|
|
|
Taking a Byte Out of Cybercrime
TranSwitch nabs worker allegedly stealing computer files
|
Business New Haven
12/10/2001
By: Linda Mele
|
SHELTON - While most businesses focus protecting themselves from fire or natural disasters, many don't bother doing so against a disaster that could be prevented or, at the very least, results in a minimal loss: the theft or sabotage of their computer systems or confidential information.
TranSwitch Corp., 3 Enterprise Drive, found out about this kind of terrorism the hard way.
According to the police report, one of their employees was notified that he would be laid off at the end of the day, along with other employees. After he left the premises, TranSwitch officials say they realized he had allegedly downloaded several large files on his office computer and e-mailed them to three different personal e-mail addresses.
Many of the files were allegedly downloaded during the days preceding his being notified of the layoff, officials say, and the largest file was downloaded just hours before he was given a pink slip.
While the company will not elaborate about the exact nature of the files the employee allegedly stole, a company spokesman told police that the value of the property was worth up to $16 million.
Enkhbold Sodov, 33, of Derby, was arrested after Shelton and Derby police executed a search warrant at his apartment and confiscated computers, disks and other “related” material.
Police specialists and TransSwitch employees were able to freeze Sodov's e-mail accounts, but they have also executed search warrants to obtain records of any files Sodov might have stored in them or passed on to other e-mail accounts.
“At this point, we believe we were lucky enough to retrieve the information before Mr. Sodov was able to use it,” says Detective Sgt. Michael Madden of the Shelton Police Department. “We won't know for sure, however, until all the computers and data have been analyzed.”
“We received a lot of help and guidance from other law enforcement agencies as well as the prosecutors at Derby Superior Court,” Madden adds.
Sodov was charged with two counts of first-degree larceny and two counts of first-degree computer crime.
How many companies could afford such a loss? How many companies could afford even the smallest loss or destruction of confidential information? Not very many.
For example, what if you make widgets - widgets that have features that no other on the market today have - and a disgruntled employee decides to steal your formula and sell it to a competitor?
Wouldn't that be a disaster akin to a fire, flood or other natural disaster? And, while industrial sabotage/espionage has probably been around forever, those who have access to such information or those who believe they have an axe to grind have the capability of causing more damage than ever before.
Sgt. Andrew Russell of the Connecticut State Police Computer Crimes Division says that by the time the police are called it's usually too late to prevent such losses. “In most cases, a significant amount of time passes before a company even realizes there's been the loss of information or that its system has been compromised or sabotaged,” Russell says. “Businesses need to have a device that will close the hole before it's too late.”
While it might seem like basic common sense, some companies don't even know the passwords their employees use to access their computers. There should be one or more employees or owners who know everyone's passwords, and they should be changed often. Access to information stored on a computer system should be restricted to that which is necessary for any employee to do his or her job, Russell says.
Russell adds that this type of crime has increased significantly in the past four years and it has increased in direct proportion to the increase in the use of computers.
“It's a difficult crime to investigate,” Russell says, “and a labor-intensive one. Right now we have a Computer Crimes Task Force made up of four state troopers and three police officers from town or city police forces, and our resources are limited.”
Russell says that the local officers come from departments throughout the state and are usually assigned to the task force for at least 18 months to provide continuity.
Russell suggests that companies get a basic security audit to find out if and where they are vulnerable to such crimes.
According to Russell, 40 percent of the computer crimes the State Police Computer Unit investigates are related to child pornography, and many computer crimes against companies go unreported.
“It's been a private-sector issue,” Russell says, “but it looks like that will change.”
Shelton's Madden says at least two valuable lessons should be learned from this incident. “The first is that employees better take the confidentiality statements they sign when they get hired more seriously,” he says. “They are protected by state/federal laws, and we will enforce them.
“The second is that our corporations must exercise the highest levels of security, especially during work[force] reduction periods, Madden adds.
Since Sodov was in the country on a work visa from Mongolia, U.S. Immigration & Naturalization Service (INS) officials were also contacted.
|
Go FirstGo PreviousGo
NextGo LastGo
to Index
|
|
