Over a long French holiday weekend five years ago, a skilled group of criminals sloshed their way through the sewers of Nice, tunneled and blasted their way into a bank's safe-deposit vault, and spent two full days rifling depositors' boxes for $10 million in loot.
They did it the hard way.
Earlier this summer investigators alleged that Andre Prestes, veteran of a short course in computer programming, and his wife, Vera Campos, took Washington's First Variable Rate Fund for $1.55 million.
The method can be alarmingly simple. With Prestes' programming experience and the knowledge Campos gained as a clerk in one of the investment fund's branches, the two allegedly evaded the computerized controls designed to guard against fraud.
Experts in the burgeoning business of computer security know well enough that computerized accounting systems offer at best an imperfect check on pilfering from those inside and outside an organization. And a rapidly growing network of computers linked by advanced telecommunications offers grand new opportunities for theft.
"The manufacturers are putting the technology out there, but they're really not telling customers about the problems," says Robert Campbell, president of Advanced Information Management Inc., a computer security consulting firm based in Woodbridge, Va. In cases of crime involving a computer, Campbell says, "manufacturers are very insistent that it's not a computer crime, that it's all due to one bad apple."
A few of the better-known instances of breached computer security indicate what an easy operation computer crime might be.
* At New York City's exclusive Dalton secondary school, students using a computer terminal last year penetrated the computerized files of 21 Canadian companies, erasing one-fifth of the information in one company's system.
* In a scam uncovered last February, San Francisco's Wells Fargo Bank lost $21 million over a year, allegedly to two boxing promoters who used a computer to make illegal money transfers.
* In an as-yet unsolved computer crime, someone obtained the passwords to 8,000 companies' computerized data bases by tapping into the computer of a Los Angeles consulting firm.
The mystery surrounding computer crime -- and the ease with which an expert can cover all traces -- mean that no one knows how much computer thieves siphon off each year. FBI agent Paul Nolan said that during 1980, the average bank embezzlement accomplished without a computer pulled in $23,500, while the average embezzlement using a computer took more than $400,000. Using various estimates of how much computer crime is reported and how much noticed, experts say the bill can top $40 billion annually.
Those figures don't include a huge bill for illegal use of computer services. Last June, consultants at the Energy Department's Germantown data processing center were found to be using government computers for homework, football pools and games such as Star Trek, hangman and blackjack. Of 128 individuals checked, 20 were misusing their equipment.
In the final analysis, Campbell says, the security of a computer system depends on people -- the people who control access to a system and the people who control whether a crime can be detected. "The whole problem is one of control over access, both physically -- to the terminal -- and to the set of instructions that tell someone how to do whatever they want to do."
"The management problem is deciding how much security is enough," says Robert Jacobson, a New York computer security expert. "If you overdo it, you're going to waste money. But then a very unlikely event, if it occurred, could have a very serious impact on your organization."