But what they had done was walk right into a trap known as a honeypot-a specially equipped system deployed by security professionals to lure hackers and track their every move. For a month, every keystroke they made, every tool they used, every word of their online chat sessions was recorded and studied. The honeypot administrators learned how the hackers chose their targets, what level of expertise they had, what their favourite kinds of attacks were and how they went about trying to cover their tracks so they could nest on compromised systems.

Lance Spitzner, this honeypot's creator, is a self-confessed computer geek, but he is more likely to quote Sun Tzu's ``The Art of War'' than the latest guide to Unix. A Chicago-based security consultant with Sun Microsystems Inc., Mr Spitzner says he is applying the tactics and techniques he learned as a tank commander in the US Army to the cloak-and-dagger world of Internet security. To be sure, Mr Spitzner's Honey Net Project-which includes some 30 security professionals, programmers and psychologists, all working on the project in their spare time-isn't the first time honey-pots have been used to gather intelligence on the Internet underground. Experts have used decoy computer systems for years to lure hackers and study their moves.

But where previous honeypots were baited with known vulnerabilities designed to mimic various computers, Mr Spitzner's team puts unmodified production systems online-networks with the same specifications, operating systems and security as those used by many companies. This isn't a hush-hush, internal corporate operation like earlier honeypots: Mr Spitzner posts all of his findings on the Internet for the security community to see (http://project. honeynet.org).

That approach scores a lot of points with many security professionals, who say it makes their job easier by raising awareness of the threats posed even by inexpert hackers. ``Some 95% of a security practitioner's job is convincing people to take (these threats) seriously,'' says Marcus Ranum, chief technology officer for NFR Security Inc., who says the availability of the information gathered by the Honey Net Project is one of its greatest virtues.

Mr Spitzner says a four-year stint in the Army's rapid-deployment force after the Persian Gulf War taught him how valuable reliable information on the enemy could be. But there wasn't much available when he joined Sun two years ago as a consultant advising corporate clients on security issues.

Curious, he built his first honeypot early last year. Within 15 minutes, it was scanned by a hacker looking for easy prey. For about 18 months, the Honey Net Project, which mushroomed as word of the project spread through the security community, has focused on the kinds of random attacks carried out by ``script kiddies,'' who use ready-made software to attack vulnerable systems. The temporary shutdowns of Amazon.com, eBay Inc. and Yahoo! Inc. this year were blamed on script kiddies.

Though they are often technological neophytes, script kiddies pose a big threat to corporate security. While ``people laugh at them,'' says Mr Spitzner, ``they've compromised an awful lot of corporate sites.'' Security experts attribute that in part to the proliferation of Web sites where hacking software is made available to the public, allegedly for educational purposes.

In one of his first honeypot episodes, early last year, Mr Spitzner spent four days following a script kiddie around his honeypot, watching as the hacker used ready-made programs to cover his tracks and gain control of the system. Mr Spitzner, wary of scaring away the hacker, had to tread carefully, making sure to leave no trace as he in turn explored the system's logs. Based on what he learned, Mr Spitzner was able to arm common operating systems like Linux and Solaris against most script-kiddie attacks.

The next step, due to be initiated in January, is to sweeten the honeypot by building a transactional system that looks like an electronic-commerce site. The intent is to make the honeypot irresistible to the more skilled hackers, dubbed black-hats, who are looking to steal credit-card numbers.

There are still plenty of questions and criticism about the Honey Net Project and honeypots in general. For starters, although the project has helped show many in the security community the nuts and bolts of investigating a break-in, it is unlikely to shine a light on any of the cutting-edge tools used by hackers. And while honeypots are a great training environment for security professionals, says Elias Levy, chief technology officer at www.security-focus.com, a leading online source of security information and discussion, ``they won't fulfil their promise unless you have the time to administer them correctly.'' Some security chiefs could use the training. According to the Security Administration and Network Security Institute, putting unqualified administrators in charge of security is one of the biggest mistakes companies make.

But many administrators, torn by budget constraints and the need to find quick fixes to get systems back online, often are in no position to probe hacker attacks, says Frank Prince, an electronic-security analyst with Forrester Research. Honeypots or other projects that offer the detailed, behind-the-scenes forensics of hacker tracking often end up being as useful as ``metallurgy for the guy tightening the lug nuts,'' Mr Prince says.

What's more, in dollar terms the most damaging attacks come from inside companies, he says. While honeypots can help compile information on people breaking into the system, they do little to combat sabotage from within.