💾 Archived View for gemini.spam.works › mirrors › textfiles › news › satelite.hac captured on 2020-10-31 at 16:30:45.

View Raw

More Information

-=-=-=-=-=-=-

		   (*> The Great Satellite Caper <*)
	(*> Reprinted without permission from TIME Magazine <*)
			(*> Typed by ZiGGY <*)
	Hacker's arrests point up the growing problem of system security

  It started innocuously enough:  a credit card costomer in Conneticutt opened
his monthly statement and noticed a charge for a peice of electronic equipment
that he had never purchased.  By last week that apparent billing error had
blossomed int a full-fledged hacker scandal and led to the arrest of seven New
Jersey teenagers who were charged with conspiracy and using their home
computers and telephone hookups to commit computer theft.

  According to police, who confiscated $30,000 worth of computer equipment and
hundreds of floppy disks, the youths had exchanged stolen credit card numbers,
bypasses long-distance telephone fees, traded supposedly secret fone numbers
(including those of Pentagon [Gasp!] officials), and published instructions on
how to build a letter bomb.  But most remarkable of all, the first reports
said, the youngsters had even managed to shift the orbit of one or more
comunication satellites.  That feat, the New York Post decided, was worth a
front page head line:  WHIZ KIDS ZAP U.S.  SATELLITES.

  It was the latest real-life version of War Games, in which an ingenious
teenager penetrates a sensitive military computer system and nearly sets off
World War III.	Two years sgo, for instance, the story was re-enacted by the
so-called 414 Gang, a group of Milwaukee-area youths who managed to break into
various computer systems all over the US.

  The new Jersey episode assumed heroic proportions when Middlesex County
Prosecuter Alan Rockoff that the youths, in addition to carrying on other
mischief, had been "Changing the positions of the satellites up in the blue
heavens." That achievment, if true, could have disrupted the telefone an telex
communications on two continents.  Officials from AT&T and Comsat hastily
denied that anything of the sort had taken place.  In fact, the computers that
control the satelites cannot be reached by the lines of public fones.  By
week's end the prosecuter's office was quietly backing away from its most
startling assertion, but to most Americans, the satellite caper remained real,
a dramatic reminder for a bright youngster steeped inthe secret arts of the
computer age, anything is possible.  Says Stephen Levey, author of Hackers:
"It's an immensley seductive myth, that a kid with a computer can bring a
powerful institution to it's knees."

  Last spring postal authorities traced the Conneticut credit card purchase and
a string of other fraudulent transactions to a post office box in Soutn
Plainfield New Jersey.	Someone was using the box to take delivery of sterio
and radar-detection equipment ordered through a computerized mail order
catalog.  The trail led to a young New jersey enthusiast who used the alias
"New Jersey Hack Sack" and communicated regularly with other computer owners in
a loosley organized network of electronic bulletin boards.  A computer search
of the contents of those boards by detective GEORGE GREEN and patrolman MICHAEL
GRENNIER, who is something of a hacker himself, yeilded a flood of gossip,
advice, tall tales, and hard information, including excerpts from an AT&T
satellite manual, dozens of secret telephone numbers, and lists of stolen
credit card numbers.

  The odd mix was not unique to the suspect bulliten boards.  Explains DONN
PARKER, a computer crime expert at SRI International in Menlo Park, California:
"Hacking is a meritocracy.  You rise in the culture depending on the
information you can supply to other hackers.  It's like trading bubble gum
cards." ( <- Whatta ass!)

  Some of the information posted by the New Jersey hackers may have been
gleaned by cracking supposedly secure systems.	Other data, like the access
numbers of remote computers, were probably gatheres automatically by so called
"demon dialers", programs that search the phone system for online computers by
dialing every number within an area code.  "In some cases penetrating a
computer system is extremely difficult and requires a great deal of knowledge
and luck" says PARKER.  "In others it's as simple as dialing into a bulletin
board and finding the passwords that other kids have left." And sometimes it's
even simpler than that.  Two of the New Jersey youths admitted that at least
one of the credit card numbers they used had not come from a computer but from
a slip of carbon paper retreived from a trash can.

  No matter how mundane, the actions of the New jersey hackers have again
focused national attention on a real and growing problem:  how to safeguard the
information that is stored inside of computers.  Americans now carry more than
600 million credit and charge cards, many of them allowing at least partial
access to a computerized banking system that moves over $400 billion every day.
Corporate data blanks hold consumer records and business plans worth untold
billions more.

  Alerted to the threat by earlier break-ins, corporations and government
agencies have been moving to shore up their systems.  Many have issued multiple
layers of password protection, imposing strict dicipline on the security of
passwords and requiring users to change their passwords frequently.  Others
have installed scrambling devices that encode sensitive data before they are
sent over the wires.  Audit trails make crime detection easier by keeping
permanent record of who did what within a system.  Dialback services help keep
out unauthorized users by recording each callers ID number, disconnecting the
call and then re-dialing only that telefone number authorized to the holder of
the ID.

  All told, U.S.  business spent $600 million on security equipment and
software.  By 1993, according to DataPro research, security systems should
exceed $2 billion annually.  in addition to the cost, these measures tend to
make the systems less "friendly," in the jargon of the trade.  But computer
operators who keep their systems casual may be courting trouble.  Says SRI's
PARKER:  "These are sush reasonable, cost-effective steps that managers who
don't use them pretty much deserve what they get."