Heightened Security Is Needed Against New High-Tech Thieves

The Northridge woman wasn’t particularly concerned when the cellular telephone bill arrived with the thickness of something not unlike the first step in a complicated Internal Revenue Service audit. Advertisements, she thought; maybe a few pages of calling plans in which she would have no interest. Perhaps you can imagine her considerable chagrin when she instead found eight pages of telephone calls she had never made, to numbers she had never seen before, and to all manner of area codes, the locations of which she could only guess at. The bill was for nearly $400.

She didn’t have to pay it. At most, her inconveniences were confined to the first few hours of shock--perhaps horror--at the bill, and to the annoyance associated with acquiring a new telephone number that had to be memorized and then passed on to business associates, family and friends. The larger questions involve who made the calls, toward what end, and the ease with which the fraud was perpetrated.

Consider it one of the parasitic accompaniments to advanced technology. Your connections to systems designed to make life easier also open many new avenues for fraud and abuse. Times were, for example, that you only had to worry about making withdrawals from automated teller machines during late night hours, in poorly lit or obscure locations, and when suspicious types were lurking nearby.

Now, we’re told that the U.S. Secret Service is investigating a sophisticated ring of thieves that has been operating in the San Fernando Valley and other parts of Southern California. Using a video camera and a long distance lens, or binoculars, they will record, from a safe distance, the finger movements that reveal the ATM user’s personal identification numbers and the time of the transaction.

Next, according to Times reporter Tim Williams, they will rummage through discarded receipts left carelessly at the scene. When they have a match, they can use a personal computer to withdraw money from your account at whatever daily rate that account will bear. The less greedy of these types of thieves will use the same techniques to siphon off small amounts at barely noticeable rates over a longer stretch of time.

This particular problem is dealt with relative ease: always stand close enough to the machine to block it from view as you access your account; never leave the receipt sitting at the machine or stuffed whole into the ATM’s waste container; always record the transaction in your checkbook and quickly alert the bank to any discrepancies in your balance.

So-called “shoulder surfers” use the same techniques of observation and guile at rows of frequently used pay phones such as those found at the local mall or airports. It’s all in the hopes of catching a glimpse of the numbers involved in your next telephone credit card or long-distance or local telephone card number. Once gained, it is quickly transmitted to colleagues for abuse.

To guard against this type of telephone fraud, you can use the same shielding techniques we mentioned for automated bank teller machines. You can also throw in a more careful look at your monthly telephone bill for good measure.

Cellular phone fraud is a much more difficult matter. According to a seminal article in Scientific American by staff writer Paul Wallich, “Every cellular telephone call begins with a broadcast of the telephone’s serial number and billing number,” Wallich wrote in March. “Unfortunately, these numbers are also the only information a thief needs to impersonate a legitimate caller.”

And in the annals of suspected thieves of computer software and data from several leading cellular telephone manufacturers, few are as notorious as the San Fernando Valley’s own Kevin Mitnick.

Mitnick apparently cut his teeth in these matters by breaking into the Los Angeles Unified School District’s main computers while he was still a student at Monroe High School in North Hills. Before pleading guilty to one computer crime and serving a year each in prison and at a residential treatment program, Mitnick broke into a North American Air Defense Command computer at Cheyenne Mountain in Colorado Springs, and tapped into the electronic mail of computer security officials at MCI Communications and Digital Equipment. Mitnick is even suspected of having managed to wiretap the FBI agents who are looking for him.

Mitnick has been the subject of an FBI manhunt for more than a year and a half. He is a suspect in the theft of software that can be used for the handling of billing information, determining the location of a caller, and for scrambling wireless telephone calls to keep them private. As some experts have concluded, the theft of such products could even make future cellular phone networks vulnerable--even as their manufacturers claim to have reached new levels of protection and privacy.

It is the general ease with which such piracy is effected on everything from bank machines to giant corporations and government agencies that speaks to the need for heightened efforts at security in such matters. We have come to quite a pass in this society when we all need to huddle guardedly in front of bank machines and pay phones like spies making information drops.