But at present, hacking--which gives access to information--has proven to be substantially more lucrative. Present-day hackers traffic in what the authorities call access device codes, the collective name for credit card numbers, telephone authorization codes, and computer passwords. They are defined as any card, code, account number, or "means of account access" that can be used to obtain money, goods, or services. In the United States the codes are traded through a number of telecom devices, principally voice-mail computers; internationally, they are swapped on hacker boards.
The existence of this international traffic has created what one press report referred to colorfully as "offshore data havens"--pirate boards where hackers from different countries convene to trade Visa numbers for computer passwords, or American Express accounts for telephone codes. The passwords and telephone codes, the common currency of hacking, are traded to enable hackers to maintain their lifeline--the phone--and to break into computers. Credit card numbers are used more conventionally: to fraudulently acquire money, goods, and services.
The acquisition of stolen numbers by hacking into credit agency computers or by means as mundane as dumpster diving (scavenging rubbish in search of the carbons from credit card receipts) differs from ordinary theft. When a person is mugged, for example, he knows his cards have been stolen and cancels them. But if the numbers were acquired without the victim knowing about it, the cards generally remain "live" until the next bill is sent out, which could be a month away.
Live cards--ones that haven't been canceled and that still have have credit on them--are a valuable commodity in the computer underworld. Most obviously, they can be used to buy goods over the phone, with the purchases delivered to a temporary address or an abandoned house to which the hacker has access.
The extent of fraud of this sort is difficult to quantify. In April 1989 Computerworld magazine estimated that computer-related crime costs American companies as much as $555,464,000 each year, not including lost man-hours and computer downtime. The figure is global, in that it takes in everything: fraud, loss of data, theft of software, theft of telephone services, and so on. Though it's difficult to accept the number as anything more than a rough estimate, its apparent precision has given the figure a spurious legitimacy. The same number frequently appears in most surveys of computer crime in the United States and is even in many government documents. The blunt truth is that no one can be certain what computer fraud of any sort really costs. All anyone knows is that it occurs.
154 APPROACHING ZERO [WYRWA ??????]
erably older than the 150 or so adolescent Olivers she gathered into her ring. As a woman, she has the distinction of being one of only two or three female hackers who have ever come to the attention of the authorities.
In 1989 Doucette lived in an apartment on the north side of Chicago in the sort of neighborhood that had seen better days; the block looked substantial, though it was showing the first signs of neglect. Despite having what the police like to term "no visible means of support," Doucette was able to provide for herself and her two children, pay the rent, and keep up with the bills. Her small apartment was filled with electronic gear: personal computer equipment, modems, automatic dialers, and other telecom peripherals.
Doucette was a professional computer criminal. She operated a scheme dealing in stolen access codes: credit cards, telephone cards (from AT&T, MCI, Sprint, and ITT) as well as corporate PBX telephone access codes, computer passwords, and codes for voice-mail (VM) computers. She dealt mostly in MasterCard and Visa numbers, though occasionally in American Express too. Her job was to turn around live numbers as rapidly as possible. Using a network of teenage hackers throughout the country, she would receive credit card numbers taken from a variety of sources. She would then check them, either by hacking into any one of a number of credit card validation computers or, more often, by calling a "chat line" telephone number. If the chat line accepted the card as payment, it was live. She then grouped the cards by type, and called the numbers through to a "code line," a hijacked mailbox on a voice-mail computer.
