oversight

Computer Intrusion

Published by the National Science Foundation, Office of Inspector General on 1999-09-30.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                                 NATIONAL SCIENCE FOUNDATION
                                      4201 WILSON BOULEVARD
                                                                                     . -,,v   A




                                     ARLINGTON, VIRGINIA 22230




        OFFICE OF
   INSPECTOR GENERAL


MEMORANDUM

Date:            September 30, 1999




On Monday May 24,1999 NSF                                                 lectronically notified
our office that on the late
              development server.
- --     .
following:




       An intruder gained entry into the development server reserved or
       Accordingly, the intruder used the Front-Page extensions to rem
       is a common ]\IT bug.

        w e w of the development server revealed that two home page sites contained nude
       photos and no other NSF systems were accessed. The I                 d no entries after
       4/16/99, a date before the incident was discovered.

       The development server was powered off as soon as NSF learned of the intrusion.

Investigation:

On June 4, 1999 several OIG and DIS employees met to discuss several of the recent computer
intrusions, including th                          ]We concluded that the intrusion
                                                                                                   I
                                                                        1             Page.

breached the Firewall and it was and
                                   -ue                to the weak security and software bugs
inherent in the NT machine development server.

                                                o further discuss the recent intrusions and briefly



Findings:




Because the default home pages had been left on the system and the file system appeared to be
intact, no damage resulted. However, the intrusion did breach the NSF Firewall Network and
thus, posed a risk to systems within the Firewall Network.

Given the lack of evidence to identify any'intruder/s and the lack of damage to the system, we
have decided to not go forward in this case. This case is closed.  ..   .