MANKATO — Eric Schultze has broken into banks and businesses across the country. He was at it again at Midwest Wireless last week.

“When I finally break in, my heart races. I do a little dance,” Schultze said.

His tools of trade are a laptop computer, some programs easily downloaded off the Internet and vast experience in computer security.

Schultze breaks into major businesses’ computer systems legally. He’s even paid to do so as a top computer security consultant. He demonstrated his technique to about 70 computer security managers from around the area.

Although his audience was one of experienced computer programmers and security managers, Schultze’s live hacking demonstration drew some appreciative gasps. With his work being shown on a large screen, Schultze hacked into a remote computer system.

It’s not an easy process by any means, and security measures are available to thwart most attacks on business computer systems — if the security is kept up to date.

“The biggest threat to the business networks is internally, from disgruntled employees,” Schultze said.

Unhappy workers have access to the system and may be able to guess or overhear passwords that allow them into sensitive areas. Changing passwords frequently, including system administrators’ passwords, and having good passwords goes a long way in protecting the system.

Schultze said “pass phrases” are far better than passwords. A pass phrase such as: “I drive a red Nissan” is still easy for people to remember because it’s something familiar, but it’s much harder for a computer hacking systems to break than a password.

Schultze used a variety of hacker tools available off the Internet as he got into the computer system and began to look around. One tool scanned the system to show him which computers on the system were running. Another got him inside so he could look around at company information including names and salaries of employees. Another tool cracked most all of the passwords used on the system.

All of it was done, he said, without leaving any record he’d been inside the computer system.

In the 1990s, Schultze was hired by Microsoft to try to hack into its computer system via the Internet. He succeeded in hacking in and taking the passwords of Bill Gates’ top managers. Schultze went on to head up the Microsoft department that writes the monthly security patches sent out to computer users to guard against the latest risks.

He now is the chief security architect for Shavik, a leading security product provider.

While Schultze’s talk was aimed at business computer system experts, much of what he talked about applied to home computer users as well. (See accompanying protection tips.)

And Schultze warned business travelers or vacationers that hooking your laptop into a hotel network may expose you to risk. Hackers often target the large hotel networks looking for information.

Schultze said he knows the risk: His own laptop was hacked while he was giving a hacking demonstration at a hotel ballroom.







New local information security group formed



The recent security seminar in Mankato was hosted by a newly formed Mankato chapter of the Information Security Systems Association.

Jeff Evenson, a security manager at Midwest Wireless, formed the local ISSA because traveling to the Minneapolis chapter meetings and seminars was difficult. And, he said, there are different needs for computer and network security in rural Minnesota.

“In a rural setting computer security isn’t just for big companies like Midwest Wireless or Taylor Corp. There are small businesses all over southern Minnesota that need to keep an eye on computer security,” Evenson said. “It’s hard if you’re the only (information technology) person at a business to keep up on things and network with people about security.”

Evenson, a Twin Cities native, spent 20 years in the Navy, working mainly in cryptology. He retired from the military in 2003 and took a job with Midwest Wireless.

The Mankato ISSA chapter is the 105th worldwide. “The ISSA is for security professionals or practitioners, so it’s a wide range of people,” Evenson said.

For more information, go to the Mankato chapter’s Web site at www.katoinfosec.org

—Tim Krohn