International criminals hit information highway

August 09, 1994|By Mark Guidera | Mark Guidera,Sun Staff Writer

/etc./password.

Those 15 keystrokes, flashing across a computer screen in an Ellicott City barn last month, put Jamie Clark and two co-workers on a cyberspace hunt for international computer criminals in the fast-evolving world of Internet crime.

"I knew it was really bad trouble right away," recalled Mr. Clark, 31, as he watched a hacker trying to worm his way into the password file of the system Mr. Clark had set up to sell Internet access to home and small-business computer users in the Baltimore-Washington area.

What he found was worse than he had suspected. An international ring operating out of Sweden and several European countries had used stolen telephone calling card numbers to call the United States and set up accounts on ClarkNet, Mr. Clark's Internet access system. They paid by using stolen credit card numbers.

Once on the Internet, the hackers were free to attempt to crack and vandalize other systems.

Computer security experts now believe the group wanted access to university computers to steal research that could be sold on the black market around the world.

They say this kind of attack is increasingly common as criminals use the wide-open Internet to steal not only business data, but also important personal information -- such as credit card numbers -- that everyday users store or pass through the Internet.

"This kind of thing is happening more and more each year. A lot of people think the Internet is this wonderful place where everyone is communicating and acting responsibly. But people have got to realize there are some devious people out there with superior hacker skills," said Doug Tygar, a computer scientist at Carnegie-Mellon University and a member of the Computer Emergency Response Team, a group that investigates electronic break-ins.

The Secret Service and the FBI declined comment on the investigation of the ClarkNet break-in, as did several banks and telephone calling card companies whose customers were targets of the group. However, Mr. Clark and his co-workers were willing to provide details of their efforts to track down the intruders.

Passwords

Mr. Clark's brush with Internet crime began over the July 4 weekend, when he was monitoring computer traffic coming through ClarkNet, the business he founded last year in a barn on his family's farm.

ClarkNet provides 1,500 computer users with dial-in access to the Internet, a worldwide network of computer networks which links an estimated 20 million users in universities, businesses and homes.

He saw that a customer known as "John" was attempting to break through ClarkNet's computer security and steal the file containing the passwords of ClarkNet customers and administrators. With those passwords, the hacker could gain access to sensitive customer information and other critical ClarkNet files.

The intruder didn't know that Mr. Clark had put the password files where they would be almost impossible to find. Still, the incident was alarming -- it meant the intruder was sophisticated and serious.

Mr. Clark quickly canceled John's access. But as Drew Jansenn, his vice president for sales and marketing, probed the attempted theft, he found that this was more than a lone hacker strutting his cyber-stuff.

They and other investigators found that a small network of skilled intruders had set up at least 20 ClarkNet accounts under phony names by calling in from Sweden and other sites in Europe.

Once they had access to the Internet, the invaders apparently logged onto major university computer systems and tried out sophisticated programs to decode encrypted password files by matching them against entire dictionaries in several languages. They took advantage of the fact that most users pick passwords that are easy to remember, such as "flower," rather than meaningless but secure jumbles of letters such as "ngrvlp."

The hackers were successful in at least one confirmed case, destroying and possibly stealing computer files at Clarkson University in Potsdam, N.Y., according to Lori Carrig, ClarkNet's security officer, who is assisting in an investigation by a government-funded computer security panel and the U.S. Secret Service.

Incidents double

As many as 20 other universities may have been targeted, she said. ClarkNet was able to alert Carnegie-Mellon University in Pittsburgh, where defense research is conducted, that one intruder had some of the school's passwords in his file.

ClarkNet uncovered all of the bogus accounts and canceled them, but its experience illustrates a growing problem.

In 1992, 773 incidents were reported to the Computer Emergency Response Team (CERT). The number doubled in 1993, and this year CERT estimates it will receive more than 2,300 reports.

"Computers are coming more and more into the home, and as they do, people need to think about how they might be affected socially. Unless they have good security, their privacy may be at risk," Ms. Carrig said.

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.