Internet firms
upgrade security

Police are investigating a
North Shore boy who ‘cracked’
Internet services for secret info

By Jaymes Song
Star-Bulletin

Experts say computer "cracking" is difficult to do, as police investigate a North Shore boy who allegedly hacked into three local Internet service providers.

"I can't say it's easy," said Stephen Itoga, a professor of Information and Computer Sciences at the University of Hawaii at Manoa. "It's not something someone can just inadvertently stumble into. To get into secure, critical info -- it takes skill."

The boy apparently obtained passwords for all GST Hawaii OnLine, Hula Net and Hawaii Government Employees Association private accounts, police said.

Anthony Chong, the HGEA's systems and network operations manager, said hackers can be traced in most cases.

"He has to be someone who really knows what he's doing to hide his tracks," said Chong.

HGEA reported the break-in to police in September 1997, he said. "It's not like we weren't aware of this. They leave traces. We knew there was suspicious activity."

Hula Net officials said they were not able to find any signs of unauthorized access as of yesterday.

LavaNet Internet Access, which has 7,500 customers, was one of the only local providers that wasn't "cracked."

"This kind of thing shouldn't reflect badly on the Internet service provider," said Yuka Nagashima, LavaNet's technical support manager. "I know that they are all responsible ISPs. It could happen to any of us."

LavaNet, HGEA, and GST Hawaii OnLine said they will continue to upgrade their security features.

Nagashima said providers and hackers are in a constant race against each other.

Detective Chris Duque said "cracking" is becoming more widespread, with Web sites and literature demonstrating how to hack into sites.

Nagashima said although no system is absolutely "crack" proof, one of the best defenses is education.

All Internet service providers agree that selecting, changing and securing passwords is a key in preventing hackers from entering private accounts.

The HGEA said its subscribers can visit its password page at http://www.hgea.org/password.html and follow on-screen instructions to select a new password for their accounts.

Tips on passwords Do not give out your password. Do not use names, social security numbers or birth dates. Do not use single words that you can find in a dictionary. Do not write your password on a note and leave it near your computer. A secure password is 7 to 8 characters long and contains an unpredictable mixture of upper and lower case letters, numbers and punctuation marks. Change your password periodically -- every six months to a year. Source: LavaNet Internet Access