ICQ creates personal, corporate nightmare

[InfoSec News <isn () C4I ORG>]

http://news.cnet.com/news/0-1005-200-5148422.html?tag=tp_pr

By Paul Festa
Staff Writer, CNET News.com
March 15, 2001, 11:05 a.m. PT

Thousands of confidential messages between the CEO of an Internet
company and top executives have been posted on the Web, stirring up a
hornet's nest of corporate intrigue and providing a rare glimpse into
a dot-com as it struggled to cope with a brutal shakeout.

Last week, hundreds of pages of the ICQ instant messaging logs were
posted on the Web and copied onto various sites, creating the kind of
information security breach that has become one of the worst corporate
nightmares of the digital age. The logs, which were apparently
snatched from a PC used by Sam Jain, CEO of eFront, have nearly
paralyzed his company and created a personal nightmare for Jain.

"I'm tired of it; I just want to go on with my company," Jain said.
"People out there are stalking me, threatening me with death
threats...scanning my cell phone frequency."

As for the company, hackers have apparently created havoc with the
computer systems, possibly by using information contained in the ICQ
log. For example, eFront employees are not using the in-house e-mail
server, resorting instead to Web-based e-mail services such as Hotmail
"until we can get the security matter resolved," Jain said late
Thursday.

"I believe someone has hacked from Korea, China, since the (posting)
of these logs," he said.

eFront runs a network of affiliate Web sites, which agree to pool
traffic as a way to command higher advertising rates. Revenue is
shared among all the sites based on the number of page turns they each
produce. Many of the messages in the intercepted ICQ log discuss
strategies for weathering an industrywide plunge in advertising
revenue.

The logs have sparked a firestorm of controversy, which has raged on
the Web's dot-com deadpools and other discussion sites, serving as a
fresh reminder of the potential permanence of seemingly fleeting
electronic correspondence.

It also shows the damage that such exposure can wreak. Since the
initial posting of Jain's ICQ logs last week, several members of
eFront's senior management team have resigned, some strategic partners
have publicly distanced themselves from the company, and unhappy
Webmasters are aligning to take action against it.

The logs, which read like transcripts of telephone conversations,
include explosive discussions regarding business partners, employees
and affiliated Web sites. Whether the files are authentic or not,
they've already exposed eFront to embarrassment and could lead to
possible legal troubles.

According to Jain, the logs are legitimate but have been "doctored."
Several sources whose correspondence or confidential information was
included in the logs have confirmed their general authenticity with
CNET News.com.

An eFront representative said the issue has been referred to the FBI.

"We are aware of the allegations and we are assessing the situation,
but at this time there is no active investigation," said Laura Bosley,
a representative for the FBI's Los Angeles field office.

A cautionary tale

After the logs' exposure on Wednesday and Thursday of last week,
sources close to eFront said that members of senior management went to
Jain and asked that he resign and yield check-writing privileges.

When Jain declined the offer, sources said Vice President Dennis Acebo
resigned, followed by Chief Technology Officer Matt Levine and Bill
Hodson, who had been considered a potential interim CEO. Vice
President of Finance and Administration Bill Schmidt had resigned
Wednesday, just before the posting of the logs. Vice President of
acquisitions Jonathan Roy also resigned Tuesday.

In one indication of the turmoil, the Web page listing eFront's
management now redirects visitors to a contest entry form.

The posting of the logs has also complicated relationships with
partners.

Net Communities, a company based in Middlesex, England, that sells ad
inventory for eFront, said it is reevaluating its plans with eFront in
light of the logs.

"We are reviewing our future business relationship with eFront," said
Managing Director Andy Evans. "I don't think I can define it at the
moment. You know as well as I do that life isn't as simple as that
right now.

"I want to be 100 percent clear," Evans said. "My company is a
supplier to eFront, and that is it. I have observed what eFront is
doing, and I have my own opinions, which I'm not willing to share at
the moment."

Some Web sites that posted copies of the logs this week and last have
received e-mails referring to the logs as "proprietary information"
and asking Web operators to remove the logs, links to other postings,
and forums devoted to the controversy.

An open book?

At the technical core of this particular exposure of an executive's
communications is the ability of the ICQ messaging application--a
property of AOL Time Warner--to store a log of all incoming and
outgoing messages. The feature is not shared by MSN Messenger Service,
Yahoo Messenger or AOL Instant Messenger.

"With ICQ you have the option so that any messages you send or receive
are saved to a log file on your machine," said Elias Levy, chief
technology officer with SecurityFocus.com. "I did notice that in some
point in the communications (Jain) mentioned that he had this
functionality turned on, that he was keeping a log of his messages. So
he was aware of it and was using it on purpose."

Jain said he knew the logs were being saved, while acknowledging some
uncertainty about his company's information security practices.

"I was aware that my e-mail and ICQ logs were stored," Jain said. "The
bottom line is that our information is stored all over the place. I
don't know what's stored or where it's stored. I've been trusting
everyone. I haven't kept passwords. It was foolish of me, naive of
me."

But turning off the log-saving option is no guarantee of security with
instant messaging, Levy warned. Most common instant messaging
applications send data through a central server where all
communications are recorded and stored. There they remain should law
enforcement request them--or should an unscrupulous hacker or
disgruntled employee manage to steal them.

On top of that, common network "sniffers" can aid snoops in turning
private instant messages into public documents. To that end, some
companies, such as Seattle-based Mercury Prime, are devising
applications that send encrypted instant messages.

ICQ explicitly warns people not to use the application for sensitive
communications.

"Do not use ICQ for Mission Critical applications, Content Sensitive
material, if the risk of exposure to objectionable material is
unacceptable to you," reads the ICQ security page. Elsewhere ICQ
reiterates its warning more bluntly: "NEVER send any content-sensitive
material on ICQ."

Security experts extend that warning to all unencrypted electronic
communications.

"Electronic communications are becoming more and more important to the
enterprise," Levy said. "But whenever you use them, they might be used
against you sometime in the future."

For eFront, the exposure of the logs has placed the little-known
company at the center of an Internet tempest. Jain, 31, who owns about
85 percent of eFront, previously worked at a now-shuttered
Ticketmaster-like company called ETM.

With a partner, Jain started Netwhirl, which merged with eFront in
April 2000 to become eFront Media.

eFront now employs a dozen people in California, another handful
elsewhere in the United States, and has signed on about 170 Webmasters
around the world, Jain said.

Whatever good will remained among Webmasters after months of payment
problems was exacerbated by the posting of the ICQ logs, according to
a source close to the company who declined to be identified.

"If not for the logs, I think some of the Webmasters could be
appeased, but now everyone saw the inner workings of Sam," the source
said. "Even without pay, most of the Webmasters understood the market
crunch and were willing to bear with (eFront) in return for free
hosting, etc."

Jain acknowledges that tough times called for drastic measures.

"When the market was good, our payoff was high," he said. "When it
went bad...I cannot pull money out the air."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".