3:55 PM 6/14/1996

JIM BARLOW

Profiting from computer crime

Copyright 1996 Houston Chronicle

NO ONE can say how much money companies lose to computer theft and extortion. Because no one will say.

Victims usually keep quiet about it. They feel that disclosing the sting will encourage others -- and make the top brass look like idiots.

Still, there are plenty of rumors floating around the computer security business about losses.

Like the major multinational corporation that saw one of its computer sites hit with a HERF gun -- a high energy radio frequency device that sends a stream of electronic emissions and disrupts both computer and data.

Pay us $14 million, the company was then told, or we strike the rest of your sites before you can put up shielding to protect the data. The company paid.

Or consider the Russian hacker caught in the act of electronically stealing from a major bank. He confesses to getting millions. Not true, said the bank. It was only hundreds of thousands, and the bank got most of it back.

Add to the mix the cockroach factor -- the hackers who don't steal, just mess up company computer files.

Then there are companies that find that competitors always seem to have a bid a few dollars lower. Or the secret manufacturing process turns up across town.

Hacking on the upswing

The supply of hackers just keeps growing. Professionals in computer security call it the Christmas Bubble.

Parents buy their smart kid a computer for Christmas. By January he's bored with the programs that come with the computer. By February, parents have spent enough for more software at the computer store. By April, he's learning to hack.

Companies are much more vulnerable these days, thanks to the Internet. Increasingly, companies use the Internet for internal communications. It's much cheaper than a dedicated telephone line. But it also offers a way in for hackers.

And they are putting up read-only web sites on the 'Net. Electronic visitors can only look, not change what's on the screen. But hackers aren't your usual visitor.

Most companies try to protect their data through something called a firewall, an expensive device which is supposed to restrict access. And sometimes they work.

But the war of electronic security is like any other. For every defensive measure, hackers manage to find countermeasures. You never finally solve the problem.

Seizing an opportunity

In our system, one guy's problem is another's opportunity. Hence a partnership started this month in Houston designed to provide security on every front.

The Guidry Group, an international private detective agency in The Woodlands, is one of the partners. It provides physical security surveys.

Why should a hacker spend weeks trying to gain access to a computer? It's easier to get a job as a janitor, then look for passwords. Like pasted on the bottom of a stapler. Everyone has seemed to come to the conclusion that's a clever hiding place.

The WheelGroup Corp. of San Antonio is the Mr. Inside. It looks inside the computer system for places where hackers can gain entry -- or evidence they are already there. Composed primarily of veterans of the U.S. Air Force's Information Warfare Center in San Antonio, members of the WheelGroup would then provide continuous electronic monitoring of a company's system -- looking for incursions.

Network Systems Corp. of Minneapolis stands ready to provide electronic security equipment and encryption devices to guard against problems found. The company has been in that business since 1975, although until 1995 its only customer was the National Security Agency, which guards U.S. government communications and snoops on everyone else.

The partnership can refer customers to a Washington, D.C., law firm -- Oppenheimer Wolff & Donnelly -- which specializes in electronic security issues. That's because companies facing huge losses will often try to retrieve money or secrets through a civil suit rather than a criminal prosecution. And in civil suits, there's also a possibility of getting the court records sealed and avoiding public embarrassment.

It looks as if the guys in electronic security have joined the guys in building Web sites as the only people who have found a way to make money out of the Internet.

To voice comments, telephone (713) 220-2000 and punch in access code 1-0-0-0. Send e-mail to jim.barlow@chron.com.