Database Programmer Arrested for Attack
- — 20 March, 2000 17:13
ITTI's software system, which allows securities firms to trade stocks online, was disrupted for three days beginning March 9.
"This company processes a very large percentage of the Nasdaq trades, so I would say this had the potential to be very disruptive," said Eric Friedberg, computer and telecommunications crime coordinator for the U.S. Attorney's Office.
Friedberg said ITTI came under attack on the same day Smires and another programmer backed out of an agreement for a higher salary and more equity in the firm. The conflict started March 6, when Smires' supervisor, ITTI's chief development officer, resigned from the firm. The company hired systems consultants to take his place, but Smires and the other programmer refused to train the contractors on ITTI's systems.
Smires and the second programmer, who hasn't been charged, threatened to quit unless the company increased their compensation and offered more employment security. ITTI offered raises, stock options and one-year contracts, but the two chose to resign.
According to the affidavit filed by the U.S. Attorney's Office, the pair demanded an immediate payment of $70,000, plus $50,000 in stock options and more substantial pay raises. A tentative agreement was reached March 8, but the two programmers backed out the next day and pressed for more favorable terms.
When ITTI executives failed to respond to their counteroffer, the company's computer system came under attack later that day from a PC located at a Kinkos copy shop in Manhattan.
While ITTI located the attacking machine, it had no authority to detain the attacker.
The attacks on ITTI continued through March 12, and investigators were contacted to locate the perpetrator. The U.S. Secret Service's Electronic Crimes Task Force, which is made up of 25 local, state and federal agencies and 45 private companies, eventually tracked Smires down to a computer located on the Queens College campus where Smires is an instructor.
"He and the other programmer were involved in writing the software, so he knew just where to attack. He was fully familiar with weaknesses in the code," said Friedberg. "Although it was a potentially disastrous attack for the company, it wasn't a highly sophisticated attack."
According to Friedberg, the IP address of the attacking computer wasn't transmitted in a capturable form. But it was visible during the attack, allowing ITTI to locate the Kinkos machine in real time.
Because Smires apparently failed to cover his tracks by routing the attack through another server, investigators were able to track him to Queens College. "Ten minutes after the defendant had left the building, we were able to find a witness and find out who had sat at this computer 10 minutes (earlier)," said Friedberg.
ITTI wasn't available for comment on the incident.
Smires has been charged with sending data to intentionally cause damage to a computer. The charge is punishable by five years in jail.