is now most commonly used to refer to teenagers who break into computer systems for kicks, the way kids of earlier generations smashed eggs on windshields or did graffiti. It gets them bragging rights among their peers. To them, bringing down the computer network of the Joint Chiefs of Staff is the same as playing Donkey Kong. After a sixteen-year-old boy was caught prowling in government and business computer systems, he explained, "All the girls thought it was cool."
Full-fledged thieves who invade computers as a profession are referred to as "crackers." There's quite a robust underground market in cracking. Adept crackers can command ten thousand dollars and up for breaking into a corporate website, and just as baseball players arrange bonuses if they hit a certain number of home runs or pitch so many innings, they merit bonuses for stealing trade secrets or doing damage to a competitor's computer system.
THE PROGRAM THAT LAUNCHED
ONE THOUSAND SCAMS
We all learned how the Greeks won the Trojan War by concealing themselves inside a large hollow wooden horse that got them into the walled city of Troy. The simplest method crackers use today to invade a computer is a piece of software that operates by a similar deception - a Trojan Horse program.
Just like with the real Trojan Horse, a Trojan Horse program has two functions operating simultaneously, one that you see and one that you don't. It does something overtly innocent like demonstrate a game, show a greeting card, or offer an mp3 song. But while that benign activity is going on, something insidious is happening. Basically, the criminal dupes you into running something whose exclusive purpose is to burrow its way into your computer without you knowing about it.
Trojan Horse programs take different forms, and you can find dozens of them offered free right on the Internet. One common scam works like this. The criminal sends you an ordinary e-mail. It's easy enough to find out anyone's e-mail address through a routine Internet search. The e-mail says, "Hey, how you doing? Want to see something cool?" and contains an attachment. The key is the attachment. When you open it, there might be a game demo or some little piece of entertainment. You watch it and have a few chuckles. But invisibly embedded in that demo is a Trojan Horse program known as a keystroke recorder, whose subcommands instruct the computer to record everything the user types on the keyboard. That information then gets sent to the computer of the criminal. He now knows your passwords and account numbers, and your credit is at his disposal. These programs were originally designed so employers and parents could check on what their employees and kids were up to, but like so many legitimate ideas, they've been put to alternative, malicious purposes by thieves.
The Trojan Horse could also carry a more elaborate desktop monitoring program that functions almost exactly like a surveillance camera. Now when you're on line, the criminal views live on his computer everything that you type and see on your screen. He could be in Turkey, but it's as if he were sitting beside you. If you log on to your bank account, entering your account number and your PIN, the thief in Turkey sees precisely what you're doing. He can then log on to your account and have your bank send him a check that cleans out your savings. And you never even knew he was there.
A Trojan Horse can also deposit a remote access program that not only enables a crook to see what someone is doing, but also lets him get into that person's computer, fool with his files, and disrupt his system. The best known of these snooping devices is Back Orifice. It was devised by a hacker group called the Cult of the Dead Cow. The program's name spoofs Microsoft's Back Office software. Again, these programs have a legitimate purpose. The majority of companies have them so employees can work from home or while they're traveling. Well, thieves like to telecommute, too.
One of the more ingenious and remarkable Trojan Horse scams was pulled a few years ago by three men on Long Island. They set up several voyeuristic websites named beavisbutthead.com, sexygirls.com, and ladult.com that advertised free "adult" pictures. Internet users who happened upon the sites in their Web surfing were instructed to download a viewer program that would allow them to see the sexy pictures, and a lot of men did just that. What did they have to