Y2K gives some admins a security education

The threat of online assaults had IT staffs on guard, but midnight came and went without any serious security problems cropping up, according to experts monitoring systems.

"Nobody in their right mind would have tried to hack last night," said Mike Higgins, president of Para-Protect, a commercial security incident response company that lists large banks and high-technology firms among its clientele. "There were magnifying glasses on every single anomaly that took place with the network, and that alone would have caused whoever would have hacked to be caught very quickly."

Higgins said that, "if anything," his company saw less activity than usual last night. "The constant level of, if you will, hacker noise on the network went to a significant low for us."

The last 24 hours also were quiet for Stephen Northcutt, who did Y2K cyberattack monitoring for the Global Incident Analysis Centre, which is part of the System Administration, Networking and Security Institute (SANS). But all the increased monitoring and information sharing did serve to give Northcutt a heightened awareness of the "size and breadth" of a non-Y2K-related security issue involving remote procedure call attacks on Unix systems.

Northcutt said hackers have been trying to break in to Sun Microsystems' Solaris computers - and possibly other Unix-based computers - to plant software that will allow them to take control of those computers for some time.

"We don't know how long it has been this sophisticated. I have data going back two years, but I had no idea whatsoever of the breadth I was dealing with. In fact, I'm still coming to grips with it," he said.

"When I figured it was one or two attacks, it was 15 - and that's a long way to be off. That's what you call an education," Northcutt said. He added, "It's almost embarrassing that we didn't know before."

Another beneficial effect of Y2K monitoring was the increased awareness level among consumers and corporations regarding security issues, said Vincent Weafer, director of Symantec's AntiVirus Research Centre.

"We've got people thinking the right way, implementing the right software, asking the right questions," Weafer said.

"People will have new viruses next week, because traditionally at the beginning of January virus writers release them," Weafer said. But so far, he's seen nothing out of the ordinary and doesn't expect to see anything major in the short term. "Definitely not as bad as the doomsayers are saying," Weafer added.

Bill Pollak, a spokesman for the Computer Emergency Response Team in Pittsburgh, also reported no significant Y2K virus reports. "We're going to be watchful Monday and Tuesday, since a lot of people will be coming back to work. If there are virus outbreaks, they're more likely to make themselves known to us Monday and Tuesday."