Computer-Theft Cases Show Holes in Internet

Companies eager to use on-line computer services fret over security

JUST as the Internet prepares for an onslaught of new users, computer experts are uncovering serious security breaches in the network.

In the past few weeks alone:

*A federally funded computer security unit here at Carnegie Mellon University sent an advisory warning Internet users that several electronic-mail systems were vulnerable to hackers.

*A US Energy Department team warned users of a security problem in a fast-growing part of the Internet called the World Wide Web. Hackers, seeking unauthorized access, can exploit a loophole to gain control and then shut down computers along the Web.

*In the wake of the capture of convicted computer hacker Kevin Mitnick, a relatively new method of electronic break-ins has become highly publicized. It is known as Internet Protocol spoofing, which allows hackers' computers to pose as a friendly machine, get through a host computer's defenses, and damage or delete files. Mr. Mitnick was caught two weeks ago after numerous electronic thefts.

Such problems reinforce what security experts have been warning about for some time. The Internet is far from foolproof, especially for companies wanting to conduct business electronically.

''I would not want to depend on the Internet for the livelihood of my business,'' says Daniel White, a partner with the professional-services company Ernst & Young. ''The reality is that Internet security is basically an oxymoron.''

By one estimate, the number of Internet break-ins has increased by more than 70 percent in each of the last two years. The recent publicity has encouraged temporary fixes. But many more security holes remain.

''There are a great many additional vulnerabilities that have not come to the attention of the general public,'' says Charles Wood, an independent information-security consultant in Sausalito, Calif. ''The moral of the story is: As businesses consider hooking up to the Internet, they should be thinking about security up front.''

COMPANIES are especially interested in moving onto the Internet now because of the emergence of the World Wide Web. Because of its ability to handle graphics, the Web makes it easy to present advertising and promotional material. It is also attractive to users, who prefer navigating the Internet with a computer mouse rather than typing in obscure commands.

The Web has been growing fast. In December 1992, it accounted for 77.8 million bytes of traffic, according to Merit's Network Information Center, the Internet's information organization. By December of last year, the total was just under 3.5 trillion, making the Web the second most popular Internet service in terms of volume.

The rapid growth will almost certainly continue, Internet experts agree. Forrester Research Inc. estimates the service will attract just under 22 million users by the year 2000 -- more than 10 times last year's total.

Some experts are predicting that Web use will double or triple this year alone, says Bill Day, director of Internet development for Prodigy Services Company based in White Plains, N.Y. Prodigy is already offering a Web connection.

Companies, eager to reach these on-line consumers, find the economics of the Web compelling. For example, it might cost a company $60,000 to run one full-page ad in a newspaper with a circulation of 1 million readers. Reaching the same number of Web users would cost roughly $2.50. Publishers in particular are moving onto the Web in search of opportunities.

The problem is that, beyond posting ads and promotional materials, the medium isn't secure. That doesn't mean companies wanting to take orders or transfer funds over the network can't do it, says Mr. Wood, but doing so securely means building in encryption and digital identification systems from the very beginning.

''It's a constant,'' adds CompuServe spokesman Pierce Reid about network security. Just to keep hackers from infiltrating its own proprietary service, CompuServe employs ongoing upgrades of its security systems.

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.