Mon Mar 8 18:21:50 PST 1999 — On Sunday, March 7th, at 1:15pm, an intruder gained superuser privileges on our shell server, Bolt.sonic.net. The intruder left a ‘backdoor’ program and a ‘sniffer’ program running. These were detected and shut down at 8:50pm.
Additionally, we’ve discovered (and closed) the security hole that was apparently used for the attack. We are continuing investigation to ensure that there are no other security holes that have escaped our notice.
Any users who’s passwords may have been compromised have been notified via email. Users who were using SSH or who were dialing up directly to the shell server were not compromised, only users who use telnet. For further discussions, please see the newsgroup news:sonic.net -Dane