June 18, 1998
BY RACHEL KONRAD
Free Press Automotive Writer
Compliments of a savvy hacker and Chrysler Corp.'s computer system, Internet users around the world received a scintillating message two weeks ago:
"Hello. My name is Chrissie. I'm an 18-year-old student with a fantastic body that I just love to show off," stated the electronic mail, which provided a link to lewd photos of Chrissie and others on the World Wide Web.
"I just started working at this place where you can see me live on your computer and I will do whatever you want," Chrissie promised.
The electronic message included several lines of computer jargon, with plenty of references to where the E-mail originated: the official network of America's third largest automaker, or chrysler.com.
No one knows exactly how many people read this widely distributed bit of electronic junk mail. Such mail is often called "spam." In addition to popping up in people's E-mail boxes, the message has found its way to a slew of popular pornographic Web sites.
Spammed E-mail users have bombarded Chrysler with hundreds of complaints, and Chrysler's team of Internet experts has spent two weeks and countless hours sending electronic apologies. However, although Chrysler is bearing the brunt of blame and negative publicity, the lascivious missive didn't actually come from within Chrysler.
Any advanced E-mail user could have used his or her home PC in order to send spam compliments of Chrysler. Hundreds of books tell how to exploit E-mail capabilities of other companies.
The spammer could have been a Chrysler employee -- but if so, he or she wasn't using a "chrysler.com" account. Chrysler's computer gurus know little about this porno poet, except that he or she likely has an electronic mail account with CompuServe, one of the largest paid E-mail providers in the United States. A reference to "compuserve.com" appears near the end of the computer jargon.
Chrysler, which uses a computer system that provides maximum security against hackers, isn't the only company that has found its name on spam. All companies are vulnerable to hack attacks.
"This is a daily occurrence for big and small businesses. Unfortunately, most companies don't do anything about it until they get burned," said Chip Rosenthal, an Internet consultant in Austin, Texas. He has a Web site (maps.vix.com/tsi) that teaches companies how to become more resistant to hackers.
The Chrissie case illustrates a problem already occupying lawmakers. America Online's associate general counsel, Randall Boe, told U.S. lawmakers on Wednesday that junk E-mail is costly for U.S. businesses and consumers.
Spam has "quickly become the largest single complaint of our members," Boe told a hearing of the Senate Commerce Committee's subcommittee on communications. In addition, "service providers like AOL bear enormous costs" to provide computer power and people to manage the extra load, Boe said.
Sen. Conrad Burns, a Montana Republican who chairs the subcommittee, has said he may introduce legislation to crack down on it.
In the case of Chrysler and Chrissie, the perpetrator could have been paid to distribute the E-mail as widely as possible. The distribution of spam -- especially get-rich-quick schemes and pornography -- has become a cottage industry for hackers.
Unethical companies or individuals pay them to send millions of E-mail messages at a fraction of the cost of traditional mail, which is covered by strict pornography and fraud rules. By contrast, even the naughtiest spam is legal in Michigan and every other state except Washington.
Hackers often use high-speed corporate computers as a means to send huge quantities of spam quickly. That's because most legitimate Internet providers, such as CompuServe or America Online, cancel accounts of repeat spammers.
Chrysler's information systems team emphasized that the hacker never actually entered Chrysler's computer system or had access to any inside information about Chrysler products or business strategy. Instead, the hacker simply used Chrysler's system as a wall off of which to bounce thousands -- perhaps millions -- of E-mails.
It's the equivalent of a would-be burglar who, failing to break into a house, sits on the lawn furniture and dips into the backyard pool. The home owners feel invaded, but discover it's nearly impossible to find the sneak once he leaves the neighborhood.
The attack infuriates Chrysler's Internet gurus, who have worked hard to build a hacker-proof firewall around the company's three-year-old E-mail system. But they lament that there's little they can do when someone uses the firewall as a bouncing board.
"There are lots of clever people out there," said Susan Unger, executive director of information services at Chrysler.
"There are different issues that come up from a security standpoint, and no one can ever say they're 100 percent secure. You have to constantly monitor problems and address them when they come up."
Rachel Konrad can be reached at 1-313-222-5394 or through E-mail at konrad@det-freepress.com
All content © copyright 1998 Detroit Free Press and may not be republished without permission.