Msg # 583 Dated 09-13-84 06:27:16 From: DON BEILFUSS To: CONFIDENTIAL Re: BOARD CRASHING Bob, and others: First of all, thanks Bob for helping the other evening with my board crashing problem. I have spent considerable time on the data and this is what I have concluded. 1. Someone using the name, Walter Koenig, uploaded a file called STARS3.EXE to my board. (the Trojan Horse, if you will) 2. Within the next day, I had executed the program to see what it was. 3. It creates a starfield background that could be used as part of a game, like STARTREK. 4. One of the program's actions is to copy RBBS-PC.DEF to RBBS-PC. 5. 24 hours after uploading, Walter logged on again and downloaded RBBS-PC (I didn't even know it was there) 6. Within 4 minutes, a call came in with the user identifying himself as a Remote Sysop. 7. During this call, he used Sysop #8 to give a user sysop level access. 8. Naturally, after he escaped into DOS, he listed my password file, deleted the RBBS-PC file, and did what ever else someone like this does for cheap thrills. See next message... Msg # 584 Dated 09-13-84 06:35:22 From: DON BEILFUSS To: CONFIDENTIAL Re: BOARD CRASHING CON'T 9. The username that he used for subsequent logons was Moe Greene. I took the following action. I changed all of the Sysop functions to require a higher level of access than the Sysop is granted on logon. This appeared to stifle his access to DOS, but I did a few more things to help insure the system. 1. I downgraded all special users to normal access levels. 2. I changed all of my passwords on Files and Groups 3. I changed the name of my password files. 4. I patched my RBBS-PC.EXE file to use a different filename for configuration. Norton works well for this. 5. I put all restricted functions at security levels far beyond the Sysop Access Level. 6. I altered my directory structure to reflect a more concise restricted area for the BBS in that particular background partition. 7. I left both usernames on the system with levels below minimum and a message for both Walter and Moe. See next message. Msg # 585 Dated 09-13-84 06:43:09 From: DON BEILFUSS To: CONFIDENTIAL Re: BOARD CRASHING CON'T This morning when I checked the system, Moe had been on again and this time he left a message that RBBS had a large hole in it and he had "taken my system". During the evening two days ago, I caught him using the system identified as one of my friends. I knewthis because my friend was out of town on vacation, but obviously he didn't know that. We chatted at bit and I definitely proved it was a masquerade through one or another false statements that my friend would not have been tripped up on. Also the typing skills and vocabulary were that of some- one in junior high instead of an adult technical specialist. One last note, anyone who reads this message and uses the Astrix Computer System has had their password compromised. If you are in the habit of using the same password on all of the boards that you frequent, you may want to start using a different one.