Some of the government's Y2K watchers are warning of computer problems on New Year's Eve that may arise not from the date rollover, but from pranks committed by mischievous hackers.

They are watching for intentional acts perpetrated at the stroke of midnight under the cloak of Y2K problems--perhaps by hackers sitting at their terminals determined to breach computer networks, but likelier through the stealthy attacks of viruses, worms and other damage-dealing software that already have made their way across the Internet and corporate computer networks.

In recent weeks, the warnings have become louder and more fretful. Deputy Secretary of Defense John Hamre told reporters that "the hacker chat rooms" were buzzing with Y2K plans, and that "we're apprehensive enough about it that we've put special watch procedures in place." And the FBI will hold a briefing today to issue further warnings about the potential for New Year's cyber-attacks.

President Clinton's Y2K czar, John Koskinen, has politely asked hackers to refrain from mischief around the first of the year--a somewhat unusual request given that hackers aren't known for their respect for authority.

In not one but two news briefings last week, Koskinen noted that some hackers believe they are doing a public service by showing holes in system security. But he said: "We are going to have enough things going on that weekend. . . . This will not be a particularly good weekend to try to demonstrate the need for more information security."

Computer experts have recently discovered several dozen viruses and worms floating around on the World Wide Web--some with triggers set to go off on Jan. 1.

One of the most attractive targets for virus and worm writers recently has been Microsoft's near-ubiquitous Windows operating system and the close working relationship between such Microsoft programs as Word and Outlook. The infamous Melissa virus, distributed earlier this year, is typical of the breed; it burrows into the user's hard drive and sends out an e-mail message to the first 50 names on the user's e-mail address book, clogging large computer networks with zinging, multitudinous mail storms. A later variant, ExploreZip, erases key files on the user's computer as well.

About 20 new viruses that play on the Melissa-like vulnerabilities of Microsoft's suite of programs are reported each day, according to computer crime expert Eugene Spafford at Purdue University.

Newer viruses are even more infectious and hazardous: Bubbleboy, detected last month, unleashes its payload without any action by the user at all in the Microsoft program Outlook Express. A program called MyPics and imitators target Jan. 1 explicitly. These viruses, which began showing up in December, pretend to be a photograph attached to electronic mail. Try to open the photo and it will kick off a program that will hide on the hard drive until Jan. 1, 2000--when it will erase everything on the user's hard drive.

"We have seen an increase in the past 30 days in new viruses," said Vincent Gullotto, director of the Avert anti-virus program at software company Network Associates Inc.

Since many viruses now enter computer systems through e-mail and build up over weekends, and since New Year's day falls over a weekend this year, Gullotto said, the first weekdays after New Year's are when many of the lurking programs will strike. "Those days are days that companies should really be concerned with," he said. Network Associates, like most makers of anti-virus software, offers free trial versions of programs online that can disinfect computers.

The risk of computer intrusion is based more on speculation than on the sort of hard evidence gathered by virus makers, but the number of break-ins is definitely growing. The Computer Emergency Response Team at Carnegie Mellon University, a federally funded clearinghouse for such reports, has tallied more than 6,844 incidents so far this year, compared with several hundred a year in the 1980s. CERT and other computer security organizations issued a warning in October that intrusions timed to coincide with the new year were possible, although "it is not expected that malicious activity will impact physical or cyber infrastructure systems on a regional or national scale."

Experts disagree about the likeliest kind of intruder threat. Abe Singer, computer security manager at the San Diego Supercomputer Center, said he anticipates more problems with vandals trying to shut computer systems down than with intruders seeking private information.

On the 2600 Club Web site, a popular gathering place for hackers, one page--which pokes fun at the FBI for being busy chasing down "14 year old hacker hopefuls," while the sophisticated programmers burrow into businesses--all but screams:


Singer said that theoretically even amateur hackers--if they work in concert, at the stroke of midnight on Jan. 1--could bring systems down. "Think of a switchboard--what if we got 10,000 people to call you at the same time? You can do something perfectly ordinary and preventable by security people, but if you do it in large volumes you can cause problems."

Spafford of Purdue sees a less urgent threat from vandals. He identifies the range of potential threats as intrusion by hackers, by criminals, by cyber-terrorists and by terrorist-sponsoring nations. The likelihood of any of these happening and causing great damage, he suggested, is very low, but he said the mischief-makers and criminals were the likeliest to cause problems.

Hackers, Spafford suggested, were almost certain to be active--but not likely to do much more harm than usual. There could be extra intrusions over the holidays, if for no other reason than because "as New Year's occurs during a break from school, we also will have a lot of potential hackers with some time on their hands."

Criminals are another matter; company insiders bearing a grudge or hoping to divert funds under the disguise of a Y2K glitch could emerge, Spafford and other experts say. At an Energy Department Y2K briefing last week, Michael Gent, president of the North American Electric Reliability Council, told reporters that because the computers that control their vital systems are not accessible from the Internet, "we're most vulnerable from inside hackers. We're not terribly concerned about people coming in from the outside."

True to the attitude of his tribe, a Las Vegas hacker who goes by the online handle "Mens Rea" says that the experts don't know what they are talking about.

In an exchange of electronic mail, he says that there's no special attraction in breaking into systems on the first day of the new year.

"I really don't see the need to wait for the turn of the century to hack a computer server, when I can do it any time I wish now," he said.

Although some experts have suggested that the greater vigilance and staffing could deter intruders, he said, "I can't count the times I have gained access to a system while it was being monitored." Ultimately, he said, an altogether different factor will likely keep the nation's hackers from making a concerted effort to test the mettle of the global computer network:

"I, along with my 'computer' friends, will more likely be VERY drunk."

Staff writers Stephen Barr and Peter Behr contributed to this report.

CAPTION: Y2K czar John Koskinen has politely asked hackers to refrain from mischief around the first of the year, although at least some are likely to refuse.