Roanoke Times
Copyright (c) 1995, Landmark Communications, Inc.
DATE: SATURDAY, February 18, 1995 TAG: 9502200047
SECTION: NATIONAL/INTERNATIONAL PAGE: A-1 EDITION: METRO
SOURCE: Associated Press
DATELINE: SAN FRANCISCO LENGTH: Medium
Despite the arrest of the FBI's most-wanted hacker, computer system operators are scrambling to put virtual locks on their cyberworlds in what may be a futile attempt to protect themselves.
``We're doing what we can, but it's impossible to give people the world with a fence around it,'' said Bruce Katz, owner of the Sausalito-based Well, one of the networks hacker Kevin D. Mitnick is accused of invading.
Mitnick is accused of breaking into the system to read strangers' e-mail, camouflage his other activities and, in one final affront, wipe out all its accounting records.
While Mitnick is considered one of the most skillful hackers, networks are concerned about the hundreds of others who also get thrills breaking into computers.
Computer security is a daunting task. The global Internet was designed for researchers to collaborate, not for high security.
As the net has gone from being the purview of scientists to a business and public forum, security needs have changed - but the porous nature of the network has not. Anyone with a computer, a modem and a phone line can get onto the Internet.
In the case of the Well, the security breach was so severe that technicians will have to rebuild the system from scratch next week.
``We're actually going to have to go off the air for two full days to do it,'' Katz said.
That's on the order of evacuating a small town so police can search for bombs. The Well's 10,000 users make up a tight, albeit virtual, community.
Since the Well was ravaged, it has moved all its internal communication and accounting systems behind a portion of its computer that the public can't reach. And a new password program going up next week will only let users on who choose ``strong passwords.''
``If people pick a word that's in the dictionary, it will tell them to find another,'' Katz said.
Mitnick, 31, was arrested Wednesday in Raleigh, N.C., and charged with computer fraud and illegal use of a telephone access device. He remained jailed without bail Friday.
Prosecutors say the man called the nation's most-wanted computer infiltrator commandeered cellular-phone circuits to raid corporate computer systems and steal information worth more than $1 million, including at least 20,000 credit card numbers.
With hacking of that magnitude going on, companies that do business over the Internet were already wary, and they're getting warier.
CyberSource in Menlo Park, which sells software via the Internet, allows only a small portion of its computer system to connect to the Internet.
``Places like the Well ... are kind of throwing the house open to anyone on the street and then trying to stop them from stealing the silverware,'' said John Pettitt, CyberSource's vice president of engineering.
``We changed all our passwords yesterday, on general principle,'' Pettitt said.
That's no surprise to those who term the Mitnick case a wake-up call for the computer community and want tighter standards on the Internet.
``This whole sorry mess could have been avoided - and the blame can be laid directly at the door of the government for suppressing strong cryptographic applications,'' Berkeley consultant Bruce Koball said.
Cryptographic computer programs are based on algorithms that allow users to code and decode messages. Now, online communications are like post cards - anyone can read anything.
Programs to encode messages are considered munitions under U.S. arms regulations and cannot be exported.
Several companies, including Apple and Microsoft, plan to release easy-to-use cryptography as part of their e-mail systems in the next year. The encryption scheme they're using, RC4, has an OK from the government.
``The reason, of course, is that the National Security Administration would have no problem breaking an RC4 encrypted message with its computers,'' Koball said.
As technology keeps overtaking itself and faster computers become available, sooner or later it won't just be the government that can break the code.
``Nothing you put on a computer which you share with 8,000 of your closest friends should be regarded as secret,'' Pettitt said.
by CNB