AMATEUR HACKERS TRIPPED UP By Danna Dykstra Coy This article appeared in the Telegram-Tribune Newspaper, San Luis Obispo, CA. March 23, 1991. Permission to electronically reproduce this article was given by the newspaper's senior editor. ***** San Luis Obispo police have cracked a case of computer hacking. Now they've got to work out the bugs. Officers were still interviewing suspects late Friday linked to a rare case of computer tampering that involved at least four people, two of them computer science majors from Cal Poly. The hackers were obvious amateurs, according to police. They were caught unknowingly tapping into the computer system in the office of two local dermatologists. The only information they would have obtained, had they cracked the system's entry code, was patient billing records. Police declined to name names because the investigation is on-going. They don't expect any arrests, though technically, they say a crime has been committed. Police believe the tampering was all in fun, though at the expense of the skin doctors who spent money and time fixing glitches caused by the electronic intrusion. "Maybe it was a game for the suspects, but you have to look at the bigger picture," said the officer assigned to the case, Gary Nemeth. "The fact they were knowingly attempting to access a computer system without permission is a crime." Because the case is rare in this county, police are learning as they go along. "We will definitely file complaints with the District Attorney's Office," said Nemeth. "They can decide whether we've got enough of a case to go to trial." Earlier this month San Luis dermatologists James Longabaugh and Jeffrey Herten told police they suspected somebody was trying to access the computer in the office they share at 15 Santa Rosa St. The system, which contains patient records and billing information, continually shut down. The doctors were unable to access their patients' records, said Nemeth, and paid a computer technician at least $1,500 to re-program their modem. The modem is a device that allows computers to communicate through telephone lines. It can only be accessed when an operator "dials" its designated number by punching the numbers on a computer keyboard. The "calling" computer then asks the operator to punch in a password to enter the system. If the operator fails to type in the correct password, the system may ask the caller to try again or simply hang up. Because the doctors' modem has a built-in security system, several failed attempts causes the system to shut down completely. The technician who suspected the problems were more than mechanical, advised the doctors to call the police. "We ordered a telephone tap on the line, which showed in one day alone 200 calls were made to that number," said Nemeth. "It was obvious someone was making a game of trying to crack the code to enter the system." The tap showed four residences that placed more than three calls a day to the doctors' computer number. Three of the callers were from San Luis Obispo and one was from Santa Margarita. From there police went to work. "A lot of times I think police just tell somebody in a situation like that to get a new phone number," said Nemeth, "and their problem is resolved. But these doctors were really worried. They were afraid someone really wanted to know what they had in their files. They wondered if it was happening to them, maybe it was happening to others. I was intrigued." Nemeth, whose training is in police work and not computer crimes, was soon breaking new ground for the department. "Here we had the addresses, but no proper search warrant. We didn't know what to name in a search warrant for a computer tampering case." A security investigator for Pacific Bell gave Nemeth the information he needed: disks, computer equipment, stereos and telephones, anything that could be used in a computer crime. Search warrants were served at the San Luis Obispo houses Thursday and Friday. Residents at the Santa Margarita house have yet to be served. But police are certain they've already cracked the case. At all three residences that were searched police found a disk that incorrectly gave the doctors' phone number as the key to a program called "Cygnus XI". "It was a fluke," said Nemeth. "These people didn't know each other, and yet they all had this same program". Apparently when the suspects failed to gain access, they made a game of trying to crack the password, he said. "They didn't know whose computer was hooked up to the phone number the program gave them," said Nemeth. "So they tried to find out." Police confiscated hundreds of disks containing illegally obtained copies of software at a residence where two Cal Poly students lived, which will be turned over to a federal law enforcement agency, said Nemeth. Police Chief Jim Gardner said he doesn't expect this type of case to be the department's last, given modern technology. "What got to be a little strange is when I heard my officers talk in briefings this week. It was like `I need more information for the database'." "To think 20 years ago when cops sat around and talked all you heard about was `211' cases and dope dealers." ### Downloaded From P-80 International Information Systems 304-744-2253