Back to 8/96 Analysis: Start
Up to Table of Contents
Ahead to 8/96 Analysis: Windows at Work

8/96 Analysis: The Explorer

The Internet Is a Bad Neighborhood

Legions of pirates, thieves and saboteurs are plaguing the high-tech sector.

By Mike Elgan, Editor

IN THE STUNNING 1984 cyberpunk novel Neuromancer, author William Gibson depicts a dark future in which stolen RAM chips serve as the currency of the international drug market, major corporations hire professional teenage hackers to steal competitors' data and outlaws roam a 3-D virtual-reality cyberspace (a term coined by Gibson).

Every year, our present looks more like Gibson's future. Violent international gangs control burgeoning black markets of stolen chips and code. Malicious hackers break into major companies, banks and government agencies, black-mailing officials or making off with money and secrets. And Web cruisers are discovering that viruses and other dangers may lurk beyond the most innocuous-looking links.

Hackers, crackers and outlaws

In June, the Sunday Times of London exposed a large-scale pattern of British and American financial institutions paying huge sums to blackmailer/hackers who threaten to destroy bank data using "logic bombs" (bit-blasting software viruses that can be executed remotely) and other digital devices. First, the blackmailers prove they can crash bank networks and destroy data. Then they send their demands electronically. Typically, the banks agree to pay the blackmailers (fearing embarrassment more than data loss), transferring the money electronically to overseas accounts. The money is usually removed within minutes. It's a uniquely high-tech crime that involves no physical break-in and no physical cash. It all takes place in cyberspace.

Neither bank nor government security specialists have been able to prevent the intrusions, according to the Sunday Times.

In my May 1995 column, I warned of a new generation of hackers about to take advantage of fresh Win95 and NT security holes. The Web explosion has increased both the availability of hacker targets and the damage potential by several orders of magnitude.

Win95's and NT's security features are only as good as the person using them. Even Win NT's touted security is nonexistent unless you know how to use it. In this month's cover story, "Safety on the Net," and top news story, "Web Insecurity Rampant," David Methvin exposes the Web's vunerability and describes how to protect your site against snoopers. He also offers tips on how to inoculate your PC or network against Web-borne viruses.

The virus epidemic

Software viruses have been around for decades. But the Internet explosion-and new application-delivery technologies like Java and ActiveX-raise the stakes and the damage potential of software viruses.

Java appears to be a more secure solution than ActiveX because it's not designed to write to your local hard disk, something most viruses need to do. But Microsoft says the ability of ActiveX to write to disk (just like a local application) is one of the features that makes it more powerful. Ultimately, according to Microsoft, users should rely on authentication technology, such as the company's own CryptoAPI, regardless of whether Net applications are being delivered via Java or ActiveX. Martin Heller provides some insight into Java, ActiveX and the CryptoAPI in this month's Programming Windows column.

Also see John Ruley's first-person account of his brush with two ugly viruses in the Enterprise View column.

Software piracy

Software piracy and counterfeiting range from the simple use of Netscape Navigator without paying for it to full-scale factory reproduction, complete with boxes and manuals. One of the least-known but most prevalent forms of piracy is called "hard-disk loading." PC vendors buy a copy (that's one copy), then install it on all the machines they sell. Thousands, possibly millions of consumers are buying illegal software without even knowing it. Did you get the manuals to your PC's pre-installed software?

For a startling look at the dark world of software piracy, check out this issue's "Dialog Box" column by Robert Kruger.

Notebook theft

One of the biggest growth areas in the lucrative field of high-tech crime is notebook theft. In 1995, such thefts were up more than 30 percent. Most stolen notebooks are nabbed at airports or from offices.

Notebook theft makes a lot of sense, at least from the criminals' point of view. Notebooks are light, valuable and often come loaded with software and handy peripherals. Business travelers tend to carry their notebooks in generic black cases, so thieves don't look conspicuous carrying them out of airports.

Here's the state of the art in airport notebook nabbing, according to the FAA: It takes three thieves. Two position themselves in line at the walk-through metal detector just in front of a traveler carrying a notebook bag. After the victim places the bag on the conveyer belt, the first thief quickly moves through the detector. The second one sets off the alarm and stalls by slowly removing jewelry and emptying pockets. Meanwhile, the first one through the line picks up the victim's bag and disappears into the crowd, handing off the notebook to the third accomplice.

Because thieves are getting away with it, I think rates (both insurance and theft) will continue to rise.

Armed chip robbery

A wave of armed microprocessor robberies is sweeping the industry. Vietnamese-American and other international gangs gain access to Silicon Valley and Southern California facilities and steal chips at gunpoint. Well over 400 Silicon Valley companies have been victimized in the past few years. Some estimates suggest stolen chips cost Bay-area companies about $1 million per week in lost sales.

In March, an FBI sting operation smashed a crime ring responsible for an estimated $500 million in chip thefts. Fifty suspects were arrested-and the Feds didn't even catch them all.

Some of these heists involve inside operatives. Sometimes, executives are kidnapped and held at gunpoint to gain entry to the factory floor. It's not unusual for the criminals to tie up and beat employees during robberies.

Does your PC contain stolen chips? Unless you bought your system from a highly reputable vendor, it's hard to tell.

How to protect yourself

The pages of WinMag are packed with new Internet and other security products. But products alone won't help. You need know-how, a sharp eye and-most importantly-common sense. A little paranoia doesn't hurt, either. Companywide awareness of the risks is paramount. After all, the latest security products and techniques are useless if an employee with access to key information uses the password "PASSWORD."

Make sure you buy legitimate, legal hardware and software from reputable vendors you know and trust. By doing so, you won't be supporting the growing international high-tech crime wave.

Have you had a brush with high-tech crime? If so, drop me a line.

Contact Editor Mike Elgan in "The Explorer" topic of WINDOWS Magazine's areas on America Online and CompuServe.To find his E-Mail ID Click Here

Back to 8/96 Analysis: Start
Up to Table of Contents
Ahead to 8/96 Analysis: Windows at Work