The old adage "All’s fair in love and [corporate] war" is alive and kicking in Corporate America these days.
When it comes to illegal network intrusions, via cyber-terrorism or espionage, most of us conjure up images of some overweight "Techie", with thick-rimmed eyeglasses, sitting at home in front of a half dozen computer screens, trying to figure out how to "hack" into some unsuspecting corporate network. The reality is that the greatest threat to corporate security comes either from within the organization itself or an industry competitor. Reuters reported yesterday that Abraham Peled, a member of the executive management team at News Corp (owned by Rupert Murdoch), testified on Tuesday that he continued to employ two hackers for years after having knowledge that one of the hackers posted information on the Internet on how to unscramble DISH’s network and receive free service.
DISH claims that it lost $900 million in revenue as a result of the actions by Mr. Christopher Tarnovsky (one of the hackers). Mr. Peled admitted that he was told about Mr. Tarnovsky’s actions in 2001, but did not fire him until 2007 – several months before the hacker took a deposition in the lawsuit. DISH alleges that because the piracy was condoned by News Corp, DISH was made to appear inferior to News Corp during both companies attempt to acquire an interest in DirecTV. News Corp eventually gained a controlling interest in DirecTV.
Mainstream media reporting aside, News Corp employed, in the classical definition, what cyber-security firms call a "Hit Man" and not a "Hacker." Hit Men are hacker’s for hire that are employed by corporations to steal information from competitors or disable the competitor’s website. Usually these people are located in foreign countries, far from the reach of U.S. law – which is what makes this case so interesting, and more common than Corporate America wants us to believe. It’s hard to determine what is more astonishing and egregious – that News Corp allegedly employed a hacker from 2001 to 2007 to conduct corporate espionage, or that DISH Network failed to identify an attack on their system by a rival company for an extended period of time.
This case exemplifies the fact that privacy and cyber-security should always be at the forefront of any corporation’s corporate policy and governance program. Waiting till your company’s information is stolen to institute a corporate safeguards policy or believing it won’t happen to your company, is an attitude that will cost your company an unspecified amount of loss profits, revenue, and goodwill.
To view the article by Reuters click here: Hacker kept on NDS payroll after accused of piracy