Companies urged to report computer sabotage
Convincing executives to open their companies up to scrutiny and potential public embarrassment is still the hardest part of setting up a legal case against corporate computer sabotage, according to the prosecuting attorney who has just won a precedent-setting decision.
"With the guilty verdict, the focus shifts from whether we're capable of doing it to whether victim companies are prepared for the battle," says V. Grady O'Malley, who successfully tried the first federal criminal prosecution of computer sabotage. "They don't want to admit they've been victimized, and if they do, they don't want to admit how serious the victimization is... Convincing them they're not going to be victimized all over again is a tough sell."
O'Malley has just nailed down a legal victory with the reinstatement of a guilty verdict against Tim Lloyd of Delaware, a network administrator who destroyed the network he built at Omega Engineering. Lloyd built and planted a software time bomb that went off on July 31, 1996, deleting and purging the 1,200 manufacturing programs that kept Omega up and running.
The Lloyd case is the tip of the iceberg. This past summer, a New Hampshire man pleaded guilty to twice breaking into and sabotaging his former employer's computer network after being terminated. In September, a former IS worker at a Florida-based national grocery distributor was found guilty in the U.S. District Court in Miami, on two federal counts of computer sabotage.
In another case that is getting ready to go to trial in Las Vegas, a network consultant is charged with sabotaging the computer network of one of his clients, Steinberg Diagnostic Medical Imaging. The consultant is charged with three counts of network intrusion for changing passwords in the network and locking company administrators out of their own system.
Both the FBI and the United States Secret Service report that cases of insider-based computer sabotage are on the rise.
"Definitely, the amount of these cases has been increasing," says Special Agent-in-Charge James Washington, of the Secret Service's Philadelphia field office, where members conducted the investigation that led to Lloyd's arrest and prosecution. "The figure I'm working with shows that 50% to 75% of these cases are contributable to disgruntled employees... It's indicative of a trend or vulnerability in private systems."
And that increase in cases means a growing number of companies will have to decide whether to turn to federal law enforcement agencies to report cases of sabotage. And despite the losses they may have suffered, it's not always an easy decision to make.
"What is a company prepared to do? How far will they go? Will they be on board next year or the year after?" asks O'Malley. "The discovery process in the federal system can be very discouraging for victims. The defense counsel can start requesting all sorts of information they don't want to give up. They may be putting themselves or their shareholders in a position where critical financial information is being disclosed... People will be interviewed. There will be a grand jury."
He adds: "You can think of a thousand reasons they might not be cooperative. But if a victim company says how long is this going to take and what's going to happen to this guy? We can tell them that there will be a day of reckoning for this guy, for doing this. You can count on that."
The Secret Service's Washington says the agency is focused on bringing that day of reckoning to anyone involved in computer sabotage. And he's glad to have the experience from this case under their belt.
"This case showed the importance of having two parallel types of investigations," says Washington. "While we, the investigators, were doing the traditional investigations, the technical forensic backtracking was being done at the same time. Those two investigative paths came together for us."
Washington adds that companies should contact the Secret Service in any instance of computer sabotage or fraud.
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.