The story behind the Novell hack story

There were a number of news stories recently about Novell's internal servers, including one posted at Computerworld under the headline "Novell server hacked".

It seems a security consultant in Virginia discovered that a client's site had been "scanned" a number of times by a machine whose IP address was traced back to Novell. At this point, the stories start to get confusing.

Most of the printed stories refer to the Novell server by saying: "The hacked system appeared to be running a mail server for a gaming site called, and the main game Web page for was hosted on a separate server that also belonged to Novell." Both statements are wrong, according to Novell's PR and a search on Google cache.

The site was hosting a discussion board (with very limited membership) for some participants (who may all have been Novell employees) in the "World of Warcraft" game. There was no "game server." The compromised server was another one, which was currently not used for any particular activity. Both are considered lab or test servers and are outside the Novell corporate firewall. It's also unclear whether the discussion board was within the bounds of Novell's corporate terms of use policy.

Still, scanning other people's computers should be considered "bad" behavior.

There are other confusing aspects to this story, though. A search on the domain at Google reveals that, at least at some point, this domain hosted the "official" home of Brigham Young University Athletics. It's unclear if this was the actual domain BYU used, or was simply a mirror site set up without the university's knowledge. But it was active at least as late as last December.

The domain was registered by Novell back in 1998 (by a man named "Bruce Wayne," who knew the caped crusader toiled away in Provo?). It was set up (presumably by folks in Novell's IT department) as a "proof-of-concept": an ISP running entirely on NetWare. Novell employees who applied for them were given accounts on the server and allowed remote access. But the documents describing the server (found by digging through the Internet Archive) specifically say: "Neticus is not a production corporate remote access system, nor is it a production Web server. It is a development, testing and design lab."

While the testing was ended in 2000, evidently the server stayed up and many people had access. It's unclear (i.e., Novell isn't talking) when it was first used to host the gaming discussion, but it's something any of the account holders could have set up. The testers provided a full-service ISP to their clients, including (according to the Internet Archive documents):

  • Dial-Up Internet Access - "We support analog modem speeds up to 56k (V.90) and ISDN. We have POPs in Orem/Provo and San Jose."
  • E-Mail - "We support SMTP & POP3/IMAP4 e-mail clients. And for those who would rather not bother with a client at all, we offer WebMail."
  • Web Browsing/Hosting - "In addition to vanilla Web browsing, we offer accelerated browsing via a proxy server, and we also host users' home pages."
  • Usenet News - "Alternately described as godless anarchy and/or the ultimate expression of freedom of speech, Usenet News consists mainly of millions of college freshmen telling each other that they 'suck.'"

The technologies used on the server were listed as:

  • NetWare 5
  • BorderManager Enterprise Edition 3.5
  • Netscape Enterprise Server for NetWare
  • Novell Internet Messaging Server 2.1
  • DNews for NetWare

My conclusion? With all of the changes and layoffs, Novell lost track of these servers and one or two (current or former) disgruntled employees took advantage. It's unfortunate, and a real black eye for a networking company, but it isn't a major story in the greater scheme of things.

The administrator of the Neticus ISP test, by the way, was listed as Grettir Asmundarson (a pseudonym) whose personal Web site describes "him" as "ne'er-do-well, sluggard, and wastrel" (but no mention of being a gamer). Grettir is also the listed author of the"Beige Papers", Novell IT's documentation of the company's upgrade to NetWare 5 and a very interesting read for network managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about GoogleNovellVIA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dave Kearns

Latest Videos

More videos

Blog Posts