http://www.boston.com/dailyglobe2/142/metro/Workers_vengeance_makes_its_way_on_Web+.shtml By Thanassis Cambanis Globe Staff 5/22/2003 Furious that he'd been fired from the travel agency where he worked, James O'Brien waited months before allegedly springing his carefully plotted revenge. Just before Christmas 2000, according to federal prosecutors, O'Brien hacked into his former employer's computer system and canceled 60 customers' airline tickets. The move cost the agency $96,000 and left dozens of would-be holiday vacationers stranded at airports. O'Brien's alleged crime, according to federal law enforcement officials who brought charges against him last month, is the new face of hacking: Irate workers who in the old, low-tech days might have simmered or spread slander about their ex-bosses now instead are wreaking havoc on their former workplaces by infiltrating their computer systems. ''Ten years ago, almost all computer crime tended to be kids, seeing what they could do,'' said Assistant US Attorney Allison D. Burroughs, who heads the Computer Hacking and Intellectual Property unit in the US attorney's office in Boston. ''Now, it's disgruntled employees.'' Burroughs's unit is currently working on 10 other cases in the federal district of Massachusetts involving fired employees who allegedly struck back at their former bosses by hacking into company computers. About three-quarters of all federal hacking cases in Massachusetts, she said, involve disaffected employees, compared with a decade ago when that proportion of hacking cases stemmed from juveniles vandalizing computer systems. The phenomenon not only marks a sea change in the criminal use of computer systems, but poses a costly threat to corporations, which can lose millions of dollars to hacker attacks by former insiders who know their systems' vulnerabilities. ''You don't have to be that sophisticated to cause a lot of harm,'' said US Attorney Michael Sullivan. A hacker with a grudge can bring a company to its knees, he said, causing as much damage with a few computer keystrokes as might be inflicted with a torch in a warehouse. Three cases were brought in Boston in the last month alone that underscore the threat. In addition to O'Brien, who pleaded not guilty May 1 in US District Court in Worcester, federal prosecutors indicted a Sutton man who allegedly broke into his Worcester employer's computer system, and a man who is accused of cooking up fake e-mail in a lawsuit against an Andover company. The potential for mischief is great. Robert Boule, a 29-year-old Framingham man, pleaded guilty in federal court in Boston in February to breaking into his former company's computer system to monitor its product lines so he could undercut its bids. ''Technical knowledge and a bad economy have given a certain class of people the means and the motive to commit crimes they would not have been able to commit,'' Burroughs said. ''There are people getting laid off who have a tremendous amount of knowledge about a company's security and systems.'' Many companies, federal authorities say, take great precautions to protect against outside hackers. But increasingly, it's insiders who know passwords and have access to a company's computer system who have the ability and, at times, the desire to commit electronic sabotage. ''You used to send someone home and take away their keys,'' Burroughs said. ''Now, in Massachusetts in particular, you have sophisticated employees who know everything you can know about your computer system.'' In Burroughs's nightmare scenario, a former pharmacy employee hacks into the computer network that contains customer prescriptions and alters dosages -- not only hurting the pharmacy, but patients. ''You don't need a lot of physical courage to commit some of these crimes,'' Burroughs said. ''You can do it remotely and, people think, anonymously.'' Four full-time prosecutors work in the so-called CHIPs unit. In addition to hacking, the unit also prosecutes fraud, as well as theft of intellectual property and trade secrets. The Boston office of the FBI has 13 agents assigned to high-tech crime -- one of the bureau's only growth areas other than terrorism. And the US Secret Service here has another six-agent team that investigates cyber-crime. ''It's kind of cowardly, and because of the anonymity people think they're not going to get caught,'' said Jonathan L. Kotlier, chief of Sullivan's economic crimes unit. ''That was so interesting about the Christmas ticket indictment -- he actually waited months to take his revenge.'' O'Brien, of Worcester, faces up to 10 years in prison and a $250,000 fine if convicted. Thanassis Cambanis can be reached at tcambanisat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri May 23 2003 - 00:29:55 PDT