"Isn't then the computer a tool, a weapon, of the computer criminal? I can use my computer as a tool to pry open your computer, and then once inside I can use it to perhaps destroy pieces of your computer or your information."-- Terminal Compromise, a novel by Winn Schwartau, 1991One man is a voluble preacher, a missionary with a well-rehearsed sermon, he radiates the assurance of a man who has been proven right. The other's a pragmatist, occasionally taciturn, enmeshed in the details of his profession, apolitical but not, according to his self-image, amoral. The first man flies at a virtual 30,000 feet over a virtual battleground that virtually none of us even knows exist. The other is dug into the trenches of this war zone, doing an oft-dirty job, shrugging at the knowledge that you can be slimed by ones and zeros as well as by gore and muck.One readily tells you his name; indeed, it is plastered on the covers of nine books (a 10th is in the last stages of literary pregnancy) and scores of articles. The other is known to the masses only by aliases and code names.Two weeks ago, one of the men boisterously led a ribald parody of Double Jeopardy at a Las Vegas conference of fellow travelers in the murky sewers of cyberspace. He wielded irreverent humor to underscore a very serious message about the possible end of civilization as we know it. The other helped to quietly convene a March conference of American and foreign generals and think-tank eggheads. They met in the middle of one of the world's great hot spots. Sorry, if we told you where, we'd have to delete you from the galactic hard drive. The power confab was held to discreetly ponder the future of warfare -- in other words, to debate how to avoid the end of civilization as we know it.Both men have the ears of military, government and business leaders in the United States and throughout the world. Meet Winn Schwartau and, well, let's just call this other guy by one of his better known nom de guerres (or, more precisely, nom de cyberguerres), Louis Cipher. On the great world stage now being transformed by the Information Age, these are true superstars, cyber soldiers battling something called the "infowar." Schwartau correctly identified the offensive military potential of computers more than a decade ago. He brushes off those who denigrate him as a Chicken Little with "I told you so" examples of his it-came-to-pass-as-I-predicted canniness. The clandestine Cipher, a pal and sometime business associate of Schwartau, is less certain of the direst predictions of a digital Armageddon. But, he makes a living out of nailing the bad guys in cyberspace, fighting the brush fires before they get out of control. Many applaud his occasionally extra-legal tactics; others say he is over the top.To admirers, the two men are prophets ringing the alarm of impending doom. Others chide them for pocketing the profits of doom alarmism. If you look at some Web sites, you'll see these two men described as visionaries and the first line of defense against the forces of chaos. Look elsewhere and they're called henchmen for the generals and spooks who need new villains to justify their bloated budgets and who are quite happy to beat ploughshares into digital swords.You say you thought modern warfare was all about Tomahawk missiles, bombing sorties launched from the decks of giant aircraft carriers, and soldiers basically doing what soldiers always have done, killing people and breaking things? That's true. The generals still have their battlefield toys -- high tech, to be sure, but basically still bombs and guns. However, just as kids have migrated from plastic model jet fighters and GI Joes to Nintendo and computer gaming, so too have the military brass discovered the joys and headaches of electronic warfare. And let's never underestimate the arms industry, the death merchants for whom infowar is an unexplored gold mine of potential revenues.The guys with stars on their uniforms aren't alone on the virtual battlefield. They're joined in their fascination over deadly electronic wizardry by freedom fighters and terrorists, corporate sleuths and saboteurs -- and by an astounding number of modem-armed Pucks and hacker wannabes, many with the emotional maturity of pimply-faced brats.You've heard about some of the "weapons" -- computer viruses, for example. They're still a threat -- PAPA, Melissa, Mad Cow, PrettyPark and Armageddon viruses have all hit computer networks recently. "Trojan horse" programs fool people into turning over their most private information to cyberpranksters and thieves. An even more cunning related species called "remote tools" allows a hacker to control a victim's computer -- even listen via the sound card to what's going on around the computer. One of the nation's leading band of hackers, the Cult of the Dead Cow (cDc) unveiled the most virulent remote tool to date, dubbed Black Orifice 2000 (BO2K), this month at the annual Las Vegas conference of the digital underground, Def Con 7.0.Detection-resistant, computer-destroying "worms" are among the more irritating innovations. But far more pernicious threats lurk in the virtual free-fire zone. Hacking -- the cyber underground, where people with fanciful "handles" such as Eric Bloodaxe, Phiber Optik, Datastream Cowboy and Death Vegetable (Veggie for short) try to screw around with computers -- costs U.S. companies at least $100 million a year and probably many, many multiples of that. Companies are loath to admit being victims for fear of encouraging additional assaults. One hacker alone is reputed to have savaged a number companies -- NEC, Nokia, Sun Microsystems and Motorola -- to the tune of $300 million.Cipher, who quietly collars hackers for corporate clients, says the true level of conflict is seldom publicized. "If a guy wants to destroy your company, one way is to get the customer data base (of, for example, a brokerage firm). He publishes it on the Internet. How many clients are going to continue to do business with that company?"But these guys don't go around telling you they're hackers," Cipher adds. "The real hackers don't have handles."There are white hat hackers and black hats -- although experts such as Schwartau say that "it's a pretty gray environment. Even the white hats are often suspect."Many of these electronic buccaneers pride themselves on providing a service, finding defects in programs such as Microsoft's Internet Explorer browser -- but hackers happily exploit those same defects before companies and individuals can develop defenses."Lamers and losers," Schwartau has called hackers. "Cowards. What else do you call someone attacks you but remains faceless?"Whatever the morality, hacking is getting a lot more interesting. The CIA, for example, tried to "hack" into Yugoslav strongman's Slobodan Milosevic's bank accounts during the recent war -- although many observers feel the spy guys just started that rumor to wad up Slobo's shorts. Whether real or fake, the story was trumpeted without a whiff of skepticism by the media -- Newsweek declared on May 31 that "President Clinton has OK'd a top-secret plan to destabilize Milosevic -- and go after his money." It was so top secret, Newsweek knew all of the details.A few years ago, federal agents did succeed in invading bank accounts and deleting millions of dollars paid by a South American drug lord to bribe U.S. officials. The drug dealer blamed the missing millions on his bookkeeper, who didn't survive the joke.A successful bank job, such as the one aimed at the drug lord, involves a lot more than a nerd jockeying a computer. "Can the CIA simply hack into foreign bank accounts?" muses Cipher. "No way."Hackers in the good ol' days -- say, five or 10 years ago -- were largely motivated by the challenge or money. The new generation is often spurred on by political agendas. As Schwartau wrote in his book Information Warfare: "We can identify people, organizations and ecopolitical groups with the motivation and capability to wage Information Warfare, but we cannot predict who will or won't become an active adversary."Increasingly, the problem is who won't dabble in infowar. Here are some notable skirmishes on the electronic frontier.- Shortly after NATO attacked Yugoslavia, Serbian hackers swamped Pentagon Web sites -- little more than an annoyance, to be sure. The U.S. government is bombarded with millions of hacking salvos on its computers that are accessible to the public; the Pentagon alone is hit at least 250,000 times a year, including many undetected stealth attacks. Richard Clarke, President Clinton's point man on infowar, told the San Jose Mercury News last month that 99 percent of those attacks are rebuffed -- but he added that the 1 percent that succeeded were unsettling. Internal test hacks on military computers score goals about 65 percent of the time.- In 1994, two hackers took down the computer systems for 18 days at Rome Air Force Base in New York, according to the American Banker magazine. Not only were sensitive files stolen, but the hackers used the Rome computers to launch attacks against computers at other defense installations.- A group of Portuguese hackers recently ambushed more than 60 Web sites, including the FBI's. Another Portuguese group defaced 45 Indonesian government Web sites in a show of support for independence for East Timor.- The Indonesian government has also been the target of e-mail bombs -- programs that flood computers with messages -- protesting the murder, torture and rape of many ethnic Chinese.- The Chinese government has been blamed for encouraging hackers to invade and deface U.S. government Web sites, including the White House's, in retaliation for NATO's bombing of China's embassy in Belgrade. The hackers left this cyber graffiti on the White House site: "Why did we hack this domain? Simple, we fucking could." It took the White House three days to acknowledge it had been victimized.- On Oct. 12, 1998, Mexican president Ernesto Zedillo's Web site was defaced by what are called political "hacktivists." The date was Columbus Day, and the hackers were protesting what they called "colonization, genocide and racism." - Two months earlier, Mexican hackers calling themselves "X-Ploit" put the face of revolutionary hero Emiliano Zapata on that county's finance ministry's Web site. Their cause was the Zapatista rebellion in the Chiapas region in southern Mexico. - A group call MilwOrm has figured in at least two notable actions. Last year, it invaded India's Bhabba Atomic Research Centre, protesting nuclear bomb tests. Then, along with a group dubbed the Ashtray Lumberjacks, it zapped Web pages at 300 sites around the world, replacing them with anti-nuke communiqus. - A group called Hacking for Girlies (HFG) posted pornographic pictures on the New York Times Web site last year and has claimed credit for attacking other sites, including NASA's. There are a lot of myths about the state of infowar. Our Mr. Cipher denies that real cyberterrorism or warfare has ever happened. He equates most of the activities to graffiti and pranks. And, he notes that the targeted government Web sites are public. "Do you think the real FBI computers are accessible to anyone?" he asks. Sensitive government sites are isolated from outside networks. "Air gaps" between private and public networks prevent access -- at least until someone figures out how to jump over them.Schwartau demurs, saying the hundreds of incidents of hacking, viruses and other forms of computer mayhem are precursors to what he has predicted could be an "electronic Pearl Harbor." "In 1991," according to Schwartau, "in testimony before the House Committee on Science, Space and Technology, I introduced the concept of 'Electronic Pearl Harbor,' a term that distilled the risk into a digestible sound bite that both Congress and the press could latch onto."(Ironically, Schwartau became something of a cyberguru because of a novel, Terminal Compromise, that depicted a stealthy attack on America by a Japanese man. Tom Clancy's Debt of Honor envisions a war with Japan, one that includes an assault on America's electronic infrastructure. Yet, many experts feel that if a cyber invasion ever happens, it won't be accompanied by the cry of "Tora, tora, tora!" Japan, with an electronic infrastructure second only to the United States', may actually become the first victim of a new, high-tech Pearl Harbor. Raisuke Miyawaki, a respected adviser to the Japanese government, said in a speech three weeks ago to the Center for Strategic and International Studies that "Japan is vulnerable to a cyberterrorist attack, and the effects such an attack would have on Japan. É Japan's most powerful leaders have demonstrated a lack of technology understanding and a leadership void that have stalled the development and implementation of a comprehensive, effective cyberterrorism strategy and policy.")The depiction of a devastating sneak electronic attack is a very popular image among tech-minded officials -- so much so it garners an almost equal amount of derision by skeptics as simplistic hyperbole. George Smith, who edits The Crypt Newsletter, an Internet publication in California that deals with computer security, has written that the "government's evidence about U.S. vulnerability to cyber attack is shaky at best. Information warfare: The term conjures up a vision of unseen enemies, armed only with laptop personal computers connected to the global computer network, launching untraceable electronic attacks against the United States."But is such an electronic Pearl Harbor possible? Although the media are full of scary-sounding stories about violated military Web sites and broken security on public and corporate networks, the menacing scenarios have remained just that -- only scenarios."Scenarios are not just hypotheses, however. Schwartau says he often conducts exercises with government agencies that show how vulnerable our technology is. He won't discuss the details, citing confidentiality. One exercise has become public knowledge, however. The National Security Agency two years ago played a game dubbed "Eligible Receiver," in which ersatz North Koreans, using current technology, launched an electronic blitzkrieg against the United States. In an article last month in Information Security, Schwartau concluded about "Eligible Receiver" that the outcome "left the senior military brass bug-eyed in astonishment. It took the bad guys only one week to successfully throw the United States into economic chaos by attacking major financial institutions, shutting down large pieces of the U.S. power grid, crippling communications and short-circuiting the airline industry. Industry participants in the project also acknowledged how utterly surprised they were by the speed and efficiency with which critical U.S. infrastructures collapsed, one by one."Fearing a real-life "Eligible Receiver," President Clinton has budgeted $1.4 billion for research and counter-cyberterrorism programs.Arnaud de Borchgrave, a senior analyst at the Center for Strategic and International Studies and a distinguished foreign correspondent for three decades, told the American Banker that infowar weapons are "the new arsenal in a new geopolitical calculus that enables the non-states, and even individuals, to take on a superpower. That's the sort of world we're living in and our leaders don't want to face up to it." Such an exotic topic has, of course, produced hype and a few real boners. The British press reported recently that "hackers have reportedly seized control of one of Britain's military communication satellites and issued blackmail threats." Oops. It never happened. Well, at least the official spin from 10 Downing Street is that it didn't happen Ð but in the digital realm, little is absolutely certain.Beyond amateur hacking and the electronic political protests, there is a looming reality in which capturing a satellite may not be so far-fetched. Strategists talk, in that lovable way generals say things, of "decapitating" an enemy's army by disrupting his communications. CIA Director George Tenet has told Congress, "Several countries have or are developing the capability to attack an adversary's computer systems." Investigative journalist Robert Parry last month disclosed the contents of a consultant-produced military pamphlet called "Warfare for Dummies," a play on the titles of a popular series of computer how-to books. The bureaucratese booklet dubbed hacking "network penetrations," and said they represent "a new and very high-tech form of warfighting." The disruptive strategies in the U.S. arsenal include "insertion of malicious code (viruses, worms, etc.), theft of information, manipulation of information, denial of service," according to Parry's report. Right now what's got the top brass really bugged is the fear of Flash Gordon-style death rays or electronic bullets ripping through wires to cripple society's infrastructure. "I'm talking about weapons of mass disruption," says Schwartau. "Believe it."Most of these weapons fall into the category of "electromagnetic pulse" (EMP) or flux generator guns and bombs, which if and when they exist could devastate an army or city or an entire country with electronic blasts of intense power. Smaller versions could, among other things, melt silicon, essentially making paperweights out of computer chips -- including the millions of "embedded" ones that run banks, air traffic computers, power networks and telecommunications.EMP bombs would require a relatively small blast, yet would cook electronic systems within a several-mile radius. Believers say they could be launched by aircraft or exploded inside critical information centers. Many observers such as Schwartau believe the weapons aren't science fiction but are hard scientific fact. One session at Def Con 7.0 was slated to discuss the possibility of EMP bombs being built in garages for a few hundred dollars. The Pentagon is mum on the subject, but not critics such as The Crypt Newsletter's Smith, who denigrated EMP weaponry a "fairy tale." "To generate the effects ascribed to the notional weapon requires power fluxes that would kill everyone triggering the device and everyone in the vicinity of the detonation and target. Far easier to use Tim McVeigh's fuel oil-soaked fertilizer truck bomb."Still, a related idea is much more practical. High-energy radio frequency (HERF) guns are easier to build. These would emit an electric spike that would cook a system. Police have already considered HERF guns as a great tool for, among other things, disabling fleeing autos. Zap! We gotcha.However, there's an ominous side to HERF guns. A 1997 American Banker article suggested they "could easily move from law enforcement to the criminal and terrorist population." Zap! We gotcha, too.Whether EMP and HERF weapons are fantasy or whether the whole idea of cyberwarfare is the product of minds diseased from watching too many Star Trek episodes, there is one indisputable potential for the weapons. Just as NATO generals hoped Milosevic was writhing in anxiety over fear that his bank accounts had been cyberlooted, so too can entire populations be disrupted by fear of the digital unknown. The "Dummies" manual disclosed by Parry, for example, discussed the potential for "psyops," or psychological operations, and stated: "Future applications of psyops may include realistic computer simulations and 'morphed' imagery broadcasts of bogus news events." Winn Schwartau is an unlikely candidate to have become a master wizard in today's computer mythology. He should have been -- and was well on his way to becoming -- a music industry mogul. His father was a record producer, an engineer who helped develop radar during World War II. Schwartau's mom, an actress, also became an engineer during the war.The son inherited all of those talents -- music, technology and showmanship. During his youth in New York, the recording business was Schwartau's tune. "Louis Armstrong taught me how to play the trumpet," he recalls. "Ella Fitzgerald came over to our place to get drunk. Richie Havens was smoking opium. And I can still remember Peter (Yarrow of folk singers Peter Paul & Mary) telling me about one recording we made, 'The echo, it's not cosmic enough.'"When Jimi Hendrix, Country Joe and David Crosby were summoning an American counterculture revolution at Woodstock in 1969, Schwartau was at the recording control panel in New York.Schwartau, who works out of his Seminole home, aided by his wife Sherra, has his eccentricities. He almost sloshes from the flood of decaf he drinks. He collects microphones -- and has one he says was once used by Adolph Hitler. "None of the rest are famous," he says. "Interesting, but not famous." Even more than the microphones, Schwartau is proud of a 1929 grand upright piano -- "from Billy Joel," he beams -- and his collection of original Woodstock posters.Schwartau reached that part of his story at about the second cup of Einstein Bros. Bagels decaf. In shorts, driving a convertible, with his New York accent, the 46-year-old Schwartau appears to be the archetype of the snowbird. He's disarming until you think about his message, then he's disconcerting.Question: Why would anyone give up the excitement and glitter of the music industry? With a been-there-got-the-autograph shrug, Schwartau says: "In 1981, I decided I'd had it with the recording business. I sold this part of it, licensed that part. Then I moved to California, where I taught (audio) engineering for awhile. After a couple of months, I was bored with that, too."I said, 'Hmmm, computers. Interesting.'"What interested Schwartau was computer security and encryption, the antecedents to infowar. The work got him thinking about the dark side of the cyberforce."I remember when I first thought of this," he says. "It was in March 1990. I was taking a shower and thinking of virus scares. I said to myself, 'Let's see what kind of really bad shit we can do using a virus as an offensive weapon. How do you model an army based on computer war?' "I asked my lawyer what he thought of the idea. He said, 'Winn, you just invented a new kind of war.'"Actually, we're talking about three levels of warfare: attacks on personal information, corporate level espionage and sabotage, and global-level cybermayhem.From Schwartau's epiphany in the shower, it's been a succession of books, some entertaining, others pretty dense. Many hackers are fond of him -- inviting him to speak and conduct his Jeopardy parody at Def Con each year, aided by a buxom assistant introduced as Vinal White (a.k.a. Bad Kittie, her hacker handle), who occasionally offers to doff her top for a correct answer. Typical Hackers Jeopardy questions are: Q: The media alleged that this person could launch ICBMs by "whistling up the launch codes." -- and the judge believed it.A: Kevin Mitnick (perhaps the most famous American hacker).Q: "Aanigoo Ahoot'e" is Navaho for X-Files hero Fox Mulder's motto.A: The Truth is Out ThereTrue, not really gut-busters. But there's a whole series of questions whose answers are all "69." We'll leave it to your imagination.At the heart of Schwartau's proselytizing is a realization that's so obvious it's almost invisible. "We entered the information age," he says, "and reached a very definable moment when our reliance on technology exceeded our ability to live without it. We built this 'thing'" -- his hands sculpt a pyramid shape in the air -- "but we never thought about building in security until it was too late" -- he punches a hole in the pyramid.Schwartau has attracted enemies among tech-heads, in part because of the irksome simplicity of such statements. They sneer at his lack of programming credentials. He sneers back. "I have an engineering foundation. Do I have to know how to program 18 lines of code in order to understand the impact of computer technology? I don't think so."Also, some hackers don't like his depiction of them as undisciplined children throwing tantrums when they don't get their way. He's had pranks and some not-so-prankish incidents. He tells of hundreds of WebTV boxes sent to his home, paid for by stolen credit card numbers. And when asked about death threats, Schwartau, very much a family man, grimly says, "Yes," and then drops the subject. How seriously should you take Schwartau? Cipher -- who doesn't go the full 10 yards with his friend on the subject of imminent cyber warfare -- nonetheless urges people to pay attention. "Winn gets calls from the Joint Chiefs of Staff for advice," Cipher says. "That's serious."Let's change our bandwidth to download an image of the mysterious Louis Cipher. We'd tell you about his past, but he said not to. He knows how to do really mean things with computers, like mess around with your credit cards or change official records to show that you're a serial bigamist who has been married 37 times in the last four days. Not that he'd do any of that. But he probably could, so bold as we are, we'll keep his little secrets.What can we say about Cipher? Well, he's a nice guy, not young and not old, with a sweetheart of a wife. They live somewhere in the general area described as West Central Florida. (Hope I didn't give away too much with that.) He has this funny way of talking somewhat obliquely about whatever subject is on the table. Like you say, "Hey, I'd love to go golfing, but I think it's going to rain today." And Cipher responds, "Heat causes moisture to rise into the atmosphere, where it is cooled and causes precipitation." And you say, "Huh?"Once you get past that, you find that Cipher is one helluva smart fellow and a mother lode of information. Not always the information you were seeking, but tantalizing data nonetheless. A conversation with Cipher tends to be a random, existential parsing of diverse planes of reality. But when the talk is ended, remember this: Cipher is the scary dude in the black hat you really, really don't want meet if you've decided to become a Robin Hood of Web, hacking your merry way through government and corporate computers, surreptitiously downloading from the rich to upload to the masses. Right now, Cipher talks a lot about corporate cybervigilantism. Mess with one of his clients and you'll probably regret it.Something of a romantic myth has grown up around Cipher. It has to do with baseball bats, decidedly low-tech tools he and associates have reportedly used to recover clients' critical data. Cipher hardly looks the part. Rather, he resembles the guy on the next stool at the neighborhood saloon. Affable, if not too talkative. Certainly not formal -- never seen him in a tie, and I've known him for a few years. But watch the eyes and listen to the voice. When Cipher is talking about someone he doesn't like, the eyes narrow and the voice gets deadly flat. Don't doubt his credibility. Mark Gibbs, a columnist for Network World who isn't fond of Cipher's vigilante tactics, nonetheless conceded in a January column that the magazine "checked Cipher's bona fides, and he seems all too real." The Weekly Planet checked them, too.Of the storied baseball bat episode, Cipher says, "It might have happened," deflecting further questions by describing in great detail how law enforcement, including the FBI, is incapable of quickly reacting to cybercrime, and how criminal penalties are impotent to protect computer technology.Most of Cipher's techniques are a little less blunt than the wrong end of a bat. He rigs computers of his financial clients to detect when people -- even authorized people -- access too many client or personnel records."We caught this one guy" who had transferred a financial-services company's records onto a CD, Cipher recalls. "By the time he got home, we were there waiting for him. As he got out of his car, we went up to him and said, 'We believe you have something that belongs to us.' He got the message, and we got what we came looking for. How long would it have taken local police or even the FBI to react? By the time they did, our client might have been out of business."Network World's Gibbs commented in a January column: "Cipher appalled me for several reasons. To start, he relished his vigilantism. He recounted his stories of theft, threats and grievous bodily harm with the self-righteous satisfaction of someone who has few scruples and sees himself as a tough guy. But it was his belief in the correctness of his actions and his assumed moral authority to do so that really irritated me."Morality issues aside -- and Cipher views himself as adhering to a sort of cyber-samurai ethics -- many people aren't irritated at all by the hired gunslinger response to commercial hacking. A poll that got considerable coverage on CNN's Web site showed that 82 percent of 7,500 people who responded approved of companies taking the law into their own hands.It's often necessary, Cipher says, to take a direct approach -- such as separating a bad guy from his computer and leaving a note reading, "See how it feels." Most tactics are more sophisticated. One, for example, is to lure hackers into safe parts of the client's computer system without alerting the intruder to the fact that he's already been nailed. Once identified, the culprit may himself become the victim of some reverse hacking. Or he may get a visit."We had this one individual stealing e-mail," Cipher says with relish at the recollection. "So we seeded it. The e-mail referred him to a specific Web site. Once he entered that Web site, we were able to determine who he was. It was a guy from Guadalajara (Mexico). We were able to communicate with this individual, and the problem disappeared."If all this hasn't scared you witless the next time you sit down and turn on that gray box, consider this warning from Schwartau. "The rest of this year is going to be real bad," he says.Specifically:- In mid-July, the movie TakeDown is scheduled for release. This story of fabled super-hacker Kevin Mitnick "will produce a major increase in hacking," Schwartau says. "Everyone wants to prove he's as good as Mitnick."- On Sept. 9, we have an interesting date: 9/9/99. Some see a religious significance to the nines. For computer folk, the number means "end of program." "People will try to disguise activities" as end of program events, Schwartau says. - Finally, there's the big one, the new millennium and its attendant Y2K computer bug. "Will the problems be Y2K related, or will they be some bad guy or punk messing around?" Schwartau asks. "There will be a huge increase in hacking. The secret will be to be able to tell the difference between Y2K and an attack."