Internet Insecurity

(3 of 5)

Theft of personal data from websites is also growing. Egghead.com sent a chilly wind through cyberspace late last year when it disclosed that hackers had broken into its system and may have accessed millions of credit-card numbers from its database. (It later found that no credit cards had been compromised.) It was a stark reminder that financial data are only as safe as every website you share them with.

There have been other recent high-profile hacks. Music retailer CD Universe lost up to 300,000 credit-card numbers; Bibliofind, a subsidiary of Amazon, had the names, addresses and credit-card numbers of 98,000 customers stolen. One thing that makes online credit-card theft more tolerable than some cyberscams: if consumers find false charges, banks and merchants should pay most of the bill.

4 THAT WEBSITE ON WHICH YOU JUST ENTERED YOUR CREDIT-CARD NUMBER MAY BE A FAKE

In April the FBI cracked a Russian ring and charged a pair of its members with conspiracy and fraud. The hackers were also allegedly involved in website "spoofing." Federal officials said the Russians tried to create a counterfeit website mimicking the real home page of PayPal, the popular online fund-transfer service. PayPal has been hit with such spoofs several times. When a fake site was operating, hackers e-mailed PayPal users and got them to click on a hyperlink with the spoof site's domain name: www.paypai.com . On many computers, a capital I looks identical to the l at the end of the word PayPal.

Near-identical domain names are easy to obtain. Banks have also been a frequent target of spoofers. Bank of America got wwwbankofamerica.com taken down--its domain name, minus the dot after www-- but not before some customers were tricked into entering financial information.

5 THE GOVERNMENT MAY BE GIVING OUT YOUR HOME ADDRESS, SOCIAL SECURITY NUMBER AND OTHER PERSONAL INFORMATION ONLINE

If you live in Ohio, anyone who types your name into a county database can learn your address and how much your house is worth. He can also inspect detailed floor plans of your house, showing placement of your windows, porches and balconies. Supporters of the state's online initiative call it a breakthrough for open access to government records. Critics have another way of describing it: a breaking-and-entering handbook.

Governments around the country have been rushing to put property records online. Many jurisdictions have joined Ohio in creating databases searchable by name. If you go to the Brookline, Mass., website, you can find out where Michael Dukakis lives. Miami's will tell you Janet Reno's home address.

It isn't just property databases. Wisconsin has most of its arrest and court records online. (I discovered that a former law-school classmate of mine has had two traffic violations and was a defendant in a civil lawsuit.) The federal courts have put many of their records online through a system called Public Access to Court Electronic Records (PACER). Among the data available: Social Security numbers; financial assets, which often must be revealed in court proceedings; and the names and ages of minor children.

Critics say the government has gone too far in making data available online, and there are signs the tide may be turning. California's court system is considering new rules that would deny Internet access to certain court records, including those of criminal, family and mental-health proceedings. "The purpose of making public records accessible is to ensure accountability," says Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center. That, he argues, does not require putting details of divorce and child-custody disputes or bankruptcy proceedings on the Internet.

6 FOR-PROFIT COMPANIES AND PEOPLE WHO DON'T LIKE YOU MAY BE BROADCASTING YOUR PRIVATE INFORMATION ON THE INTERNET

The murder of Amy Boyer, a 20-year-old New Hampshire dental assistant, by an obsessed admirer in 1999 called attention to an obscure part of the cybereconomy--online data brokers. Boyer's assailant paid $45 to Florida-based Docusearch.com for her Social Security number and later purchased the name of her employer. He then tracked her down on the job and killed her.

Data brokers insist they are doing necessary work, providing background information to employers, creditors and other people who legitimately need it. But many sell Social Security numbers and private financial information to anyone willing to pay their fees. Often they are the first stop for identity thieves and stalkers.