a269  1924  21 Jan 89
BC-APN--Hackers-II, ADV 05-1st Add,0928
$Adv05
AGENCIES AND RADIO OUT
For release Sun., Feb. 5
MENLO PARK, Calif.: that technology.
    Hackers resent guilt by association with computer viruses. They call
people who spread them or commit evil computer deeds ''crackers.''
They think crackers deserve jail as an example.
    Most computer crimes are done not by hackers but by company
insiders, according to BloomBecker's last survey in 1986. ''And they
were far less sophisticated than hackers,'' he notes.
    Nonetheless, there may be as many as 8 million personal computers in
the United States. Worldwide sales of PCs in 1986 were $50.9 billion.
So a lot of people have new toys.
    ''Technology draws people to play with it,'' says Don Ingraham, an
assistant prosecutor in Alameda County, Calif., who specializes in
computer crime. And a lot of kid hackers ''gum up the works'' because
they don't know any better, Mandel says.
    Morris, a hacker whose father was at Bell Labs and is now a
computer security expert with the National Security Agency, may have
had only an elegant prank in mind. But he made a mistake with his
worm, and it ate up disks.
    Hackers who sign off on computer bulletin boards as Crimson Death,
Phantom Phreaker, Nightstalker add a darker dimension. Dave Flory,
who heads the fraud unit for the San Jose police, cites studies and
experience that indicate that 2 percent of the population are
sociopathic and 1 percent of them criminally so. They tend to be
brighter than average and younger males, as are those intrigued by
computers. Flory leaves the inference standing.
    But when does hacking become cracking? 
    A hacker has been breaking into Flory's police bulletin board and
says he won't leave unless the cops pay his phone bills to play
long-distance computer games.
    ''That's extortion,'' says Flory. San Jose cops caught two
teen-agers in a phone booth trying to hook up a laptop to a phone.
    ''They were in it for the sexual thrill of knowing secrets,'' says
Flory. But it's also attempted theft from the phone company.
''They'll probably get three months at the most.''
    ''Generally, the punishment does not fit the crime,'' Donn Parker
believes.
    There are a great many gray areas. When a 15-year-old Cupertino boy
got into the Stanford University computer to change grades Stanford
stored for high schools as a community service, what's that? A prank?
Illegal entry?
    What is it when somebody has invaded your computer so that a nude
woman begins appearing as you're doing your income tax, leaving you
with the message: ''You should be doing something better than looking
at this trash''? Or the Cookie Monster that stopped your computer
until you wrote out ''C-O-O-K-I-E'' to its request ''I want a
cookie?'' Are these viruses jokes? Invasions of privacy?
    ''Hackers know where the line is,'' says Jef Poskanzer, a
30-year-old Berkeley hacker and software programmer.
    ''Maybe,'' says Flory, ''but a guy  who wouldn't come at you with a
knife may harm you with a computer because it's impersonal. He won't
see blood.''
    ''Someone could pirate your technology, and it's not valuable to you
for eight years until the research pays off. How do you quantify the
loss?'' asks Koenig. ''What is the value of intellectual property?
We're still struggling with this.''
    If a hacker in Ithaca, N.Y., does damage to computer data in
California, has he violated California criminal laws against
unauthorized access? ''It's like a guy upstream dumping pollutants in
a creek,'' says Ingraham. ''The guy downstream who waters his stock
in the creek has a case. But our national laws are inadequate.''
    Computer technology moves so fast the laws lag behind. It's like the
early days of the Old West. Cattlemen moved in and grazed their herds
on open range just as hackers used to browse unhindered in
computerland. Then the sheepmen arrived and put up fences. Range wars
resulted until the law could set guidelines.
    ''We don't teach breaking and entering in architectural school.
Don't teach aspects of cracking in grade school,'' says Ingraham.
''It's the same thing.''
    Parker believes schoolchildren should be taught computer ethics just
as they are taught computer use.
    ''We teach driver education because there is an obligation to tell
kids  what the law is before we send them out on the road.''
    For the criminal, to whom ethics are immaterial, the computer has
been a bonanza. ''Today you can commit a crime in Berkeley from Oslo
if you wanted,'' Ingraham says. Jesse and Frank James had to have
horses and Colt .45s and a bag for the swag to rob a bank. Today you
don't even have to be present at the bank. The loot's on tape.
    The technology has exploded to the point, Parker says, where the
thief is confronted with a new problem: how much to take. ''The smart
criminal steals below the pain threshold of the victim. To avoid
embarrassment, the company may just say take your money and go. But
the thief still has to take enough to get to Rio or hire a good
lawyer if he doesn't make it.''
    Computers save prostitutes the cost of a pimp. They book customers
via bulletin boards. Ingraham rarely sees a drug bust where the
dealers don't keep track of business on computers.
    The only secure computer is one still in the box it came in or one
that never talks to another. Any further security is manmade and,
therefore, fallible.
    MORE
 
 
AP-NY-01-21-89 2204EST
***************

a270  1938  21 Jan 89
BC-APN--Hackers-II, ADV 05-2nd Add,0845
$Adv05
AGENCIES AND RADIO OUT
For release Sun., Feb. 5
MENLO PARK, Calif.: therefore, fallible.
    There was a popular game in Europe called ''Leisure Larry in the
Land of the Lounge Lizard'' that had a virus in it. The virus began
showing up in banks because employees were turning onto Larry on the
Q.T. Suppose Larry's virus had said, which it didn't: ''Eat all
records?''
    Employees at an American nuclear power plant were caught playing a
game disk in idle time. Suppose hidden in the game was a worm that
said, in effect: ''Drink juice?''
    Two brothers in Lahore, Pakistan, in 1985 intentionally planted a
virus in software they sold as a lesson to people who pirated disks.
The virus made its way to the United States where it destroyed, among
others, six months worth of notes stored by a reporter in Providence,
R.I. 
    The first defense against criminals or computer germs is the
password. ''I can guess about a quarter of them,'' Poskanzer
estimates.
    ''Too many people are lazy,'' Flory has decided. ''They pick their
middle name or their street or their alma mater or a pet.''
    ''Just call up somebody's secretary and innocently ask the names of
the person's children,'' says Koenig.
    With their built-in speed, computers can fire off a limitless array
of possible password combinations. One new wrinkle delays accepting a
second password for l5 seconds after an improper one is rejected.
    ''This probably deters anybody who is just fishing,'' Koenig says.
''It takes them more time than it's worth.''
    Computers can also be secured by scanners for fingerprints, voice or
even eyeballs, no two being alike. But these cost money.
    ''You can install a $35,000 identification device but, if a company
has l00 terminals, say, can the expense be justified?'' asks Koenig.
    A New York bank requires senior officers to sign off on money
transfers. The Pentagon says its vital computer nets are secure. But
so did armored knights until the crossbow came along and crossbowmen
until the musket was invented and riflemen until the tank appeared.
Offense vs. defense, yin and yang, technology marches on.
    ''At some point maybe we will be able to say that 99 1/2 percent of
computers will be vaccinated against viruses,'' says Koenig. ''Then
somebody will invent something to get around it. Security is a growth
industry.''
    Yellow pages are flowering with new companies that will vaccinate
your systems or sanitize them after contamination.
    Security is proportional to the desire of the unauthorized to peek
through the keyhole of a computer system. There's all that computer
talk in space bouncing off satellites. The Soviet Union intercepts
America's, America intercepts the Soviet Union's. Computers attack
the codes. Search out any references to B-l bomber. A cabinet report
says so and so wasn't at a meeting Tuesday. Why? What are the
capitalists selling wheat for? Shell wants to know who struck oil on
the North Slope. Or hasn't.
    Somebody's classified computer talk is only idle chitchat if it
lacks the possibility of giving you a leg up. Or a hand in your
pocket.
    The stakes are high. For the individual: virtually his entire fiscal
profile is on computer tape somewhere. He signs off on a bulletin
board for three weeks. A burglar knows his house may be empty.
    Parker calls them crimoids, waves of computer malfeasance that come
and go like hemlines as thieves, exporters and the like learn new
technology.
    ''Criminals are too lazy to hack, but hackers aren't, and word gets
around.''
    Crimoids to come: Porn by fax? Extortion by threat of personal harm?
    The stakes at the national level: blackmail by virus? Sabotage?
    ''There's a potential for disaster,'' says Flory.
    About seven years ago, a New York bank made a 10 percent error in
reporting money in circulation, Parker recalls. ''A guy at the
Federal Reserve overlooked the mistake. For over three weeks the
amount of money in circulation was wrong. The paper loss in
securities was over $3 billion.
    ''Now suppose a foreign power gets into our computers that determine
our economic indicators so that they're wrong for a couple of months.
The Russians wouldn't do this, but some Third World country that sent
a computer scientist to MIT and who went back to the pigs and
chickens might. It could crash our economy. If the breakdowns
continued, we might lose faith. It could become a question of
national resiliency.''
    Parker, a tall, droll man who looks like everybody's favorite uncle,
was not smiling.
    It has already happened, somewhat. In 1979 the Red Brigades in Italy
said computers were the heart and mind of industrial society and
should be targeted for attack. Some 60 computer installations in
Europe have been raided since. The logic stored in the machines has
not. Yet.
    ''We can't go backward if we want to remain a competitive society,''
said Dave Flory. ''But our system is vulnerable.''
    END ADV
 
 
AP-NY-01-21-89 2219EST
***************