💾 Archived View for gemini.spam.works › mirrors › textfiles › news › trw captured on 2023-01-29 at 09:57:28.

View Raw

More Information

⬅️ Previous capture (2020-10-31)

-=-=-=-=-=-=-

             COMPUTER RAIDERS HIT BIG CREDIT FILE
 
 
 
          06/22/84
 
             COMPUTER BUFFS USING HOME TERMINALS HAVE BROKEN INTO ONE
          OF THE LARGEST CONFIDENTIAL DATA FILES IN THE WORLD. THE TRW
          INFORMATION SERVICES DIVISION'S COMPUTERS HOLDING CREDIT
          HISTORIES OF 90 MILLION PEOPLE.
             THE SYSTEM WAS ENTERED AFTER SO-CALLED COMPUTER HACKERS
          GOT ACCESS TO A SECRET PASSWORD AND A MANUAL ON THE SYSTEM'S
          OPERATION. THE PASSWORD LEAKED OUT MORE THAT A YEAR AGO, BUT
          TRW OFFICIALS WERE NOT NOTIFIED UNTIL TWO WEEKS AGO.
             TRW INFORMATION SERVICES IS A CREDIT BUREAU THAT TRANSMITS
          OVER TELEPHONE LINES SUCH INFORMATION AS CREDIT HISTORIES,
          EMPLOYMENT RECORDS, BANKRUPTCIES, LOAN DELINQUENCIES AND
          SOCIAL SECURITY NUMBERS. THE SERVICE IS USED BY MORE THAN
          24,000 SUBSCRIBERS, INCLUDING BANKS AND DEPARTMENT STORES,
          AND CAN BE REACHED FROM MORE THAN 35,000 LOCATIONS.
             TRW OFFICIALS SAID THAT ALTHOUGH THE BREAK-IN ALLOWED HOME
          COMPUTER USERS TO READ CONFIDENTIAL FILES, THOSE USERS WOULD
          NOT BE ABLE TO CHANGE THE FILES. CHANGES ARE SUBMITTED
          MONTHLY ON TAPE, AND FILES ARE NOT ALTERED THROUGH THE
          ON-LINE COMPUTER SYSTEM.
             TRW OFFICIALS SAID THE PASSWORD AND MANUAL WERE OBTAINED
          FROM A SEARS ROEBUCK STORE IN SACRAMENTO THAT SUBSCRIBES TO
          THE SYSTEM. COMPUTER BUFFS EVENTUALLY POSTED THE CODE NUMBER
          ON AN "ELECTRONIC BULLETIN BOARD," WHICH ANY HOME COMPUTER
          USER WITH THE RIGHT EQUIPMENT CAN READ BY USING A TELEPHONE.
          IT IS NOT KNOWN HOW MANY TIMES PEOPLE BROKE INTO THE TRW
          SYSTEM, BUT SOURCES SAID THAT IT HAS BEEN COMMON KNOWLEDGE
          FOR MONTHS AMONG MANY COMPUTER BUFFS THAT THE TRW FILES COULD
          BE ENTERED EASILY AND CREDIT RECORDS READ.
             THE BREACH WAS FIRST REPORTED BY NEWSDAY, WHICH QUOTED
          UNNAMED COMPUTER HACKERS AS SAYING THE TRW SYSTEM WAS ENTERED
          NOT ONLY TO READ CREDIT RECORDS, BUT ALSO TO "EXPEDITE CREDIT
          CARD FRAUD" BY FINDING OUT WHETHER A PERSON WHOSE CREDIT CARD
          WAS STOLEN HAD A LARGE CREDIT LIMIT.
             TRW SAID THE LEAKED PASSWORD HAS BEEN CHANGED AND THAT NO
          OTHER CODES ARE BELIEVED TO BA AVALIABLE TO HACKERS. THE
          NEWSDAY STORY, HOWEVER, QUOTED SOURCES WHO SAID THAT OTHER
          CODES THAT PROVIDE ACCESS TO OTHER TRW FILES ARE STILL
          CIRCULATING.
             REFERRING TO THE AMOUNT OF TIME IT TOOK TRW TO LEARN ABOUT
          THE PROBLEM, JEROME SALTZER, A SPECIALIST IN COMPUTER SYSTEMS
          AND COMMUNICATIONS AT THE MASSACHUSETTS INSTITUTE OF
          TECHNOLOGY, SAID, "THAT IS A DISTURBING . . . FAIRLY
          APPALLING AMOUNT OF TIME FOR SOMETHING LIKE THAT TO GO
          UNDETECTED. IF TRUE, IT SUGGESTS THAT THE COMPANY DOESN'T
          REGARD THIS INFORMATION AS VERY IMPORTANT TO PROTECT . . . .
          THEY ARE NOT VERY CONCERNED ABOUT PROTECTING PEOPLE'S
          PRIVACY." HE SAID THAT RELATIVELY SIMPLE MONITORING
          TECHNIQUES SHOULD PICK UP THAT KIND OF SECURITY BREACH
          RELATIVELY EARLY.
             COMPANY OFFICIALS SAID IT IS POSSIBLE THAT UNAUTHORIZED
          ACCESS COULD HAVE BEEN OBTAINED THROUGH A DEPARTMENT STORE
          LINE OR A SIMILAR LINE ON WHICH MANY REQUESTS FOR CREDIT
          INFORMATION ARE PLACED DAILY. ON SUCH A LINE, THEY SAID, A
          FEW EXTRA REQUESTS MIGHT NOT BE NOTICED.
             SALTZER SAID THAT A SYSTEM WITH 35,000 ACCESS POINTS IS
          DIFFICULT TO POLICE AND THAT ANYONE RUNNING SUCH A SYSTEM
          WITHOUT ELABORATE SECURITY PRECAUTIONS MUST ASSUME THAT A FEW
          OF THE THOUSANDS OF PEOPLE WHO HAVE ACCESS TO IT MIGHT SELL
          THE CODE OR OTHERWISE MISUSE THE SYSTEM.
             AMONG THE SECURITY MEASURES TRW COULD HAVE TAKEN ARE
          REQUIRING THE USER TO BE CALLED BACK AT A CERTAIN PHONE
          NUMBER BEFORE INFORMATION IS SENT; CHANGING SECRET CODES MORE
          OFTEN, AND INSTALLING DEVICES ON SYSTEM TELEPHONES THAT TRADE
          RECOGNITION SIGNALS WITH THE CENTRAL COMPUTER BEFORE
          INFORMATION IS SENT.
             A RECENT AMERICAN BAR ASSOCIATION STUDY FOUND THAT 27
          PERCENT OF THE 275 BUSINESSES AND PUBLIC AGENCIES IT POLLED
          HAD BEEN VICTIMS OF COMPUTER CRIME, SUFFERING LOSSES OF HALF
          A BILLION DOLLARS LAST YEAR.
             JONN    PARKER, A COMPUTER SECURITY EXPERT AT TRW
          INTERNATIONAL IN SENLO PARK, CALIF., SAID A ROUGH SURVEY HAS
          COUNTED ABOUT 1,400 COMPUTER CRIMES IN THE UNITED STATES OVER
          THE PAST TWO DECADES. HE SAID THAT MANY LARGE COMPUTERS
          HAVE INSTALLED SECURITY SYSTEMS, BUT THAT THERE IS A
          TRADE-OFF BETWEEN SECURITY AND THE COST AND CONVENIENCE OF
          USING A COMPUTER SYSTEM -- THE MORE SECURITY USED, THE
          COSTLIER AND MORE INCONVENIENT IT BECOMES.
             THE TRW SYSTEM USED TWO CODES, A SEVEN-DIGIT CODE TO
          IDENTIFY THE USER AND A SHORTER "SECRET PASSWORD," SOURCES
          SAID. THE FIRST CODE IS LESS GUARDED AND RELATIVELY EASY TO
          OBTAIN, AND THE SHORTER, "SECRET" CODE, THEY SAID, IS "FAR
          TOO EASY" TO CRACK.
             IF IT CANNOT BE SHOWN THAT THE TRW BREAK-INS WERE USED TO
          COMMIT FRAUD -- IF THEY WERE MERELY CURIOSITY TRIPS BY
          COMPUTER HACKERS -- THEN IT WOULD BE UNCLEAR WHETHER THEY
          WERE ILLEGAL, ACCORDING TO A COMPANY SPOKESMAN. THE COMPANY
          HAS BEEN AMONG THOSE SEEKING STRONGER LEGISLATION TO FIGHT
          COMPUTER CRIME.
             ABOUT 25 STATES HAVE COMPUTER CRIME LEGISALTION, BUT
          OBTAINING "UNAUTHORIZED ACCESS" TO CONFIDENTIAL INFORMATION
          IS CONSIDERED A CRIME IN ONLY A FEW.