EE News and Events

Teen 'Guest Hackers' in EE Linux Lab

Campus computer professionals listening attentively to the hacking presentation.

On Thursday, August 24th, two teenaged 'guest hackers' demonstrated digital intrusion techniques during a UW workshop on computer security held in the EE department's new High Throughput Linux Laboratory.

Computer professionals at the University of Washington got hands-on training in Internet security when a couple of teen-age cyber aficionados attempted to hack digital safeguards set up by the university.

Dave Dittrich and the hackers discuss security.
Alex and Sasha go to work.

The occasion was a half-day seminar, hosted by the UW Electrical Engineering department in the new Linux Instructional Lab in the EE/CSE building. The instructor was University Senior Security Engineer Dave Dittrich, who has worked with federal authorities in fighting malicious computer viruses. Dittrich was instrumental in identifying and decoding programs used earlier this year in the distributed denial of service (DDoS) attacks that crippled such Internet giants as Yahoo!, and eBay.

The guest hackers were Sasha Howard, 18, a recent high school graduate and summer employee in the Electrical Engineering department, and Alex Gallichotte, 15, who attends Garfield High School and is interning this summer in the department. During the seminar, Sasha and Alex exploited well-known security weaknesses and installed a "root kit" on the system.

Root kits are sets of programs (often called "Trojan horse" programs) that replace operating system programs. Root kits are designed to conceal what is happening on a system, allowing an intruder to work without tipping off the owner. When told that a system is compromised, system administrators are often tricked by the kits into thinking the system is clean and re-install it onto the network, while in fact the intruders still have control.

Re-installing the system also destroys evidence useful to the FBI in tracing the attackers. The need for better forensic analysis of compromised systems has become an issue in high-profile incidents. This course was designed to aid system administrators with training in forensic analysis tools and techniques to determine what has happened after a break-in.

Dittrich was assisted by Sekar Thiagarajan, EE department Manager of Computer Operations, and Jeff Silverman, Senior Computing Specialist in the department.

Read the Seattle Post-Intelligencer article about the workshop.