By David Bank
Mercury News Staff Writer
AS Sherilyn Dyruff learned, it's not only sophisticated computer networks that are vulnerable to mischief-makers. It's the traditional telephone hanging on her kitchen wall.
All it takes to cut off telephone service is a simple call from a prankster, a vengeful ex-lover or a criminal. The telephone company will perform the disconnection with nearly no questions asked.
And one easy solution to the problem -- the addition of a secret password to protect a customer's account -- has been available for several years, but has not been publicized by Pacific Bell.
Dyruff, 34, discovered all that recently after she returned home from an evening run and picked up the phone in the kitchen of her Campbell apartment to call her mother.
The line was dead.
After a long sleepless night -- and a dozen frantic phone calls from a neighbor's apartment -- Dyruff got her telephone service restored, but not before learning that Pacific Bell takes few precautions to protect customer's accounts from low-tech hackers.
``I was a nervous wreck all night,'' said Dyruff, an account executive for a San Jose manufacturer. ``I slept with all the lights on. I didn't get any sleep. How did I know if I was being targeted? What if there was some crackpot out there?''
The recent rash of computer break-ins has increased public awareness of the vulnerability of computer networks. During a recent Internet crime spree, Kevin Mitnick allegedly filched the credit card numbers of up to 20,000 customers of Netcom On-Line Communication Services Inc., and nearly brought down operations of the Well, a Sausalito-based on-line service.
But computer security experts have long wondered whether the Internet is being held to a higher standard than other communication networks. Cellular telephones, for example, are notoriously susceptible to eavesdropping.
And basic telephone service -- essential for dialing 911 in an emergency, consulting with doctors or checking on friends and family members -- can be canceled without warning.
``It could become a not-so-subtle form of harassment,'' said Melia Franklin, a spokesman for Toward Utility Rate Normalization, a San Francisco consumer group.
A Pacific Bell spokesman said the company's policy requires nothing more than a name and telephone number from those seeking to terminate telephone service.
``Most of the time we take their word for it, because it's not a problem,'' said the spokesman, Lou Saviano.
As Dyruff pursued the matter, she said the only Pacific Bell representative who showed real concern was a woman who said the same thing had happened to her -- an ex-girlfriend of her husband had canceled the couple's phone service.
As it turned out, Dyruff's phone service was cut off because of a mistake made while processing a legitimate cancellation request. Nonetheless, she was still upset that the company's casual procedures would not have protected her from a malicious cancellation.
The number of cases of ``account spoofing'' appears to be small. Pacific Bell does not keep records of the number of complaints, but a spokesman said incidents of mistaken service cancellations are ``not unheard of, but not common.''
Pacific Bell's policies are similar to other telephone companies. Ameritech, which serves customers in Chicago and the Midwest, requires no special identification for cancellation orders, said Mike Brand, a company spokesman.
Pacific Gas & Electric service representatives call back a customer to confirm a cancellation order and then send a technician to the address, said Scott Blakey, a PG&E spokesman.
To keep costs down, Pacific Bell has not publicized one simple solution. Upon request, Pacific Bell will add a secret password to a customer's account to prevent unauthorized changes.
Watts said customers with security concerns should request the service through the Pacific Bell business office listed at the top of their telephone bill. Service representatives are empowered to make ``judgment calls'' about the need for such a password, Watts said, ``but we'll err on the side of the customer.''
``What we don't want to do is stimulate a stampede of folks who imagine a problem when there isn't one,'' said Craig Watts, another spokesman. ``In a company the size of ours, you don't engineer for the individual, you engineer for the larger body of customers.''
Few complaints The Consumer Affairs branch of the state Public Utilities Commission has received few complaints.
``It's up to the customer to tell Pacific Bell, `Do not take any orders on my account until the person gives a password,' '' said Rick Lopez, a consultant to the commission.
As soon as her phone service was restored, Dyruff said she added a password to her account.
``With what goes on nowadays? You bet,'' she said. ``We're not living in Leave-it-to-Beaverville anymore.''
Published 3/12/95 in the San Jose Mercury News.
This material is copyrighted and may not be republished without permission of the originating newspaper or wire service. NewsHound is a service of the San Jose Mercury News. For more information call 1-800-818-NEWS.