High-speed Internet connections an open invitation to hackers

By TED BRIDIS
Associated Press WASHINGTON -- Experts warn of an emerging threat to consumers from the next generation of electronic technology: new high-speed connections to the Internet over cable TV or new digital phone lines that are permanently logged on.

Higher speeds carry higher risks: Hackers even thousands of miles away could anonymously probe household computers over the Internet and rummage through private e-mail, documents and bank records.

''It vastly and immediately multiplies the amount of poorly protected computers on the Internet ripe for the picking,'' said Lucas Graves, an analyst with Jupiter Communications, a research company in New York.

Using these continuous Internet connections and ''server'' software included free on most new computers, families can publish up-to-the-minute photo albums online or retrieve computer files while traveling. Server software allows personal computers to ''serve up'' Web pages requested by other computer users on the Internet.

But computer owners may not realize the risks of leaving their digital doors unlocked. A Web site that tracks hackers,has recorded more than 1,465 cases of vandalism this year.

''As you get these machines in people's homes that are always on with a server, with pictures of their cat for grandma to see, that could be an issue,'' said Cormac Foster, another Jupiter analyst.

Scott Culp, Microsoft Corp.'s security manager for its Windows NT Server software, agreed the industry needs to ''educate consumers . . . and make sure they understand the risks associated with having a direct connection to the Internet.''

Important data erased

Kevin Kelleher arrived for work at 8 a.m. one day to find a disturbingly familiar high-tech headache for the federal government: Hackers had vandalized the national weather Internet site he manages in Oklahoma.

The hackers replaced important information about storms and tornadoes threatening the Midwest with a smirky taunt for Kelleher addressed to ''mister admin person nice guy.''

So far, victims of these types of high-profile electronic assaults have included government agencies, the military and large companies on the Web. In a flurry of activity, hackers in recent weeks struck the White House, FBI, U.S. Senate (twice) and the Army's main Web site.

And hackers victimized Danny Sun of Walnut Creek, Calif., when they raided one of his continuously connected computers in May. They vandalized a Web site he runs as a hobby, but they also stumbled across -- then published on the Internet -- personal financial information that included an account number and balances.

Sun later determined that hackers exploited a flaw in Internet software from the Allaire Corp. of Cambridge, Mass. The company warned customers about the problem months earlier on its Web site and in e-mail that Sun admits he ignored.

The Army apparently left the same vulnerability unrepaired -- also despite warnings from the same software vendor -- about its Web site, which a hacker vandalized last week. Army spokesman Jim Stueve said only that a criminal investigation was under way.

'Very, very easy'

''It is very, very easy and takes very little time,'' a person who claimed to be the hacker said in an on-line interview with The Associated Press. ''Under five minutes if you don't poke around.''

''I couldn't believe it. I was just going through to check vulnerabilities and was like, wow!''

Vulnerabilities include occasional flaws that are discovered by software vendors. In addition, computers continuously connected to the Internet require that a computer maintain the same, instead of a random, identification number, making it easier for hackers to target and attack an individual computer.

Experts argue whether to blame software companies for designing vulnerable products or victims who aren't diligent about installing patches and upgrades.

Kelleher blamed his weather site's vulnerability on a faulty patch from a software maker.

''The situation is getting so complex,'' he said.

The dilemma for software makers, who usually send customers e-mail when they discover flaws, is made worse by hackers monitoring the warnings.

Experts predict software of the future will periodically check with its manufacturer, using the Internet for important upgrades.

That type of technology could be a remedy for victims like Kelleher. It took 52 hours, with only brief periods for sleep and food, to restore the government's weather site.