(*> The Great Satellite Caper <*) (*> Reprinted without permission from TIME Magazine <*) (*> Typed by ZiGGY <*) Hacker's arrests point up the growing problem of system security It started innocuously enough: a credit card costomer in Conneticutt opened his monthly statement and noticed a charge for a peice of electronic equipment that he had never purchased. By last week that apparent billing error had blossomed int a full-fledged hacker scandal and led to the arrest of seven New Jersey teenagers who were charged with conspiracy and using their home computers and telephone hookups to commit computer theft. According to police, who confiscated $30,000 worth of computer equipment and hundreds of floppy disks, the youths had exchanged stolen credit card numbers, bypasses long-distance telephone fees, traded supposedly secret fone numbers (including those of Pentagon [Gasp!] officials), and published instructions on how to build a letter bomb. But most remarkable of all, the first reports said, the youngsters had even managed to shift the orbit of one or more comunication satellites. That feat, the New York Post decided, was worth a front page head line: WHIZ KIDS ZAP U.S. SATELLITES. It was the latest real-life version of War Games, in which an ingenious teenager penetrates a sensitive military computer system and nearly sets off World War III. Two years sgo, for instance, the story was re-enacted by the so-called 414 Gang, a group of Milwaukee-area youths who managed to break into various computer systems all over the US. The new Jersey episode assumed heroic proportions when Middlesex County Prosecuter Alan Rockoff that the youths, in addition to carrying on other mischief, had been "Changing the positions of the satellites up in the blue heavens." That achievment, if true, could have disrupted the telefone an telex communications on two continents. Officials from AT&T and Comsat hastily denied that anything of the sort had taken place. In fact, the computers that control the satelites cannot be reached by the lines of public fones. By week's end the prosecuter's office was quietly backing away from its most startling assertion, but to most Americans, the satellite caper remained real, a dramatic reminder for a bright youngster steeped inthe secret arts of the computer age, anything is possible. Says Stephen Levey, author of Hackers: "It's an immensley seductive myth, that a kid with a computer can bring a powerful institution to it's knees." Last spring postal authorities traced the Conneticut credit card purchase and a string of other fraudulent transactions to a post office box in Soutn Plainfield New Jersey. Someone was using the box to take delivery of sterio and radar-detection equipment ordered through a computerized mail order catalog. The trail led to a young New jersey enthusiast who used the alias "New Jersey Hack Sack" and communicated regularly with other computer owners in a loosley organized network of electronic bulletin boards. A computer search of the contents of those boards by detective GEORGE GREEN and patrolman MICHAEL GRENNIER, who is something of a hacker himself, yeilded a flood of gossip, advice, tall tales, and hard information, including excerpts from an AT&T satellite manual, dozens of secret telephone numbers, and lists of stolen credit card numbers. The odd mix was not unique to the suspect bulliten boards. Explains DONN PARKER, a computer crime expert at SRI International in Menlo Park, California: "Hacking is a meritocracy. You rise in the culture depending on the information you can supply to other hackers. It's like trading bubble gum cards." ( <- Whatta ass!) Some of the information posted by the New Jersey hackers may have been gleaned by cracking supposedly secure systems. Other data, like the access numbers of remote computers, were probably gatheres automatically by so called "demon dialers", programs that search the phone system for online computers by dialing every number within an area code. "In some cases penetrating a computer system is extremely difficult and requires a great deal of knowledge and luck" says PARKER. "In others it's as simple as dialing into a bulletin board and finding the passwords that other kids have left." And sometimes it's even simpler than that. Two of the New Jersey youths admitted that at least one of the credit card numbers they used had not come from a computer but from a slip of carbon paper retreived from a trash can. No matter how mundane, the actions of the New jersey hackers have again focused national attention on a real and growing problem: how to safeguard the information that is stored inside of computers. Americans now carry more than 600 million credit and charge cards, many of them allowing at least partial access to a computerized banking system that moves over $400 billion every day. Corporate data blanks hold consumer records and business plans worth untold billions more. Alerted to the threat by earlier break-ins, corporations and government agencies have been moving to shore up their systems. Many have issued multiple layers of password protection, imposing strict dicipline on the security of passwords and requiring users to change their passwords frequently. Others have installed scrambling devices that encode sensitive data before they are sent over the wires. Audit trails make crime detection easier by keeping permanent record of who did what within a system. Dialback services help keep out unauthorized users by recording each callers ID number, disconnecting the call and then re-dialing only that telefone number authorized to the holder of the ID. All told, U.S. business spent $600 million on security equipment and software. By 1993, according to DataPro research, security systems should exceed $2 billion annually. in addition to the cost, these measures tend to make the systems less "friendly," in the jargon of the trade. But computer operators who keep their systems casual may be courting trouble. Says SRI's PARKER: "These are sush reasonable, cost-effective steps that managers who don't use them pretty much deserve what they get."