ZIFFPAGE TITLEPicked ApartBy Deborah Gage | Posted 2004-12-01 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Corporate America faces a new kind of cracker. Information-technology managers and chief technology officersthe people charged with safeguarding corporate networksare engaging in acts of digital espionage. In the past two years, a half-dozen c
In fall 2001, the SSF informa- tion technology staff, led by director Nancy Sanguinetti, started to detect extremely heavy traffic on its Web site coming from one customer's online account.
The account had been used to search SSF 's electronic catalog of 20,0000 car parts almost 1,000 times in just two days, according to an affidavit given by FBI Special Agent Daniel J. O'Connell, who investigated the case. Each entry into the system was for a single search; no orders were placed.
The SSF staff took a closer look and detected a script being used to perform a particular task. In this case, SSF believed the tiny program was repeatedly probing the SSF catalog and downloading results. On one day, Oct. 12, SSF estimated that up to 18,000 pieces of information could have been downloaded.
A few days later, the SSF staff noticed similar activity from another customer's account. Upon further scrutiny, SSF discovered that software programs were being used to extract data and photographs. According to O'Connell's affidavit, 30,880 searches were performed from this account, from Oct. 17 to Oct. 20.
SSF said it believes its database to be the most complete and accurate listing of parts for European autos. The company spent thousands of hours over the past 25 years to develop, organize and compile the repository. In 2000, SSF built a Web site that allowed its customers to search the database and order parts online.
SSF customers needed a user name and password to get on. They also were only allowed to access the site during certain hoursgenerally 4 a.m. to 10 p.m. Pacific Timeso that SSF's technology staff could monitor activity.
When SSF started seeing the flood of searches, it decided to review its records. Agent O'Connell, in his affidavit, said the company found similar intrusion from three more customer accounts dating back to the previous April.
Every computer used to access the Internet is identified by an Internet Protocol address. This is four sets of numbers separated by periods, such as 12.345.678.910. When a computer accesses a Web site, the site can record the IP address. There are also Web sites, such as InterNIC, that can be used to trace the origins of these addresses.
SSF traced an IP address to Geoffrey Michael Glaze, a computer consultant working for Dallas European, an SSF competitor. An FBI investigation verified that one address belonged to Glaze. SFF ran similar traces on other devices used to perform excessive searches and found that several of the Internet addresses belonged to Dallas European.
According to a grand jury indictment, three employees of Dallas Europeanpresident and CEO Mehdi Rowghani, chief technology officer Kevin Harold Smith, and Glazeobtained passwords to the SSF Web site and repeatedly intruded into the database for "purposes of commercial advantage." The three were charged with computer password trafficking, unauthorized access to a protected computer, and conspiracy.
Rowghani, Smith and Glaze all pleaded not guilty.
The indictment said Glaze used the corporate user names and passwords of Coast Mercedes Benz, AE German and a company called Frank's to access the SSF system more than a dozen times in the second half of 2001. Smith, the chief technology officer, was said to have provided the Frank's password.
Smith is also said to have asked another Dallas European employee for the password to access the SSF database. The employee, who wasn't named in the indictment, is said to have e-mailed Smith a user name and password for a company called WPA Eurasion. Glaze is accused of using the WPA Eurasion password to enter the database.
SSF Imported Auto Parts
Headquarters: 466 Forbes Blvd., South San Francisco, CA 94080
Phone: (800) 632-2743
Business: Distributor of European auto parts
Chief Executive Officer: Hans Kopecky
Financials: Privately held; annual revenue estimated at between $50 million and $100 million.
Incident: Three employees of competitor Dallas European charged with conspiring to gain unauthorized access to SSF's computer database. They allegedly stole product information to build a catalog of parts.
O'Connell said in his affidavit that he believed Glaze was trying to acquire data from the SSF database "for purposes of setting up a fully functional Dallas European Internet Web site page for business purposes."
O'Connell also said in his affidavit that one customer whose account was used to access that database had told SSF that a West Coast operation of Dallas European had requested AE German's SSF account and password information. Additionally, a person who worked at Dallas European with the three accused managers told Baseline they simply found customers who did business with both SSF and Dallas European and asked those customers for their SSF passwords.
A few customers, says the Dallas European employee, "gave them their passwords," not realizing that they would be used to gain unauthorized access to the site.
The criminal case against Dallas European is still pending. Meanwhile, the assets of Dallas European were sold in 2003 to a group of auto parts executives who formed a company called Dallas Business Group. The current chief operating officer of Dallas European, Greg Verrelman, said that while the company bought the assets of Dallas European and employs some of its staff, there is no other relationship to that company.
Smith could not be reached and his lawyer, Alexandria McClure, declined comment. A lawyer for Rowghani, Michael Gibson, told Baseline that the "case involves pending criminal charges; therefore, Mr. Rowghani cannot personally respond to you." Neither Glaze nor his attorney replied to any of Baseline's requests for comment.
The case continues to make its way through the courts. On Dec. 7, the U.S. District Court in San Francisco was scheduled to set dates for motions, future hearings and, possibly, a trial date.