archive:news:trw
COMPUTER RAIDERS HIT BIG CREDIT FILE
06/22/84
COMPUTER BUFFS USING HOME TERMINALS HAVE BROKEN INTO ONE
OF THE LARGEST CONFIDENTIAL DATA FILES IN THE WORLD. THE TRW
INFORMATION SERVICES DIVISION'S COMPUTERS HOLDING CREDIT
HISTORIES OF 90 MILLION PEOPLE.
THE SYSTEM WAS ENTERED AFTER SO-CALLED COMPUTER HACKERS
GOT ACCESS TO A SECRET PASSWORD AND A MANUAL ON THE SYSTEM'S
OPERATION. THE PASSWORD LEAKED OUT MORE THAT A YEAR AGO, BUT
TRW OFFICIALS WERE NOT NOTIFIED UNTIL TWO WEEKS AGO.
TRW INFORMATION SERVICES IS A CREDIT BUREAU THAT TRANSMITS
OVER TELEPHONE LINES SUCH INFORMATION AS CREDIT HISTORIES,
EMPLOYMENT RECORDS, BANKRUPTCIES, LOAN DELINQUENCIES AND
SOCIAL SECURITY NUMBERS. THE SERVICE IS USED BY MORE THAN
24,000 SUBSCRIBERS, INCLUDING BANKS AND DEPARTMENT STORES,
AND CAN BE REACHED FROM MORE THAN 35,000 LOCATIONS.
TRW OFFICIALS SAID THAT ALTHOUGH THE BREAK-IN ALLOWED HOME
COMPUTER USERS TO READ CONFIDENTIAL FILES, THOSE USERS WOULD
NOT BE ABLE TO CHANGE THE FILES. CHANGES ARE SUBMITTED
MONTHLY ON TAPE, AND FILES ARE NOT ALTERED THROUGH THE
ON-LINE COMPUTER SYSTEM.
TRW OFFICIALS SAID THE PASSWORD AND MANUAL WERE OBTAINED
FROM A SEARS ROEBUCK STORE IN SACRAMENTO THAT SUBSCRIBES TO
THE SYSTEM. COMPUTER BUFFS EVENTUALLY POSTED THE CODE NUMBER
ON AN "ELECTRONIC BULLETIN BOARD," WHICH ANY HOME COMPUTER
USER WITH THE RIGHT EQUIPMENT CAN READ BY USING A TELEPHONE.
IT IS NOT KNOWN HOW MANY TIMES PEOPLE BROKE INTO THE TRW
SYSTEM, BUT SOURCES SAID THAT IT HAS BEEN COMMON KNOWLEDGE
FOR MONTHS AMONG MANY COMPUTER BUFFS THAT THE TRW FILES COULD
BE ENTERED EASILY AND CREDIT RECORDS READ.
THE BREACH WAS FIRST REPORTED BY NEWSDAY, WHICH QUOTED
UNNAMED COMPUTER HACKERS AS SAYING THE TRW SYSTEM WAS ENTERED
NOT ONLY TO READ CREDIT RECORDS, BUT ALSO TO "EXPEDITE CREDIT
CARD FRAUD" BY FINDING OUT WHETHER A PERSON WHOSE CREDIT CARD
WAS STOLEN HAD A LARGE CREDIT LIMIT.
TRW SAID THE LEAKED PASSWORD HAS BEEN CHANGED AND THAT NO
OTHER CODES ARE BELIEVED TO BA AVALIABLE TO HACKERS. THE
NEWSDAY STORY, HOWEVER, QUOTED SOURCES WHO SAID THAT OTHER
CODES THAT PROVIDE ACCESS TO OTHER TRW FILES ARE STILL
CIRCULATING.
REFERRING TO THE AMOUNT OF TIME IT TOOK TRW TO LEARN ABOUT
THE PROBLEM, JEROME SALTZER, A SPECIALIST IN COMPUTER SYSTEMS
AND COMMUNICATIONS AT THE MASSACHUSETTS INSTITUTE OF
TECHNOLOGY, SAID, "THAT IS A DISTURBING . . . FAIRLY
APPALLING AMOUNT OF TIME FOR SOMETHING LIKE THAT TO GO
UNDETECTED. IF TRUE, IT SUGGESTS THAT THE COMPANY DOESN'T
REGARD THIS INFORMATION AS VERY IMPORTANT TO PROTECT . . . .
THEY ARE NOT VERY CONCERNED ABOUT PROTECTING PEOPLE'S
PRIVACY." HE SAID THAT RELATIVELY SIMPLE MONITORING
TECHNIQUES SHOULD PICK UP THAT KIND OF SECURITY BREACH
RELATIVELY EARLY.
COMPANY OFFICIALS SAID IT IS POSSIBLE THAT UNAUTHORIZED
ACCESS COULD HAVE BEEN OBTAINED THROUGH A DEPARTMENT STORE
LINE OR A SIMILAR LINE ON WHICH MANY REQUESTS FOR CREDIT
INFORMATION ARE PLACED DAILY. ON SUCH A LINE, THEY SAID, A
FEW EXTRA REQUESTS MIGHT NOT BE NOTICED.
SALTZER SAID THAT A SYSTEM WITH 35,000 ACCESS POINTS IS
DIFFICULT TO POLICE AND THAT ANYONE RUNNING SUCH A SYSTEM
WITHOUT ELABORATE SECURITY PRECAUTIONS MUST ASSUME THAT A FEW
OF THE THOUSANDS OF PEOPLE WHO HAVE ACCESS TO IT MIGHT SELL
THE CODE OR OTHERWISE MISUSE THE SYSTEM.
AMONG THE SECURITY MEASURES TRW COULD HAVE TAKEN ARE
REQUIRING THE USER TO BE CALLED BACK AT A CERTAIN PHONE
NUMBER BEFORE INFORMATION IS SENT; CHANGING SECRET CODES MORE
OFTEN, AND INSTALLING DEVICES ON SYSTEM TELEPHONES THAT TRADE
RECOGNITION SIGNALS WITH THE CENTRAL COMPUTER BEFORE
INFORMATION IS SENT.
A RECENT AMERICAN BAR ASSOCIATION STUDY FOUND THAT 27
PERCENT OF THE 275 BUSINESSES AND PUBLIC AGENCIES IT POLLED
HAD BEEN VICTIMS OF COMPUTER CRIME, SUFFERING LOSSES OF HALF
A BILLION DOLLARS LAST YEAR.
JONN PARKER, A COMPUTER SECURITY EXPERT AT TRW
INTERNATIONAL IN SENLO PARK, CALIF., SAID A ROUGH SURVEY HAS
COUNTED ABOUT 1,400 COMPUTER CRIMES IN THE UNITED STATES OVER
THE PAST TWO DECADES. HE SAID THAT MANY LARGE COMPUTERS
HAVE INSTALLED SECURITY SYSTEMS, BUT THAT THERE IS A
TRADE-OFF BETWEEN SECURITY AND THE COST AND CONVENIENCE OF
USING A COMPUTER SYSTEM -- THE MORE SECURITY USED, THE
COSTLIER AND MORE INCONVENIENT IT BECOMES.
THE TRW SYSTEM USED TWO CODES, A SEVEN-DIGIT CODE TO
IDENTIFY THE USER AND A SHORTER "SECRET PASSWORD," SOURCES
SAID. THE FIRST CODE IS LESS GUARDED AND RELATIVELY EASY TO
OBTAIN, AND THE SHORTER, "SECRET" CODE, THEY SAID, IS "FAR
TOO EASY" TO CRACK.
IF IT CANNOT BE SHOWN THAT THE TRW BREAK-INS WERE USED TO
COMMIT FRAUD -- IF THEY WERE MERELY CURIOSITY TRIPS BY
COMPUTER HACKERS -- THEN IT WOULD BE UNCLEAR WHETHER THEY
WERE ILLEGAL, ACCORDING TO A COMPANY SPOKESMAN. THE COMPANY
HAS BEEN AMONG THOSE SEEKING STRONGER LEGISLATION TO FIGHT
COMPUTER CRIME.
ABOUT 25 STATES HAVE COMPUTER CRIME LEGISALTION, BUT
OBTAINING "UNAUTHORIZED ACCESS" TO CONFIDENTIAL INFORMATION
IS CONSIDERED A CRIME IN ONLY A FEW.
/data/webs/external/dokuwiki/data/pages/archive/news/trw.txt · Last modified: 1999/08/01 17:09 by 127.0.0.1