|
[%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%] [ ] [ The Great Satellite Caper ] [ ] [ Typed by: ] [ Silent Rebel ] [ * ] [ ( 40 columns ) ] [ ] [%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%] Taken from: Time magazine July 29, 1985 The Great Satellite Caper Hackers' arrests point up the growing problem of system security ---- It started innocuously enough: a credit card customer in Connecticut opened his monthly statement and noticed a charge for a piece of electronic equipment that he had never purchased. By last week that apparent billing error had blossomed into a full-fledged hacker scandal and led to the arrest of seven New Jersey teenagers who were charged with conspiracy and using their home computers and telephone hookups to commit computer theft. According to police, who confiscated $30,000 worth of computer equipment and hundreds of floppy disks, the youths had exchanged stolen credit card numbers, bypassed long-distance telephone fees, traded supposedly secret phone numbers (including those of top Pentagon officials) and published instructions on how to construct a letter bomb. But most remarkable of all, the first reports said, the youngsters had even managed to shift the orbit of one or more communication satellites. That feat, the New York Post decided, was worth a front-page headline: WHIZ KIDS ZAP U.S. SATELLITES. It was the latest version of the hit movie WarGames, in which an ingenious teenager penetrates a sensitive military computer system and nearly sets of World War III. Two years ago, for instance, the story was re-enacted by the so-called 414 Gang, a group of Milwaukee-area youths who used their machines to break into dozens of computers across the U.S. The New Jersey episode assumed heroic proportions when Middlesex County Prosecutor Alan Rockoff reported that the youths, in addition to carrying on other mischief, had been "changing the position of satellites up in the blue heavens." That achievement, if true, could have disrupted telephone and telex communications on two continents. Officials from AT&T and Comsat hastily denied that anything of the sort had taken place. In fact, the computers that control the movement of their satellites cannot be reached by public telephone lines. By weeks end the prosecutor's office was quietly backing away from its most startling assertion, but to most Americans, the satellite caper remained real, a dramatic reminder that for a bright youngster steeped in the secret arts of the computer age, anything is possible. Says Steven Levy, author of Hackers: "It's an immensely seductive myth, that a kid with a little computer can bring a powerful institution to its knees." Last spring postal authorities traced the Connecticut credit card purchase and a string of other fraudulent transactions to a post-office box in South Plainfield, N.J. Someone was using the box to take delivery of stereo and radar-detection equipment ordered through a computerized mail-order catalog. The trail led to a young New Jersey enthusiast who used the alias "New Jersey Hack Sack" and communicated regularly with other computer owners over a loosely organized network of electronic bulletin boards. A computer search of the contents of those boards by Detective George Green and Patroman Michael Grennier, who is something of a hacker himself, yielded a flood of gossip,advice,tall tales, and hard information including excerpts from an AT&T satellite manual, dozens of secret telephone numbers and lists of stolen credit card numbers. The odd mix was not unique to the suspect bulletin boards. Explains Donn Parker, a computer crime expert at SRI International in Menlo Park,Calif.: "Hacking is a meritocracy. You rise in the culture depending on the information you can supply to other hackers. It's like trading bubble gum cards." Some of the information posted by the New Jersey hackers may have been gleaned by cracking supposedly secure systems. Other data, like the access numbers of remote computers, were probably gathered automatically by so-called demon dialers, programs that search the phone system for on-line computers by dialing, in sequence, every phone number within an area code. "In some cases it takes a great deal of skill and knowledge," says Parker. "In others it's as simple as dialing into a bulletin board and finding the passwords that other kids have left." And sometimes it is even simpler than that. Two of the New Jersey youths admitted that at least one of the crYVcard numbers they used had come not from a computer but from a slip of carbon paper retrieved from a trash can. No matter how mudane, the actions of the New Jersey hackers have again focused national attention on a real and growing problem: how to safeguard the information that is stored inside computers. Americans now carry more more than 600 million credit cards, many of them allowing at least partial access to a computerized banking system that moves more than $400 billion every day. Corporate data banks hold consumer records and business plans worth untold billions more. Alerted to the threat by earlier break-ins, corporations and government agencies have been moving to shore up their systems. Many have issued multiple layers of password protection, imposing strict discipline on the secrecy of passwords and requiring users to change theirs frequently. Others have installed scrambling devices that encode sensitive data before they are sent,over the wires. Audit trails make crime detection easier by keeping a permanent record of who did what within a system. Dial-back services help keep out unauthorized users by recording each caller's ID number, disconnecting the call and then redialing only that telephone number authorized by the holder of the ID. All told, U.S. business spent $600 million last year on security equipment and software. By 1993, according to Datapro Research, security expenditures could exceed $2 billion annually. In addition to the cost,these measures tend to make the systems harder to use, or less "friendly," in the jargon of the trade. But computer operators who like to keep their systems casual may be courting trouble. Says SRI's Parker: "These are reasonable, cost-effective steps that managers who don't use them pretty much deserve what they get." -By Phillip Elmer-DeWitt Reported by Marcia Gauger/New York and Stephen Koepp/Los Angeles [%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%] [ ] [This was a production of Silent Rebel] [ ] [%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%/%]