Four private investigators in the Israeli Trojan fiasco sentenced. Finally.

After three years four of the PI's that used Michael Haephrati's Trojan software to gather competitive intelligence for their clients have finally been sentenced. This article in The Register gets some of the facts of the original story wrong.

To re-cap: Michael Haephrati, a software developer,s created a clever managed service whereby he would provide custom Trojan software to these private investigators who would then use social engineering techniques to get the targets to install the Trojan on internal systems. For a $2,000 fee Haephrati would host any stolen documents and key stroke logs on servers in Germany and the UK. The police discovered the scheme when Haephrati's first wife took her computer in to them under suspicion of it being infected. Sure enough, it was, and the Israeli police tracked down the hosting servers and discovered thousands of documents from dozens of Israeli companies stored there.

Eventually Haephrati and his current wife were extradited from England and supposedly sentenced to jail terms. But in a phone conversation I had with Michael several weeks after the sentencing he claimed that there was no jail time, and that he was completely free. As a matter of fact he was going to continue to offer his Trojan Horse service but this time he would only work with "law enforcement agencies".

Readers in the US will be perplexed by this case. Four PI's are now going to do jail time while the author of the illegal software goes free. And here is the big unanswered question: What about the executives at Bezeq, Tami4, Pelephone, Cellcom, and the other companies that hired Private Investigators to engage in these activities? Compare this case to the HP case in the US where the board of directors used a PI to obtain phone records of several of it members in an attempt to track down a "leak". The chair of the board, Patricia Dunn, was forced to resign over that fiasco. An interesting contrast in business ethics.