Hackers attack Outlawnet

Computer hackers attacked Outlawnet last week, bringing the local Internet service provider nearly to a standstill for several days.

The FBI is conducting an investigation, according to Outlawnet administrator Jon Renner.

Renner said hackers first entered the system at 7:16 a.m. on Monday June 7.

"At that point they got into one of our servers using a password without authorization. They established a shell account of their own, allowing them to install a new user," said Renner.

Renner said it appeared the hacker(s) exploited a "hole" in one of the server's security programs. Renner said Outlawnet has the latest and best in security software, but that this is a technology that is constantly changing.

"Our security is excellent, however not perfect, as we have discovered. We are current with the latest patches and fixes."

All Internet service providers are vulnerable, Renner said. Outlawnet is actually a fairly poor target, "because we are so small and don't offer any major economic reasons to try to break in," Renner said.

The attack was first noticed on Tuesday, June 8, about lunch time. "I had some of my students come to me and tell me they couldn't find their own web pages," Renner said.

The hackers had deleted over 3,000 files, all of those for the school, on the Linux server. Fortunately, there were backups.

Initially, it was nearly impossible for Outlawnet technicians to even access their other main server, the "Sun" computer. From off-site, the hackers had almost succeeded in disconnecting that unit from the keyboard and input devices. "It was very difficult to use from the console. They removed most of the maintenance programs," said Renner.

At the same time, that computer was working for the hackers, Renner said. "They also installed a mail relay system, which made us a mail relay station for an outfit in Germany."

Renner does not think the attack came from the German firm, because the risk a legitimate firm would face in authoring such an assault would far outweigh any potential gain.

As the attack progressed, and was fended off, access to Outlawnet services by customers was intermittent and slow.

Some local users, especially those in Black Butte and Camp Sherman, were unable to get on-line on Thursday. Because of marginal phone service, those customers have to use the server that was most heavily damaged, according to Renner.

By Sunday at about 1 p.m., both servers were back in full service and the destroyed files were replaced with backups in the fully redundant system.

The repair bill will be thousands of dollars, according to Renner, for software repair, reinstallation and reconfiguration.

But on Monday, Outlawnet phones were still tied up.

"The other thing that hurts us, this is a service business. Our phones have been busy for hours as we help customers recover from this. That's a serious issue," Renner said.

Most of that work involved reassuring customers that Outlawnet still works and helping customers undo the things they tried to do to get access.

On Monday afternoon, June 14, Renner learned that the FBI would open an investigation to apprehend the hackers. Renner was told by the FBI that the attack on Outlawnet will qualify as a Class "C" Felony.

"We are going to aggressively pursue this. When Outlawnet has trouble, it is not just our commercial customers, but all the school-based stuff that we do. We have to remain afloat.

"I personally hopes the FBI finds this person and makes an example of them," Renner said.