the query column June 1997

Computer Insecurity

When I mentioned a few months back that I planned on covering computer security in this column, I had no idea so many readers are concerned about the topic. I don't recall ever getting such a positive response to something I hadn't even written yet.

There is so much involved in keeping your computer data secure and private that it could never be covered in a single column. And it is something that requires ongoing vigilance, since security holes that need to be filled are being discovered all the time. It will take me parts of several columns just to go over the basics, so let's get started.

The first rule is one of realization: that the bad guys of the world have gotten into cyberspace along with the rest of us. This poses a bit of an attitude problem for those of us living in Japan, since most of us here have gotten used to living in a very safe, secure environment. But is it really?

Locks and keys
The traditional method of keeping valuables safe and secure has been to put them under lock and key. The first line of defense for keeping your computer away from unauthorized access is to keep it away from other people, usually behind a locked door.

Simple? If you have a good lock, it shouldn't be too much of a challenge. But if you live in Japan, this might not be the case.

If you're a resident of Japan, I want you to reach into your pocket or purse - right now - and pull out your house or apartment key. You'll likely notice that it is made of punched metal, with a single ridge running along its length. Keys machined of hardened metal will have multiple ridges, but these are very rare in Japan. You'll probably also find that your key is about 6.25 centimeters long, and has a square head.

If you're in your office, compare your home key with that of one of your coworkers. Look similar? Chances are they've been made from the same type of blank, meaning your homes use similar kinds of locks. Older offices that don't use a state-of-the-art security and access system often use similar locks. If that sounds like a potential security problem, it is.

The security from a good door lock comes not from how many teeth the key has, but its anonymity. Given the relatively few types of keys used in Japan, though, this is usually not the case. Someone with even a basic knowledge of keys and locks can easily make a key to fit your house or office door with nothing more than a key similar to yours, a bottle of India ink, and a metal file. (I won't describe the process here, for obvious reasons.)

Is there really any danger of a hacker trying to get into your home computer? If you work in a position where you have access to confidential or proprietary data, there could be; home PCs often contain data from the owner's place of work. It was a "reformed" hacker, in fact, who told me about the house-key trick.

Telephone numbers
Any hacker will tell you that one of the most valuable pieces of data obtainable from a "target" is the phone number which accesses a company's computers. In most countries, this is difficult to obtain. But in Japan....

If you take a walk through the hallways in your office or apartment building, you'll eventually come across a metal junction box that opens from the bottom or side. It has a lock, but it is almost certain not to be locked.

Open it up, and you will find the phone circuits for the building. You have just discovered the Main Distribution Frame (MDF) or, if you are in a large building, the Intermediate Distribution Frame (IDF). This is used by the phone company to route phone circuits for the building, and the numbers are generally written in plain view.

In too many buildings in Japan, anyone can walk in off the street, open up the MDF, and take note of all the phone numbers.To make things easier for the phone company (and the intruder), there is often a chart on the door showing which number goes to which office or apartment. These may even be specifically labeled as "fax" or "data."

Someone with access to your building's MDF or IDF (and that's almost anyone) can even plant a bug on a particular phone number in seconds. Nobody would discover it until the next time a phone company technician came by. There are some other worrisome things an intruder could do from the MDF, but again I won't go into those here.

This problem was demonstrated to my by an American security expert who was visiting Japan. The MDF he showed me late one night in the public part of a Tokyo building revealed the phone numbers to the branch of a major bank. Not only were these clearly marked, but the ones used for the cash card machines had special tags!

This month's security lesson: Always keep in mind that the low-tech stuff often keeps the high-tech stuff viable.

Internet cults
For those who have asked about my "Pick a Reality - Any Unreality" article in the April Online Extras section of the Computing Japan website (http://www. cjmag.co.jp), in which I wrote about the problem with "reality" on the Internet and the nasty consequences it can have, No! I did not learn about the Heaven's Gate folks prior to their "departure."

There are many groups out there, some even more out-of-touch with the world you and I live in. If you are interested in visiting a real, still-alive (as of late April), UFO-crazed, Internet-based belief system that seems to have sucked in a whole bunch of folks, check out The Ground Crew Project at http://www.portal.ca/~ground/crew/. And keep a good grip on your reality!

Back to the table of contents