Superzapping in Computerland

By Frederic Golden

Also scavenging, piggybacking and other new electronic capers

The customer, calling from Ottawa, was furious. Someone, he complained to officials of Telenet, a telecommunications network based in Vienna, Va., was using its lines to penetrate his company's computer. As a result, his operations were fouled up. The next week another computer network, named Datapac and tied to Telenet, got a similar call from a firm in Montreal. Its circuits too were being plagued by electronic interlopers.

Operating out of unknown terminals, possibly hundreds of miles away, the intruders had tapped into--or "accessed," in computer jargon--one of the company's computers. Even worse, they had actually "seized control" of the electronic brain, blocking the network's legitimate users from getting on line, and were systematically destroying data. The raids continued for more than a week. During one foray, 10 million "bits" of information, almost one-fifth of the computer's storage capacity, were temporarily lost.

It was an electronic sting with international repercussions: the Royal Canadian Mounted Police joined with the FBI to catch the criminals. By tracing phone calls, they soon got their man. Or rather boys. The culprits, only 13 years old, were four clever students at New York's Dalton School, a posh private institution on Manhattan's Upper East Side.

The bit-size bandits, perhaps the youngest computer con men ever nabbed, had obtained the Telenet phone number, coupled their school terminals to the line, and probably by nothing more than trial and error punched out the right combinations--in this case only five letters and numbers--to link up with the computers. More shrewd guesswork got them the "password" to log onto and operate the machines.

It was a schoolboy lark. None of the Dalton gang, even its eighth-grade leader, was prosecuted. But computer specialists were not amused. Besides costing the firms thousands of dollars in computer time, the incident was one more irritating example of the vulnerability of systems an that can have price tags in the millions and store information of incalculable value. It was also a sign of the growing incidence of computer crime.

No one can say exactly how much such crime costs; often the losses are not even reported by embarrassed companies. But the larceny clearly is far from petty. It may well run to hundreds of millions of dollars a year. Last January, California became the first state to enact a computer-fraud law, allowing fines of up to $5,000 and three years' imprisonment. Still, warns Donn Parker of SRI International, a leading scholar of electronic theft: "By the end of the 1980s, computer crimes could cause economic chaos."

An exaggeration perhaps. But as computers spread into all facets of life, from controlling the flow of money to manning factories and missile defenses, the potential for troublemaking seems boundless. Already computer thieves, often striking from within, have embezzled millions of dollars. In 1978 a consultant got a Los An geles bank's computer to transfer $10.2 million to his out-of-town account. Only a confederate's tip led to his discovery. To be a computer-age thief, you need nothing more than an inexpensive home computer, a telephone and a few light-fingered skills. As in the Dalton case, computer passwords are often short and simple. Be sides, computer networks like Telenet or Datapac, frequently publicize their numbers to attract customers. Once into the computer system, there are other barriers to crash, and other techniques for purloining information.

Computer crooks have developed a whole bag of electronic tricks. One is the so-called Trojan Horse. Like the famed ruse used by the Greeks to penetrate Troy, it helps an interloper get into forbidden recesses of a computer. The mischiefmaker slyly slips some extra commands into a computer program (the instructions by which the machine performs a given task). Then when another programmer with higher clearance runs the program, he will unwittingly trigger the covert instructions. These unlock the guarded areas, just as the Greek soldiers hidden in the horse unlocked Troy's gates. The culprit might then transfer money to his own account, steal private information or sabotage the system itself. Other colorfully named ploys: superzapping (penetrating a computer by activating its own emergency master program, an act comparable to opening a door with a stolen master key); scavenging (searching through stray data or "garbage" for clues that might unlock still other secrets); and piggybacking (riding into a system behind a legitimate user).

Faced with such ingenuity, some computer owners are resorting to complex coding devices that scramble information before it is transmitted or stored. They are also changing passwords. Some even rely on detectors that identify legitimate individual computer users by fingerprints or voice patterns.

Yet as the safeguards go up, so does the urge to crash the barriers, especially among students. In a celebrated Princeton University case, students snatched grades and housing data from the school's computers and, by their account, briefly shut them down. Last September, two Illinois high school students dialed their way into one of DePaul University's computers and threatened to immobilize it unless they got access to a special program that would have let them communicate with the machine more directly. Said an investigator who helped catch the teenagers: "They did it because everyone said it couldn't be done." Maybe so. But computer owners wonder: Where does the fun end and the crime begin?

--By Frederic Golden. Reported by Philip Faflick/New York, with other U.S. Bureaus

With reporting by Philip Faflick/New York, with other U.S. Bureaus

This file is automatically generated by a robot program, so viewer discretion is required.