Post Wed Jul 12, 2006 10:21 am

Did IBM Hack Law Firm Email Server?

A federal judge is deciding whether to throw out a suit filed by Washington, D.C.-based law and lobbying boutique Butera & Andrews alleging that IBM Corp. and an unidentified employee in its Durham, N.C., facility tried to hack into its e-mail system.

The firm is suing IBM for attorney fees and more than $60,000 that it paid for outside counsel and to beef up its security.

Butera & Andrews hired outside consultants after it "became aware of facts which suggested that the e-mail server through which the firm operated had been compromised by unauthorized parties" in November 2005, according to the complaint in-house counsel David Hart filed in the U.S. District Court for the District of Columbia in April.

Private investigators identified more than 42,000 attempts to penetrate its e-mail system, which, according to the complaint, could be traced back to e-mail addresses from IBM's Durham office.

In June, Mary Ellen Powers, managing partner of Jones Day's D.C. office, filed a motion to dismiss on behalf of IBM for failure to state a claim. "The case never should have been brought in the first place," says Powers. "IBM had nothing to do with the plaintiff or its e-mail servers, and it has no idea who was trying to hack into its system."

Butera & Andrews is seeking employment records for the Durham office, as well as maintenance logs and administrative rights logs, among other things, for 82 Internet protocol addresses that are registered to IBM. The firm argues that this information will help it identify the hacker.

"They have admitted that the computer was owned by them, controlled by them and operated under their supervision," says James Butera of Butera & Andrews.

The suit is awaiting U.S. District Judge Reggie Walton's decision on the motion to dismiss.


Original story at:
http://www.law.com/jsp/article.jsp?id=1152534923647

Don
CISSP, MCSE, CSTA, Security+ SME