In a small, one-bedroom flat in the working class city of Kharkiv, in the former Soviet Union, Dmytro Kozel was surfing the Internet for universities and colleges in the U.S. As a young student in the Ukraine, Kozel had more than a passing interest in advanced education. But he wasn't interested in enrolling in online classes; tonight, he wanted to break into the network of a large U.S. state university.
The university was using a Linux Unix machine and Kozel entered the server by establishing a "null session." Null is a Microsoft utility that allows services to communicate with one another without user passwords or identification. By logging on as null, he was able to capture everything he wanted to exploit: password files, user accounts and network services. None of his actions were logged or tracked by the server.
He began copying user names and found the name "backup." He tried a guessed password, "123456" (studies have shown that even the most diligent IT professionals use a simple "backdoor" password at some point). Once he had obtained entry, he grabbed the encoded passwords and submitted them to an open-sourced password-cracking tool freely available on ?the Web.
Recommended For You
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
