The attacks, which apparently compromised servers as recently as April 3, are currently being investigated, according to an advisory posted April 6 by the Information Technology Systems and Services (ITSS) group at Stanford.
"Stanford, along with a large number of research institutions and high-performance computing centers, has become a target for some sophisticated Linux and Solaris attacks," ITSS said in its Web advisory. "The attacker appears to be deliberately targeting machines in academic and high-performance computing environments, rather than attacking systems indiscriminately."
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
It is unclear when the attacks first occurred. The advisory listed one breach as occurring April 3. The unknown attackers use common password-cracking tools to gain access to any account on a server and then gain further access by using security flaws in the software.
"The perpetrators regularly gain access to an unprivileged local user account, presumably by sniffing passwords, cracking passwords from other compromised systems, or by triggering vulnerabilities in remotely accessible services," the advisory states.
Such local vulnerabilities, as they are called, have led toused to host Linux development and distribution in recent months.