ZIFFPAGE TITLEThe InsiderBy Deborah Gage | Posted 2004-12-01 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Corporate America faces a new kind of cracker. Information-technology managers and chief technology officersthe people charged with safeguarding corporate networksare engaging in acts of digital espionage. In the past two years, a half-dozen c
Abuse of knowledge by a technology executive can even push a company out of business.
Take the case of Manufacturers Electronic Sales Corp. (MESC), which was forced to shut its doors in June, 17 months after Mark Erfurt, its former information-technology director, broke into its network from a computer at his primary (and current) employer, Centaur Corp. of Irvine, Calif.
Erfurt attacked MESC's network in January 2003 as "payback" for what he perceived to be "misdeeds against him and his current company," according to his lawyer, Michael Harkness.
But payback for what? The fact that MESC CEO Yul Koszegi found someone local to handle MESC's network, instead of Erfurt, 388 miles away? Or that Koszegi's wife, Inge, may have diverted resources from Centaur to help MESC? Inge Koszegi was fired as vice president of finance at Centaur two months before the attack.
Or something else?
Both MESC and Centaur are manufacturers' representativesoutside sales forces for makers of sophisticated high-tech parts such as miniature quartz crystals or integrated circuits that are incorporated into watches, smart weapons and other products. Neither company will talk about sales. According to business reference database Hoovers.com, Centaur's annual sales are around $11.4 million and MESC's were about $1.6 million.
Erfurt gained unauthorized access to and recklessly damaged MESC's computer system on Jan. 23 and Jan. 24, 2003, according to the U.S. Attorney's Office in San Francisco. MESC CEO Koszegi told Baseline that Erfurt wiped out all of MESC's datae-mail, sales records, correspondence, non-disclosure agreements, proprietary technical information. He even destroyed backup data. "It was a targeted and vicious attack," Koszegi says.
Erfurt was already working full-time in Centaur's information systems department before going to work for MESC "in or about 2001," according to court documents. But he purportedly was looking to make extra money.
MESC was setting up an internal network and needed help, according to Koszegi. Erfurt signed on as a contractor, managing MESC's network long-distance and visiting MESC as necessary, Koszegi says.
Manufacturers Electronic Sales Corp.
Headquarters: 3333 Bowers Ave., Santa Clara, CA 95054 (no longer occupied)
Phone: (408) 588-4040 (disconnected)
Business: Sales representative for manufacturers of electronic components
Chief Executive Officer: Yul Koszegi
Financials: Privately held; out of business.
Incident: A former information-technology manager pleaded guilty to illegally accessing MESC's computer network from the office of his current employer, Centaur Corp. The purpose: to download MESC's customer database and destroy customer records.
Koszegi says his wife had recommended Erfurt for his technology skills, and there was no reason to suspect he would harm MESC. Centaur CEO Bruce Cahill claims that Inge Koszegi was diverting Centaur computers and software to MESC and had several Centaur employees doing work for MESC, a charge that Yul Koszegi denies. Cahill says that neither he nor Centaur had anything to do with the attack.
Erfurt stayed on with MESC through May 2002, according to the U.S. District Court in San Francisco. Koszegi says he hired someone locally and no longer needed Erfurt.
The break-in occurred eight months later.
Just as in the SSF and Niku cases, Erfurt's attack on MESC's network was deceptively simple. According to his plea, Erfurt used PC Anywhere, a Symantec software program that allows employees to access computer files as they travel or work at home. MESC's system was password-protected. Erfurt's plea says he had "administrative-level access."
Erfurt moved freely, Koszegi says, downloading sales files kept in software specific to the industrythe Rep Profit Management Systemand erasing all data.
Symantec finds the Erfurt story "frustrating." Says product manager Mike Baldwin, "There are tools that, if they were enabled in PC Anywhere, could have prevented this." For example, the software can be configured to allow access only from specific computers, using network addresses.
Koszegi's attorney, Brian Kabateck, says Erfurt's attack caused "serious harm" and is "at least a contributing if not the contributing factor" to MESC's not being in business now.
Deleting data hurts a rep's ability to manage its business. MESC lost several manufacturers' contracts in 2003, each of which can be worth millions of dollars. Joe Kotas, brought in as president nearly a year after the break-in to revitalize MESC, calls the loss of even a single contract "devastating" to a rep's revenue and reputation.
In the end, Erfurt was caught in the devastation.
On May 17, nearly 16 months after the break-in, FBI investigators surrounded Centaur's offices. They told workers not to tamper with any company data or files.
But Erfurt disobeyed. According to Harkness, once Erfurt realized he was being investigated, he was "scared to death, like a deer in the headlights." In a plea to the court, Erfurt admits to overwriting the backup tapes that showed electronic evidence of his intrusion. The erasure came before the FBI could secure and execute a warranta ploy Harkness says the FBI detected with forensic analysis.
Erfurt pleaded guilty in August to unauthorized access into a computer and recklessly causing damage. He also pleaded guilty to destruction, alteration and falsification of records in a federal investigation. He faces a maximum of five years in prison for the computer hacking charge and 20 years for obstructing justice. He is scheduled to be sentenced on Jan. 24, 2005.
His plea came two months after MESC closed its doors.
And, indeed, there may well have been something else at work, motivating Erfurt to get "payback."
Inge Koszegi joined Centaur in 1994, according to civil documents filed in California Superior Court in Santa Ana, Calif. She rose to become its vice president of finance.
Six months after Erfurt's work for MESC ended, Centaur fired and sued Inge Koszegi. She is accused of converting and misappropriating $300,000 worth of cash, furniture and other Centaur property in a scheme that involved a janitorial service, called Quick Cleaning, that serviced a building Centaur was renting from another Cahill company.
Harkness says his client was installing equipment that he only later came to believe was stolen, and "that alleged conduct [was one misdeed] that triggered the act of retribution." Koszegi denies his company used any stolen equipment.
In May 2003, the Orange County, Calif., district attorney's office filed criminal charges against Inge Koszegi for grand theft and falsifying records. According to a transcript of a preliminary hearing in the criminal case, Inge Koszegi is accused of placing checks in a locked closet where cleaning supplies were kept.
She would then allegedly call Quick Cleaning's owner, Adam Bojko, who would pick up the checks, cash them and pass on the money. Bojko has been given immunity from prosecution, according to senior deputy district attorney Mark Sevigny. Bojko's lawyer, David Price, says his client "got taken advantage of" and wants to clear his name.
Inge Koszegi has pleaded not guilty to the criminal charges and is free on $100,000 bail.
Before her plea, she filed a cross complaint against Centaur, Cahill and Bojko, whom she accused of providing false information to Centaur. She claims she was fired for refusing to approve improper accounting methods that allowed Centaur to avoid paying taxes, and for complaining about Cahill's practice of sexually harassing female employees, according to court documents. Cahill calls the charges "without merit."
Erfurt, meanwhile, is free on his own recognizance and continues to work at Centaur in information systems.