[40m[2J[0;34mĿ[29C[1mKeyboard Capers[34C[0;34m[16C[1;36mThe Montreal Gazette - Sunday, Oct. 28,1990[19C[0;34m[16C[36mArticle By :  Mary Pitzer, L.A. Daily [s
[uTimes[19C[34m[14C[35mInsiders seen as greatest threat in computer crime.[7H[34mĴ
[9H[1;37mLos Angeles  [0mIt looked like a foolproof computer scheme.[10H  Through their leased American Airlines reservation terminals, suburban L.A.[11Htravel agents James Winkleman and Philip Rinker tapped into the frequent flier[12Hprogram, c[s
[uhanged the names of people on long flights who were not enrolled, and[13Hhad their awards mailed to post-office boxes in the area, according to a federalgrand-jury indictment.[15H  Winkleman and Rinker, former owners of now defunct North Ranch Tra[s
[uvel, then[16Hsold the free tickets to customers, the indictment said.[17H  The scam fell apart only when the agents changed the name of a passenger who[18Hhad not completed an international flight. That's when the airline discovered[19Hthe passe[s
[unger's name did not match the name on his checked luggage. In all,[20HWinkleman and Rinker changed passenger names to collect frequent flier miles[21H850 times, prosecuters said.[22H  On Oct. 10, Winkleman, Rinker and former employee Brenton Neil[s
[u Mullins were[23Hconvicted in Los Angeles federal court of stealing $1.3 million in tickets from[0m
[1C[0;1m [0;34mRummaged Files [1;37m

  [0mIn many ways, the North Ranch frequent flier scheme was a typical computer
crime. The agents weren't brilliant eccentrics carried away with technology.
They simply used inside knowledge of American's system and some computer skills
to pull off a heist.
  "I don't think you needed to be a sick genius of computers to do it," said
Richard Rothman, American's attorney for the frequent flier program. "These guyswere commonplace criminals who used computers."
  Welcome to the [1;30mdark [0mside of the computer revolution. Here, computer criminals
are capable of terrorizing companies large and small.
  It could happen with computer viruses and password cracking hackers. It could
happened with disgruntled employees who boobytrap a company's computer. It couldhappen with an outsider who pilfers valuable information.
  Even individuals who haven't stepped near a computer keyboard are vulnerable.
Thieves may run up thousands of dollars on credit card and telephone calling
card numbers stolen from computer records. Hackers have rummaged patient files
at hospitals or tampered with credit ratings.
  Although federal and state laws against computer crime are in place, few
incidents have been prosecuted because it is difficult for businesses and law
enforcement agencies to track them, experts say.
  How much these crimes cost businesses is difficult to tell. The U.S. Center
for Computer Crime Data conservatively pegs the amount of money lost at $555[0m
[0mmillion a year. Consultants have estimated that the cost could reach as high
as $5 billion per year.
  Ultimately everyone foots the bill through higher prices, consultants say.
  "Nobody has the slightest idea how much it costs," said Donn Parker, a senior
management consultant at SRI International in Palo Alto, Calif., who has
followed computer crime for years.
  One reason is that most companies don't like to talk about computer crime or
their measures to prevent it.
  "Security is not something we discuss for any reason," said Dave Garcia, a
spokesman for Security Pacific National Bank. "It's like telling a burglar how
you safeguarded your house."
  The criminals don't need fancy technology or computer science degrees to ply
their trade. Often, a little practice with a computer, some bargain-basement
equipment and a telephone connection will do the trick.
  While some hackers are whizzes, most start by using information and technologyreadily available in the hacker community, according to the consultants.
  Hackers can pick up access codes and credit-card numbers from electronic
bulletin boards.
  Automatic dialers find and record computer tones on telephone lines.
  And programs already are written that help hackers break into computer systemsone they find them.
  As companies link their computers internally, they elevate their risks becauseit becomes more difficult to monitor who has access and where. Adding to their[0m
[2C[0m"It presents a new vulnerability and exposure," Parker said. "What constitutesan authorized signature for a bill of sale is no longer in the realm of legal
expertise. Digital signatures have not been tested in the courts."
  Computer crimes began gaining widespread attention in the 1970s as more
companies began using systems. Now, there is even greater opportunity for
access.
  In 20 years, sales of mainframes more than doubled to about 11,600 in 1990,
according to the Computer and Business Equipment Manufacturers Association.
  And the number of personal computers has increased from 10 million in 1983 to
43 million in 1989, according to Dataquest, an industry research firm.
  Despite increased exposure to the outside, most consultants say that insiders-or those with inside knowledge of a company- remain the most dangerous. Distrib-uting computing powers to every level of the corporation through personal
computers gives more people the opportunity to tap into sensitive information
and corporate funds.
  "Traditionally, it was the bookkeeper who you had to trust and keep your eye
on," said Buck BloomBecker, director of the National Center for Computer Crime
Data in Santa Cruz, Calif., and author of a book on computer crime. "With
computerized accounting systems a lot more people have access."
  The most feared insider is the disgruntled employee. But even trusted,
longtime employees with finacial or martial problems have been known to steal.
Former employees and consultants also have enough knowledge to pull off a job.
  In one of the most famous examples, Stanley Mark Rifkin, a consultant to[0m
[2C[0mFinding the day's security code posted on the wall inside the wire room, he
electronically diverted $10.2 million from the bank to his private Swiss bank
account.
  After buying diamonds in Europe, Rifkin returned to the United States, was
arrested and later sentenced to eight years in prison.
  More recently, a computer operator who had access to Control Data Corp.'s
purchase and scrap records at a company facility in Oklahoma City reclassified
about $20 million of company equipment as scrap. He diverted the equipment to
dummy corporations and then sold it.
  A Control Data spokesman did not provide more specifics about the incident.
  Outsiders also can wreak havoc with computer systems.
  Dean Corse, a Pensacola, Fla., auto tool distributor, said his computers
contracted a virus from software he had bought.
  Viruses are unauthourized programs that enter computers hidden in legitimate
programs. Te more benign type dublicate themselves, take up space and slow down
operations. But others can change or eat important data and files.
  It took Corse two weeks to get rid of his virus. It destroyed program files
and several master disks.
  Hackers also are dreaded by companies. Stereotypically, they are curious and
clever teenagers who break into computer systems for the fun of it.
  With automatic "war diallers," they find and record computer modem tones on
the phone lines.
  Later, they might dial those numbers and then use a program to guess passwords[0m
[0mwill not intentionally change or damage computer files in the target's system,
according to EFF, a computer user advocacy group.
  But telling the difference between the benign variety of hacker and an
intruder bent on destroying files or stealing information may be difficult
until the damage is done.

[1m [0;34mUnlimited Phone Calls [1;37m

  [0m"A company doesn't know who is hacking - an industrial spy or a 14-year-old,"
said Kenneth Rosenblatt, head of the Santa Clara County, Calif., district attor-ney's high technology unit.
  Last fall, a 14-year-old Fresno, Calif., high-school student was arrested for
using a cheap home computer to get thousands of dollars worth of Gold Card
credit from New York-based Citibank.
  The student began his escapade by getting a free long-distance call code from
a computer bulletin board and then billing $6,000 worth of calls to a small
Stockton, Calif., telephone company, according to Fresno police.
  With unlimited phone calls, he then pilfered Citibank's credit computers.
Trading this information with an East-Coast crime ring, the teenager gained
access to TRW credit bureau files.
  After learning how to reactivate expired Visa and MasterCard numbers, the boy
went on a three-weekm $11,000 mail-order shopping spree.
  He also posted the information he discovered during his foray on several[0m
[2C[0mPolice later arrested the teenager again in a limousine rented with a stolen
credit card number. He was accompanied by another high school student who had
hacking notes in his pockets with TRW credit numbers on them, Clark said.
  "These types of credit frauds are an extremely fast-growing crime," said FrankClark, the Fresno police detective who specializes in computer crime.

[1m [0;34mKeep an eye on bills [1;37m

  [0mWhile individuals are less likely to be targets than businesses, they are
advised to keep an eye on their financial records and bills for any evidence of
tampering. They should closely guard credit and calling-card numbers so that
someone looking over their shoulder won't use, sell or post them on electronic
bulletin boards. And they should write periodically for copies of their credit
ratings to make sure that the information is correct.
  And what are companies doing to protect themselves? Surprisingly little,
according to experts. Both consciously and unconsciously they are resisting the
urge to bolt their doors despite the obvious dangers.
  "For the most part, they are like ostriches with their heads in the sand,"
said Trevor Gee, a partner at Deloitte & Touche, a leader in computer security
consulting. [1;30m

[36mTyped In Electronic Form By: [34mMad Hatter
[0m
