/etc./password.

Those 15 keystrokes, flashing across a computer screen in an Ellicott City barn last month, put Jamie Clark and two co-workers on a cyberspace hunt for international computer criminals in the fast-evolving world of Internet crime.

"I knew it was really bad trouble right away," recalled Mr. Clark, 31, as he watched a hacker trying to worm his way into the password file of the system Mr. Clark had set up to sell Internet access to home and small-business computer users in the Baltimore-Washington area.

What he found was worse than he had suspected. An international ring operating out of Sweden and several European countries had used stolen telephone calling card numbers to call the United States and set up accounts on ClarkNet, Mr. Clark's Internet access system. They paid by using stolen credit card numbers.

Once on the Internet, the hackers were free to attempt to crack and vandalize other systems.

Computer security experts now believe the group wanted access to university computers to steal research that could be sold on the black market around the world.

They say this kind of attack is increasingly common as criminals use the wide-open Internet to steal not only business data, but also important personal information -- such as credit card numbers -- that everyday users store or pass through the Internet.

"This kind of thing is happening more and more each year. A lot of people think the Internet is this wonderful place where everyone is communicating and acting responsibly. But people have got to realize there are some devious people out there with superior hacker skills," said Doug Tygar, a computer scientist at Carnegie-Mellon University and a member of the Computer Emergency Response Team, a group that investigates electronic break-ins.

The Secret Service and the FBI declined comment on the investigation of the ClarkNet break-in, as did several banks and telephone calling card companies whose customers were targets of the group. However, Mr. Clark and his co-workers were willing to provide details of their efforts to track down the intruders.

Passwords

Mr. Clark's brush with Internet crime began over the July 4 weekend, when he was monitoring computer traffic coming through ClarkNet, the business he founded last year in a barn on his family's farm.

ClarkNet provides 1,500 computer users with dial-in access to the Internet, a worldwide network of computer networks which links an estimated 20 million users in universities, businesses and homes.

He saw that a customer known as "John" was attempting to break through ClarkNet's computer security and steal the file containing the passwords of ClarkNet customers and administrators. With those passwords, the hacker could gain access to sensitive customer information and other critical ClarkNet files.

The intruder didn't know that Mr. Clark had put the password files where they would be almost impossible to find. Still, the incident was alarming -- it meant the intruder was sophisticated and serious.

Mr. Clark quickly canceled John's access. But as Drew Jansenn, his vice president for sales and marketing, probed the attempted theft, he found that this was more than a lone hacker strutting his cyber-stuff.

They and other investigators found that a small network of skilled intruders had set up at least 20 ClarkNet accounts under phony names by calling in from Sweden and other sites in Europe.

Once they had access to the Internet, the invaders apparently logged onto major university computer systems and tried out sophisticated programs to decode encrypted password files by matching them against entire dictionaries in several languages. They took advantage of the fact that most users pick passwords that are easy to remember, such as "flower," rather than meaningless but secure jumbles of letters such as "ngrvlp."

The hackers were successful in at least one confirmed case, destroying and possibly stealing computer files at Clarkson University in Potsdam, N.Y., according to Lori Carrig, ClarkNet's security officer, who is assisting in an investigation by a government-funded computer security panel and the U.S. Secret Service.

Incidents double

As many as 20 other universities may have been targeted, she said. ClarkNet was able to alert Carnegie-Mellon University in Pittsburgh, where defense research is conducted, that one intruder had some of the school's passwords in his file.

ClarkNet uncovered all of the bogus accounts and canceled them, but its experience illustrates a growing problem.

In 1992, 773 incidents were reported to the Computer Emergency Response Team (CERT). The number doubled in 1993, and this year CERT estimates it will receive more than 2,300 reports.

"Computers are coming more and more into the home, and as they do, people need to think about how they might be affected socially. Unless they have good security, their privacy may be at risk," Ms. Carrig said.

She noted that with an Internet user's password, a criminal can masquerade electronically as his victim, order merchandise from vendors in the Internet's new electronic malls or attempt other crimes while logged on as the victim.

"People must realize there are people using the Internet who can penetrate the fortress, and do a lot of damage. If they can access your files, they can theoretically learn a lot about you -- even take on your identity," Ms. Carrig said.

At Carnegie-Mellon, Professor Tygar said it's likely that the intruders who set up bogus accounts with ClarkNet tried the same thing with some of the other 40 commercial Internet access providers in the United States.

The other large commercial Internet access provider in the Baltimore-Washington area, Digital Express Group in Greenbelt, says it was not hit by the credit card scam.

CERT does not divulge the sites reporting break-ins or details of its investigation. But it estimates that fewer than 10 percent of such incidents are ever reported.

"Many people are embarrassed to report that their security was breached," said Terry McGillen, a professor at Carnegie-Mellon's Software Engineering Institute and a CERT panel member.

"Criminals, plain and simple"

One problem, security experts say, is a feeling among some longtime, traditional hackers that all information should be freely shared. There is even a magazine, .2600, and a computer bulletin board by the same name, with articles explaining how to break into various systems.

But as the Internet grows into a major conduit for sensitive information of all kinds, these security experts are concerned about the lack of global uniformity in investigating and prosecuting criminal activity.

"The public perception of people who break into computer systems, unfortunately, is that they are either geniuses or misguided kids showing off. Nothing could be further from the truth. They are criminals, plain and simple," said Eugene Spafford, an associate professor with the Computer Operations, Audit and Security Technology Project at Perdue University and an Internet security authority.

"A lot of people, including the [Clinton] administration, are giving everyone these wonderful images of the Internet, but it's not the whole picture," he said. "It's sort of like you've bought this wonderful vacation land in Florida, but when you get down there you find out it's under water and full of mosquitoes."

Difficult to investigate

Mr. Spafford and others agree that the ClarkNet incident shows how difficult it is to investigate and prosecute cybercrime.

Only a handful of states have law enforcement units dedicated to investigating computer crime. The Maryland State Police recently started such a unit, staffed by four investigators.

Major computer system break-ins are now investigated by the FBI and the Secret Service, which have computer crime units. The U.S. Department of Justice has also launched a computer crime unit that specializes in prosecuting cases under a federal computer crime law.

But international crime is harder to deal with. ClarkNet has done much of the sleuthing on its own case.

"In many countries in Europe and elsewhere, there are no laws against breaking into computer systems. The attitude among some people overseas is that information going back and forth over computers is literally considered free to everyone," Mr. Tygar said.

Meanwhile, for individual users, the best defense is a password that is unlikely to be discovered.

"The Internet is a really great thing, no doubt about it" says Mr. Jansenn of ClarkNet. "But we think security should be paramount when using it. As we found out, there are some evil [people] out there."