How big is cyber-crime? Well, just to give you an idea: one thief stole twenty thousand credit card numbers. As the Web continues to grow and we put more and more personal information online, the computer underworld is only getting more difficult to control.
We're using the Net in ways it was never originally intended. We're putting more and more sensitive personal and financial data about ourselves online on an open system with no inherent built-in security. And that's a problem because the real world has logged on.
"As the world moves into cyberspace and as all money flows into cyberspace...crime follows money and you're going to see it there," says Richard Power of the Computer Security Institute.
Break-ins to computer credit records, intrusions into private files, snooping into e-mail accounts, changing people's credit records -- you're a lot more vulnerable than you think you are!
One 18-year-old broke into a financial institution, generated a credit card for himself, and went on a vacation to Hawaii. Other people have been known to try and find ways to hack and counterfeit lottery tickets. And in one case, a gang of international crackers broke into Citibank's wire transfer software and stole 2.8 million dollars.
The bad news is no one really knows how much digital trespassing and out-and-out theft go on on the Net. The good news is that most of us aren't really the targets.
"A user today has more to fear from a computer virus than some kind of cyberspace mugging," says Power.
One hacker, a woman who downloaded a pirated computer game, says many hackers justify breaking into someone else's files as a challenge.
"It's information! It's free! I mean, yeah, I suppose it's private property and you build a firewall. But if you build a firewall, there's always somebody who's going to crack it," she says.
The experts at SSG specialize in computer security. They help fight the bad guys.
It's SSGs job to find the security leak spots at banks and other data-rich targets for hackers and crackers.
SSG knows the dark side of the Net. And they also know who the typical Internet troublemakers usually are. According to SSG,
"The visible hacker community is people that are bored. If you could get them a life, get them a hobby, get them a good video game, they'd do that instead."
The surprise is digital criminals often don't have to use a computer.
"I know several people who are very shady characters," says Shipley. "...They don't get [their information] from picking up a modem, finding a phone number, guessing a password, and then breaking into the system. They get it by dumpster diving."
Dumpster diving is the fine art of finding credit card numbers, passwords, and other valuable computer data that stores, companies, and even we at home just throw out; easy pickings for the bad guys to walk by, dive in, and use.
"I'd say that ninety percent, maybe ninety-five percent of the information, [the hackers] gain is by dumpster diving," says Shipley.
With all these cyberthieves, dumpster divers, crackers, and digital pests out there, a good password will keep them out, right? Wrong. According to Shipley,
"Every hacker piece of software out there has a system that [cracks passwords]."
In fact, a list of supposedly secure passwords for one of his clients was easily exposed by a little custom password-cracking software.
"I was able to break about two hundred of them on the first try," he adds.
Most hackers break code not for profit, but for the challenge. For more information, visit Pretty Good Privacy (PGP) at their website at www.pgp.com.
"Hacker". The word has come to symbolize the outlaw of the information age. Indeed, when it comes to creating mischief, hackers are in a league of their own. NewsCenter4's Anthony Moor begins a two-part look at the computer underground and what they can do to you.
To a hacker, what goes on inside these computers could be a goldmine. This is "Insweb," new Internet site where you can buy insurance online.
"Hackers come in for a variety of reasons," says Darrell Ticehurst of Insweb. "They could download names and addresses of people who buy jewelry. They could alter online contracts, such as the sentence 'earthquake coverage not included.' We really have to worry about that 18-year-old with a 180 IQ and not much judgment [who] decides it's really funny to take out the word 'not' and see how long it takes you to notice it."
"They're attempting to take over the computer," says Ticehurst. "They're attempting to grab hold of our disk drive, use it, read everything that's on there or load something onto it."
One hacker has repeatedly attacked Insweb seven straight days.
"What we're going to do now is trace that route to find out where that intrusion came from," says Ticehurst as he demonstrates on his computer.
"It came out of Travel Software Systems in Heidelborn, Germany. Now this is somebody who's made a serious attempt on the system."
But Ticehurst goes no further. No harm done, he says.
If someone does press charges, it might go to detective Keith Lowrey at the San Jose police high tech crimes unit.
"Hackers can do just about anything they want to do," says Lowrey. "They can alter your credit. They can steal your identity."
It could cost an insurance company billions. These pages list a single week's worth of serious hacking attempts.
One scam happens on popular online services.
"You get a flash message across your screen," says the detective. "It says, 'hey, your credit card or the account that you're using to charge your time online is no good, and we need you to re-enter another credit card with an expiration date.' And a lot of times that's coming from a hacker."
Once you type your credit card in, the hacker has what he needs.
But you may be surprised that the hacker's most valuable break-in technique doesn't rely on electronics. It's called `social engineering;' just a fancy name for the classic con game.
You see, even the best hackers need logon ID's and passwords. So before trying any sophisticated guesswork, hackers simply ask.
"You're on your computer terminal typing out," says Lowrey. "And all of a sudden you get a phone call. And the phone call says, `Hi. I'm Joe and I'm from your MIS department. What I need you to do is log off your system and log back on.' And he's [the hacker] sitting there watching you type it in."
He's hacked far enough into your system to watch from his computer what you're typing on yours. Some even inadvertently tell hackers their passwords over the phone. How real is the threat to you? Hackers say consider your "hack factor;" why would anyone want to break into your system?
Hackers tell me I raised my hack factor dramatically when I posted Internet messages asking for help on this story.
Scientific evil has been personified by the warlock, the alchemist, the mad scientist, and now the hacker. But NewsCenter4's Anthony Moor visited the denizens of the computer underground, who say their bad reputation is undeserved.
Welcome to the war room, and say hello to Evil Pete. Evil Pete is a hacker. His license plate? "liv2hak."
"Most hackers, by the time they reach my age, are either in jail or very rich," says Evil Pete. "I somehow have not done either."
Evil Pete is war dialing today; a computer is, actually.
"I'm calling sequentially each phone number in the local dialing range and finding which ones have computers attached to them."
He can't break in without a password. There's a way around that though.
"You test each word in the dictionary against the password," he says.
But Evil Pete insists hackers are unjustly demonized,
"There are lots of amateur radio enthusiasts, there are lots of amateur chemists in the world, there are lots of amateur machinists in the world. And people don't worry about these amateur machinists going out and building a bigger cannon and killing people."
"Same thing," he concludes. "Hackers aren't going to go out there and write a virus to kill people."
Evil Pete says he only breaks in to other systems when authorized by clients,
"I professionally break into corporations."
Meet Yobie, Seven, and Dark Angel -- also members of the computer underground.
"The perception given to the general public is that hacking is out of control; it's very rampant [and] nothing is sacred, nothing is private, you're an open book to the lives of people," remarks Seven. "And it's not; it's completely the opposite. It's false."
They say most hackers don't steal or destroy; they just snoop.
"I wasn't doing any damage to anybody's system; I wasn't destroying anything," says Dark Angel. "I wasn't compromising any important data; I was just doing it to learn."
And that, they say, can benefit us all.
"We view ourselves as part of a community and that community being the Internet," says Yobie. "And we have an obligation to point out the weaknesses of this community."
But they can be pranksters. Seven once intercepted OJ Simpson's video telemarketing line.
"Maybe 10 years from now they will understand hackers," says Seven. "And this fear and ignorance of the hacking community will be gone, and they won't think of us as evil any more."
Until then, even Evil Pete takes precautions.
This is his shredder.
"I know a lot about security," he says. "I know how to break in, I know how to obtain your credit reports; I guard my own."