==Phrack Inc.== Volume Four, Issue Thirty-Eight, File 13 of 15 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Issue XXXVIII / Part One of Three PWN PWN PWN PWN Compiled by Dispater & Friends PWN PWN PWN PWN Special Thanks to Datastream Cowboy PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Warning: Multiplexor/The Prisoner Tells All April 10, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On approximately April 3, 1992, Multiplexor (a/k/a The Prisoner) illegally used credit card information obtained from CBI/Equifax to purchase an airline ticket to San Diego, California from his home in Long Island, New York. Upon his arrival, MP was met by several agents of the Federal Bureau of Investigation. After his apprehension, MP was taken first to a computer store where agents allegedly picked up a computer from the store manager who is a friend of either one of the agents or a federal prosecutor involved in the case. At the taxpayer's expense, Multiplexor was put up for at least a week at a Mariott Hotel in San Diego while he told all that he ever knew about anyone to the FBI. It is believed that "Kludge," sysop of the San Diego based BBS Scantronics has been implicated, although reportedly his board does not contain ANY illegal information or other contraband. It is widely known that card credit abusing scum like Multiplexor are inherently criminal and will probably exaggerate, embellish and otherwise lie about other people in order to escape prosecution themselves. If you have ever come into contact with Multiplexor -- beware. He may be speaking about you. Incidentally, Multiplexor had this year submitted a poorly written and ill- conceived article to Phrack about voice mail hacking. His article was denied publication. And now this is the final result... Nationwide Web of Criminal Hackers Charged April 20, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Barbara E. McMullen & John F. McMullen (Newsbytes) San Diego -- According to a San Diego Union-Tribune report, San Diego police have uncovered "an electronic web of young computer hackers who use high-tech methods to make fraudulent credit card charges and carry out other activities." The Friday, April 17th story by Bruce V. Bigelow and Dwight C. Daniels quotes San Diego police detective Dennis Sadler as saying that this informal underground network has been trading information "to further their political careers." He said that the hackers know how to break computer security codes, create credit card accounts, and make fraudulent credit card purchases. Sadler estimated that as many as 1,000 hard-core hackers across the United States have shared this data although he said that it's unclear how many have actually used the information to commit crimes. Sadler added that he estimated that illegal charges to credit cards could total millions of dollars. While the police department did not release details to support the allegations, saying that the investigation is continuing, Sadler did say that cooperation >from an "out-of-state hacker," picked up in San Diego, provided important information to the police and the FBI. Although police would not release the identity of this individual or his present whereabouts, information gathered by Newsbytes from sources within the hacker community identifies the so-called hacker as "Multiplexer", a resident of Long Island, NY, who, according to sources, arrived in San Diego on a airline flight with passage obtained by means of a fraudulent credit card purchase. The San Diego police, apparently aware of his arrival, allegedly met him at the airport and took him into custody. The same sources say that, following his cooperation, Multiplexer was allowed to return to his Long Island home. The Union-Tribune article linked the San Diego investigation to recent federal search and seizures in the New York, Philadelphia and Seattle areas. Subjects of those searches have denied to Newsbytes any knowledge of Multiplexer, illegal credit card usage or other illegal activities alleged in the Union- Tribune story. Additionally, law enforcement officials familiar with on-going investigations have been unwilling to comment, citing possible future involvement with the San Diego case. The article also compared the present investigation to Operation Sun-Devil, a federal investigation into similar activities that resulted in a massive search and seizure operation in May 1990. Although individuals have been sentenced in Arizona and California on Sun Devil related charges, civil liberties groups, such as the Computer Professionals for Social Responsibility, have been critical about the low number of criminal convictions resulting from such a large operation. _______________________________________________________________________________ Sun-Devil Becomes New Steve Jackson Game March 25, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Steve Jackson It couldn't have been more than a week after the initial raid when people started saying, "Hey, why don't you make a game out of it?" The joke wore thin quickly, as I heard it over and over and over during the next year. Then I realized that I was in serious danger of losing my sense of humor over this... and that actually, it would be possible to do a pretty good game about hacking. So I did. In 1990, the Secret Service raided Steve Jackson Games when a "hacker hunt" went out of control. Loss of our computers and unfinished game manuscripts almost put this company out of business. It's been two years. We're back on our feet. And ever since the raid, fans have been asking, "When are you going to make a game out of it?" Okay. We give up. Here it is. The game has enough fanciful and pure science-fiction elements that it's not going to tutor anyone in the arcane skills. Neither is it going to teach the sysadmin any protective tricks more sophisticated than "don't leave the root set to default." But it is, I think, a good simulation of the *social* environment of High Hackerdom. You want to outdo your rivals -- but at the same time, if you don't share knowledge with them, you'll never get anywhere. And too many wannabes on the same system can mess it up for everybody, so when you help somebody, you ask them to try it out *somewhere else* . . . and occasionally a hacker finds himself doing the sysadmin's housecleaning, just to preserve his own playground against later intruders. I like the way it plays. In HACKER, players compete to invade the most computer systems. The more systems you crack, the more you learn, and the easier the next target is. You can find back doors and secret phone lines, and even crash the systems your rivals are using. But be careful. There's a Secret Service Raid with your name on it if you make too many enemies. Designed by Steve Jackson, the game is based on the award-winning ILLUMINATI. To win at HACKER requires guile and diplomacy. You must trade favors with your fellow hackers -- and get more than you give away. But jealous rivals will try to bust you. Three busts and you're out of the game. More than one player can win, but shared victories are not easy! HACKER is for 3-6 players. Playing time is under an hour for the short game and about 2 hours for the regular game. Components include a rule book, 110 cards, marker chips, 6 console units, system upgrades, Bust markers, and Net Ninja marker, two dice and a Ziplock bag. Hacker began shipping March 30, and has a suggested retail price of $19.95. _______________________________________________________________________________ "Peter The Great " Had An Overbyte January 10, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Kay Kusumoto (The Seattle Times)(Page B1) "Teenage Hacker Ring Bigger Than Thought" Bellevue, Washington -- Imagine you're a 17-year-old computer whiz who has figured out how to get into the phone-company computer to make long-distance calls for free. Imagine finding at the tip of your fingers step-by-step instructions on how to obtain credit-card numbers. And imagine once more the name you use to log on to a computer system isn't really your own, but actually a tag, or moniker -- like, say, that of a Russian czar. Bellevue police say that's the name an Issaquah teenager used when sending messages to fellow hackers all over the country. They first arrested "Peter the Great" a month ago for investigation of attempted theft in using an unauthorized credit-card number to try to purchase a $4,000 computer from a store in Bellevue. But now police, who are still investigating and have not yet filed charges, believe they're on to something much larger than first suspected. They say they are looking for one or two additional youths involved with the 17-year-old in a large computer-hacking ring that uses other people's credit-card numbers to purchase computers and software. In the youth's car, police say, they found another $4,000 computer obtained earlier that day from a Seattle computer store. They also claim to have found documents suggesting the youth had used credit information illegally. Police Lt. Bill Ferguson of Bellevue's white-collar crime unit said detectives don't know how many people are involved in the scam or how long it has been going on. And police may never know the dollar loss from businesses and individuals, he said. "You can guess as high as you want," Ferguson said. "He had connections clear across the country." After the youth was arrested, police say, he admitted to being a hacker and using his parents' home computer and telephone to call boards. An elaborate type of e-mail -- the bulletin boards offer the user a electronic messaging -- system, one may gain access to a "pirate" bulletin directory of "how to" articles on ways of cracking computer systems containing everything >from credit records and phone accounts to files in the University of Washington's chemistry department. Once the youth decided which articles he wanted most, he would copy them onto his own disk, said Ferguson. Now police are poring over hundreds of disks, confiscated from his parents' house, to see just how much information he had. The parents knew nothing of what was going on, police say. Ferguson said police also seized a copy of a New York-based magazine called 2600, aimed at hackers. Like the bulletin boards, the magazine provides readers with a variety of "how to" articles. The teenager, who was released to his parents' custody the day of his December 3 arrest, told police the magazine taught him how to use a device that can imitate the sound of coins dropping into a pay phone. With that, he could dial outside computers for free. Police confiscated the device. "Hackers are difficult to trace because they don't leave their name on anything," Ferguson said, adding that a federal investigation may follow because detectives found copies of government documents on the youth's disks. "This kid (copied) hundreds of pages of articles, left messages and shared (computer) information with other hackers," said Ferguson. "What's common about the hacker community is that they like to brag about their accomplishments -- cracking computer systems. They'll tell each other so others can do it." - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Hotel Credit Doesn't Compute January 22, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Stephen Clutter and Kay Kusumoto (The Seattle Times)(Page D1) "Kirkland Police Suspect Hacker" Kirkland, Washington -- Police are investigating yet another potential computer hacking case, this one at the Woodmark Hotel in Kirkland. Someone, according to hotel officials, got into the Woodmark's computer system and gave themselves a $500 credit for a hotel room earlier this month. Police say a 19-year-old Bellevue man is the main suspect in the case, although no arrests have been made. The incident surfaces at the same time as Bellevue police press their investigation into their suspicions that a 17-year-old Issaquah youth, using the computer name "Peter the Great," got access to credit-card numbers to purchase computers and software. That suspect was arrested but is free pending charges. "The deeper we get into Peter's files, the more we're finding," Bellevue police Lt. Bill Ferguson said. After arresting the youth last month on suspicion of trying to use an unauthorized credit-card number to purchase a $4,000 computer from a Bellevue store, police confiscated hundreds of computer disks and have been searching the electronic files for evidence. "We've been printing one file out for three hours now -- and it's still printing," Ferguson said yesterday. The file, Ferguson estimated, contains at least 10,000 names of individuals, with credit-card numbers and expiration dates, addresses, phone numbers and Social-Security numbers. Detectives will meet with the Bellevue city prosecutor later this week to discuss charges. In the Kirkland incident, the 19-year-old Bellevue man stayed in the hotel the night of January 11, according to Kirkland Detective Sgt. Bill O'Brien. The man apparently made the reservation by phone a few days earlier and was given a confirmation number. When he went to check into the hotel on January 11, the receptionist found that a $500 credit had been made to his room account, O'Brien said. Woodmark officials, fearing they had a hacker problem, contacted Bellevue police last week after reading news accounts of the arrest of "Peter the Great." "The hotel said they had read the story, and discovered what appeared to be a break-in to their computer system," said Ferguson. "They wanted to know if maybe it was related to our "Peter the Great" case." Police don't know, Ferguson said -- and that's one of the things under investigation. The main suspect in the Woodmark case had worked at the hotel for five days in 1990, police say, and may have had access to the hotel's computer access code. Hotel officials suspected they had a hacker on their hands because phone records indicate that the $500 credit was made via a telephone modem and not by a keyboard at the hotel, Ferguson said. The problem was discovered after an audit showed the $500 was never paid to the hotel. So what happened during the free night at the Woodmark? "They partied and made various phone calls, including nine to the University of Washington," O'Brien said. The calls to the university went to an answering machine at the Medical Center, police say, and there is no indication the men were able to hack their way into the university's computer system. They were up to something, though, and police want to know what. "We're going to start with the (19-year-old Bellevue) kid, and start from there," O'Brien said. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Hacker Charged With Fraud February 14, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~ By Kay Kusumoto (The Seattle Times)(Page F3) "Teen Computer Whiz May Be Part Of A Ring" "Peter the Great" played courier for "Nighthawk." He was supposed to pick up a couple computers purchased with an unauthorized credit-card number from a computer store in Bellevue, Washington last December. He never finished the transaction. A suspicious clerk called police and "Peter" was arrested for attempted theft. But that was only the beginning. The Issaquah teenager who went by the computer name "Peter the Great" was charged yesterday in King County Juvenile Court with attempted theft, possession of stolen property, telephone fraud and computer trespass.. The arrest of the 17-year-old computer whiz led Bellevue police on an investigation into the underground world of computer hacking. Police are still investigating the case and say they believe it involves members of a large computer-hacking ring who use other people's credit-card numbers to purchase computers and software. Court documents allege the youth was after two $1,800 computers on December 3, 1991, the day he walked into a Bellevue computer store to pick up an order for an unknown associate who went by the hacker moniker "Nighthawk." The computers had been ordered with a credit-card number given over the phone by a man identifying himself as Manuel Villareal. The caller told the clerk that another man named Bill Mayer would pick up the order later in the day. But a store clerk became suspicious when the youth, who said he was Bill Mayer, "appeared very nervous" while he was inside the store, court papers state. When the youth couldn't provide enough identification to complete the transaction, the clerk told him to have Villareal come into the store and sign for the computers himself. After the youth left, the clerk called police, and "Peter" was arrested later that day. A search of his car revealed a torn up VISA card, several computer disks, two more computers, a receipt from a computer store in Seattle and several pieces of paper with credit-card numbers on them, court papers state. The youth also had in his possession a red box, a device that simulates the sound of coins dropping into a pay phone. After his arrest, the youth told police that "Nighthawk" had telephoned the computer store and used Villareal's name and credit-card number to make the purchase in Bellevue. The teen admitted to illegally using another credit-card number to order a computer from a store in Seattle. The computer was picked up later by another unknown associate. The youth also told police that another associate had hacked his way into the computer system of a mail-order house and circulated a list of 14,000 credit card numbers through a computer bulletin board. _______________________________________________________________________________ Computer Hackers Nabbed January 29, 1992 ~~~~~~~~~~~~~~~~~~~~~~~ By Michael Rotem (The Jerusalem Post) Four computer hackers were arrested and their equipment seized in raids by police and Bezek security officers on four homes in the center and north of the country. They were released on bail yesterday after questioning. The four, two minors and two adults, are suspected of purloining passwords and then breaking the entry codes of international computer services and toll-free international telephone switchboards, stealing thousands of dollars worth of services. The arrests were made possible after National Fraud Squad officers joined Bezek's efforts to discover the source of tampering with foreign computer services. A Bezek source told The Jerusalem Post that all four suspects had used personal computers and inexpensive modems. After fraudulently obtaining several confidential passwords necessary to enter Isranet -- Israel's national computer network -- the four reportedly linked up to foreign public data banks by breaking their entrance codes. This resulted in enormous bills being sent to the password owners, who had no idea their personal secret access codes had been stolen. The four are also suspected of illegally obtaining secret personal credit numbers used by phone customers to call abroad. The suspects reportedly made numerous telephone conversations abroad worth thousands of shekels. A police spokesman said cooperation between Bezek's security department and the police National Fraud Squad will continue, in order to "fight these felonies that cause great financial damage." Bezek spokesman Zacharia Mizrotzki said the company is considering changing the secret personal passwords of network users on a frequent basis. _______________________________________________________________________________ Hackers Get Free Credit February 24, 1992 ~~~~~~~~~~~~~~~~~~~~~~~ By Doug Bartholomew (Information Week)(Page 15) Banks and retail firms aren't the only ones peeking at consumers' credit reports. Equifax Inc., one of the nation's three major credit bureaus admitted that some youthful computer hackers in Ohio had penetrated its system, accessing consumers' credit files. And if it wasn't for a teenager's tip, they would still be at it. "We do not know how the hackers obtained the access codes, but we do know the confidentiality requirements for membership numbers and security pass-codes were breached," says a spokesman at Equifax. The company, which had revenue of $1.1 billion in 1991, possesses a database of some 170 million credit files. A customer number and access code must have been given to the teenagers, or stolen by them, adds the spokesman, who says Equifax "plans to increase the difficulty of accessing the system." Theft of computer access codes is a federal crime. Virtually No Protection Critics of the credit agencies say such breaches are common. "There is virtually no protection for those systems," says a spokesman for the Computer Professionals for Social Responsibility, a Washington association. "If some car salesman leaves the information sitting on his desk, someone could just pick up the codes." As of last week, Dayton police had made no arrests. But they searched the homes of two young men, age 18 and 15, confiscating half a dozen PCs and numerous floppy disks. The two are thought by police to be part of a group of up to 50 hackers believed to be behind the systems break-in. The group is also under investigation for allegedly making $82,000 worth of illegal phone calls using an 800 number provided to business customers of LDDS Communications Inc., a long-distance service in Jackson, Mississippi. LDDS was forced to disconnect the 800 number on November 15, 1991. _______________________________________________________________________________ Two Cornell Students Charged In Virus Attacks February 26, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Grant Buckler (Newsbytes) Also see Phrack 37, File 11 -- Phrack World News Ithaca, New York -- Charges have been laid against two Cornell University students accused of planting a virus that locked up Apple Macintosh computers at Cornell, at Stanford University in California, and in Japan. David S. Blumenthal and Mark Andrew Pilgrim, both aged 19, were charged in Ithaca City Court with one count each of second-degree computer tampering, a Class A misdemeanor. The investigation is continuing and additional charges are likely to be laid, said Cornell University spokeswoman Linda Grace-Kobas. Both students spent the night in jail before being released on bail February 25, Grace-Kobas added. The MBDFA virus apparently was launched February 14 in three Macintosh computer games: Obnoxious Tetris, Tetriscycle, and Ten Tile Puzzle. Apparently, a computer at Cornell was used to upload the virus to the SUMEX-AIM computer archive at Stanford University and an archive in Osaka, Japan. MBDFA is a worm, a type of computer virus that distributes itself in multiple copies within a system or into connected systems. MBDFA modifies systems software and applications programs and sometimes results in computer crashes, university officials reported. Reports of the MBDFA virus have been received from across the United States and >from around the world, including the United Kingdom, a statement from the university said. _______________________________________________________________________________ Judge Orders Hacker To Stay Away From Computers March 17, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Jim Mallory (Newsbytes) DENVER, COLORADO -- A computer hacker who pleaded guilty to breaking into space agency computer systems was ordered to undergo mental health treatment and not use computers without permission from his probation officer. The 24 year-old man, a resident of suburban Lakewood, was sentenced to three years probation in what is said to be one of only five prosecutions under the federal computer hacker law. The man pleaded guilty last year to one count of breaking into a National Aeronautics and Space Administration (NASA) computer, after NASA and the Federal Bureau of Investigation agents tracked him down in 1990. Prosecutors said the man had spent four years trying to get into computer systems, including those of some banks. Prosecutors said the man had gained access to a Defense Department computer through the NASA system, but declined to give any details of that case. The indictment did not explain what had occurred. In the plea bargain agreement, the man admitted he gained access to NASA's computers "by exploiting a malfunction in a public access NASA computer bulletin board service." The man was described as an unemployed loner who had spent most of his time using a computer at home. The prosecutor was quoted as saying the man needed counselling "on a social level and for personal hygiene." - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Hacker Journeys Through NASA's Secret World March 24, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Scripps Howard (Montreal Gazette)(Page A5) "It became more like a game. How many systems can you break into?" While tripping through NASA's most sensitive computer files, Ricky Wittman suddenly realized he was in trouble. Big trouble. He had been scanning the e-mail, electronic messages sent between two scientists at one of NASA's space centers. They were talking about the computer hacker who had broken into the system. They were talking about Wittman. Curiosity collapsed into panic. "Logoff now!" 24-year-old Wittman remembers thinking as he sat alone in his apartment, staring at his computer screen, in May 1990. "Hang up the phone. Leave the house." By then it was too late. The National Aeronautics and Space Administration's computer detectives were on the trail. After 400 hours of backtracking phone records, they found the Sandpiper Apartments in Westminster, Colorado. And they found the inconspicuous third-floor apartment where Wittman -- using an outdated IBM XT computer -- perpetrated the most massive hacking incident in the history of NASA. Last week a federal judge sentenced Wittman to three years' probation and ordered him to undergo psychiatric counselling. But perhaps the most punishing aspect to Wittman was the judge's order that he not use computers without permission from a probation officer. "That's going to be the toughest part," Wittman said. "I've become so dependent on computers. I get the news and weather from a computer." In his first interview since a federal grand jury indicted him in September, Wittman expressed regret for what he had done. But he remained oddly nonchalant about having overcome the security safeguards designed by NASA's best computer minds. "I'll level with you. I still think they're bozos," Wittman said. "If they had done a halfway competent job, this wouldn't have happened." Prosecutors didn't buy Wittman's argument. "No software security system is foolproof," wrote assistant U.S. attorney Gregory Graf. "If a thief picks the lock on the door of your home, is the homeowner responsible because he didn't have a pick-proof lock on the front door?" Breaking into the system was just that easy, Wittman said, so much so that it took him a while to realize what he had done. He had been fooling around inside a public-access NASA computer bulletin-board service in 1986, looking for information on the space-shuttle program. He started toying with a malfunction. "The software went blooey and dumped me inside," Wittman said. "At first, I didn't know what happened. I pressed the help key. I realized after a while that I was inside." Somehow, Wittman -- then 18 -- had found a way to break out of the bulletin board's menu-driven system and into a restricted-access area full of personal files. Once past the initial gate, it didn't take Wittman long to find the file of a security manager. Wittman picked up a password for another system, and the romp began. "Then I started looking around, and it became more like a game," he recalled. "How many systems can you break into?" By the federal government's count, Wittman eventually hacked his way into 115 user files on 68 computer systems linked by the Space Physics Analysis Network. His access extended as far as the European Southern Observatory in Munich, Germany. Given the chance, Wittman could have gone even farther, prosecutors contend. In an interview with the FBI, Wittman told agents he accidently had come across the "log on" screen for the U.S. controller of the currency. Wittman said he didn't try to crack that password. "The controller of the currency is a little out of my league," he said. _______________________________________________________________________________ Georgia Teenage Hacker Arrested March 19, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Jim Mallory (Newsbytes) LAWRENCEVILLE, GEORGIA -- A Georgia teenager has been arrested on charging of illegally accessing data files of several companies in a attempt to inject a computer virus into the systems. The alleged computer hacker, who was originally charged with the illegal access charges two weeks ago, was re-arrested on felony charges at his high school this week on the additional charges of attempting to infect the computer systems. The 18-year old boy allegedly broke into computers of BellSouth, General Electric Company, IBM, WXIA-TV in Atlanta, and two Gwinnett County agencies, who were not identified. The boy's 53-year-old mother was also arrested, charged with attempting to hinder her son's arrest by trying to have evidence against him destroyed. Computer users' awareness of computer viruses was heightened recently over the so-called Michelangelo virus, which some computer security experts thought might strike tens of thousands of computers, destroying data stored on the system's hard disk. Perhaps due to the massive publicity Michelangelo received, only a few hundred PCs in the US were struck. Hackers access computers through telephone lines. Passwords are sometimes obtained from underground bulletin boards, are guessed, or can be obtained through special software programs that try thousands of combinations, hoping to hit the right one. A recent Newsbytes story reported the conviction of a Denver area resident, who was sentenced to three years probation and ordered not to use computers without permission after attempting to break into a NASA (National Aeronautics and Space Administration) computer. Officials and victims are usually reluctant to give details of computer break- ins for fear of giving other would-be hackers ideas. _______________________________________________________________________________ Hacker Surveillance Software March 21, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Susan Watts, Technology Correspondent for The Independent (Page 6) "Hacker 'Profiles' May Curb Computer Frauds" The Federal Bureau of Investigation is dealing with computer hackers as it would rapists and murderers -- by building "profiles" of their actions. Its computer researchers have discovered that, in the same way that other offenders often favour the same weapons, materials or times of day to perpetrate their crimes, hackers prefer to use trusted routines to enter computer systems, and follow familiar paths once inside. These patterns can prove a rich source of information for detectives. The FBI is developing a modified version of detection software from SRI International -- an American technology research organization. Teresa Lunt, a senior computer scientist at SRI, said hackers would think twice about breaking into systems if they knew computer security specialists were building a profile of them. At the very least, they would have to constantly change their hacking methods. Ms. Lunt, who is seeking partners in Britain to help develop a commercial version of the software, believes hackers share with psychotic criminals a desire to leave their hallmark. "Every hacker goes through a process peculiar to themselves that is almost a signature to their work," she said. "The FBI has printed out long lists of the commands hackers use when they break in. Hackers are surprisingly consistent in the commands and options they use. They will often go through the same routines. Once they are in they will have a quick look around the network to see who else is logged on, then they might try to find a list of passwords." SRI's software, the development of which is sponsored by the US Defense Department, is "intelligent" -- it sits on a network of computers and watches how it is used. The software employs statistical analysis to determine what constitutes normal usage of the network, and sets off a warning if an individual or the network behaves abnormally. A more sophisticated version of the program can adapt itself daily to accommodate deviations in the "normal" behavior of people on the network. It might, for example, keep track of the number of temporary files created, or how often people collect data from an outside source or send out information. The program could even spot quirks in behavior that companies were not expecting to find. The idea is that organizations that rely on sensitive information, such as banks or government departments, will be able to spot anomalies via their computers. They might pick up money being laundered through accounts, if a small company or individual carries out an unusually large transaction. _______________________________________________________________________________