Return to Transcripts main page
CNN Newsnight Aaron Brown
Your Privacy at Risk
Aired August 12, 2005 - 22:00 ET
THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.
(BEGIN VIDEOTAPE)
DAN CLEMENTS, CARD COPS: I'll show you live credit cards and personal information, right now. Here is an American Express card, and here's his phone number, and this is Mr. (BLEEP).
AARON BROWN, HOST (voice-over): Identity theft, the invisible invasion.
JIM STICKLEY, TRACESECURITY INC.: I'd know your mother's maiden name. I'd know your Social Security number, I'd know all of your bank account numbers.
BROWN: Bits of crucial information that, in the wrong hands, can turn you into the wrong person.
SCOTT LEWIS, IDENTITY SWAP VICTIM: I about turned white, and then I realized that's why I wasn't getting the job offers that I had before.
BROWN: A high-tech horror story, what identity theft can do and what you can do to fight back.
(END VIDEOTAPE)
BROWN: Good evening again. NEWSNIGHT tonight is all about privacy, about your privacy and mine, and that of anyone who uses a credit card or a cell phone or the Internet, which is pretty much all of us, and increasingly, we are all at risk for some sort of identity theft.
We saw a recent study that said it's happening to 7 million people a year, 20,000 victims every day. And some of them are a little younger than you might expect.
(BEGIN VIDEOTAPE)
BROWN (voice-over): At just 21 days old, Andrew Brooke was causing his parents a few more problems than your average infant.
JOHN BROOKE, ANDREW'S FATHER: I went out to get the mail one day and opened up the mail from a medical clinic. And realized that Andrew was being billed for an office visit for $94. Apparently he'd driven himself across town, walked in to see the doctor for a work- related back injury, and then prescribed a narcotic pain reliever that can sell for up to $30 a piece up the street. BROWN: Since Andrew was barely drooling, let along walking and working, his parents suspected something was up.
BROOKE: The first thing we did is call the medical clinic and say, where did you get this information? What's going on? And they told us it had been provided by the person who had walked in.
BROWN: Andrew's full name appeared on only two pieces of paper -- his birth certificate and his medical records, and neither had left the Seattle area hospital where he was born. But the hospital told the family it found no evidence of a security breach, and police, the family says, were of little help.
BROOKE: It took two months to actually get them to even file the police report. And that was only after weekly phone calls from me, just badgering them until they finally filed one.
BROWN: No one has been arrested for stealing Andrew Brooke's identity, just as no one is usually arrested in such matters.
BROOKE: It's the fastest growing crime in this country. It's the most expensive crime to this country, costing between $46 and $53 billion a year -- that's billion with a "b" -- depending on whose study you look at. And what I find really amazing is fewer than one in 700 cases are even investigated.
BROWN: Compared to Andrew, Rebecca Bartelheimer was all grown up when at 3 years old her ID was stolen. Her mother learned this when she tried to open a savings account and found that her daughter's Social Security number was already in use.
MICHELE BARTELHEIMER, REBECCA'S MOTHER: I felt very violated, because you know, I thought I was doing everything to protect her. And never even thought that I had to protect her from identity theft. You think of car seats. You think of helmets. You think of coats on a cold day. You never think of someone coming and stealing your child's identity.
BROWN: She has no idea how this happened, but says she spent 1,000 hours trying to undo the damage caused to her 3-year-old's credit rating.
BARTELHEIMER: And I just cry tears, because every day, all day I'd wake up and spend all day. If I wasn't taking care of my kids, I had to be on the phone, or on the Internet researching this and trying to track it down, and sitting on hold on the phone waiting for someone to talk to me. It was horrible. It was a nightmare.
BROWN: When you consider all the things that can happen to your child, identity theft may not seem like much. But as a parent, it does change you. It changed Andrew's dad, a lot.
BROOKE: You don't relax anymore. You're worried about everything. What information am I giving out? Who is going to use that information? How will it be used?
(END VIDEOTAPE)
BROWN: So what can you do? What is being done to combat this? From Los Angeles tonight, we get some advice from a man who makes it his business to know the dangerous streets and back alleys of the Internet. Reporting is CNN's Keith Oppenheim.
(BEGIN VIDEOTAPE)
DAN CLEMENTS, CARD COPS: So if you wanted to cash out a credit card, you'd go in this room here.
KEITH OPPENHEIM, CNN CORRESPONDENT (voice-over): In a Los Angeles Internet cafe, Dan Clements took us underground.
CLEMENTS: I'll show you live credit cards and personal information right now.
OPPENHEIM: Showing us chat rooms where credit card numbers are a commodity.
CLEMENTS: Here we go, here we go. Here is an American Express card, and here is his phone number, and this is Mr. (BLEEP).
OPPENHEIM: Clements runs a company called Card Cops, that tracks illegal credit card purchases. He says some of the 40 million IDs breached recently may already be for sale on the Internet.
CLEMENTS: This was just posted, and this was hacked from some merchant online, or it could be one of the 40 million. We don't know.
OPPENHEIM: In one chat room with 74 participants, Clements said mostly non-Americans were trading American-owned credit card numbers with high limits.
CLEMENTS: America is a very affluent country in the world, and we have the credit cards that they want.
OPPENHEIM: The motive is often to get others to use the card so it will be nearly impossible to trace the crime to the original thief.
(on camera): How big is this?
CLEMENTS: Well, you know, we're seeing a credit card live, you and I right now in the last five minutes. And as the day goes on, we'll see hundreds, if not thousands in this one channel on IRC, and there are hundreds of channels.
OPPENHEIM (voice-over): In other words, hundreds of chat rooms where this kind of data is exchanged. Many of us have no idea.
UNIDENTIFIED MALE: I buy stuff over the Internet all the time. I don't really think too much about it.
UNIDENTIFIED MALE: It's like a lottery, hope they don't get you when they steal these databases. OPPENHEIM: Clements says you can do a lot more than hope. He recommends you check your online bank and credit accounts daily if you can, and look for purchases you didn't make. He also says, change your log-ins and passwords every few months. Just as often, call your bank or credit company and change your credit card number.
(on camera): But isn't there a potential damage to my credit if I change my credit card number on my credit card?
CLEMENTS: We don't believe so. You're just getting a new number, it's not changing the account. So it should still show up on your credit file as a normal account.
OPPENHEIM (voice-over): Credit monitoring services will help you find out if someone is trying to create an account in your name, but won't help you know if someone is using your credit card. For that, you have to go to the bank that issued your card. And finally, for online purchases especially, get a credit card with low limits, to minimize your exposure.
CLEMENTS: You got to take care of you. Nobody else is going to look out for you.
OPPENHEIM: For many of us, with the amount of fraud now taking place, the job of looking out for credit theft may become a daily task.
Keith Oppenheim, CNN, Los Angeles.
(END VIDEOTAPE)
BROWN: Credit card numbers are a problem, but they can be changed, the accounts frozen. With some effort, you can, in effect, lock the thief out of your life.
But a Social Security number is like a skeleton key. It unlocks all the doors. Someone who steals your Social Security number can not only steal from you, they can actually become you. Here's CNN's Alina Cho.
(BEGIN VIDEOTAPE)
ALINA CHO, CNN CORRESPONDENT (voice-over): Her business card lets you know instantly who Mari Frank is because once, another woman, a woman who didn't even look like her became her.
MARI FRANK, IDENTITY THEFT VICTIM'S ADVOCATE: When they searched this woman's home, they found a whole desk full of me. They found credit cards. They found checks. They found a suit against me at her house for Thrifty Rental Car for the car that she rented and totaled.
CHO: In 1996, the woman posing as Frank's business associate requested and got her credit report, which listed her Social Security number. Once she had the number, Frank says, the woman went to town.
FRANK: She basically was able to get my whole life, not only my personal life but my professional life, with just one thing. The Social Security number.
CHO: It took a year for Frank to clear her name and her credit.
FRANK: That Social Security number is the key to the kingdom of identity theft.
CHO: When Social Security numbers were first issued in 1936, the federal government promised they would never become national I.D. numbers, but over time, as a practical matter, that's exactly what's happened. So much so, today's Social Security is the most frequently used and abused record-keeping number in the United States.
FRANK: I became an expert by necessity, so to speak.
CHO: Frank is the author of two books on identity theft. She also counsels victims on how to deal with it, how others can avoid it.
FRANK: Practically speaking, you cannot live your life without giving your Social Security number, but you can be stingy with it. The key issue for any consumer watching this is, always ask why do you need this? Is it necessary to the transaction that I'm giving you?
CHO: Frank says the only reason legally to give out your Social Security number is for a specific government purpose. Like, taxes. The doctor's office would only need it to put it on a death certificate. Credit card companies always request it for background checks but Frank says they don't need it and consumers don't know they can say no.
FRANK: They can use your name, your address, and other identifiers but they will push on you and they can deny you credit if you refuse give your Social Security number, because you're going to look suspicious.
CHO: Another tip, never carry your Social Security number in your wallet in case it gets stolen. I had mine on my health insurance card.
Yes...
FRANK: This looks like a Social Security number.
CHO: That is my Social Security number.
FRANK: OK, not a good idea.
CHO: Mari Frank is very serious about letting the world know who she is and her picture, she feels, is a better and safer identification than any number.
Alina Cho, CNN, Boston.
(END VIDEOTAPE)
BROWN: There are so many ways for someone to steal your identity, to rob you, not only in the contents of your bank account, but rob you of your reputation, even your shot at that next job. And sometimes, as CNN's Gerri Willis reports now, as bad as the situation is, the solution can be even worse.
(BEGIN VIDEOTAPE)
GERRI WILLIS, CNN CORRESPONDENT (voice-over): Scott Lewis, a medical technician from Ohio, lost his job in a downsizing. Despite several promising interviews, he couldn't find another. Something seemed wrong. He had a private investigator check it out. His Social Security number, in many ways his identity, had been confused with someone else. Confused with a person no one would hire.
TIM DIMOFF, PRIVATE INVESTIGATOR: We found three DUIs attached to his name and Social Security number, and we found a murder charge.
SCOTT LEWIS, IDENTITY SWAP VICTIM: I about turned white, and then I realized that's why I wasn't getting the job offers that I had before.
WILLIS: The trouble started nine years ago in an Ohio sheriff's office, when a typist made a critical error.
LEWIS: It ended up that it was just a keystroke, they were entering -- they had arrested somebody, they had put in the first couple of digits of his Social Security number, they looked down, they glanced at the last four of his phone number, typed those in, and then I became his alias.
(on camera): In desperation, Scott took the advice of a local attorney and changed his Social Security number. And while the initial paperwork was simple to complete, getting it approved is difficult. In fact, just 2,500 people were OK'ed for new numbers in the last year.
(voice-over): But instead of easing his troubles, it created more. Potential employers, lenders, insurers, all were suspicious, because on paper, he simply wasn't there. A man with no record, no credit score, no work history, and no verifiable education.
JAY FOLEY, ID THEFT RESOURCE CENTER: Changing your Social Security number is similar to going into the witness protection program. The difference is, the Justice Department creates a past for you, complete with the dummy files to support it. Changing your Social Security number, there is no created files. There's nothing to back it up. You're now a brand new babe.
WILLIS: The Social Security Administration says it's up to victims to contact the credit bureaus and transfer their credit history to their new number, something Scott says he's been trying to do. But nine years after he discovered the clerical error that ruined his name, Scott is still suffering. Today, he struggles to get a job. At one point, he couldn't even get hired as a bag boy at a grocery store.
At age 38, he found himself divorced, and had to move back in with his mom. LEWIS: And here I am, 44, and I am still stuck here. You know, I can't seem to break this rut. And you know, as a man, it's very demeaning. You're not used to this kind of thing. You're used to being independent, having your own place, having your own family, having your own life.
I actually feel like a 20-year-old starting my life all over again.
WILLIS: Scott simply wanted a new identity. But now, he's left with none at all.
Gerri Willis, CNN, New York.
(END VIDEOTAPE)
BROWN: Frightening situation, to be sure.
We're joined now by someone who can give us some specific pointers on how not to let disaster strike. Lou Mazzucchelli is an information technology and computer security consultant. And he's with us tonight.
It's nice to see you. I guess, some simple things that people need to be careful of. They need to be careful what you do with your Social Security number, you need to be careful what you do with your mother's maiden name, right?
LOU MAZZUCCHELLI, IT CONSULTANT: Absolutely. Absolutely. And part of the problem is that over the years, the people making the computer systems have gotten lazy and have used those things as entry points for all of the systems that you deal with. So it's not like letting that out will get you into one place. Letting your Social Security number out, if you're not careful, will get you into almost every place, and that's a real problem.
BROWN: Obviously people shouldn't use their Social Security number as a password.
MAZZUCCHELLI: I wouldn't.
BROWN: Yeah, it's not very smart.
Is it hard for assorted bad guys and women to figure out a password? Is it important for them to figure out a password?
MAZZUCCHELLI: It's gotten easier, and then it's gotten harder, because the computers got faster, and the bad guys could use the computers to figure out passwords. That's called cracking. And for a while, that was an easy thing to do.
The security people have caught up in the meantime, and the way to fight that is to use better encryption and better selection of passwords. So it's one of those, you know, escalating battles. And right now I think the good guys have a slight edge if you do a good job of password selection and you use encryption. That's important. BROWN: Someone told me that in a lot of places, you can literally drive down the street with a laptop and you could get on the Internet through someone's, you know, someone's house.
MAZZUCCHELLI: True story. True story. You take a Pringles can, and you modify it, and that becomes your antenna. And you can actually listen in to unencrypted wireless networks in houses.
BROWN: What is that? What is an unencrypted wireless network?
MAZZUCCHELLI: OK, there are two flavors. When you buy your home networking, wireless home networking gear, and you just plug it in and turn it on, generally, the default is to send traffic in what's called in the clear, so when you send the letter A, it looks like the letter A going through the air. And if I'm a bad guy driving by your house, and I'm listening in, and I see letter A flying through, I know it's a letter A.
The other way is to encrypt that transmission, so you type the letter A, but as it's going through your house wirelessly, it's a random string of bits. And therefore, if I'm listening, all I see is a random string. I don't know it's an A.
BROWN: Why does it help to know hat I've typed the letter A?
MAZZUCCHELLI: Well, suppose you are typing in the password to your...
BROWN: But how does that person know that with his Pringles can?
MAZZUCCHELLI: Well, he's listening to a stream of characters. He's listening to the traffic between your computer in one part of the house and the router on the other part of the house, that's then going off to the Internet. And by analyzing the traffic and looking at what you're typing when, the person can say, OK, that was a password, or that was an account number, and begin to extract that kind of information.
BROWN: Is that a crime?
MAZZUCCHELLI: That's a really touchy question. It should be a crime, if it's not in many jurisdictions. In some cases, it's not illegal to listen to things over the air. So it's one of those legal, you know, swamps that has yet to be cleared out.
It would be better if the computer manufacturers and the networking manufacturers made these capabilities the default, out-of- the-box setting, and I think ultimately we're going to get there. But we're not there yet.
BROWN: Did you fall for the Nigerian scam?
MAZZUCCHELLI: Oh, I got plenty of them, but I didn't fall for it.
BROWN: I just wondered. Thanks. Nice to meet you. MAZZUCCHELLI: Likewise.
BROWN: Thank you.
Much more ahead on the program tonight, starting with a man who has mastered the art of digital skullduggery. Not that he's above ripping off information in person.
(BEGIN VIDEO CLIP)
JIM STICKLEY, TRACESECURITY INC.: The first time I got backup tapes, you know, I walked out with, you know, a box, a box of backup tapes. Nobody noticed. Nobody said a word.
BROWN (voice-over): And nobody's better at swiping your data.
DAVID MATTINGLY, CNN CORRESPONDENT: And what can you do with that?
STICKLEY: I can be you. I can just become you tomorrow.
BROWN: In California, lawmakers were acting like identity theft was someone else's problem.
HERB WESSON, FMR. SPEAKER, CALIF. ASSEMBLY: The bill was like in a graveyard. It was going absolutely nowhere.
BROWN: Then the problem hit home.
JOE SIMITIAN, CALIFORNIA STATE SENATOR: This was no longer an academic debate.
BROWN: And before you use that cell phone, better think twice. The list of everyone you've called is up for grabs, public knowledge that's just what a private eye needs.
ANTHONY DE LORENZO, PRIVATE DETECTIVE: Just amazing how easy it is. Just amazing.
BROWN: But around here, we expect the amazing. Because this is NEWSNIGHT.
(END VIDEO CLIP)
HEIDI COLLINS, CNN HEADLINE NEWS ANCHOR: Hi, everybody, I'm Heidi Collins in New York. And at about quarter past the hour, it's time to check the headlines now.
We start with code yellow. The Homeland Security Department has lowered its terrorism alert level for the nation's mass transit systems to yellow, for elevated risk. The department raised the level to orange for high risk a month ago, in response to the London bombings.
Faced with a court order, the New York Fire Department today made public dramatic and previously unreleased details of the September 11th attacks on the World Trade Center. Thousands of pages of oral histories by firefighters were released, along with phone logs and hours of recordings of radio transmissions between 911 dispatchers and fire crews.
An American general in Iraq said today roadside bomb attacks on U.S. military supply convoys have doubled in the past year to about 30 a week. He also said U.S. casualties from the attacks have declined because of more and better armor on trucks and other supply vehicles.
Crude oil prices set a record for a fifth day straight, surging past $67 a barrel at one point. They closed just below $67 a barrel.
And Senate Democrats today asked to meet with the U.S. attorney general to resolve an impasse over documents from John Roberts' past. Democrats are demanding to see papers from more than a dozen cases that the Supreme Court nominee dealt with as deputy solicitor general for the former President Bush. The White House has refused to release the material, saying it is privileged information.
That's all for now. I'm Heidi Collins in New York. Aaron Brown and a special NEWSNIGHT, "At Risk: Your Privacy," will continue after the break.
(COMMERCIAL BREAK)
BROWN: Tonight, we devote the hour to the growing phenomenon of protecting your privacy. What's being stolen, of course, it data, and some state legislatures and some law enforcement agencies are working hard to figure out how to protect it.
As CNN's David Mattingly explains, it's not just governments. Private companies have often unwillingly been forced to take drastic measures to protect your personal information, which raises that old question: What does it take to catch a thief?
(BEGIN VIDEOTAPE)
DAVID MATTINGLY, CNN CORRESPONDENT (voice-over): When it comes to identity theft, Jim Stickley is Jesse James, John Dillinger and Pretty Boy Floyd all rolled into one, minus all the guns and violence. He's claimed to have stolen enough sensitive data to run up credit cards and drain bank accounts of tens of thousands of people. And he's done it by breaking into supposedly secure systems at hundreds of corporations, from small regional banks to Fortune 500 companies.
JIM STICKLEY, TRACESECURITY INC.: I'd know your mother's maiden name, I'd know your Social Security number, I'd know all of your bank account numbers, I'd possibly know your Visa numbers or credit card numbers. I'd know all of your references, if you've done like a loan, where you had to put reference accounts on there of other people. I know what car you drive. I know your driver's license number. I know every last thing you would ever put on a loan application.
MATTINGLY (on camera): And what can do you with that?
STICKLEY: I can be you, I can just become you tomorrow. MATTINGLY (voice-over): If you were among the legions of Stickley's victims, you probably never knew it and never will. That's because he's one of the good guys. Corporations pay his company, TraceSecurity in Baton Rouge, to test the security of the data they keep on you. More than a hacker, Stickley is a conman, a master at exploiting human weaknesses. From a Six by 12 cubicle, he concocts schemes and disguises, talking his way into sensitive areas, sometimes as an air conditioning serviceman or pest control guy.
STICKLEY: You should make sure you have an appointment ahead of time. You wouldn't just walk in and say, I'm here to do a pest inspection.
MATTINGLY: But his favorite is posing as a uniformed fire inspector.
(on camera): Does anyone question you when you walk in just wearing this white uniform shirt?
STICKLEY: No. And actually, the uniforms are bought from an actual fire department uniform supplier.
MATTINGLY (voice-over): Once inside, Stickley can deploy a number of easy-to-get devices. Connected to back of a computer, this device records everything put into it. A wireless transmitter like this can send data to a waiting van.
Posing as an OSHA inspector, he's actually convinced companies to use this keyboard rigged to record every key stroke. But nothing, he says, is more surprising than how easily he can take things the old- fashioned way.
STICKLEY: The first time I got backup tapes, I walked out with, you know, a box, a box of backup tapes. You know, I figured someone's going to like tackle me as I'm walking through the door. Nobody noticed. Nobody said a word.
MATTINGLY (on camera): If you're worried right now thinking about all that personal information you've given away to any number of companies, experts say you should be. As a customer, there's not a lot you can do once you've given your information away. So consumer groups recommend that you ask a lot of important questions up front.
JAY FOLEY, IDENTITY THEFT RESOURCE CENTER: By more consumers asking the questions, why are you collecting it, who gets access to it, what steps do you take to protect it, and when you're done with it, how will you dispose of it?
MATTINGLY (voice-over): One exhaustive checklist for consumers can be found on the Web site of the Privacy Rights Clearinghouse. Some of it, simple things, like, is the company's data encrypted? Do they conduct employee background checks? Even if it's a public official, do they ever allow outside personnel into sensitive areas unsupervised?
STICKLEY: If I'm a fire marshal, for example, I'll try to use my authority to tell them, go get me these documents, go get me coffee, go do things, make them leave me alone. If they're not trained and told never leave that person alone and tell that person, you must stay with me, they'll say, OK, and they'll go.
MATTINGLY: But as long as humans can be fooled, no system will be fool-proof. Jim Stickley's perfect record of data theft will remain intact and your debt will remain at risk.
David Mattingly, CNN, Baton Rouge.
(END VIDEOTAPE)
BROWN: If that little warning light just goes off in your head whenever anyone asks you for your Social Security number -- I seem to hear that buzzer all the time these days -- there is good reason. So if the law changes to make it harder to get that number, that's a good thing, right? Not necessarily. Jonathan Freed tonight in Chicago.
(BEGIN VIDEOTAPE)
JONATHAN FREED, CNN CORRESPONDENT (voice-over): Peggy Shapiro will come down to the public record's office at the courthouse when she has to, but the legwork, she says, can be a waste of time.
PEGGY SHAPIRO, PI: Could I take a look at the file?
UNIDENTIFIED MALE: Sure.
SHAPIRO: Thank you so much.
FREED: Shapiro is a licensed private investigator in Chicago. Her specialty is finding people who probably don't want to be found. And like many PIs, Shapiro relies heavily on computer searches using Social Security numbers to quickly zero in on her targets.
SHAPIRO: If I had to go out and hand-search record upon record to make sure I was looking for the right person, it would delay a case dramatically.
FREED: Some private eyes worry the problem of identity theft could prompt lawmakers to restrict access to Social Security numbers, since those nine digits can also be used to hijack your personal financial information.
SHAPIRO: On this hand, you've got someone with an agenda, like a bank thief. They want to break in. They want to get information, which, to them, is money, because they're going to turn it into something that's going to bring them a monetary reward.
On the other hand, you've got a private investigator using the information, limited information, not billions of records, for a legitimate purpose.
NEIL ZWEIBAN, LAWYER: You have three cases that I need you to work on. FREED: One of Shapiro's oldest clients is Neil Zweiban, an attorney dealing in areas like real estate and debt collection. He relies on Shapiro's detective work for quick and cost-efficient fixes.
ZWEIBAN: You kept the costs down, and if you can do that again, that would really be appreciated.
SHAPIRO: No problem.
ZWEIBAN: Timing is important, because the longer the time between finding a defendant or a debtor or the asset, the less chance we have of recovering.
FREED: Zweiban says the more time spent finding people, the slower the legal system, and the higher the bill to clients.
Take one of those cases Shapiro was just handed.
SHAPIRO: I get the feeling looking at this that this person may be out of state, and I could save literally 10 hours of work just working with the Social.
FREED: Shapiro agrees personal information in the wrong hands is a problem, but she insists licensed PI's hands should not be tied by any reforms to the system.
Jonathan Freed, CNN, Chicago.
(END VIDEOTAPE)
BROWN: Still to come tonight, a look at the data thieves and the data police hanging out together.
And later, it may not be identity theft, but it sure is an invasion of privacy. Getting the list of everyone you called on your cell phone. Hopefully, you only called your mom.
From New York, this is a NEWSNIGHT special.
(COMMERCIAL BREAK)
BROWN: So who are all these people who are so clever, so tech savvy, that if they are so inclined, they could sit down at their computers and pick the data locks on yours. Oddly enough they have a convention, I guess everyone does these days. And CNN's Daniel Sieberg tracked them down in Las Vegas.
(BEGIN VIDEOTAPE)
DANIEL SIEBERG, CNN CORRESPONDENT (voice-over): It's easy to think all computer hackers are the same: shadowy figures hunched over a keyboard plotting ways to steal your information, breaking into banks and government agencies.
From the darkness, to the light: These guys are attending the Annual Hacker Convention in Las Vegas, but they're not all here to cause trouble. Instead, some of them are testing the limits of digital stuff that's everywhere in our lives, sometimes to try to make it better.
ROBERT IMHOFF-DOUSHARM, HACKAJAR: I've been trying for three years now to really show all the insecurities in the credit card industry to show the credit card industry that they need to make sure my credit cards are secure.
SIEBERG: Imhoff-Dousharm, who prefers the handle Hack-a-jar also shows how a thief could buy a card reader online, read the data from a stolen credit card and use another machine to create a new card with your information. We encountered several hackers at the convention who explained the difference between the do-gooders and the criminals.
UNIDENTIFIED MALE: We love you, Kevin!
SIEBERG: Kevin Mitnick is arguably the most famous former hacker.
KEVIN MITNICK, HACKER: You got me, dude!
SIEBERG: At the hacker gathering in Las Vegas where he now lives and works as a security consultant, he's treated like a celebrity. He served nearly five years in federal prison for breaking into systems at several major corporations. He was released in January 2000.
MITNICK: Like the bite of the forbidden fruit, knowledge of certain systems, security, a lot of people here work as security professionals, several people, you know, here that are hackers. It's all about knowledge and information and sharing. And it's to each individual's, you know, own rules and ethics of how they'll use that information. Because is it going to be for good, or is it going to be for bad.
SIEBERG: Many hack into their own devices like video game machines. Some simply want to see what's under the hood.
BUNNIE, HACKED THE XBOX: Guys who really like cars will buy a cheap car, a Honda Civic or something, and they'll like put all of these fins on it and new wheels and they'll do just everything. By the time they're through it's like a completely different car. Hackers are exactly the same sort of thing, they're just into like the network, or they're really into their video games or something like that.
SIEBERG: Of course, they're not all helpful mechanics looking to soup up a ride. There are those here who would sooner swipe your data than safeguard it.
(on camera: Organizers told us to leave the laptops behind, not to use the ATM machines here in the lobby, somebody has already messed with this one and to keep an eye on our hotel room cards at all times, because some of the folks here can read the information right off the stripe.
(voice-over): In a few cases, they're exactly who the government is looking for, not to incarcerate, but to hire. At this hacker gathering, the feds are a part of the program.
LINTON WELLS, DEPARTMENT OF DEFENSE: We don't have all the answers. We seek talent wherever we can find it. And so here, there's a significant talent pool that is worthwhile tapping into. At the same time, there's a line that we cannot cross, if people have engaged in illegal behavior, then we're not interested in having them work for us.
SIEBERG: Like any field of expertise, there are those who would enhance it and those who exploit it. The hacking world is no different.
Daniel Sieberg, CNN, Las Vegas.
(END VIDEOTAPE)
BROWN: Joining us now is George Spillman, who in fact, attended that hacker convention. We won't ask him what else he did in Vegas, we don't want to invade his privacy, but we can ask him how hackers do what they do and what they can do to cut down the risk, or at least what you can do to cut down the risk of getting hacked yourself. Mr. Spillman joins us now. It's good to see you.
Do hackers sit around at a convention and talk about how to invade my privacy?
GEORGE SPILLMAN, COMPUTER HACKER: Well, maybe not your privacy in particular. But the topic does come up, and come up quite often not only in terms of how to, potentially, your identity can be violated, but also how to protect it.
BROWN: Actually, it's interesting to me. Last night, I think it was I read something about Microsoft having found three more holes or something that I didn't quite understand in Windows that would allow people to take control of my computer. And that I needed to do something about it. What does that mean?
SPILLMAN: Typically, operating systems are incredibly complex things. And when they're written, they're not necessarily written up from the ground up with security in mind. Windows is a prime example.
There are ways in which the code is written where it might not be the most secure, people can exploit this, turn this around to then basically own the machine and do what they will with it from a distance.
BROWN: When you have control over the machine, though, what do you do with it?
SPILLMAN: Oh, you can do anything that you want with it basically. We're seeing, actually, a lot of times right now a lot of the machines are being sold on the black market for questionable/nefarious purposes. For example, for spammers everyone doesn't like spam, everyone wants to shut them down. Well, how much more difficult is it to shut them down if they're using 3,000 home- based machines scattered all throughout your neighborhood? They're doing so clandestinely in the middle of the night, a lot harder to shut that down.
BROWN: Not that I'm in the business of selling computers, because I'm not, but would a simple solution for people be to buy a Mac as opposed to Windows-based computer, solve their individual problem?
SPILLMAN: Actually, there's been an increasing trend of people doing that, finally ditching their Windows PCs and buying Macs. Typically, the Macs still at this point, really don't have a virus base, whereas Windows, the numbers in the hundreds of thousands, 600,000, 700,000 that are out there. So the Macs tend to be more secure.
BROWN: And short of that, there are things you can do, but can you gear -- I mean, if they're still finding holes in Windows this many years since its introduction, I assume, that you can never be 100 percent certain that you're protected.
SPILLMAN: Yeah. There's always going to be what we refer to as zero days. There are going to be exploits that are so far advanced that the people that write the operating system haven't even come across them yet. In fact, most of the world hasn't come across them yet. And it's hard to protect against something you're not aware of. So, there's always going to be issues like that. You can't avoid that.
The best that you can do is keep up-to-date on all of your security updates, make sure you've got a good firewall in place, maybe potentially look at switching platforms if you're having to spend way too much of your time dealing with cleaning malware off your system.
And just keep an eye out for security. I mean, you lock your house when you leave it during the day, you might as well spend a little bit more effort, take a look at your computer with the same eye toward security.
BROWN: Makes sense to me. I did that last night actually. Nice to meet you. Thanks for your help.
SPILLMAN: All right. Thank you for having me.
BROWN: Thank you. Still to come tonight, do we have more identity theft these days, or are we just hearing more about it for the first time? We'll look at how the code of silence was broken. But a break first. From New York, this is NEWSNIGHT.
(COMMERCIAL BREAK)
BROWN: This year it seems, we've been swamped with news of thousands of credit card numbers lost here and hundreds of thousands of personal data files plundered there, you'd think that this was something new. It's not. The fact that you and I know about it is new. It's probably been happening all along. But it was only after a new law took affect in the state of California that data companies were required to let you know they'd mislaid your information. CNN's Peter Viles tonight on how the politics became very personal in California.
(BEGIN VIDEOTAPE)
UNIDENTIFIED MALE: The great speaker of the California state assembly, Herb Wesson.
PETER VILES, CNN CORRESPONDENT: When Herb Wesson was speaker of the California assembly, preventing I.D. theft was not always a top priority.
HERB WESSON, FMR. SPEAKER, CALIF. ASSEMBLY: We had so many things going on at that time. We had a budget shortfall of $38 billion, so, I was focusing my energies as the speaker of the house on doing some of the other things.
VILES: There was a bill to protect consumers. Joe Simitian was pushing it.
JOE SIMITIAN, CALIFORNIA STATE SENATOR: If your information has been compromised as a result of a security breach, if there's been a database compromise, then the folks who hold your information have the obligation to tell you your information is no longer safe and secure.
VILES: But as Wesson remembers it, California's high-tech lobby was against it, and the bill was as good as dead.
WESSON: The bill was, like, in a graveyard. It was going absolutely nowhere.
VILES: But then something odd happened. Someone hacked into the state employee database, and then two months later, every state lawmaker got a letter that said, oh, by the way, your personal information was in that database.
WESSON: What I thought about -- suppose it was my brother. Suppose it was you. Suppose it was my Aunt Mary. I thought about them, and I think other members of the legislature thought about them.
VILES: Suddenly, I.D. theft was personal.
SIMITIAN: This was no longer an academic debate. This was no longer some intellectual exercise. This was a personal experience for every member of the California state legislature who not only had their information compromised, but didn't really know about it for two months after the incident occurred.
VILES: Lawmakers were so upset they never even debated the bill. They passed it by unanimous consent. The law only covers California consumers but big companies in effect have no choice. If you're going to tell Californians you lost their data you pretty much have to tell everyone else, too.
CHRIS HOOFNAGLE, ELECTRONIC PRIVACY INFO CTR.: The California law has changed the debate nationally, because now consumers understand whether or not their data are secure in the hands of companies and governments. And unfortunately what we've learned is that our data is not very secure.
VILES: Some fear that Congress will actually try to weaken the California law. From California, Herb Wesson has a message for Congress.
WESSON: All I would say to them is just, let your information be compromised one day and let's see if you feel the same way.
VILES: There's a message here for hackers, too. If you're out there stealing data, steer clear of the politicians.
Peter Viles for CNN, Los Angeles.
(END VIDEOTAPE)
BROWN: Still to come tonight, a look at the day's other news and then, it's illegal to listen in on your phone calls, but it's amazingly easy to find out who you call. Think twice before you dial. This is a NEWSNIGHT special.
(COMMERCIAL BREAK)
COLLINS: Good evening, everybody. I'm Heidi Collins in New York. We'll return to a special NEWSNIGHT in just a moment. But first at about a quarter to the hour, the headlines at this hour.
After three days of discussion and protest, delegates at a national meeting of the Evangelical Lutheran Church in America today rejected a proposal that would have allowed gays in committed relationships to serve as clergy under certain conditions. The delegates also voted in favor of keeping the church unified despite serious differences over homosexuality.
In a court appearance in Ohio George and Jennifer Hyatte, the prisoner and his wife accused of a deadly courthouse shooting in Tennessee, said today they would fight extradition on first degree murder charges.
The couple was captured two nights ago in Columbus, ending a 36- hour manhunt across several states.
A Mississippi judge has granted former Ku Klux Klansman, Edgar Ray Killen a $600,000 bond to be released from prison while he appeals his manslaughter convictions in the 1964 killings of three civil rights workers. The judge said he was convinced, that Killen, who is 80 and uses a wheelchair, was neither a flight risk nor a danger to the community.
And 44 years ago the Berlin Wall became the symbol of the Cold War. As part of our anniversary series then and now, we look back at an East German who helped bring down the wall.
(BEGIN VIDEOTAPE)
UNIDENTIFIED MALE: His video of Communist East Germany crumbling, hopelessly polluted, restless, helped topple the Berlin Wall. Amateur video journalist Eric Radomski spirited his tapes to western TV which beamed them back into Eastern Germany.
When the wall opens November 9, 1989, 27-year-old Radomski was among the first to walk to the west. He photographed checkpoint Charlie, a sullen, heavily fortified flash point at the end of the Cold War suddenly overrun with euphoria.
Our pictures on TV were a reason people took to the streets, he says. And they changed this land.
Fifteen years later, unemployment hovers around 20 percent in the east. Capitalism isn't so easy, he says. I try to look at it realistically, that you have to help yourself to find your place.
Radomski found his, designing wall paper for homes, bars, film sets. After helping to tear down one wall, he's covering others. His life now as free as his spirit.
(END VIDEOTAPE)
BROWN: If the Internet has become a security mine field, if in fact your social, as they say, gets snitched, at least you can call somebody up and complain, right? Sure. But maybe you don't want to make that call on your cell phone. Why not? Because as CNN's Chris Huntington reports, there's a growing black market for cell phone calling records, and what they reveal about you.
(BEGIN VIDEOTAPE)
CHRIS HUNTINGTON, CNN CORRESPONDENT (voice-over): Anthony De Lorenzo tracks down cheating spouses for a living, a very good living.
(on camera): Is it like shooting fish in a barrel?
ANTHONY DE LORENZO, PRIVATE DETECTIVE: Oh, it's just getting easy now.
HUNTINGTON (voice-over): DeLorenzo says cell phone records are the most valuable tools of his trade. And while he would not give details on just how he gets them, he said they are a synch to obtain.
DE LORENZO: We have the sources already, who are already tied into their contacts. And we could probably get them, if we really need a rush on it, probably within 30 minutes.
HUNTINGTON: It took us only slightly longer. We went to one of the dozens of Web sites that offer a full menu of personal data searches, paid $125 and gave only the name and mobile phone number of a CNN colleague. Six hours later, we were e-mailed a complete and accurate log of his wireless phone calls for the past month.
HOOFNAGLE: The sheer number of Web sites offering the cell telephone records suggests that there is a live traffic in this personal information. It also suggests that the carriers aren't adequately protecting personal information.
HUNTINGTON (on camera): There are two main ways that so-called data researchers get cell phone records. The first is by simply tricking the phone companies. Using little more than a name address and a date of birth, they obtain the records under the pretext of being the actual account holder. That's called pretexting.
The second way is from company insiders on the take who sell call logs, typically for a 50 percent cut of the research fee.
The researchers have contact within the phone company to accept the fee to give out the information.
DE LORENZO: Right. I feel that they're either paying for it from an inside source, or they're doing pretext and trying to get that information that way. I figure that's 90 percent of the way how they're getting it.
HUNTINGTON: We called the major wireless companies: Verizon, Cingular, T-mobile and Nextel, which is the carrier of the CNN staffer's cell phone we told you about. All of them told CNN they do not sell customer information. And that they are taking steps to fight pretexts.
Senator Chuck Schumer of New York says selling cell phone records is an unacceptable invasion of privacy and could contribute to crimes like corporate espionage or even help stalkers find their victims.
A company employee who sells phone records is already breaking the law, and now Schumer has introduced legislation to make pretexting for phone records also a federal crime.
SEN. CHUCK SCHUMER, (D) NEW YORK: If you do it for financial records, it's illegal. If you do it for phone logs, it is not. We should make it illegal right away.
HUNTINGTON: But as things stand...
DE LORENZO: It's amazing how easy it is, just amazing.
HUNTINGTON: And those who trade in the murky market for your cell phone records say business will continue to boom.
Chris Huntington, CNN, New York.
(END VIDEOTAPE)
BROWN: Reminder that a live news update coming up at the top of the hour. And we'll wrap up in just a moment.
(COMMERCIAL BREAK)
BROWN: Good to have you with us tonight. A reminder, don't give your password out over the weekend. We'll see you again on Monday. Until then, good night for all of us.
TO ORDER A VIDEO OF THIS TRANSCRIPT, PLEASE CALL 800-CNN-NEWS OR USE OUR SECURE ONLINE ORDER FORM LOCATED AT www.fdch.com
