Choo Luke Kuo, 40, was CEO of a company called SPH MediaBoxOffice, a subsidiary of Singapore Press Holdings, which has close ties to the Singapore government, from August 2005 until January 2007 when he resigned.

Some time later, when the company applied to register a trade mark, its searches found a near-identical mark had been the subject of an application made by Choo's new employer.

Puzzled, the MBO concluded that the detail of the proposed mark had been circulated primarily internally by e-mail. Their investigations focussed on whether someone was hacking their e-mail system.

But the truth turned out to be much simpler - and much more worrying for companies in all sectors.

Choo had simply created a new e-mail account - a perfectly normal function for him. But he opened it for his own use and told no one about it. He was then able to access the new account even though his allocated account was blocked when he left.

Of itself, that would have been worrisome: the potential for harm for distributing of unsuitable e-mails is obvious. But Choo did something rather more devious: he set up a forwarding command on other e-mails so that copies of mails were forwarded to his new, secret, account.

And then, after leaving, he monitored the company's activities.

He logged onto the mailbox with frantic frequency: in one three day period in December 2007, he logged on 52 times, the Court heard. But the system recorded the IP address from which access was made and it turned out that Choo logged on from his own home and that of his sister.

Choo was convicted of illegally accessing a computer system and fined SGD52,000.

And no doubt a reputation that will grow with the retelling of the story in IT risk management seminars everywhere.

Bookmark and Share

Tip a friend

Download PDF Download PDF version of this page





loading
eZ publish™ copyright © 1999-2012 eZ systems as