Virtual thievery - Pulling the plug on High-Tech Crime
Issue 1
Written by Demon Phreaker
YOU ARE DRIVING DOWN THE HIGHWAY
At 55 miles an hour. I'll never make it to work on time at this rate, you think. I'd better call in. You drive through an overpass, not noticing the car parked above you, and pick up your cellular phone. Immediately, the man in that parked car springs into action: Using a lunch box-sized device, he steals your cellular phone code, which he later will "clone" onto a bootleg phone. You have just become a victim of crime.
YOU ARE AT HOME
Flipping through your favorite catalog while dinner cooks.
You came across the perfect pair of hiking boots, just what you need for that vacation you've been planning. The microwave timer rings, and as you go answer the dinner bell, you pick up your cordless phone to place your order. Simple. You've done it a thounsand times. Except this time, somebody with a radio scanner is recording your credit card number.
You've just become a victim of crime.
YOU ARE AT WORK
Passing a dull moment or two by sending a friend in accounting a funny message about your boss over the electronic mail system. But your friend isn't the only one reading the message; the next day your boss fires you.
You just became the victim of high-tech surveillance.
WHILE ON A BUSINESS TRIP ABROAD
You put down your laptop computer to check in at the airport.
When you look down, the computer is gone. A simple theft? Hardly.
Your corporation has just become the victim of a crime that will likely cost it millions-industrial espionage.
YOU CALL A COMPANY TO INQUIRE ABOUT A PRODUCT
An electronic voice tells you that all lines are busy, but if you leave your name and message, someone will return your call. Strangely a competing company calls the next day, selling exactly what you wanted from the first company. The first company has just become a victim of crime.
Hight-tech "hit men"
were being paid as much
as $10,000 to steal laptop
computers.
Americans are afraid of crime. Opinion polls show that crime is number-one issue on our minds today. We fear being mugged or carjacked or killed during a drive-by shooting. But there is another type of crime that doesnÔt make the local news. High-tech crime cost us millions-even billions-each year. American corporations pay for fraud directly, and the rest of us pay inderectly through higher prices. Perhaps more importantly, "virtual thievery" steals our most valuable possession-our privacy-the cost of which is incalculable. As whe approach the 21st century computers and high-tech gadgets have become vital parts of our everyday lives. Computer networks, such as internet, now link together an estimated 12 million americans. Another 12 million americans use cellular phones. The number of electronic mail messages will soar from 6.1 billion in 1993 to 14.3 billion in 1995. Information can be sent anywhere around the world today at the push of a button. But technology, with all its wonders, has provided the breeding ground for a new type of crime-the theft of information electronically generated or sent over microwaves or airwaves. You hear a lot these days about information superhighways. As more of us drive up the electronic on-ramp and carefully enter traffic, how safe are we from highway robbers? How secure are our private thoughts and business secrets? Who is getting ripped off and for how much? Who are the bad guys and how do they operate? If someone breaks into a house or steal a car, it is easy to figure the cost. But often with high-tech crime, you don't even know it has occurred until much later, if ever. The astronomical dollar figure attached to this type of crime vary widely. "There is no exact knowledge or emperical standards to nail down how wide the problem is, but the standard estimate is three to five billion dollars a year in technical fraud caused by a high-tech crime," says Fred cotton, a manager of training services at Search, a Sacramento non profit corporation that works with state law enforcement agencies on high-tech crimes.
But that's just scratching the surface. The theft of cellular telephone codes is estimated by industry officials to cost $100 to $300 million a year. U.S. companies lose $20 to $100 billion a year due to corporate espionage and high-tech spying conducted by foreing countries, Acording to The Wall Street Journal Report (August 8, 1993), and this figure excludes the cost of American companies spying on each other. While these dollar figures may be staggering, they don't tell the human cost of virtual thievery. As many as 20 million Americans may be spied on at work by their bosses. They are being monitored through their computers, according to a 1993 Mac world magazine survey that did not even include telephone surveillance. "Part of the problem is that people are used to thinking that all (their) communications are confidential," says A.J. Bate, a senior consultant at the Stanford Research Institute in Menlo park, California, an expert on high-tech crime. "We don't realize the full extent of our vulnerability. Hackers break into computer systems all the time, despite safe guards. There are some very bright people out there." "Like any other crime, high-tech crime is proportional," Cotton says. "There may be a small number of computer criminals compared to street criminals, but much of the population is still not computer literate As more people become computer literate, the amount of crime will increase." Who are these virtual thieves? As with other crimes, it depends. With cellular phone fraud, high-tech criminals operate on the streets, selling hot phones. With computer crime, hackers roam through corporate suites, selling trade secrets worth millions of dollars. People think of hackers as just nerdy troublemakers, but there is money to be made in purloined secrets. At work, your boss can legally read your private computer mail. At home, it could be anybody from a nosy neighbor to a jealous ex-spouse listening in on your cordless phone.
Almost anyone can become a virtual thief. "It is easy as hell to tap anybody, anywhere," says Morton Bromfield, executive director of the American Privacy Foundation in Wellesley, Massachusetts. "All you have to do is to walk into an electronic store. You don't need anymore then a couple of hundred bucks for a modem and a couple of hundred for a tape recorder and a few hundred for a Christmas computer, and you're in business." Now lets take a look at the technologies vulnerable to theft.
››››› ››››› ›› ›› ›› ›› ›› ››››››› ››››››
›› ›› ›› ›› ›› ›› ›› ›› ›› ›› ››
›› ››››› ›› ›› ›› ›› ›› ››››››› ››››››
›› ›› ›› ›› ›› ›› ›› ›› ›› ›› ››
››››› ››››› ››››› ››››› ›››››› ››››› ›› ›› ›› ›››
›››››› ›› ›› ››››››› ››› ›› ››››› ›››››››
›› ›› ›› ›› ›› ›› ›››› ›› ›› ››
›››››› ››››››› ›› ›› ›› ›› ›› ››››› ›››››››
›› ›› ›› ›› ›› ›› ›› ›› ›› ››
›› ›› ›› ››››››› ›› ›››› ››››› ›››››››
In early 1992, the Sprint long distance phone company noticed something unusual. It appeared as if a department store clerk and a real estate broker in Phoenix were making hundreds of long distance calls from their cellular phones to Israel, Jordan, Saudi Arabia, and the United Arabia Emirates. Closer investigation revealed at least 57,000 calls in 19 days. The Secret Service was called in and raided a Phoenix apartment where they arrested five suspects and seized 35 cellular phones, 10,000 microchips, and notebooks filled with electronic codes stolen from legitimate cellular phone customers. This operation-the biggest ever busted-ended up costing American phone companies $1 million in fraudulent charges.
"This is not a victimless crime, because the people using this service illegally are stealing from the honest people paying their regular phone bills," says Michael T. Houghton director for public affairs and communications for the Cellular Telecommunications Industry Association in Washington, D.C. "The customer is not responsible for fraud, but it does raise the cost of doing business."
Cellular crime is insidious: You don't even know you are being ripped off. "Cellular phones are the most vulnerable of the high-tech networks," says Cotton. "It's really just a broadcast technology. You can listen in to a cellular phone conversation with a police scanner or bearcat scanner. I'ts no different then talking on a two-way CB." Actualy, i'ts easier than that. When you make a call, the phone sends out two electronic codes. One is the mobile ID number that shows you are a phone company subscriber. The other is the phone's electronic serial number. With a small electronic monitoring device, the thief can pull up behind you at a stop light while you are on the phone and steal your electronic serial number right out of the air. Then he buys a chip burner for $150 at an electronic store and uses his personal computer to reprogram your number onto another cellular phone. The hot phone is sold on the streets of Washington Heights in New York city for $500. It's good until you get your phone bill and faint at the cost.
Variations of this scheme in other sections of New York have included illegal telephone booths on wheels in Queens, where immigrants line up to pay $10 for a 20-minute call overseas cheaper than a legitimate call. "A lot of people don't even know they've bought a fraudulent phone," says Houghton."Someone will say; hey this is a satelite phone. Buy it and you'll never get a bill,' Meanwhile it's a hot phone. There are a lot of scams like that." Since 1991 authorities around the country have arrested more than 100 cellular fraud suspects and seized over 300 counterfeit phones and thousands of computer chips. But this scam is profitable enough that criminals are willing to risk arrest to continue-to the tune of at least $100 million a year.
CORDLESS TELEPHONES
Millions of Americans now use cordless telephones. The convenience of not being tied to a wire fits in with the American ideal of freedom. But just as with cellular telephones, cordless phones are far from secure.
A man in LaCrosse, Wisconsin, Found that out the hard way in 1988. His neighbor was listening to his conversations with a radio scanner and didn't like what he overheard. He notified the police amd the man with the cordless phone ended up convicted of marijuana violations. Similar cases occurred in Dixon, Iowa in 1983 and Hutchinson, Kansas, in 1982.
In Dixon, the neighbors picked up a suspicious cordless conversation involving drugs from four blocks away and called the police. In Hutchinson, a husband and wife were tuning their radio when a neighbors voice came in loud and clear. Unfortunately for the fellow on the cordless, he was broadcasting information about narcotics. While these cases exposed people breaking the law, innocent people can be just as easily victimized.
"Criminals do it all the time," says Mr. Bate of Stamford Research Institute.
"They steal credit card numbers and phone access codes when we give them out over the phone." Amazingly enough, it is not illegal to intercept cordless calls. "It is a technichal quirk, but cordless phones are not covered by law," says Robert Ellis Smith, editor of the Privacy Journal of Providence, Rhode Island. "The communication between the mouthpiece and the central unit is considered a radio broadcast. It's like operating an FM radio. The user has to beware of that." Indeed, according to the Federal Electronic Communications act of 1986, radio transmissions "readily accessible to the general public," like cordless calls between the receiver and station, are not protected by law.
ELECTRONIC MAIL AND COMPUTER BULLETIN BOARDS
Sending messages via electronic mail or fax is becoming increasingly popular. Many people are going on-line through interavtive computer networks. Some think that this technology will eventually put the U.S Postal Service out of business. But if you want privacy, let the sender beware. Someone may be reading what you send and using it against you. "Most people consider E-mail the equivalent of a sealed letter in the U.S mail because they have a password at work to use the system," says Charles Piller, senior associate editor of Mac world. "But their bosses can override those passwords and read those messages. E-mail is more like a post card than a sealed letter."Two employees of Nissan Motor Corporation found that out when they called their boss a "numb nuts" on the company's E-mail system. After being rebuked by their boss, they filed a privacy grievance with the company and were soon fired. They sued, claiming the company violated California's Constitution. So far, Nissan has won in the lower corts and the case is under appeal. Federal law prohibits phone and data line wiretapping with two execptions: the police and your boss. The cops have to get a court order first; your boss doesn't. When you enter your office, you check your Fourth Amendment rights at the door. "If the FBI thinks someone is guilty of treason," Senator Paul Simon of Illinois said on the Phil Donahue show, "if they want to tap that person's telephone, they have to go into court and get a court order before they can tap that telephone and listen in.
But under our laws right now, an employer can listen in to any conversations, can have hidden microphones and hidden cameras." And indeed they do. The Communications Workers of America estimates that bosses eavesdrop on the calls of their workers some 400 million times a year, or more than 750 calls a minute. Macworld did the first national study of electronic surveillance in the workplace found that more than 21 percent of the 301 companies surveyed have "engaged in searches of employee computer files, voice mail, electronic mail, or other network communications." That figure rose to over 30 percent of companies that employ more than 1,000 people. This 1993 survey concluded that 20 million Americans may be spied on at work through electronic means. Since eavesdropping at work is legal, you have to watch what you write on E-mail. You also have to be careful with electronic bulletin boards. If you write something libelous on a computer network, you can be sued, even if you never intended for the defamed person to read it. "We're seeing today a heavy use of services like internet, which is a fabulous network of information," Cotton says."But when you use it, everyone has access to what you're saying." Ther have been cases where law enforcement agencies have used this fact to stop crime. Last February, a fax machine became the Achille's heel of an ilegal sports gambling ring worth $10 Million a year operating in Nassau County, New York. The Nassau District Attorney's Rackets Bureau and detective squad arrested 12 people, raided eight locations in the New York City vicinity, and seized cash and gambling records after intercepting the fax transmissions. "They would take bets in one room and fax it to another location," said Nassau DA spokesman Ed Grilli, according to the New York Daily News. "We could get a copy of the fax. It <the investigation> was state-of-the-art."
VOICE MAIL AND CORPORATE ESPIONAGE
With voice mail and computer crime, it is not a question of invading somebody's privacy, but stealing information. "The people who use technology rely on it to help their business--to help them make widgets," Cotton says, as an example. "They don't understand that computers can instantaneously transmit all over the world and voice mail can be stolen. Computer security is not their responsibility, nor do they think about it."
In 1991, roughly 16,000 American companies had a combination of automated attendants and voice mail systems handle their calls, according to Dataquest, a San Jose market research company. By the en of 1993, some 40,000 voice mail systems were expected to be in operation.
These systems save companies the cost of hiring telephone operators, but they are also ripe for corporate espionage. "The systems themselves are not that vulnerable," says Cotton. "But there have been cases of former employees accessing voice mail systems and stealing calls or information. We see alot of this type of crime."
The Wall Street Journal reported in september 1993 that standard Duplicating Machines of Andover, Massachusetts, sued their competitor, Duplo Manufacturing Corporation of Japan, for taking part in a "prolonged and surreptitious campaign of business espionage" by stealing voice mail messages. The suit contends that a former Standard sales manager went to work for the rival firm and used his access to Standard's system to steal business. Says Smith, "Corporate espionage is frequent in pockets, such as labor/management disputes or high-tech fields, where competitors can gain advantage by stealing information."
Indeed, voice mail is only the tip of the corporate espionage iceberg. High-tech "hit men" were being paid as much as $10,000 to steal laptop computers from Fortune 1,000 executives, according to Computerworld article in 1992. The high-tech crime unit of the San Jose police, working in the computer rich Silicon Valley, has closed about 200 cases in three years. The average case involves $50,000 in stolen property (computers, etc.) , with half of all cases worth more than a million once the results of the information theft included. Executive traveling overseas are warned to be careful with their laptop computers. "Espionage doesn't just involve state secrets," Cotton says. "An IBM executive overseas can be carrying information in his briefcase on a laptop computer that is the equivalent of a filecabinet full of documents."
France admitted to gathering "economic intelligence" on U.S companies during the '80s. It is not alone. With Japan, Germany, Britain, Korea, Canada, and Israel also suspected of high-tech spying, experts guess that American companies lose up to $100 billion a year.
What can we do about high-tech crime ? Some look to technology itself for the answer. Computer info can be encrypted to prevent others from reading it. Cellular phones of the future will have "voice prints," making them tamper-proof. But the experts are not optimistic. Hackers make their living "conning," or breaking into, electronic systems. "The hackers catch up right away, technically," Bate says. "Some of the latest technology to safeguard wireless communications-stuff still on the drawing board-hackers are familiar with already." Says Houghton, "This is a high-tech war against high-tech criminals.
We have to stay one step ahead of the criminals, who are always looking for technological solutions to whatever we do."
Some look to the government for solutions. Senator Simon is proposing federal legislation that would limit employers spying on their workers. Indeed, the Macworld survey shows that only 31 percent of companies engaged in electronic eavesdropping warn their employees in advance.
But others are critical of past efforts by the federal government in this area. "You talk about microwave interceptions as a great threat," says Morton Bromfield of the American Privacy Foundation. "But you don't know or don't care to know or have been assured that regular wire communications are secure when they are not. The government is not the problem. The government has only acquiesced and become part of the problem.
The primary problem is that industrial espionage is big business and has been going on for centuries." Perhaps the truth is that our thinking has not kept pace with the communications revolution. "There is a high expectation of privacy among the American people," says Smith. "A recent survey found that they expect their medical records to be private, but they are not. I expect that these high expectations of privacy might exceed reality in other areas as well." But that doesn't mean we have to stop communicating for fear of virtual thieves. "Of course, the benefits and convenience of these forms of communication far outweight the danger," Cotton adds. "If people monitor cellular phones, they hear a lot of people being told to bring a loaf of bread home for dinner."
The best advice, then, is to be careful. Don't discuss sensitive subjects over cellular or cordless telephones.
Turn the cellular phone off when it is not in use. Don't send anything over E-mail or electronic bulletin boards that can get you in trouble later. Don't leave your computer terminal on and walk away from it. Watch what you say on voice mail. If you travel with personal computer, don't leave it in a hotel room or check it into a storage locker at an airport or train station. Don't work on places like restaurants or waiting rooms. "Eternal vigilance," Thomas Jefferson once said, "is the price of liberty." It is also the price of avoiding high-tech crime. The virtual thieves are out there. But just as you wouldn't walk down a deserted street late at night or leave your car unlocked, you must also become security-conscious in this brave new world.
// This file was Written by Demon Phreaker // Source info Gallery //