THE INTERNET cafe Khmer Web agreed this week to pay $2,500 for unauthorized use
of private Internet accounts. The amount covers roughly 400 hours of connection
to a CamNet account and approximately 100 hours on a BigPond account.
Yet
the owners of Khmer Web still deny they purposely misused the accounts. They
claim that private customers inappropriately logged on to the accounts without
the knowledge of Khmer Web staff.
Evidence in the shape of phone and
Internet billing records and an oral admission point in a different
direction.
The misused CamNet account belongs to Bill Herod, an advisor
to KIDS, which runs three competing Internet cafes. In August and September, his
Internet bill suddenly jumped from between six and 15 monthly hours to around
500.
"I was abroad from late August to mid September. Immediately after
returning to Phnom Penh, I discovered that something was wrong. And when I tried
to change the password on my account, I discovered that it was already connected
to somewhere else," explains Herod.
By comparing phone records to CamNet
billing records through the Ministry of Post and Telecommunications, it appeared
that Khmer Web had been connected to a CamNet account in the same periods as
Herod's account had inappropriately been in use - often all day from early
morning to late evening.
Khmer Web does not have a CamNet account and,
additionally, were only connected to their BigPond account for 20 hours during
all of August - Khmer Web's first month of operation - an average of 38 minutes
of business a day.
On Thursday last week, Herod confronted Kim San of
Khmer Web with the findings in order to solve the matter privately. During the
meeting, where the Post was present, San admitted that he had obtained Herod's
password from one Bun Sothearoath, who is a regular among Phnom Penh's
computer-savvy youth.
San also acknowledged that he was responsible for
paying Herod's Internet bill of $2,498.90. On Friday he signed a document
agreeing to pay the amount.
Later, Khmer Web withdrew their admission of
any wrongdoing. At a meeting on Tuesday at the Ministry of Post and
Telecommunications, Khmer Web partners threatened to sue Herod for damaging
Khmer Web and accused him of sabotage, suggesting that he had sent someone in to
plant the password on Khmer Web's computer.
However, a settlement was
reached whereby Herod and the holder of a misused BigPond account are held
unaccountable and the payment from Khmer Web will be divided between CamNet and
BigPond.
"We made a lenient judgement and Khmer Web are now clear of this
matter. But if we find additional misuse of accounts we will not tolerate it and
be very harsh," says Undersecretary of State Koy Kim Sea.
Several other
possible account abuses are now under investigation. According to Director David
Lewis, BigPond alone has one or two suspicious cases under
scrutiny.
Avoiding misuse of an Internet account is very much a question
of password security in the account holder's end.
"If customers for some
reason have to give their password to someone else, they should always change it
immediately afterwards," cautions Lewis.
But keeping your password
secretly locked away in your computer and changing it regularly doesn't
necessarily prevent account abuse. These days a password-stealing program is
circulating in Phnom Penh.
The program works on personal computers
equipped with Windows 95 or 98 where the user has saved his passwords on the
hard disk instead of typing it in every time. When a floppy disk with the
program is inserted into the computer and run, it extracts all saved
passwords.
According to Herod this can be prevented either by changing
the name of the Windows .pwl save file after use or copying it to a floppy and
removing it from the hard disk. The file name must be changed back or the file
reinstalled when it is used next time.
Kim Sea and Lewis urge customers
who suspect that their accounts are being misused to contact their Internet
provider.
