This story was written by Keith Dawson for the Industry Standard's Media Grok email newsletter. It is archived here for informational purposes only because The Standard's site is no more. This material is Copyright 1999-2001 by Standard Media.

A Bumper Crop of Break-Ins
Aug 15 2000 12:00 AM PDT

This morning the press covered a mixed bag of security troubles at Bloomberg (dossier), Safeway U.K. and Verizon. The first two suffered embarrassing break-ins; Bloomberg provided a rare happy ending.

Bloomberg's story was the most dramatic - the company's founder and chief played a role in the arrest of two extortionists - but the Bloomberg news agency itself played the story short and cool. It fell to the Wall Street Journal to gush over Michael Bloomberg's "apparent turn as James Bond." The New York Times' John Sullivan provided extensive background and detail on an extortion plot by two Kazakhstanis that unfolded over the last six months and unraveled last Thursday in London.

Officials at Safeway U.K. probably wish they had a Michael Bloomberg on their staff. On Friday, hackers embarrassed Safeway by breaking into its Web server and downloading the e-mail addresses of thousands of customers. The merry perps then sent an official-looking, if crude, e-mail from Safeway's server to the company's customers, announcing an immediate 25 percent price hike and inviting the customers to shop elsewhere. Safeway has shut down its U.K. Web site, Reuters and Bloomberg reported.

Also in the news was a security and privacy leak at Verizon. Its Web site offered a self-help application enabling customers to report equipment problems and track repair progress. Unfortunately, a visitor to this site could type in any phone number on the East Coast and the program would cheerfully reveal details of that customer's identity and service history. SecurityFocus told Verizon of the problem on Sunday, and Bloomberg (again) and MSNBC reported that Verizon took the site down. But an updated story running on this morning claimed that Verizon merely removed a link to the application from its top page - anyone who had bookmarked the troublesome site can still get to it. Kevin Poulsen, writing for SecurityFocus, provided all the gearhead details on how the security flaw works.

Adding insult to Verizon troubles, the New York Post reported - in the best-headlined story of the morning - on a little spat the company is having with 2600, the hacker quarterly. It seems that before announcing its new name, the merged Bell Atlantic (VZ)-GTE (GTE) dropped $50,000 on 707 domain names such as and The hacker magazine posted a list of these names and then registered one of its own: And after Verizon's lawyers sent them a nastygram, 2600 registered one more name: - Keith Dawson

Two Charged in Hacking, Extortion Scheme (Bloomberg)
USA Today

Michael Bloomberg Assists in Suspected Hacker Arrest
Wall Street Journal
(Paid subscription required.)

2 Arrested in Bloomberg Extortion Case
New York Times
(Registration required.)

Bloomberg Computers Hacked (Reuters)

Safeway's U.K. Web Site Hacked (Bloomberg)
USA Today

Hacker Hoax at Safeway (Reuters)
Wired News

Verizon Site Exposed Customer Data

Verizon Self-Help Site Halted After Notice of Security Breach (Bloomberg)
Boston Globe

Update: Verizon Hole Still Open

New York Post