Two men have been charged in relation to the alleged hacking of one of Australia's most prominent economics consultancies, Access Economics.
However, those to be put before the courts are not the stereotypical teenagers or disgruntled system administrators, but two economists employed as senior executives in rival consultancy ACIL Tasman.
Former ACIL Tasman employee Jeffrey Rothfield has been charged with 20 counts of unauthorized access to computer data and is scheduled to re-appear before Melbourne Magistrates Court on November 7 to defend the charges.
ACIL Tasman chief executive Nick Morris and senior consultant Jeffrey Rae are also facing charges relating to recklessly or dishonestly failing to exercise their directors' duties in good faith, after an investigation by the Australian Federal Police prompted by a complaint to the Australian Securities and Investment from Access Economics that confidential tenders had been breached.
The two executives were mentioned during filing hearings in the Melbourne Magistrates Court last week. If found guilty, they could face a five-year prison term, a $220,000 fine, or both.
The breach occurred in April 2004 and, according to Access Economics CEO Karen Chester, was a breach of the e-mail system. Chester said as a result, circulated documents contained information which resulted in the unauthorized access of e-mail accounts and the circulation of several Access Economics' documents to third parties - those documents contained information of commercial-in-confidence to Access Economics.
"We immediately referred the matter to the Australian Federal Police (AFP) which conducted a criminal investigation. That investigation has identified a suspected perpetrator - an ex-employee of Access Economics who [allegedly] relied on knowledge of our systems obtained as an employee to gain unauthorized access to our e-mail communications," Chester said.
"Criminal charges have since been laid under the Criminal Code 1995 (CyberCrime Act) and further related charges under the Corporations Act against two officers (Messrs Rae and Morris) of the suspected perpetrator's employer, ACIL Tasman, at the time of the unauthorized access. As you would no doubt be aware, e-mail is not a secure form of communication to any party intent on accessing in an unauthorized and criminal manner.
"We would note that an IT security specialist consultant engaged by Access Economics to assist in the investigation confirmed our understanding that Access Economics' IT systems are comparable to those of similar organizations and this breach primarily reflected the [alleged] perpetrator relying on knowledge of our systems obtained as an employee. Steps have been taken to further secure our e-mail system from future unauthorized access."
Chester confirmed the breach only related to e-mails and documents attached to those e-mails.
"At no time was client data at risk of alteration or loss. Client data and files remain secure. Access Economics clients were advised of the above in May 2004."
Current clients of Access Economics, which include the Department of Education, Science and Training, the Business Council of Australia, the Australian Medical Association and the Australian Racing Board were unavailable for comment.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.