Hack attack How easy is it to hack into a computer system? Correspondent Margaret Larson reports on Eric Burns, who was arrested for hacking government Web sites. NBC News April 18  He put your national security at risk by infiltrating top-secret government agencies  a notorious criminal who for months played a dangerous game of cat and mouse, daring the FBI to catch him. Was he a terrorist or a spy? It turns out he was none of those things. Correspondent Margaret Larson reports in this Dateline NBC Exclusive. Its an electronic cat-and-mouse game.  RICH RESS FBI Special Agent HE SEEMED TO come out of nowhere. No one had a clue who he was. But his attacks were relentless and brazen, targeting top-level U.S. government Web sites  the U.S. Information Agency, even the Web page for the vice president, the Clinton administrations biggest Web supporter.

He was known as Zyklon, a menacing nickname taken from the poison gas used in Nazi death camps. And for months, it was one of the most feared hacker handles on the Internet.

It just seemed like Zyklon was not going to give up, says Rich Ress, a special agent with the FBIs computer crime squad assigned to the hunt for Zyklon. He basically taunted the systems administrators about security on their site.

He always left his cyber-graffiti calling card, along with caustic insults to the computer systems managers. And he seemed to repeat that pattern each of the times, says Ress. Taunting, and even in his last hack into the USIA, he even told the administrators I fixed your site.

The attacks forced the USIA computer system, with vital links to embassies and consulates worldwide, to be shut down for eight days to check out the damage. It took days and it took a lot of time and money, says Ress. It costs money. It costs time. And it got worse. Around the same time, Zyklon attacked a NATO Web site, just as the alliance was gearing up for the air war in Kosovo.

He was beginning to look like an evil genius, and he was making plenty of people nervous. But the FBI noticed Zyklon also left a strange personal message in his hacks: I love Crystal  a postscript he would later regret. But for now, the hunt was on. Its an electronic cat and mouse game, says Ress. How to report Internet-related crime  If you suspect a crime, click here to find out which law enforcement agency can best investigate your tip. But finding Zyklon wasnt likely to be easy. Hackers almost always loop their attacks through innocent computer systems  providing layer upon layer of cover. Investigating each link in the electronic chain requires separate legal action: tedious, time-consuming detective work. Was he among the elite? Some people might consider me, he says. Zyklon broke his silence for the first time in an exclusive interview with Dateline NBC. We wanted to understand what was driving him. Why was he attacking, even taunting, the government? Was he thumbing his nose at them? A little, yeah, he says. But take away the keyboard and the scary nickname and what you have left is no evil genius, just a soft-spoken 19-year old named Eric Burns. By the time he was in high school, Burns was spending a lot of time on his computer. Probably most of the day, other than school, Eric says. Come home, just get on the Internet. Sometimes I would be on before school, as well. He says he often spent 12 or more hours a day online. Erics computer addiction left little room for anything else. He didnt have a job. He says he attended some college  a couple of classes. Did he have any particular plans for a career? At this time not really, he says. And he says he really didnt have any hobbies. I spent most of my time like on the computer, says Eric. On the computer, he was Zyklon, a Web menace, prowling cyberspace for vulnerable computer systems he could break into and control. And heres the really scary part. Eventually, it became easy enough that once I found the system that was vulnerable, within a few minutes I could have administrator access to it, he says. Eventually, it became easy enough that once I found the system that was vulnerable, within a few minutes I could have administrator access to it.  ERIC BURNS AKA Zyklon He says when he had that kind of access, he could do anything he wanted. Eric has above-average computer skills, but even he says hes no virtuoso. In fact, almost anyone with time on their hands can learn to hack. Eric simply tapped into the underground online network where break-in programs are readily available for free, and other hackers in chatrooms offer how-to tips. Its become a point-and-click hacker world, he says. Thats a pretty scary prospect. Well, its more than a prospect, says the FBIs Ress. Its reality. There are hundreds of thousands of attacks against the federal government, says Keith Rhodes, who is with the General Accounting office doing computer work so secret, they asked us not to show him on a keyboard. He tests the security of government computer systems by trying to hack into them  with astounding results. We get in more than 90 percent of the time, says Rhodes. No one knows how often the bad guys get in, because only a tiny fraction of the culprits are ever nabbed. So do the not-so-clever ones like Eric Burns get caught and the really smart ones get away? Yes, says Ress, thats a common theme among crime in general.

In fact, hackers are so bold and so mainstream they even have their own annual Las Vegas convention. Meeting is not against the law, says Ress. Theyre allowed to meet and theyre allowed to talk.

But bank robbers dont get together and child abductors dont have meetings. It does suggest that hackers arent too worried about the authorities coming after them. If theres illegal activity going on at the conference, says Rich Ress, well address it. If theyre merely exchanging ideas and chatting and trying to feel good amongst one another, thats not really criminal in and of itself. The crime occurs when you actually break into a computer system, which Zyklon did at an alarming rate  for the challenge, Eric says, and for the notoriety. Eric left his name on the pages. Why did he make it easy for the authorities to find him? A lot of it was ... just so ... people I know would know about it and other people might recognize my work, says Eric. In other words, for status in the hacker world. He got that all right, but what did him in were those love notes to Crystal. . . .

Crystal, it turns out, is a girl Eric barely knew, but had a crush on at school. Hed even provided links to his high schools Web page in his hacks, a trail of electronic breadcrumbs so obvious that Ress and his agents were led straight to her door. Ress says it didnt take a rocket scientist to figure it out. Far from agreeing to a date with Eric, Crystal instead identified him to the FBI. That, along with a tip from an Internet informant, took agents to an apartment building where Eric lived with his mother.

The FBI didnt arrest Eric the morning they raided his apartment. But they did seize a cache of evidence, and Eric quickly confessed. However, even then, he apparently still didnt get it. As hard as it is to imagine, three months after the raid, he did something that astonished the FBI. How could he do such a thing? says Ress. How silly and stupid can you be? What had he done? Eric says he helped some hacker pals break into one of the most prominent Web addresses on the Internet, one sure to bring the feds running  the Web page for the White House.

Probably every agent on the squad just gave a stare of disbelief, says Ress. Where is he coming from? Whats his problem? Eric says, Mainly I was thinking, you know, this is the White House, people are going to be surprised if this is able to hack. And it would probably be a big, big news story or something. And instead? After that, they indicted me for hacking, he says.

Burns says he thought he could get away with it. But he didnt. Its a rite of passage in this country for parents to deliver their teenage children from life at home to a new life at college. But on a recent day, Erics parents drove their son to a campus of a different sort  the federal prison in Sheridan, Oregon, where Eric will spend 15 months, the equivalent of his freshman and sophomore years.

So heres this fairly benign seeming, 19-year-old kid, a fairly isolated person  does he belong in federal prison? Yes, I think so, says the FBIs Ress. He obviously needed a very strong, powerful message to get the point across to him that what he was doing was wrong. If he wanted attention, he got it.

Federal agents say that for every Eric Burns they catch, there are thousands more who get away. The last time government officials checked, they found that the Department of Defense alone received 250,000 cyber-attacks in one year.

http://www.newsdirectory.com/go/?r=cur&u=www.nbcnews.com

-- Martin Thompson (mthom1927@aol.com), April 20, 2000