They're high-tech sleuths whose beat ranges from poor etiquette to crime TALES OF THE HACKER TRACKERS

Nothing seemed unusual to the students who slung down their backpacks and settled in to work at computers in the Michigan Union's public computing site. The screen displays that prompted them to type in their passwords seemed just like those on all the other computers around the room. If anything, the scene had a reassuring monotony about it--banks and banks of identical computers with seemingly identical screens.

But something wasn't right. As the students innocently checked their e-mail, wrote their term papers, or surfed the Internet, they were stumbling into a trap. The familiar "login" display that welcomed them that day was really a fake, modeled after the real thing. It concealed a secret computer program that captured the password of anyone who logged into one of the altered computers.

After the hapless users left, the person who set the trap came back and, with a few keystrokes, collected the day's catch. Then, hiding behind the students' identities, the thief used their passwords to send out a storm of racist e-mail.

Such scenes are being played out on campuses across the nation. As computers become more commonplace, and electronic communication is considered almost essential, incidents ranging from the improper to the illegal are posing problems for communities of computer users-and for computer support staffs. At the University of Michigan, most such problems wind up in the laps of Dora Winter and Jim Knox, the IT (Information Technology) User Advocates who work with the Information and Technology Division (ITD).

While Knox prefers the advocacy side of the job, Winter revels in investigations and doesn't mind being called a "hacker tracker." A fan of Dragnet reruns who always has enjoyed unraveling mysteries, Winter has worked with law enforcement agencies--from the U-M Department of Public Safety and Ann Arbor police to the FBI and Secret Service--to crack cases of stolen passwords, credit card fraud and even a forged e-mail message that appeared to be from the president of the United States.

Tracking the source of an e-mail forgery or a computer account break-in can keep Knox or Winter absorbed for days. They search for clues in the "headers" of e-mail messages--strings of e-mail addresses and other information that function as electronic postmarks, showing every computer the message has passed through, along with the day and time each machine received the message.

The machines themselves can also contain telltale traces of inappropriate activity. But the trail can get convoluted when a crook uses more than one computer to break into someone else's computer account. And in cases of password theft, dozens of users may be affected, adding to the time it takes to investigate and clean up after an incident.

In one particularly messy case, hackers stole users' passwords, broke into their computer files and stored collections of illegal software there without the users' knowledge. Then the hackers distributed the stolen passwords on the Internet, telling people they could use them to get free software from the U-M. To clear up that incident, ITD staffers had to call in more than 100 students, one by one, and go through their computer files with them, discarding the illegal files and keeping those that belonged to the students.

The cost wasn't only in wasted time. The incident also caused legal headaches for the University, which although innocent, appeared for some time to be offering pirated software for free. The university never found out who was behind that caper. But in plenty of other cases, the culprit has been caught, often thanks to the IT User Advocates' tracking skills.

Being the one to point the finger has taken some getting used to, Winter says. "I'm the one who says, 'They did it, and here's why I believe that,'" she says. "At first that was very weird to me. I kept thinking, what if I'm wrong?" But with time and experience, Winter has come to trust her instincts. Sometimes that means listening to a nagging voice that keeps telling her that things just don't add up.

Take the case of the phony president. Someone sent out a sarcastic and threatening e-mail message apparently signed by President Clinton. Working with the Secret Service, Winter traced the forged message to one student. But after talking to the student and trying to put all the pieces together, Winter felt someone else was responsible. Sure enough, it turned out to be the student's roommate who had done the deed.

But Winter and Knox insist they're not primarily computer cops. Instead, they see themselves as peacemakers and educators. Most of the problems they deal with every day are more in the realm of Miss Manners than of Dragnet's Joe Friday. Take these typical cases: A student creates mischief by circulating an e-mail message to classmates, made to look as if it came from their professor. A participant in an online discussion group complains that someone from the U-M is posting rude remarks. A staff member gets a little too curious about a coworker's business and is caught snooping through private computer files.

In situations such as these, the user advocates' first step is to help the miscreants understand why their behavior is inappropriate or possibly harmful. That educational role is essential, explains Virginia Rezmierski, director of ITD's Office of Policy Development and Education.

"We're dealing with young, developing people, and they need to have feedback about the impact of their behavior on other people," Rezmierski says. "And nine times out of ten, that's all it takes. They just haven't thought about what they've done and how it reflects on them, or how it reflects on the University, or how it might cause somebody not to be able to use the system."

Young people do impulsive and unwise things with their computers for the same reasons young people do impulsive and unwise things in general, says Rezmierski, an educational psychologist by training. Some just think it's fun to play pranks. Others like the challenge of sneaking into someplace they're not supposed to be, just to see if they can do it. And some simply are not clear on where the boundaries lie.

Universities have a responsibility, Rezmierski says, not only to give students the technical expertise they need to use computers, but also to help them learn that the world is not a laboratory where they can experiment without limits.

When the IT User Advocate position was created more than a decade ago, it was seen as a sort of ombudsman for the small group of relatively sophisticated computer users on campus. Back then, desktop computers were rare. Users relied on the University's mainframe computer, and the Internet as we know it did not exist.

Knox, who was one of the U-M's original user advocates and now devotes one-quarter of his time to such activities, recalls handling only about 20 complaints or requests a month in those early days. And now? "I think already this academic year, we're up to approximately 1,400," he said in April.

After about a year in the role, "I've come to the conclusion that I'm the investigator," says Winter. "I'm not determining guilt. I'm not determining innocence. I'm just giving you the facts." Just the facts. Now there's an attitude that Dragnet's Joe Friday would appreciate.