NETCOM HELPS PROTECT THE INTERNET - A Letter from CEO Bob Rieger to Our Customers - I know many of you are interested in NETCOM's involvement with the arrest of Kevin Mitnick, and how this may impact you, if at all, as a NETCOM subscriber. First, let me supply a chronology of events: 1. In a routine security check, NETCOM discovered a misappropriated file. As a result, we began an investigation to trace what appeared to be a security breach. 2. At about the same time, the WELL (a small Sausalito-based on-line provider) was investigating an account with an unexpectedly large amount of disk usage. In the course of this investigation, they discovered suspicious material which included items believed illicitly obtained from well-known network security expert Tsutomu Shimomura's computer. Mr. Shimomura performed network monitoring at the WELL, and determined that the account was being accessed from a number of sites, including NETCOM. 3. The WELL contacted NETCOM for assistance in tracking the source of the security breach. 4. A day or two later, the FBI contacted NETCOM and requested NETCOM's active involvement in the broadening investigation of the suspicious activities at the WELL. 5. NETCOM caucused with representatives of the WELL, the FBI, the U.S. Attorney's Office, Mr. Shimomura, and Julia Menapace (an independent computer consultant and associate of Mr. Shimomura). 6. Following the conversation, it was decided that the best vantage point for further tracking of these activities was NETCOM's Network Operations Center. 7. NETCOM operations staff joined their efforts with Mr. Shimomura and his associates to trace the suspect intrusions to a particular telephone modem in NETCOM's Raleigh, N.C. site. 8. At that point, the U.S. Justice Department subpoenaed the local telephone carrier for records of dial-ins at specific times to this modem. It became apparent that the telephone company's switch equipment had been compromised, so that these records could not be obtained. However, the Justice Department found another method for making a match. 9. With this information, the Justice Department knew the approximate location of the originating call. 10. Mr. Shimomura flew to Raleigh and used cellular tracking equipment to locate the apartment building the calls were coming from. Eventually, the calls were traced to an individual apartment, and Mr. Mitnick was arrested. I hope this detailed recounting helps explain the necessity for silence and discretion on NETCOM's part while the investigation was ongoing. Similarly, we need to be appropriately discrete during the continuing investigation of Mr. Mitnick's alleged illegal activities. While respecting these legitimate restraints, we will provide as much information as possible on a timely basis to you. (As an aside, you may have noticed that I recently promoted Mr. Kael Loftus to the position of Customer Liaison. Mr. Loftus has already proven very helpful in facilitating communication between our customers and NETCOM.) There has been some concern expressed about the security of NETCOM customers' credit card numbers. While this incident may have involved the duplication of some credit card numbers, this would apply only to UNIX shell accounts. NETCOM has always made system security its top priority, but every UNIX system has loopholes that can potentially be exploited by an expert cracker. However, to provide additional security for our UNIX accounts, we have further isolated these customers' billing information, including credit card data. This is why the "ccupdate" feature for the UNIX shell accounts has been disabled, and why the "quota" program currently says,"Your account balance is temporarily unavailable." These features will be reinstated when we are able to do so in a secure fashion. As a practical matter, at this time we have absolutely no indication that any of our UNIX shell customers' credit card numbers have been used illicitly. Naturally, we encourage all customers to check their credit card billing statements carefully. If there is any hint of inappropriate billing, this should be brought to the immediate attention of the credit card issuer for reversal of those charges. The incident did not involve NetCruiser accounts, which make up the vast majority of NETCOM accounts. Fortunately, the security firewalls built-in to NetCruiser's system architecture makes such a compromise far more difficult. The big story in all of this is that the Internet is maturing into an extraordinarily efficient means of communication that millions of people use and depend on daily. NETCOM will do everything in its power to help assure the security of our network. We will spend the money and employ the technology, but deterrence is our real goal. Common thieves should know that NETCOM will be ever vigilant in seeking their identification and prosecution.