Using two security programs, administrators at Dartmouth Computing Services broke into College students' COOS accounts and disabled the accounts for security reasons last month.
COOS is the name of Dartmouth's UNIX computer. UNIX is a computer operating system.
Students can use COOS to connect to the Internet, an international information sharing network composed of businesses, universities and research labs.
Students log on to the COOS computer and use UNIX commands to send and receive electronic mail and "talk" to students at other Internet sites around the world, said Peter Schmitt, UNIX systems specialist at Computing Services.
Computing Services has two programs to protect the 1400 student COOS accounts against break-ins, Schmitt said.
The first program, COPS, tells Computing Services how safe individual student's files are.
The second program, Cracker, is run monthly by Computing Services.
Computing Services tries to crack the passwords of students' COOS accounts in order to guarantee the password cannot be solved by people outside Dartmouth attempting to break into the College's computing system, Schmitt said.
Cracker has a dictionary of over 100,000 words that it compares to an encrypted list of UNIX passwords that it obtains from the COOS computer, Schmitt said. It uses both upper and lower case words, as well as French and German.
In a fifteen minute run in December, Cracker decoded 20 passwords that provide access to student's accounts in the COOS system, Schmitt said. The program discovers about 36 passwords every time it is used.
"People seem not to be convinced that we can crack their passwords," Schmitt said. "So they enter them in lower-case instead of capitalizing the first letter."
Examples of bad passwords include any words that are contained in a dictionary, proper nouns, variations of first or last names, or any information easily obtainable through public channels, such as a phone number, Schmitt said.
Good passwords include a combination of mixed letter cases, punctuation and numbers, Schmitt said. Examples of good passwords are "no1home!" or "uRnot4me".
Once Cracker has broken into a College student's COOS account, Computing Services disables the account and notifies its user that the password has been discovered.
"Once we have cracked your password, we must assume that other people can crack it," Schmitt said. "If your account is available, it opens up COOS for other people."
Schmitt said once hackers have the password to one account, they can place files in COOS that allow them access to other accounts without passwords.
The owner of the disabled account must come to Kiewit Computation Center to have a new password installed, Schmitt said.
"COOS is only as secure as the passwords," Schmitt said. "We're trying to alleviate that by installing new security measures."
This past summer, over 100 people broke into the College's UNIX system, Schmitt said.
Rich Brown, manager of special projects for Computing Services, said the BlitzMail system, unlike COOS, cannot be broken into unless a hacker knows a specific password.
"If you don't know an individual password, then it's difficult to break into BlitzMail," Brown said. "A hacker would have to know the account for maintaining the BlitzMail servers."
There is no evidence of someone ever breaking into the BlitzMail system, Brown said.
In the Fall term, someone impersonating a government department secretary sent a false e-mail message to students in Government 49 telling the students that their midterm was postponed.
Brown said Computing Services does not have enough information to catch the perpetrator, but they are sure the impersonator was not using BlitzMail. Instead, the hacker was using one of several shareware electronic mail programs, he said.
Brown said he suggested students change their BlitzMail password at least once a term.
