We've learned about computer security- or insecurity- from the movie
"WarGames," which shows that an American kid with a computer can bring the
Pentagon to its knees, and from Pentagon kid Col. Oliver North, who was brought
to his knees by his computer.
So the question arises: Are these things safe? Is "computer security"
an oxymoron, a phrase that combines mutually exclusive concepts.
Let's consider the terrifying side of the questions, as emboidied in
"WarGames," where a teenager uses his home computer to crack the access code
of a Pentagon computer and nearly triggers World War III.
Yes, there are kids (and adults) who make a hobby of intruding on large,
corporate computers through telephone access ports. (They're often called
"hackers," which in the computer field indicates anyone who approaches his job
as if it were an intricate puzzle.) Some maintain computer bulletin boards
to exchange information with other hackers.
"There are probably about 200 dangerous hackers in the country," said
John Maxfield, a computer security consultant in Southfield, Mich., who
follos the hacker community. "Most are thrill-seekers - the joy-rider
mentality, but with a computer.
"A boy will usually get started through software piracy [copying
software without buying it] and will access the hacker boards to exchanges
programs," using names such as Fatal Error, Glitch or Agent Steal, Maxfield
said. "The danger sign is that suddenly, he has hundreds of floppy disks.
"Often, the parents will complain to him about the large long-distance
bill he has rung up. The next month, the bill's back to normal and the parents
are happy, but what it means is that the boy is now engaging in long-distance
toll fraud as well. The next danger sign is the sudden appearance of new
computer equipment that he could not have afforded; he'll say he won it at a
drawing at the computer store."
He probably bought it with a stolen credit card number, acquired in
nighttime forays into corporate dumpsters, where hackers look for discarded
computer manuals and often find credit-card sales slips.
Lest we sound sexist, Maxfield said girls are heavily represented in
toll-fraud cases and in cor invasions by "hackers"
armed only with push-button telephones. (A voice mail system is sort of
multiuser computerized answering machine. About all you need to invade it is
a knowledge of the system and a push-button phone.)
"They're just not concerned about the consequences of their actions"
said Maxfield of hackers in general. "And when they're caught, they usually
fall all over each other turning in their friends. The courts are usually
too lenient, but then again, what are you going to do with a 14-year-old?"
On the other side, you could not say that hackers are a flood tide
threatening to swamp the nation's computers. For instance, BIX (Byte
Information Exchange), a national computer bulletin board run by Byte
Magazine out of Peterborough, N.H., advertises in magazines by giving
partial instructions for logging into the system. You'd think the ads would
be an invitation to hackers, who would simply have to guess a valid password
and a user name.
"But to my knowledge, no one has ever hacked their way into the system,"
said George Bond, executive editor of BIX. "The problem has been people
registering with stolen credit-card numbers. To me, it has been a real
object lesson about tearing up your carbons [of credit card sales slips]."
So if the hackers' fixation is on credit-card numbers, you'd think they
would crack into the computers of TRW Inc.'s Information Services Division in
Orange, Calif. TRW, the nation's leading supplier of credit reports, has files
on about 138 million Americans.
These files provide the credit status of a stolen card number and show
the numbers of the victim's other cards. Various credit bureaus and
merchants make about 400,000 inquiries a day into the files, largely over the
kind of dialup connections a hacker could exploit.
But TRW polices the traffic-using software that tracks the usage pattern
of each subscriber and looks for things that don't fit, said Bill Tener,
director of operational and regulatory compliance for the division.
"We've never had anyone hack their way into the system," Tener said. "Most of the intruders we have followed already knew an access code and were masquerading as a legitimate subscriber. Two such scases a month is the most we've had."
These have included private investigators, Tener said, certain "credit
clinics" trying to appear legitimate and employees in subscriber's offices
sneaking a peek after hours. In other words, people who have acquired inside
information.
The insider is always the main source of danger, said Donn B. Parker, senior management consultant at the research firm SRI International in Menlo Park, Calif. He has examined more than 2,000 computer crimes in the last 18 years.
"The biggest form of loss is insider embezzlement," Parker said.
"The increased complexity that computer add tends to limit the crimes to
insiders. And the most common method is the modification of data before it goes
into the computer."
In other words, cooking the books to cover what you've purloined.
The situroving as tomp management comes to understand
computers better, he said. "Computers can be made more secure than manual
systems, using passwords, encryption and data access controls. Most business
take most of the measures. But security is a relative thing- and with computers
the stakes can be higher."
"Viruses" also cause problems. These are programs written by vandals,
designed to destroy data and distributed on computer bulletin boards under
innocent disguises. This has been going on for years, Parker said, but a rash
last fall in San Franciscon Bay area caught media attention.
And the computer is never insecure when you need it to be, as Nort found
during the Iran-Contra hearings. He had tried to cover his tracks by deleting
memos from his office computer, but later found that some helpful person
had been making backup copies of everything, just in case.
And if North's case reverses the usualy complaint about computer
security, perhaps that just shows that computers have come of age.
