Mitnick's Surprise Witness -------------------------- By Joseph C. Panettieri, Sm@rt Reseller Justin Petersen cannot escape his past, particularly his mysterious work as an FBI informant. Details about Petersen's work for the Feds are shady at best, but that could change as soon as Jan. 19, 1999. That's when the government's case against alleged hackers Kevin Mitnick and Lewis DePayne is expected to go to trial. In what could be a bombshell, Sm@rt Reseller has learned that Petersen may be called to testify at the trial. "It's a good possibility," says Mitnick's attorney, Donald Randolph. Adds DePayne's attorney, Richard Sherman, "I want to know what activities Justin was engaged in for the government and how that relates to my client. If there's enough evidence related to Justin, I'll call him. You know something? Let me rephrase that: I'm gonna call him." Sherman alleges that the FBI allowed Petersen to place illegal wiretaps throughout California. Sherman made some of these allegations in a 1994 letter to U.S. Attorney General Janet Reno. The government promised to investigate Sherman's allegations, but never issued a formal response. Asst. U.S. Attorney David Schindler, however, says Petersen has no bearing in the upcoming Mitnick-DePayne trial. Mitnick was arrested in February 1995. He faces a 26-count indictment related to computer fraud and wire fraud. Mitnick is accused of hacking Motorola, Novell and Sun Microsystems, among others. DePayne allegedly aided and abetted Mitnick during his run from justice. "I was in contact with Kevin while he was a fugitive," concedes DePayne. "But I can't help it if Kevin kept calling me." DePayne remains free because he has no criminal record. Mitnick, on the other hand, has previous convictions and remains behind bars in Los Angeles' Metropolitan Detention Center. In preparation for the trial, a U.S. District Court judge has ruled that Mitnick can use a standalone PC with no modem or network connection to review 9.7 gigabytes worth of legal documents pertaining to his case. Meanwhile, DePayne is leaving his legal case to attorney Sherman and turning his attention to Tinsel Town. He hopes to land a bit part in "Takedown," a movie about the Mitnick case that Hollywood studio Miramax recently began filming. endstop Tips From The Expert They sound like common sense, but Justin Petersen's security tips could shield your network--and your customers' systems--from probing eyes. 1. All systems should have an alpha-numeric password (that is, a password that uses a mix of letters and numbers) at least four characters long. 2. Change all passwords every 30 to 90 days, delete unused accounts on multi-user systems, and disable network passwords the moment an employee, temp or contractor no longer works for the company. 3. Firewalls are certainly handy, but don't forget about a hacker's back door--modems. Whenever possible, all modems should be disabled when not in use. Otherwise, you're tempting fate. 4. If you must use numerous dial-up connections within a network, hire a security consultant and evaluate the dial-ups for security holes. 5. Install, maintain and use virus protection on all desktops and servers throughout a network. 6. Most resellers are wise enough to back up data, but don't forget to store it off-site. That way, a disaster (such as a fire or flood) can't knock out your primary network and the backup data. 7. Educate all employees about the threat of "social engineering," which is hacker lingo for a collection of clever tactics and phrases used to gain employee names, business titles, phone numbers, or passwords during a casual phone conversation with company employees. 8. Remember that PCs and Web servers aren't the only systems a hacker may attack to gain information. Other potentially vulnerable systems include voice-mail systems, phone systems, audio processors, answering machines and remote transmitter controls. endstop