Hackers

How big is cyber-crime? Well, just to give you an idea: one thief stole twenty thousand credit card numbers. As the Web continues to grow and we put more and more personal information online, the computer underworld is only getting more difficult to control.

We're using the Net in ways it was never originally intended. We're putting more and more sensitive personal and financial data about ourselves online on an open system with no inherent built-in security. And that's a problem because the real world has logged on.

"As the world moves into cyberspace and as all money flows into cyberspace...crime follows money and you're going to see it there," says Richard Power of the Computer Security Institute.

Break-ins to computer credit records, intrusions into private files, snooping into e-mail accounts, changing people's credit records -- you're a lot more vulnerable than you think you are!

One 18-year-old broke into a financial institution, generated a credit card for himself, and went on a vacation to Hawaii. Other people have been known to try and find ways to hack and counterfeit lottery tickets. And in one case, a gang of international crackers broke into Citibank's wire transfer software and stole 2.8 million dollars.

The bad news is no one really knows how much digital trespassing and out-and-out theft go on on the Net. The good news is that most of us aren't really the targets. "A user today has more to fear from a computer virus than some kind of cyberspace mugging," says Power.

One hacker, a woman who downloaded a pirated computer game, says many hackers justify breaking into someone else's files as a challenge. "It's information! It's free! I mean, yeah, I suppose it's private property and you build a firewall. But if you build a firewall, there's always somebody who's going to crack it," she says.

Peter Shipley and Russell Brand are computer security experts. Shipley could have been a computer bad boy, but today he helps fight the bad guys.

It's Shipley and fellow computer security expert Russell Brand's job to find the security leak spots at banks and other data-rich targets for hackers and crackers. "At the point that hackers or crackers get to be Peter's age, they're either in jail or they're rich," says Brand.

Shipley and Brand know the dark side of the Net. And they also know who the typical Internet troublemakers usually are. According to Brand, "The visible hacker community is people that are bored. If you could get them a life, get them a hobby, get them a good video game, they'd do that instead."

The surprise is digital criminals often don't have to use a computer. "I know several people who are very shady characters," says Shipley. "...They don't get [their information] from picking up a modem, finding a phone number, guessing a password, and then breaking into the system. They get it by dumpster diving."

Dumpster diving is the fine art of finding credit card numbers, passwords, and other valuable computer data that stores, companies, and even we at home just throw out; easy pickings for the bad guys to walk by, dive in, and use. "I'd say that ninety percent, maybe ninety-five percent of the information, [the hackers] gain is by dumpster diving," says Shipley.

With all these cyberthieves, dumpster divers, crackers, and digital pests out there, a good password will keep them out, right? Wrong. According to Shipley, "Every hacker piece of software out there has a system that [cracks passwords]." In fact, a list of supposedly secure passwords for one of his clients was easily exposed by a little custom password-cracking software. "I was able to break about two hundred of them on the first try," he adds.

Most hackers break code not for profit, but for the challenge. For more information, visit Pretty Good Privacy (PGP) at their website at http://www.pgp.com/. For more information about Peter Shipley, check out these sites: http://www.network-security.com and http://www.dis.org/shipley/



™ © 1999 Chronicle Publishing Company and KRON-TV. All rights reserved.