[ISN] Hacker caused $400,000 damage - businessman

InfoSec News isn at c4i.org
Wed Sep 29 03:56:37 EDT 2004


http://www.stuff.co.nz/stuff/0,2106,3048122a28,00.html

29 September 2004  

An American businessman has told the Dunedin District Court he had no
reason to believe a former employee who attacked his company's
computer system late last year would not do so again.

Robert Lee, the Oregon-based chief executive of internet music and
video stores, Buy Music Here (BMH), told Judge Gary MacAskill the
entire code for the company's system had to be rewritten to at a cost
of over $400,000 to protect the company from further "back door"  
attacks.

Mr Lee was giving evidence about the extent of damages incurred by his
company as a result of attacks by a 37-year-old Dunedin academic,
previously employed by the company, both in America and in New
Zealand.

The man, described by Mr Lee as "the most skilled programmer we've
ever employed", had written core parts of the code.

The company believed the only way for the system to be safe in the
future was for the entire code to be rewritten by a software engineer
of the same high capability level as the defendant.

A damages report, updated for the disputed facts hearing, lists the
total cost to the company at $441,122.50.

But Judith Ablett-Kerr QC, counsel for the accused who has earlier
admitted attacking BMH's system, said her client, who has temporary
name suppression, believed the damage amounted to about $1500.

Under cross-examination, Mr Lee agreed the company had not yet
replaced the system "in a comprehensive way", but it had built some
defence mechanisms.

Ms Ablett-Kerr said a code replacement calculation of $156,000,
contained in the company's costs, was the cost of an engineer working
300 eight-hour days on an hourly rate of $65 .

To a suggestion from her it was not necessary to replace the code at
all, Mr Lee said his information was the company would be foolish not
to replace it if they wanted to protect itself from further attacks by
the defendant.

The defendant has already admitted three representative charges of
unlawfully attacking BMH systems and deleting and interfering with
data.

He has been on bail awaiting sentence but that cannot take place until
the extent of the damages has been determined.

Mr Lee will continue his evidence tomorrow.





More information about the ISN mailing list