Wanted: Chief Espionage Officer

By Deborah Gage  |  Posted 2004-12-01

You've long been on the lookout for hackers who want to do harm to your systems and damage—or steal—your data. But what if the felon you should fear, now or in the future, is standing next to you? Or works at one of your chief competitors? Here are three cases where top technology executives are accused of stealing trade secrets. And it's a growing problem.

SSF imported auto parts works out of a nondescript building just off the main retail drag in South San Francisco, Calif. In a space half the size of a football field sit rows of metal shelves filled with brake discs, alternators, water pumps and other components for Audi, Mercedes-Benz, Porsche, Saab and Volvo cars. Workers in blue shirts move briskly about, picking and packing parts for delivery overnight to repair shops and dealerships around the country.

Yes, this is a warehouse. But it is also a center for what some security experts worry is a new type of computer crime: Digital espionage. By top technology executives.

View the PDF -- Turn off pop-up blockers!

SSF's computer systems were repeatedly broken into over seven months starting in early 2001. An FBI agent who investigated the incident said he believed large portions of SSF's electronic catalog of 20,000 car parts were copied, so rivals could build a better catalog. The culprits? The chief technology officer, chief executive officer and a computer consultant for a rival: Dallas European Parts Distributors of Carrollton, Texas. According to the U.S. Attorney's Office in San Francisco, the trio became criminals when they accessed SSF's computers without authorization and illegally trafficked in SSF computer passwords.

Statistics are not kept by federal law enforcement agencies on the number of acts of espionage committed each year by executives and technology managers in this age of worldwide computer networking. But research by Baseline has identified a half-dozen cases of digital espionage that are alleged to have been committed by corporate chief technology officers and information-technology directors in the past two years. The alleged spies include:

  • The chief technology officer at Business Engine Software Corp. in San Francisco, who pled guilty in July to downloading trade secrets, such as information on customers and products in development, from rival Niku Corp. in Redwood City, Calif.

  • The information-technology director at Lightwave Microsystems in San Jose, who was indicted in May 2003 on charges of stealing the network equipment maker's Manufacturing Execution Database and other secrets, stored on backup tapes. His alleged intent: sell the secrets to competitor JDS Uniphase. He pleaded not guilty.

  • The chief technology officer of Speedera Networks, a Santa Clara, Calif., provider of Web hosting and content delivery services; according to a civil suit filed in California Superior Court in Santa Clara County, he allegedly broke into a database at Keynote Systems to steal performance data about Akamai Technologies, a Cambridge, Mass., competitor. Speedera denies any wrongdoing.

  • The CEO of Orbit Communications, a satellite data reseller, who allegedly recruited technology security consultants to attack the Web sites of three of Orbit's competitors, according to an FBI complaint. The CEO is a fugitive.

  • The former network and information-technology manager at Manufacturers Electronic Sales Corp. (MESC), a sales representative in Santa Clara, Calif., for electronic component makers. The manager pleaded guilty in August to breaking into the company's computer system from his new employer. He was charged with downloading a customer database, reading e-mail and deleting data, then destroying evidence of the break-in.

    These incidents, say security experts such as Steve Orrin, vice president of security and technology at Watchfire, which provides software and services to help companies manage online security, privacy and compliance risks, portend a new and worrisome threat for corporations. The people in U.S. companies who are responsible for safeguarding networks and the secrets they hold about products, customers and strategies—CTOs and I.T. managers—may be using their skills to cross the line into crime.

    "And it's probably one of the most flagrant violations of trust," he says, "when the people you trust to defend your networks turn around and execute something that could put your organization at such significant liability."

    This may just be the next evolution of the economic spy.

    "The average computer professional has as much, if not more, skill than [the typical corporate hackers] going out and committing crimes,'' says Ira Winkler, a top I.T. security consultant and author of the forthcoming book Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day.

    "The cases speak for themselves," adds Christopher Sonderby, who heads up the computer-hacking and intellectual-property unit in the U.S. Attorney's office in San Francisco. "The cases would seem to support the notion, certainly, that it has been done and that it's a real risk."

    -Suited to the Task">
    Well-Suited to the Task
    Not only are corporate technologists usually well-versed in the latest electronic intrusion tools and hacking techniques, but they also know where to look for valuable information once they've gained access to a system, say security experts.

    Mark Erfurt, the technology director who broke into MESC's computer system, for example, would have known that manufacturers' reps use Rep Profit Management System software, from a company called RPMS, to track sales and commission reports, says MESC CEO Yul Koszegi. Erfurt downloaded those files from MESC's system and then deleted them from MESC's servers, according to Koszegi. The motivation is unclear.

    The danger becomes even more apparent in a country where the main value-added component of operations is ideas about how to design, create and market products that actually get built elsewhere. Today, says Richard Weyand, president of The Trade Secret Office, a Chicago-area software vendor, up to 80% of the value of U.S. companies is tied up in what can be characterized as "intangible" assets—information such as product designs, chemical or drug compounds, manufacturing processes and customer lists. All of this is stored as a matter of course in databases on mainframe computers, servers and other storage devices.

    Such trade secrets are leaking from U.S. companies at an alarming rate. R. Mark Halligan, a Chicago-based intellectual property attorney, notes a "logarithmic rise" in trade-secret theft cases since 1980. The Justice Department released figures in October that showed intellectual property theft up 26%, from 322 incidents in 1994 to 405 in 2002, and trade-secret thefts up more than threefold, from 28 in 1997 to 92 in 2002.

    Several experts and law enforcement officers say many companies are doing little to protect themselves. Some don't even know how to adequately define trade secrets, which can be processes or product designs or whatever the company uses to make money every year. That makes it difficult to prove ownership or damage when they are stolen. And even when they catch a thief, says Naomi Fine, a security consultant who has worked with Fortune 500 companies for 20 years, clients typically resist reporting theft of intellectual property and trade secrets to avoid negative publicity.

    Yet, in the cases of SSF, Niku and MESC, the companies did come forward to say they had been harmed by electronic intruders from competing companies. Each claims to have taken precautions to protect their trade secrets and intellectual property; at SSF, employees were actively monitoring their site for suspicious activity. One warning sign SSF's I.T. staffers watched for: customers logging in to the site and performing hundreds of searches in a single day.

    In all three incidents the attackers, according to court records and people familiar with the incidents, were able to spot a simple vulnerability that allowed them to penetrate a competitor's defenses. In the Niku case, for instance, Niku believes that Business Engine's now-former CTO was simply monitoring a Niku online training session and saw a slide come up on screen with a Niku systems administrator's user name and password on it. An administrator's password grants unlimited rights to read, change or delete data on a given system—or, for a top-level administrator, all systems companywide.

    A company could even be tempted to recruit a technologist when thinking about breaking into a competitor's system to steal trade secrets. Saad (alias Jay R.) Echouafni, Orbit Communications' CEO, has been charged with exactly that. Echouafni, who landed on the FBI's Most Wanted List, allegedly hired his Internet service provider, CIT/FooNet, to recruit security consultants who then launched denial-of-service attacks against the Web sites of competitors, such as WeaKnees.com. Echouafni denied the charges in a November Wall Street Journal article.

    "It would make sense—if upper management was already colluding—to bring the technologist into that collusion," says Mark Lobel, a director in PricewaterhouseCoopers' security services practice. "It's a logical progression."

    Picked Apart
    In fall 2001, the SSF informa- tion technology staff, led by director Nancy Sanguinetti, started to detect extremely heavy traffic on its Web site coming from one customer's online account.

    The account had been used to search SSF 's electronic catalog of 20,0000 car parts almost 1,000 times in just two days, according to an affidavit given by FBI Special Agent Daniel J. O'Connell, who investigated the case. Each entry into the system was for a single search; no orders were placed.

    The SSF staff took a closer look and detected a script being used to perform a particular task. In this case, SSF believed the tiny program was repeatedly probing the SSF catalog and downloading results. On one day, Oct. 12, SSF estimated that up to 18,000 pieces of information could have been downloaded.

    A few days later, the SSF staff noticed similar activity from another customer's account. Upon further scrutiny, SSF discovered that software programs were being used to extract data and photographs. According to O'Connell's affidavit, 30,880 searches were performed from this account, from Oct. 17 to Oct. 20.

    SSF said it believes its database to be the most complete and accurate listing of parts for European autos. The company spent thousands of hours over the past 25 years to develop, organize and compile the repository. In 2000, SSF built a Web site that allowed its customers to search the database and order parts online.

    SSF customers needed a user name and password to get on. They also were only allowed to access the site during certain hours—generally 4 a.m. to 10 p.m. Pacific Time—so that SSF's technology staff could monitor activity.

    When SSF started seeing the flood of searches, it decided to review its records. Agent O'Connell, in his affidavit, said the company found similar intrusion from three more customer accounts dating back to the previous April.

    Every computer used to access the Internet is identified by an Internet Protocol address. This is four sets of numbers separated by periods, such as 12.345.678.910. When a computer accesses a Web site, the site can record the IP address. There are also Web sites, such as InterNIC, that can be used to trace the origins of these addresses.

    SSF traced an IP address to Geoffrey Michael Glaze, a computer consultant working for Dallas European, an SSF competitor. An FBI investigation verified that one address belonged to Glaze. SFF ran similar traces on other devices used to perform excessive searches and found that several of the Internet addresses belonged to Dallas European.

    According to a grand jury indictment, three employees of Dallas European—president and CEO Mehdi Rowghani, chief technology officer Kevin Harold Smith, and Glaze—obtained passwords to the SSF Web site and repeatedly intruded into the database for "purposes of commercial advantage." The three were charged with computer password trafficking, unauthorized access to a protected computer, and conspiracy.

    Rowghani, Smith and Glaze all pleaded not guilty.

    The indictment said Glaze used the corporate user names and passwords of Coast Mercedes Benz, AE German and a company called Frank's to access the SSF system more than a dozen times in the second half of 2001. Smith, the chief technology officer, was said to have provided the Frank's password.

    Smith is also said to have asked another Dallas European employee for the password to access the SSF database. The employee, who wasn't named in the indictment, is said to have e-mailed Smith a user name and password for a company called WPA Eurasion. Glaze is accused of using the WPA Eurasion password to enter the database.

    SSF Imported Auto Parts
    Headquarters: 466 Forbes Blvd., South San Francisco, CA 94080
    Phone: (800) 632-2743
    Business: Distributor of European auto parts
    Chief Executive Officer: Hans Kopecky
    Financials: Privately held; annual revenue estimated at between $50 million and $100 million.
    Incident: Three employees of competitor Dallas European charged with conspiring to gain unauthorized access to SSF's computer database. They allegedly stole product information to build a catalog of parts.

    O'Connell said in his affidavit that he believed Glaze was trying to acquire data from the SSF database "for purposes of setting up a fully functional Dallas European Internet Web site page for business purposes."

    O'Connell also said in his affidavit that one customer whose account was used to access that database had told SSF that a West Coast operation of Dallas European had requested AE German's SSF account and password information. Additionally, a person who worked at Dallas European with the three accused managers told Baseline they simply found customers who did business with both SSF and Dallas European and asked those customers for their SSF passwords.

    A few customers, says the Dallas European employee, "gave them their passwords," not realizing that they would be used to gain unauthorized access to the site.

    The criminal case against Dallas European is still pending. Meanwhile, the assets of Dallas European were sold in 2003 to a group of auto parts executives who formed a company called Dallas Business Group. The current chief operating officer of Dallas European, Greg Verrelman, said that while the company bought the assets of Dallas European and employs some of its staff, there is no other relationship to that company.

    Smith could not be reached and his lawyer, Alexandria McClure, declined comment. A lawyer for Rowghani, Michael Gibson, told Baseline that the "case involves pending criminal charges; therefore, Mr. Rowghani cannot personally respond to you." Neither Glaze nor his attorney replied to any of Baseline's requests for comment.

    The case continues to make its way through the courts. On Dec. 7, the U.S. District Court in San Francisco was scheduled to set dates for motions, future hearings and, possibly, a trial date.

    Engine of Intrusion
    Niku, a project portfolio management company in Redwood City, Calif., needed a little luck to find the person who broke into its Web site.

    In the summer of 2002, Niku chief information officer Warren Leggett suspected that an outsider was reading confidential files on prospective customers, according to court records.

    The fear arose after Leggett talked with his brother-in-law, Jay Berlin, a mid-level technology manager at Nike. Leggett thought the athletic-equipment and apparel giant might be interested in Niku's products, which help large companies manage technology projects. The two men set up a meeting for the software vendor to tell Nike about its products.

    Information about prospective sales, and other Niku business documents, is stored in "project" repositories on Niku's servers. After the Nike meeting was arranged, a Niku sales account executive created a repository about the retailer. The file listed the time and date of the upcoming meeting with Nike and some background on the vendor and its products.

    On the morning of July 8, 2002, Leggett went to Berlin's office at Nike. While Leggett was there, Berlin picked up his voice mail and remarked that he had gotten a message from a Business Engine Software (BES) salesperson who wanted to talk to him about his "project." Berlin had never heard of BES, a Niku competitor. Leggett also was surprised because he knew Berlin wasn't the Nike technology executive responsible for buying the project management software marketed by Niku.

    "The timing and the content of the message seemed very suspicious to me," said Leggett in court documents on file with the U.S. District Court in San Francisco, from which Baseline obtained most of the information on the case.

    His instincts proved correct. Someone from BES was looking at Niku's files.

    Robert McKimmey was BES' chief technology officer, working out of an office in Virginia Beach, Va. From October 2001 to July 2002, McKimmey accessed Niku's computer networks and applications, according to the U.S. Attorney's Office in San Francisco. He downloaded and copied valuable information, and sent some of that information to other BES officers and employees so that "BES could maintain a competitive advantage over its direct competitor, Niku," said the attorney's office. A complaint filed by Niku said technical specifications of both existing products and software in development, documents about customer implementations, customer proposals and pricing, and sales forecasts were all downloaded.

    Just as in the SSF case, the intrusion was made possible through a simple security lapse.

    David Hurwitz, Niku's vice president of marketing, believes McKimmey gained access to the company's files by logging in to an online training session Niku arranged through WebEx, a service that allows companies to conduct meetings over the Internet. Hurwitz says it was easy to join the conference—a person sitting in front of a Web browser simply had to type in the name of the company hosting the session followed by the WebEx URL, in the style "companyname.webex.com." At the time of this incident, according to a WebEx spokesman, companies did not have to validate participants with passwords.

    During the Web presentation, the user name and password of a Niku systems administrator was shown, according to Hurwitz. He says he doesn't know why that information was displayed, but admits it was "not a good idea."

    Niku Corp.
    Headquarters: 305 Main St., Redwood City, CA 94063
    Phone: (650) 298 4600
    Business: Project portfolio management company
    Chief Executive Officer: Joshua Pickus
    Financials: $2.4 million in net income on revenue of $46.3 million for the nine months ended Oct. 31.
    Incident: Chief technology officer at a competitor, Business Engine Software, pleaded guilty to conspiracy to commit theft and downloading trade secrets, fraud in connection with computers, and interstate transportation of stolen property. Niku said customer lists and details on products in development were taken.

    Niku took what it says were "reasonable steps" at the time to protect its computer systems, according to court documents. Niku said it had firewalls and required user names and passwords to access its systems. The company only gave those people with "a need to know" permission to read certain files. "Niku users are typically allowed access only to the limited number of documents associated with the specific Project(s) they are working on," said documents that Niku filed with the court.

    However, not unlike other companies, a small number of Niku systems administrators have the authority to access all of the company's computer files.

    When Leggett returned from his visit at Nike, he started looking over the company's computer logs and project documents. He discovered that on June 24, 2002, someone using the account of a Niku systems administrator had accessed and downloaded information from the company's computer systems, including the Nike file. According to his declaration on file with the court, he talked to the systems administrator, Cheryl Lahan, who told him that she had not gone into any of the files.

    The CIO then tracked down the address of the computer used to pull out the information, a trace similar to the one conducted by the FBI in the SSF-Dallas European case. Based on public Internet address information from the American Registry for Internet Numbers (ARIN), a nonprofit organization that keeps track of IP addresses, Leggett believed the address used to access his company's Web site was part of a series of addresses owned by BES.

    Examining Niku's internal computer systems, Leggett said he found that on 70 different days, from Oct. 31, 2001, through at least July 22, 2002, BES looked as though it had logged into Niku's systems. Leggett said the rival had used passwords of 15 different Niku employees, made more than 250 log-in attempts and downloaded more than 1,000 files.

    Joshua Pickus, Niku's current chief executive officer and the company's chief financial officer at the time, said in an August 2002 statement to the U.S. District Court: "It is difficult for me to quantify, in any exact monetary amount, the damages Niku has suffered, and will continue to suffer, as a result of Business Engine's access to and use of Niku's Trade Secrets and other confidential and proprietary information, but it is likely to be in the many millions of dollars."

    This doesn't include the "tens of thousands of dollars" Leggett said the company spent looking into what had happened. The CIO says that he and his staff had spent "in excess of 200 hours" in its investigation.

    On Aug. 12, 2002, Niku filed its complaint against Business Engine. It charged the company with accessing its protected computer systems, and illegally accessing and downloading files—including documents containing technical specifications and designs for existing software and products in development, information on customer implementations, lists of prospective customers, customer proposals and pricing information, and sales forecast data.

    BES filed an answer to the complaint on Sept. 5, 2002. The company said it "believes a now former employee of BE [Business Engine] downloaded certain files from a Niku computer system." Business Engine, however, denied allegations that it knowingly or intentionally accessed Niku's systems, learned anything from Niku's documents, disseminated the company's trade secrets, or that it used the information in the documents to design products or interfere with Niku and its prospective customers.

    BES' CEO, Doug Dickey, was the company's chief financial officer at the time and led the internal investigation into what had happened. "We found nobody else who had accessed anything other than Robert," he insists.

    Dickey says McKimmey was terminated. After the company looked at what had transpired, he says the company had "absolutely no question in our minds that this person has done something he shouldn't have."

    In December 2002, the two companies reached a settlement in a civil case brought by Niku under which BES paid Niku $5 million and agreed to make sure "that Business Engine product releases do not incorporate Niku trade secrets," according to a BES statement at the time.

    This past July, McKimmey pleaded guilty to conspiracy to commit theft and downloading trade secrets, fraud in connection with computers, and interstate transportation of stolen property. McKimmey has yet to be sentenced. He faces up to 10 years in prison and a fine that could exceed $250,000. As part of the plea agreement, McKimmey agreed to cooperate with the U.S. Attorney in the ongoing investigation of others in connection with the case.

    Baseline reached McKimmey in early November at a Virginia phone number. Asked whether he was still working with the government in any kind of ongoing investigation, he said, "I can't elaborate any more on what you already know.''

    But he indicated the case was not close to conclusion. "When the other shoe drops, I'll be more than happy to tell you the whole story," he added.

    Both Dickey and Rob Scott, BES' lawyer, say they do not know of any ongoing investigation into the company. The FBI and the U.S. Attorney in San Francisco would not comment.

    Hurwitz notes that Niku was new to WebEx when it conducted its online training session. He says now that when a company looks at a new technology, it should closely examine that technology's security features, or lack of them—and certainly not display user names or passwords in any online presentation.

    The Insider
    Abuse of knowledge by a technology executive can even push a company out of business.

    Take the case of Manufacturers Electronic Sales Corp. (MESC), which was forced to shut its doors in June, 17 months after Mark Erfurt, its former information-technology director, broke into its network from a computer at his primary (and current) employer, Centaur Corp. of Irvine, Calif.

    Erfurt attacked MESC's network in January 2003 as "payback" for what he perceived to be "misdeeds against him and his current company," according to his lawyer, Michael Harkness.

    But payback for what? The fact that MESC CEO Yul Koszegi found someone local to handle MESC's network, instead of Erfurt, 388 miles away? Or that Koszegi's wife, Inge, may have diverted resources from Centaur to help MESC? Inge Koszegi was fired as vice president of finance at Centaur two months before the attack.

    Or something else?

    Both MESC and Centaur are manufacturers' representatives—outside sales forces for makers of sophisticated high-tech parts such as miniature quartz crystals or integrated circuits that are incorporated into watches, smart weapons and other products. Neither company will talk about sales. According to business reference database Hoovers.com, Centaur's annual sales are around $11.4 million and MESC's were about $1.6 million.

    Erfurt gained unauthorized access to and recklessly damaged MESC's computer system on Jan. 23 and Jan. 24, 2003, according to the U.S. Attorney's Office in San Francisco. MESC CEO Koszegi told Baseline that Erfurt wiped out all of MESC's data—e-mail, sales records, correspondence, non-disclosure agreements, proprietary technical information. He even destroyed backup data. "It was a targeted and vicious attack," Koszegi says.

    Erfurt was already working full-time in Centaur's information systems department before going to work for MESC "in or about 2001," according to court documents. But he purportedly was looking to make extra money.

    MESC was setting up an internal network and needed help, according to Koszegi. Erfurt signed on as a contractor, managing MESC's network long-distance and visiting MESC as necessary, Koszegi says.

    Manufacturers Electronic Sales Corp.
    Headquarters: 3333 Bowers Ave., Santa Clara, CA 95054 (no longer occupied)
    Phone: (408) 588-4040 (disconnected)
    Business: Sales representative for manufacturers of electronic components
    Chief Executive Officer: Yul Koszegi
    Financials: Privately held; out of business.
    Incident: A former information-technology manager pleaded guilty to illegally accessing MESC's computer network from the office of his current employer, Centaur Corp. The purpose: to download MESC's customer database and destroy customer records.

    Koszegi says his wife had recommended Erfurt for his technology skills, and there was no reason to suspect he would harm MESC. Centaur CEO Bruce Cahill claims that Inge Koszegi was diverting Centaur computers and software to MESC and had several Centaur employees doing work for MESC, a charge that Yul Koszegi denies. Cahill says that neither he nor Centaur had anything to do with the attack.

    Erfurt stayed on with MESC through May 2002, according to the U.S. District Court in San Francisco. Koszegi says he hired someone locally and no longer needed Erfurt.

    The break-in occurred eight months later.

    Just as in the SSF and Niku cases, Erfurt's attack on MESC's network was deceptively simple. According to his plea, Erfurt used PC Anywhere, a Symantec software program that allows employees to access computer files as they travel or work at home. MESC's system was password-protected. Erfurt's plea says he had "administrative-level access."

    Erfurt moved freely, Koszegi says, downloading sales files kept in software specific to the industry—the Rep Profit Management System—and erasing all data.

    Symantec finds the Erfurt story "frustrating." Says product manager Mike Baldwin, "There are tools that, if they were enabled in PC Anywhere, could have prevented this." For example, the software can be configured to allow access only from specific computers, using network addresses.

    Koszegi's attorney, Brian Kabateck, says Erfurt's attack caused "serious harm" and is "at least a contributing if not the contributing factor" to MESC's not being in business now.

    Deleting data hurts a rep's ability to manage its business. MESC lost several manufacturers' contracts in 2003, each of which can be worth millions of dollars. Joe Kotas, brought in as president nearly a year after the break-in to revitalize MESC, calls the loss of even a single contract "devastating" to a rep's revenue and reputation.

    In the end, Erfurt was caught in the devastation.

    On May 17, nearly 16 months after the break-in, FBI investigators surrounded Centaur's offices. They told workers not to tamper with any company data or files.

    But Erfurt disobeyed. According to Harkness, once Erfurt realized he was being investigated, he was "scared to death, like a deer in the headlights." In a plea to the court, Erfurt admits to overwriting the backup tapes that showed electronic evidence of his intrusion. The erasure came before the FBI could secure and execute a warrant—a ploy Harkness says the FBI detected with forensic analysis.

    Erfurt pleaded guilty in August to unauthorized access into a computer and recklessly causing damage. He also pleaded guilty to destruction, alteration and falsification of records in a federal investigation. He faces a maximum of five years in prison for the computer hacking charge and 20 years for obstructing justice. He is scheduled to be sentenced on Jan. 24, 2005.

    His plea came two months after MESC closed its doors.

    And, indeed, there may well have been something else at work, motivating Erfurt to get "payback."

    Inge Koszegi joined Centaur in 1994, according to civil documents filed in California Superior Court in Santa Ana, Calif. She rose to become its vice president of finance.

    Six months after Erfurt's work for MESC ended, Centaur fired and sued Inge Koszegi. She is accused of converting and misappropriating $300,000 worth of cash, furniture and other Centaur property in a scheme that involved a janitorial service, called Quick Cleaning, that serviced a building Centaur was renting from another Cahill company.

    Harkness says his client was installing equipment that he only later came to believe was stolen, and "that alleged conduct [was one misdeed] that triggered the act of retribution." Koszegi denies his company used any stolen equipment.

    In May 2003, the Orange County, Calif., district attorney's office filed criminal charges against Inge Koszegi for grand theft and falsifying records. According to a transcript of a preliminary hearing in the criminal case, Inge Koszegi is accused of placing checks in a locked closet where cleaning supplies were kept.

    She would then allegedly call Quick Cleaning's owner, Adam Bojko, who would pick up the checks, cash them and pass on the money. Bojko has been given immunity from prosecution, according to senior deputy district attorney Mark Sevigny. Bojko's lawyer, David Price, says his client "got taken advantage of" and wants to clear his name.

    Inge Koszegi has pleaded not guilty to the criminal charges and is free on $100,000 bail.

    Before her plea, she filed a cross complaint against Centaur, Cahill and Bojko, whom she accused of providing false information to Centaur. She claims she was fired for refusing to approve improper accounting methods that allowed Centaur to avoid paying taxes, and for complaining about Cahill's practice of sexually harassing female employees, according to court documents. Cahill calls the charges "without merit."

    Erfurt, meanwhile, is free on his own recognizance and continues to work at Centaur in information systems.

    Slippery Slope
    Most corporate spies are never caught. What's reported in the news is the failed attempts, says consultant Kevin Murray, who helps organizations deploy electronic countermeasures. "There are a lot of cases like this that never reach the light of day."

    Most corporate spies cover their tracks. Watchfire's Orrin says hackers will use techniques such as "IP spoofing," so messages look as if they're coming from a trusted IP address.

    But even if they catch intruders, companies are reluctant to prosecute trespassers, fearing the publicity might encourage more attacks or that customers may shy away from a company that can't protect its electronic information.

    The slight risk of being caught and the even less likely result of being prosecuted just add to the temptation many CTOs and technology managers may feel when asked to "help" other employees spy on their competition.

    Granted, any number of factors could motivate a corporate technologist to commit espionage. "Some of it is flat-out greed. Some of it is being competitive," Winkler says.

    But he and other espionage experts think it may just be a matter of a CIO or CTO taking small steps—searching for a competitor's password, or trying out a new hacker tool or technique to tap into a database and bring back valuable information. The hope? To be a hero with higher-ups.

    Assuming they're not caught.

    "I think it's a matter of a bunch of people sitting around saying, here's what we need," Winkler says. "And, it's like, 'Joe you're the head of I.T., you should be smart enough to figure out how to do this—go do it.'"

    There's a "naiveté that what they're doing isn't bad," he adds. "It's a slippery slope.''