99 lines
5.9 KiB
Plaintext
99 lines
5.9 KiB
Plaintext
COMPUTER RAIDERS HIT BIG CREDIT FILE
|
|
|
|
|
|
|
|
06/22/84
|
|
|
|
COMPUTER BUFFS USING HOME TERMINALS HAVE BROKEN INTO ONE
|
|
OF THE LARGEST CONFIDENTIAL DATA FILES IN THE WORLD. THE TRW
|
|
INFORMATION SERVICES DIVISION'S COMPUTERS HOLDING CREDIT
|
|
HISTORIES OF 90 MILLION PEOPLE.
|
|
THE SYSTEM WAS ENTERED AFTER SO-CALLED COMPUTER HACKERS
|
|
GOT ACCESS TO A SECRET PASSWORD AND A MANUAL ON THE SYSTEM'S
|
|
OPERATION. THE PASSWORD LEAKED OUT MORE THAT A YEAR AGO, BUT
|
|
TRW OFFICIALS WERE NOT NOTIFIED UNTIL TWO WEEKS AGO.
|
|
TRW INFORMATION SERVICES IS A CREDIT BUREAU THAT TRANSMITS
|
|
OVER TELEPHONE LINES SUCH INFORMATION AS CREDIT HISTORIES,
|
|
EMPLOYMENT RECORDS, BANKRUPTCIES, LOAN DELINQUENCIES AND
|
|
SOCIAL SECURITY NUMBERS. THE SERVICE IS USED BY MORE THAN
|
|
24,000 SUBSCRIBERS, INCLUDING BANKS AND DEPARTMENT STORES,
|
|
AND CAN BE REACHED FROM MORE THAN 35,000 LOCATIONS.
|
|
TRW OFFICIALS SAID THAT ALTHOUGH THE BREAK-IN ALLOWED HOME
|
|
COMPUTER USERS TO READ CONFIDENTIAL FILES, THOSE USERS WOULD
|
|
NOT BE ABLE TO CHANGE THE FILES. CHANGES ARE SUBMITTED
|
|
MONTHLY ON TAPE, AND FILES ARE NOT ALTERED THROUGH THE
|
|
ON-LINE COMPUTER SYSTEM.
|
|
TRW OFFICIALS SAID THE PASSWORD AND MANUAL WERE OBTAINED
|
|
FROM A SEARS ROEBUCK STORE IN SACRAMENTO THAT SUBSCRIBES TO
|
|
THE SYSTEM. COMPUTER BUFFS EVENTUALLY POSTED THE CODE NUMBER
|
|
ON AN "ELECTRONIC BULLETIN BOARD," WHICH ANY HOME COMPUTER
|
|
USER WITH THE RIGHT EQUIPMENT CAN READ BY USING A TELEPHONE.
|
|
IT IS NOT KNOWN HOW MANY TIMES PEOPLE BROKE INTO THE TRW
|
|
SYSTEM, BUT SOURCES SAID THAT IT HAS BEEN COMMON KNOWLEDGE
|
|
FOR MONTHS AMONG MANY COMPUTER BUFFS THAT THE TRW FILES COULD
|
|
BE ENTERED EASILY AND CREDIT RECORDS READ.
|
|
THE BREACH WAS FIRST REPORTED BY NEWSDAY, WHICH QUOTED
|
|
UNNAMED COMPUTER HACKERS AS SAYING THE TRW SYSTEM WAS ENTERED
|
|
NOT ONLY TO READ CREDIT RECORDS, BUT ALSO TO "EXPEDITE CREDIT
|
|
CARD FRAUD" BY FINDING OUT WHETHER A PERSON WHOSE CREDIT CARD
|
|
WAS STOLEN HAD A LARGE CREDIT LIMIT.
|
|
TRW SAID THE LEAKED PASSWORD HAS BEEN CHANGED AND THAT NO
|
|
OTHER CODES ARE BELIEVED TO BA AVALIABLE TO HACKERS. THE
|
|
NEWSDAY STORY, HOWEVER, QUOTED SOURCES WHO SAID THAT OTHER
|
|
CODES THAT PROVIDE ACCESS TO OTHER TRW FILES ARE STILL
|
|
CIRCULATING.
|
|
REFERRING TO THE AMOUNT OF TIME IT TOOK TRW TO LEARN ABOUT
|
|
THE PROBLEM, JEROME SALTZER, A SPECIALIST IN COMPUTER SYSTEMS
|
|
AND COMMUNICATIONS AT THE MASSACHUSETTS INSTITUTE OF
|
|
TECHNOLOGY, SAID, "THAT IS A DISTURBING . . . FAIRLY
|
|
APPALLING AMOUNT OF TIME FOR SOMETHING LIKE THAT TO GO
|
|
UNDETECTED. IF TRUE, IT SUGGESTS THAT THE COMPANY DOESN'T
|
|
REGARD THIS INFORMATION AS VERY IMPORTANT TO PROTECT . . . .
|
|
THEY ARE NOT VERY CONCERNED ABOUT PROTECTING PEOPLE'S
|
|
PRIVACY." HE SAID THAT RELATIVELY SIMPLE MONITORING
|
|
TECHNIQUES SHOULD PICK UP THAT KIND OF SECURITY BREACH
|
|
RELATIVELY EARLY.
|
|
COMPANY OFFICIALS SAID IT IS POSSIBLE THAT UNAUTHORIZED
|
|
ACCESS COULD HAVE BEEN OBTAINED THROUGH A DEPARTMENT STORE
|
|
LINE OR A SIMILAR LINE ON WHICH MANY REQUESTS FOR CREDIT
|
|
INFORMATION ARE PLACED DAILY. ON SUCH A LINE, THEY SAID, A
|
|
FEW EXTRA REQUESTS MIGHT NOT BE NOTICED.
|
|
SALTZER SAID THAT A SYSTEM WITH 35,000 ACCESS POINTS IS
|
|
DIFFICULT TO POLICE AND THAT ANYONE RUNNING SUCH A SYSTEM
|
|
WITHOUT ELABORATE SECURITY PRECAUTIONS MUST ASSUME THAT A FEW
|
|
OF THE THOUSANDS OF PEOPLE WHO HAVE ACCESS TO IT MIGHT SELL
|
|
THE CODE OR OTHERWISE MISUSE THE SYSTEM.
|
|
AMONG THE SECURITY MEASURES TRW COULD HAVE TAKEN ARE
|
|
REQUIRING THE USER TO BE CALLED BACK AT A CERTAIN PHONE
|
|
NUMBER BEFORE INFORMATION IS SENT; CHANGING SECRET CODES MORE
|
|
OFTEN, AND INSTALLING DEVICES ON SYSTEM TELEPHONES THAT TRADE
|
|
RECOGNITION SIGNALS WITH THE CENTRAL COMPUTER BEFORE
|
|
INFORMATION IS SENT.
|
|
A RECENT AMERICAN BAR ASSOCIATION STUDY FOUND THAT 27
|
|
PERCENT OF THE 275 BUSINESSES AND PUBLIC AGENCIES IT POLLED
|
|
HAD BEEN VICTIMS OF COMPUTER CRIME, SUFFERING LOSSES OF HALF
|
|
A BILLION DOLLARS LAST YEAR.
|
|
JONN PARKER, A COMPUTER SECURITY EXPERT AT TRW
|
|
INTERNATIONAL IN SENLO PARK, CALIF., SAID A ROUGH SURVEY HAS
|
|
COUNTED ABOUT 1,400 COMPUTER CRIMES IN THE UNITED STATES OVER
|
|
THE PAST TWO DECADES. HE SAID THAT MANY LARGE COMPUTERS
|
|
HAVE INSTALLED SECURITY SYSTEMS, BUT THAT THERE IS A
|
|
TRADE-OFF BETWEEN SECURITY AND THE COST AND CONVENIENCE OF
|
|
USING A COMPUTER SYSTEM -- THE MORE SECURITY USED, THE
|
|
COSTLIER AND MORE INCONVENIENT IT BECOMES.
|
|
THE TRW SYSTEM USED TWO CODES, A SEVEN-DIGIT CODE TO
|
|
IDENTIFY THE USER AND A SHORTER "SECRET PASSWORD," SOURCES
|
|
SAID. THE FIRST CODE IS LESS GUARDED AND RELATIVELY EASY TO
|
|
OBTAIN, AND THE SHORTER, "SECRET" CODE, THEY SAID, IS "FAR
|
|
TOO EASY" TO CRACK.
|
|
IF IT CANNOT BE SHOWN THAT THE TRW BREAK-INS WERE USED TO
|
|
COMMIT FRAUD -- IF THEY WERE MERELY CURIOSITY TRIPS BY
|
|
COMPUTER HACKERS -- THEN IT WOULD BE UNCLEAR WHETHER THEY
|
|
WERE ILLEGAL, ACCORDING TO A COMPANY SPOKESMAN. THE COMPANY
|
|
HAS BEEN AMONG THOSE SEEKING STRONGER LEGISLATION TO FIGHT
|
|
COMPUTER CRIME.
|
|
ABOUT 25 STATES HAVE COMPUTER CRIME LEGISALTION, BUT
|
|
OBTAINING "UNAUTHORIZED ACCESS" TO CONFIDENTIAL INFORMATION
|
|
IS CONSIDERED A CRIME IN ONLY A FEW.
|
|
|