textfiles/news/hunt

             HOUNDING TEENAGE HACKERS
             DON'T PLUG THOSE
             LEAKY COMPUTERS


           12/10/84

             THE PETULANT BOYS AND GIRLS WHO PLAY IN THE SANDBOX CALLED
          THE U.S. SENATE GOT INTO ONE OF THEIR TYPICAL TEMPER TANTRUMS
          IN THE LAST HOURS OF THE 98TH CONGRESS THIS FALL. THEY WERE
          SO BUSY SHOUTING AND CALLING EACH OTHER NAMES THAT NOBODY
          SEEMED INTERESTED IN PASSING ANY LEGISLATION.
             IN DESPERATION, THE SENATE LEADERSHIP DECIDED THAT THE
          ONLY WAY TO MAKE THESE MATURE, RESPONSIBLE PUBLIC SERVANTS DO
          THEIR WORK WAS TO HOLD AN ALL-NIGHT SESSION. A LONG LINE OF
          COTS WAS SET UP IN THE CAPITOL CORRIDORS. BETWEEN CATNAPS,
          OUR ELECTED LEADERS VOTED ON BILLS AND AMENDMENTS. IN THESE
          ABSURD CIRCUMSTANCES THE CONGRESS PASSED AN ABSURD PIECE OF
          COMPUTER LEGISLATION.
             THE NEW CRIMINAL STATUTE EMPOWERS THE TRW, WHICH
          PRESUMABLY HAS NOTHING BETTER TO DO, TO SNOOP AROUND
          THOUSANDS OF COMPUTER "BULLETIN BOARD" SYSTEMS TO PROSECUTE
          COMPUTER "HACKERS" WHO ARE ALLEGEDLY ABUSING CORPORATE AND
          GOVERNMENTAL COMPUTER SYSTEMS FROM COAST TO COAST.
             THE PROBLEM, TO THE EXTENT IT IS A PROBLEM, IS THIS:
          THOUSANDS OF COMPANIES, SCHOOLS, AND GOVERNMENT AGENCIES HAVE
          TELEPHONE HOOKUPS THROUGH WHICH THEIR CUSTOMERS AND EMPLOYES
          CAN CALL A CENTRAL COMPUTER TO GET INFORMATION OR LEAVE
          MESSAGES.
             A COMMON EXAMPLE OF SUCH A SYSTEM WOULD BE A NATIONAL
          RETAIL CHAIN WITH HEADQUARTERS IN NEW YORK CITY. THE CHAIN'S
          DUBUQUE STORE CAN CALL THE COMPUTER IN NEW YORK TO PLACE AN
          ORDER, CHECK ADVERTISING COPY, OR WHAT HAVE YOU.
             EACH SYSTEM HAS SOME SECURITY ARRANGEMENTS TO FEND OFF
          UNWANTED CALLERS. TO GET INTO THE WASHINGTON POST'S NEWSROOM
          COMPUTER, FOR EXAMPLE, YOU NEED TO KNOW THE PHONE NUMBER, AND
          THEN TYPE IN TWO SEPARATE PASSWORDS -- KNOWN ONLY TO THE USER
          -- BEFORE YOU CAN BE CONNECTED.
             THERE HAS BEEN A PROBLEM OF COMPUTER HACKERS AROUND THE
          COUNTRY TRYING TO PENETRATE SOME OF THESE CENTRAL SYSTEMS.
          SOME HACKERS EVIDENTLY DISCOVERED A NUMBER AND A PASSWORD TO
          GET INTO THE TACO BELL COMPUTER, PRESUMABLY ENABLING THE
          INTRUDER TO ORDER 5,000 CASES OF HOT SAUCE OR SOME SUCH.
             THE MOST INFAMOUS INSTANCE TO DATE CAME EARLIER THIS YEAR
          WHEN SOME HACKERS OBTAINED A NUMBER AND PASSWORD ENABLING
          THEM TO RUMMAGE AROUND IN THE ELECTRONIC RECORDS MAINTAINED
          BY TRW INFORMATION SERVICES, A BIG CREDIT AGENCY THAT HAD
          NAMES AND CREDIT NUMBERS OF SOME 90 MILLION PEOPLE.
             ALARMED BY SUCH HAPPENINGS, OUR BENIGHTED CONGRESSPEOPLE
          ROSE FROM THEIR COTS AND PASSED A LAW MAKING IT A FEDERAL
          OFFENSE -- WITH UP TO A YEAR IN JAIL FOR FIRST OFFENDERS --
          TO GAIN "UNAUTHORIZED ACCESS" TO ANY PRIVATE OR GOVERNMENTAL
          DATA BANK CONTAINING PERSONAL OR CORPORATE FINANCIAL RECORDS.
             THIS LAW IS A CLASSIC CASE OF SHOOTING AN ICBM AT A
          MOSQUITO -- AND FIRING WIDE. EVEN IF THE SITUATION WERE
          SERIOUS ENOUGH TO BRING ON THE G-MEN, THE STATUTORY SOLUTION
          CONGRESS HIT ON CANNOT WORK BECAUSE IT IS AIMED AT THE WRONG
          PEOPLE.
             GRANTED THERE ARE SOME BAD APPLES OUT THERE IN HACKERLAND.
          FOR THE MOST PART, THOUGH, THE PEOPLE MAKING THIS
          "UNAUTHORIZED ACCESS" ARE 15-YEAR-OLD COMPUTER "PHREAKS" WHO
          ARE DOING IT SOLELY FOR THE INTELLECTUAL CHALLENGE. IT'S A
          KIDS' GAME. BUT NOW CONGRESS IS DISPATCHING THE FBI TO TRACK
          DOWN THESE EVIL MISCREANTS AND SHIP THEM TO LEAVENWORTH.
             THE REAL PROBLEM WITH "UNAUTHORIZED ACCESS" IS NOT THIS
          CORPS OF PRECOCIOUS KIDS TYPING AWAY AT THEIR COMMODORES BUT
          RATHER THE CORPORATE COMPUTER TYPES WHO DESIGNED THE LEAKY
          CENTRAL SYSTEMS THE HACKERS ARE INVADING.
             IT IS NO GREAT TRICK TO SET UP A COMPUTER SYSTEM THAT
          CAN'T BE PENETRATED. IF YOU CREATE A SERIES OF PASSWORDS,
          PROTECT THEIR SECRECY, AND CHANGE THEM REGULARLY, YOU CAN
          FRUSTRATE JUST ABOUT ANY UNAUTHORIZED INTRUDER.
             MANY OF THE SYSTEMS OPERATING NOW, THOUGH, TREAT SECURITY
          AS A JOKE. TRW, FOR EXAMPLE, SAYS ITS CREDIT RECORDS ARE
          GUARDED AS CAREFULLY AS POSSIBLE. BUT INFOWORLD MAGAZINE
          REPORTED THAT A "SECRET" TRW PASSWORD MAY HAVE BEEN PRINTED
          ON CREDIT REPORTS ROUTINELY GIVEN TO PEOPLE APPLYING FOR A
          CREDIT CARD AT SEARS, AMONG OTHER PLACES. IT SAID THE SAME
          PASSWORD WAS PASSED AROUND FOR MONTHS, BUT THAT TRW DID NOT
          BOTHER TO ISSUE A NEW ONE.
             A GARDEN GROVE, CALIF., CONSUMER NAMED BURT MAZELOW HAS
          SUED TRW FOR FAILING TO PROTECT HIS CREDIT RECORDS FROM
          SNOOPERS. WITHOUT PREJUDGING THIS PARTICULAR CASE, ONE CAN
          SAY THAT MAZELOW HAS FOUND A MUCH MORE INTELLIGENT APPROACH
          TO THE PROBLEM THAN OUR SLEEPY SENATORS CAME UP WITH.
             IF THE PROBLEM OF "UNAUTHORIZED ACCESS" IS TO BE STOPPED,
          IT'S PATENTLY OBVIOUS THAT CHANGES WILL HAVE TO COME AT THE
          CENTRAL-COMPUTER LEVEL. INSTEAD OF HOUNDING RAMBUNCTIOUS KIDS
          GIVING THEIR COMPUTERS A WORKOUT, THE GOVERNMENT SHOULD
          ATTACK THIS PROBLEM AT THE SOURCE: THE CORPORATE AND
          GOVERNMENTAL BUREAUCRACIES THAT HAVE BEEN TOO DUMB OR TOO
          CHEAP TO MAKE SURE THAT PRIVATE INFORMATION IS REALLY
          PRIVATE.