"The Game Is Up" (p. 46, Jan 1984)

[lee at ut-ngp.ARPA]

From:  Bill Lee <lee at ut-ngp.ARPA>

I can't remember where Brian Reid posted his account of the UCLA computer
break-in but this will certainly be of interest to Unix-Wizards. A much
more detailed account of the break-in is in the January issue of "California"
magazine. It details the escapades of Kevin and Ron as they scamper around
the Arpanet and generally make a nuisance of themselves. There are numerous
references to bits of Unix lore, including an example of a conversation you
might hear between wizards, namely "My God! he's copying shells into a file
called twiddle somewhere slash dash dot dial user!". It is interesting reading
and probably has some lessons for everyone. It may not be 100% accurate
but it's a scenario that could happen on (probably) a number of Unix systems
on the net (if they can do it to UCB, they can probably do it to someone else).
There are enough details of what happened for you to figure out what they
actually did and how. The bottom line is the almost universally absymal
password security at most sites. One of the examples cited was an account of
"ucb" with a password of "ucb" (I assume that the password on this account has
been changed by now). This ranks along with the "test" account with "test"
as a password that allowed the Sloan-Kettering break-in. Whether the article
is completely accurate reporting or not, it provides a valid object lesson
that system administrators should note.

p.s. The january issue is the one with Ronald Reagon, Queen Elizabeth, and
Mr. T. on the cover.