• United States



by Kim Girard

E-Commerce Risk: Small Company, Big Trouble

Jul 01, 20031 min
CSO and CISOData and Information Security

A sidebar to the feature, "How to Minimize E-Commerce Risk"

Consider the case of Jesus Oquendo, who in 2000 worked as a computer security specialist at now-defunct Oquendo, who shared an office with Manhattan-based Five Partners Asset Management, altered commands on the company network to automatically route the password file from Five Partners’ system to his e-mail account every time the company’s system rebooted. After Collegeboardwalk went belly up, Oquendo continued to access those passwords remotely using a shell account he illegally installed on the victim’s network. He started hacking programs and other information in an electronic directory no longer used by Five Partners. He also installed a sniffer program that intercepted and recorded electronic traffic on Five Partners’ network.

Oquendo didn’t stop with Five Partners. Using a sniffer, he obtained the password of a Five Partners employee who had an account belonging to computer wholesaler RCS Computer Experience. Oquendo eventually used his illicit access to delete RCS’s entire database, costing RCS approximately $60,000 to repair. He left the company a glib message: “Hello, I have just hacked into your system. Have a nice day.”

Although he denied the charges, Oquendo was convicted in 2001 of computer hacking and electronic eavesdropping. He was sentenced to 27 months in a minimum-security federal jail.