Confessions of an Internet hacker: Stealing your personal information was hard to resist.

• Author: Russell, Larry

Some friends and I have pretended to be you a few times-setting up credit card accounts to purchase a few things. I hope you don't mind. Your personal information was easy to obtain over the Internet with the aid of a few well-known cracker tools. It was hard to resist.

THE PERFECT COVER

My name is John Smith. I'm from Crescent City. In school I earned good grades, was always in my room before curfew and went to church every Sunday. A few months ago, my buddy and I were hired by a start-up computer security company to protect companies like yours against people like me. Unfortunately I had no idea that the folks who hired me were really from the Federal Bureau of Investigation. Now, it's pretty safe to say the jig is up. I'm writing this from my federal prison cell in Lompoc.

If only we had stayed in Crescent City, you never would have found us.

We had the perfect conditions for monitoring service providers, e-commerce sites and online banks that pointed the way to your personal computer to steal credit card numbers and other personal financial information. Sometimes we were able to use this information to persuade our "clients" to pay us not to share their sensitive data with the public or we would damage their computers.

Once we were inside your computer, we made copies of your financial data files from Quicken, Quickbooks, your tax return software and other data sources.

You pretend to protect your valuable data with passwords that don't take long to crack.

Password-cracking software-supplied by some good friends of ours--allowed us to discover your passwords in minutes. Fortunately, you didn't bother to use uncrackable passwords. Apparently they are too hard to remember or a nuisance to change.

We were able to obtain more than 56,000 credit cards with personal information "courtesy of" a few Internet service providers and Internet retail sites. You may have felt safe when you signed up for Internet services or bought stuff online, but those online vendors have big back doors just waiting for us to walk through. We also "borrowed" bank account and other personal financial information from online banking services.

PIECE OF CAKE

It was not difficult for us to take control of your unprotected computer over the Internet-using it to establish thousands of anonymous e-mail accounts at e-mail Web sites like Hotmail, Yahoo! and My Own Email. With our "personalized" e-mail accounts we used special software to create associated accounts at PayPal, an online payment service, with random identities using your credit card numbers.

With other software, we controlled and manipulated eBay auctions. We could act as both seller and winning bidder in the same auction and then paid ourselves with your "borrowed" credit cards.

Did I mention that we had accumulated...