http://www.shanghaidaily.com/art/2005/11/18/214955/Prosecutors__039__office_approves_arrest_of_computer_hacker.htm
Xu Fang
2005-11-18
THE Pudong New Area Prosecutors' Office yesterday ratified the arrest
of Liu Kefan, a computer hacker with a master's degree, charging him
with threatening a company to pay for his unsolicited services.
Liu allegedly made use of his computer knowledge to intrude into the
computer system of a Shanghai-based software company many times. He
demanded 1.5 million yuan (US$185,185) in consultation fees and
threatened to disclose security holes in the company's software
products, prosecutors said.
Liu, a 31-year-old Sichuan Province native, was a technology manager
at a Shenzhen technology firm before he was caught. With his master's
degree and good skills, he was quite reputable among young
practitioners in the software industry.
When Liu showed his company's product to a client in December 2004,
the client said it wasn't as good as its competitor's. The client gave
him the Website account and password for comparison.
Liu allegedly used the password to access other systems and overcame
all technical barriers. Excited and surprised, Liu intruded into the
company's interior system and tracked its commerce for more than six
months, prosecutors said.
"At first, I didn't think of anything," Liu allegedly said.
But as he studied the system further, Liu thought of helping the
company fix security flaws with its software. He decided 1.5 million
yuan was an appropriate fee.
"Software security is the most important. The company's fame and my
intellectual property are both worth the price," he allegedly said.
Threatening e-mail
On September 20, Liu sent an e-mail to the company's general manager,
Wan Dong, asking for cooperation.
"All the information in your system can be seen. Your company is just
like a car loaded with powder. It's time to unload the powder and
makes repairs to the main parts of the car," Liu allegedly wrote in
the e-mail.
Wan didn't take it seriously at first though he realized Liu was a
professional.
After being ignored, Liu threatened to reveal the security flaws to
company's competitors and users. He also changed the password for some
of the firm's clients on September 29, according to prosecutors.
The clients called the company to find out what happened. Wan
suspected it was Liu.
Worried about the firm's reputation, Wan agreed to discuss terms with
Liu.
Liu was caught by police while waiting to negotiate with Wan.
According to Criminal Law, those who threaten others to buy either
commodities or services will be given a maximum sentence of three
years.
_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.
