IBM Accused of Mail Server Hacking

By Angsuman Chakraborty, Gaea News Network
Friday, July 14, 2006

Butera & Andrews, a Washington, D.C.-based law firm filed suit against IBM in U.S. District Court for the District of Columbia. It is accusing IBM of hacking into its e-mail system.

Butera & Andrews is seeking unspecified damages and repayment of more than $61,000 that it paid to investigate the alleged break-in and repair its e-mail system.

IBM has filed papers seeking to dismiss the case while Butera & Andrews have asked (the court) for limited discovery.

Butera & Andrews charge that an unnamed IBM employee at a Durham, N.C., hacked into its e-mail system. The individual allegedly broke into the system, gained full privileges and was able to download messages at will, according to the complaint.

The investigation turned up more than 42,000 attempts from over 80 different Internet protocol addresses owned by IBM to acces the Butera & Andrews e-mail system last year, the complaint said. via

This raises a fundamental question of the liability of a company when one of its employees goes bad (assuming that is really the case). My gut feeling is that they should be held liable if the crime was committed from its premises. Most corporate firewalls today are deployed to protect company assests from outside intrusion, not to prevent internal users from wreaking havoc outside.

“Plaintiff cannot state a claim merely by alleging that certain events are ‘tied’ to IP addresses registered to IBM,” IBM said in a court filing on June 30. I agree. IP addresses can be easily spoofed.

will not be displayed