a computer intruder broke into the computer systems in Academia Sinica, Taipei and only wanted free computer and communication resources; the search for the intruder was stopped for two reasons: the first was that he was not harmful and the second was that not much help could be obtained from the telecommunications bureau and security department. Expand
A system for generating and injecting indistinguishable network decoys
TLDR
This work introduces a methodology for building a trap-based network that is designed to maximize the realism of bait-laced traffic, and relies on a “record, modify, replay” paradigm that can be easily adapted to different networked environments. Expand
Distributed Tracing of Intruders
TLDR
This thesis attempts to address the problem of unwelcome intrusions into computer systems by the development of a technology called thumbprinting, which involves forming a signature of the data in a network connection. Expand
Network firewalls
TLDR
The authors classify firewalls into three main categories: packet filtering, circuit gateways, and application gateways; their focus is on the TCP/IP protocol suite, especially as used on the Internet. Expand
Human-cyber Nexus: the parallels between ‘illegal’ intelligence operations and advanced persistent threats
ABSTRACT ‘Illegals’ are extensively trained individuals dispatched abroad under false identities with no observable links to their operating country. Technology has made possible a new kind ofExpand
Design and analysis of decoy systems for computer security
This dissertation is aimed at defending against a range of internal threats, including eavesdropping on network taps, placement of malware to capture sensitive information, and general insiderExpand
Host Based Information Gathering Honeypots for Network Security
Honeypots are an exciting new technology which is widely used in the areas of computer and Internet security that, allows us to turn the tables on the bad guys. It is a resource, which is intended toExpand
Honeypots: practical means to validate malicious fault assumptions
  • M. Dacier, F. Pouget, Hervé Debar
  • Engineering, Computer Science
  • 10th IEEE Pacific Rim International Symposium on Dependable Computing, 2004. Proceedings.
  • 2004
TLDR
After a review of the state of the art with respect to honeypots, a wish to use data collected by honeypots to validate fault assumptions required when designing intrusion-tolerant systems is established. Expand
Pushing Boulders Uphill: The Difficulty of Network Intrusion Recovery
TLDR
A study of three significant compromises of a medium-scale network infrastructure as a way to expose the difficulties -- both technical and human -- inherent in intrusion recovery. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 87 REFERENCES
Password security: a case history
TLDR
The present design of the password security scheme was the result of countering observed attempts to penetrate the system and is a compromise between extreme security and ease of use. Expand
Who Goes There? A Dialogue of Questions and Answers About Benign Hacking
TLDR
On August 23, 1986, it was noticed that the accounting files for one of LBL's computing systems failed to balance, and word that an unauthorized person was attempting entry into a US Navy computer from LBL was received. Expand
The Best Available Technologies for Computer Security
TLDR
Past experience is summarized to guide developers on how to develop computer systems that can be trusted to enforce military security rules. Expand
ZERO KNOWLEDGE AND THE DEPARTMENT OF DEFENSE
The game is simple and apparently paradoxical: Prove you know something— an ID number, an access code—without revealing even a single bit of the information itself. The importance is obvious: fromExpand
A Comparison of Commercial and Military Computer Security Policies
TLDR
It is argued that a lattice model is not sufficient to characterize integrity policies, and that distinct mechanisms are needed to Control disclosure and to provide integrity. Expand
Reflections on some recent widespread computer break-ins
In the first weeks of September 1986, some number of UNIX” systems in the San Francisco area, and elsewhere on the ARPANET, were systematically penetrated by talented intruder(s). We believe that itExpand
Cryptography and Data Security
TLDR
The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. Expand
The UNIX system UNIX operating system security
TLDR
Some of the security hazards of the UNIX™ operating system are discussed, and ways to protect against them are suggested, in the hope that an educated community of users will lead to a level of protection that is stronger, but far more importantly, that represents a reasonable and thoughtful balance between security and ease of use of the system. Expand
Reflections on trusting trust
To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.
Inference Controls for Statistical Databases
TLDR
Some of the controls of the inference problem in on-line, general-purpose database systems allowing both statistical and nonstatistical access are surveyed, divided into two categories: those that place restrictions on the set of allowable queries and those that add "noise" to the data or to the released statistics. Expand
...
1
2
3
4
5
...