Having built a legitimate website business for one of our medium-known actors over the past 6 years, I've worked with a couple of computer scientists who showed me how someone at or near software developer level can do almost anything, and make it appear like almost anything else.

We have experienced stalking, bank-fraud and identity theft in some extremely undetectable ways. The crooks used legitimate companies and links, and "siphoned" from them "offshore," usually by means of robot softwares called "packet sniffers."

One example is the travel websites (you know the big ones). Routinely booking staff-travel for photo shoots and other events, we found a Mexico-based (they used American prejudice as a shield) theft group doubling airline, hotel and other fees, and siphoning through relays those companies were not aware of. They got their money, and the crooks got the mirror or duplicate fees. It took 3 weeks of painstaking work (wasted time in busines, on top of the bills we paid before noticing the doubling) to notify the travel sites and their clients - the bookers and air, hotel, etc providers.

They shut it down, but one woman who worked for a rental car company told us the same thieves would likely switch to a new sniffer and siphoning network, as her rental company had not yet figured out how to find them "out there" in the dizzying world of internet relay stations. "It's hard enough for us to protect the security of our own servers," she said, " much less the linkers and other network partners we do business with.

"When someone good at this siphons offshore, it is so costly we have to keep at it, but are working on developing anti-bot software by hiring former 'black hats' (hackers for illegal tasks), who them become 'white hats' for us."

On two occasions, though, crooks placed the little buggers directly within our server and website pages. Those were disguised so well it cost us a $5,000 retainer with one of the country's best programming firms to expunge them.

On our site, this was sometimes for mischief (hardly an adequate word when someone is trying to steal all your merchandise and post it in a country with no extradition treaty with the U.S.), and sometimes we were used as a 'front' or repository for these out-of-domain information harvestings - just like the car rental company. We had up to 70,000 unique visitors (who visited more than once) per day.

Luckily, most phishers and worse haven't this degree of sophistication. We were witnesses in a federal case against one such person, a software developer who was also a child pornographer and 'virtual theft' entrepreneur.

I am no longer convinced the internet is at a stage in its history that is safe for much except entertainment and information. Later, once the industries have gotten a grip on this with their 'white hats' (or government steps in with effective controls), we may return. For now, real or 'brick and mortar' transactions, after our experience, will be conducted offline.

Our experiences with the U.S. Postal Inspectors, states' attorney generals (three states), F.B.I., U.S. Attorney and real news organizations (NBC, CNN, daily newspapers and industry trade magazines) are available on request.

Thanks for the needed service, 419.

David