The Silicon Jungle by David H. Rothman

published by the U.S. government and repeatedly tested by the National Security Agency (NSA) and the National Bureau of Standards? To this day the rumors persist that NSA has built in a trap door to snoop on DES-style codes. True? I don’t know. Captain Zap says, “I don’t trust it. I don’t think NSA would have approved it if they couldn’t crack it.” NSA-approved codes are overkill in all but the most sensitive systems. Telenet has a special interest in encryption software. It is the network into which thousands of computer users dial to reach other machines and services like The Source. In 1984 Telenet claimed to be the first public network offering encryption software—a package for the IBM and clones that uses the public-key method and sells for somewhere under $600. “You have a directory that has all the public keys in it,” said Claudia Houston, Telenet public affairs manager, explaining the Phasor software’s operation. “You look up the guy’s key that you want to send a message to. You punch that key and your message gets encrypted.” For a two-page message, a Telenet man says that might take thirty seconds. Then you’re ready to send over the phone lines. Even if someone wiretaps you, theoretically, he won’t be able to puzzle out your secrets. MCI Mail also offers encryption—through a customized version of a popular communication program—and other electronic networks will undoubtedly follow suit. “Black boxes,” or hardware that scrambles messages, might likewise help; the topic is too complex for me to cover here in the detail it deserves. This equipment usually costs well into the thousands. One security expert, J. Michael Nye, even puts out a consumer’s guide to black boxes.[56] A good black box could be just a special modem with scrambling circuits built in. “If no one else produces a good, low-cost modem with encryption,” says Nye, “I might start doing it myself.” Footnote 56: After writing a draft of this chapter, I helped Nye prepare a section of his black box guide. I find it to be useful, but overly technical for some lay people. Nye may be reached at Marketing Consultants International, Suite #214, 100 West Washington St., Hagerstown, Md. 21740. Call 301/791-0290 for the latest information about the guide’s price and other details. ■ ■ ■ Captain Zap’s Wisdom on Protecting Your Dial-up Computer The Captain and friends stole—via computer connections—over $100,000 in goods and $212,000 in services, including a $13,000 Hewlett-Packard minicomputer. He received a $1,000 fine and two and one-half years’ probation, with fifteen hours a week community service. Far from being 100-percent antiestablishment, however, Zap is a Philadelphia Republican fond of wing tips. (“They show good breeding.”) And a computer security consultant, a client, praises him as “a damn good technician.” A computer-crime expert named Jay BloomBecker isn’t so keen on the use of e×-criminals in security: “There are a lot of people just as bright who have stayed within the law.” Regardless, Zap has some good tips for security-minded computer users, especially those with dial-up machines. Among them: ▪ _Don’t think of computers as gods._ “Remember, there’s just another human at the other end.” ▪ _Spread out your computer numbers; you might even use different telephone exchanges._ Don’t have numbers adjacent to each other—like 555-1212 next to 555-1213. If you do, your computers will be easier targets for hackers with _WarGames_-style dialing programs that scan local exchanges for computer numbers. That’s good advice from Zap. In the same vein, even if you have just one micro, you might consider trying to get a phone number in an exchange miles from your actual location. You might even want to use a tie line to another city. It all depends on whether you think the costs would justify the added protection; for many businesses they wouldn’t. Also, you might keep your modem number secret from people who don’t need to know. A Hollywood director, fearful that computer-smart science-fiction fans might tap into his dial-up machine, used such a precaution. Only he and his regular callers knew the number. His super-secretive approach obviously wouldn’t have worked in a typical business, especially one with many phone lines coming in. Also, nothing’s foolproof; suppose an electronic snoop unlocks your building’s wire closet. ▪ _If possible, use modems faster than 1,200 baud._ Then, says Zap, “most hackers’ modems can’t keep up.” Most small computers’ modems transmit at 300 baud, about 300 letters or numbers a second. ▪ _Remember that hackers can be ingenious._ “Don’t be smug just because you have a dial-back modem. That’s a device that makes callers tap out a special code, and then it rings them back at their authorized location. You can get around it by tying into the central office and setting up a three-way call—without anyone hearing you. I know hackers can set up three-way calls. I’ve done it myself.” ▪ _Protective devices, however, are better than nothing at all._ “Despite their limitations, I’d still install a call-back arrangement or a device that asked you for a code—or maybe a combination of the two. A combination usually would be much better.” ▪ _Don’t get hung up on protecting your dial-up computer with just hardware or just software—use both._ “Black boxes can help keep the wrong people from breaking in. But you also need good security software to control _how_ deeply even authorized people can get into your computer. You want some people—like customers—to have only _partial_ access to the goodies inside your system.” ▪ _Watch what you throw away._ “Some hackers can log onto your dial-up computer after first poking through your trash—for printouts with passwords and similar material.” Another hacker jokingly refers to “The Dempster Dumpster Library.” ■ ■ ■ Don’t lose track of security threats around your office itself while worrying about modems and encryption. Would you believe that you can’t absolutely erase an electronic file—say, a letter or report on your disk—just by following the directions in your software? A snoop might recover the information with a special program like Disk Doctor. Luckily, however, you can zap a sensitive file by magnetically “writing” over its part of the disk. Say you want to wipe out a letter 500 words long, File A. Well, do the following: