The data was lost after the analyst’s home was robbed, but was later recovered by authorities. The analyst had taken the laptop home without clearance to do so.

The $20 million will be given in payments of $75 to $1,500 to veterans who can give clear evidence that they experienced emotional harm from the incident, or had expenses incurred from their stolen information.

If there is any money left over it will be donated to veterans-related charities.

Now Mr. Vitale faces 30 months in prison and $180,000 restitution to be paid to AOL. As noted by U.S. District Judge Denny Chin, “Spamming is serious criminal conduct; this is not a teenager engaging in child’s play.”

While that is true, Mr. Vitale also had 22 prior convictions, including running an online prostitution ring through the website Craig’s List, which couldn’t have helped his odds in this case.

His partner in crime, Todd Moeller, was sentenced to 27 months back in November.

DISH did win the case, but didn’t get the 10 figure outcome that company lawyers hoped for. Instead, after one day’s deliberation by the jury, NDS was ordered to pay $46.69 for reverse engineering one of DISH’s smart cards and $1,000 in punitive damages.

Both sides are calling this a victory. DISH says they won the case, which they did, but their legal fees clearly outweigh what they earned. And, let’s be honest, this is going to do zero damage to NDS’ credibility. NDS claims a victory because they don’t have to pay one billion dollars to DISH. As NDS attorney Richard Stone said after the jury’s verdict came in, “We’ve been completely vindicated on this whole lawsuit.”

NDS says that Christopher Tarnovsky, the hacker in question, was only employed to reverse engineer rival companies’ products. Tarnosvsky admitted he helped develop pirating software, but testified that he didn’t use it to hack into DISH’s security system. Tarnokvsky did say, however, that his first payment came in the form of $20,000 cash “hidden in electronic devices mailed from Canada,” such as CD and DVD players. Doesn’t sound like the most transparent way of doing business. He also said that he was paid by Harper Collins, another News Corp subsidiary, on a regular basis for 10 years.

While Tarnovsky says he “never got money for reprogramming Echostar cards,” he did admit that he created something called “the stinger,” a tool capable of electronically communicating with any smart card in the world. To further complicate NDS’s position, another hacker testified that a third hacker and an NDS employee used the stinger to reprogram a number of EchoStar smart cards.

A good breakdown of EchoStar’s allegations can be found by heading over to Wired Magazine’s report on the story.

Authorities discovered Jin was carrying about $30,000 in cash as well as over 1,000 confidential electronic and paper proprietary documents, all belonging to her former employer, known only in federal documents as “Company A.” According to the indictment against her, Jin was storing the information on a laptop, various hard drives, a thumb drive and a number of data CDs when her luggage was searched.

“We have to be vigilant in preserving the integrity of trade secrets to provide an honest playing field among business competitors, whether foreign or domestic. Trade secrets often are a business’s most valuable assets, and protecting them from theft and betrayal is a high priority for law enforcement,” Patrick J. Fitzgerald, the U.S. Attorney for the Northern District of Illinois, said in a statement released on Wednesday.

While an official release from the Department of Justice claims that Company A spent “hundreds of millions of dollars on research and development for the proprietary information” that Jin had in her possession, reports by the Chicago Tribune and Information Week both put that price tag at $600 million. If convicted, Jin faces a maximum penalty of 10 years in prison and a $250,000 fine for each charge.

“Alpha has suffered and continues to suffer irreparable damage as a result of defendant’s misappropriation of Alpha’s confidential, proprietary and trade secret information.”

Vance hasn’t shown up to any of his eight scheduled court appearances, maybe because he was so busy acquiring jobs at rival companies. In 2005, according to the Herald Tribune, he worked for Florida-based Alpha Mining Systems, Alpha’s China-based competitor Guizhou Tire Co. and United Arab Emirates-based Al Dobowi Group. His job description? Hand over secret Alpha documents to its rival firms, including design blueprints, and advise rivals’ clients that they now can get Alpha designed tires directly from Guizhou.

There’s no word on whether Vance can afford to pay the $19.7 million fine or not (as the Herald Tribune puts it, he may not have the “wherewithal”). It’s also unclear how Vance got the idea to work for Alpha’s overseas rivals in the first place – whether he was disgruntled and reached out to them, or the other way around. Whatever the case, he’s been barred “from working in mining worldwide or contacting his current employers or any current or former customers of Alpha.”

There is one minor fault in the story worth noting: The Herald Tribune states, “Del-Nat Tire Corp. and American Tire Corp. were buying a combined average of $1.9 million per month from Alpha until April 2005, when they stopped buying anything.” American Tire Corporation fervently denies having ever heard of Alpha, yet alone conducting business with the company. So, for all of you conducting business with ATC, don’t worry they’re in the clear.

According to the Centre for the Protection of National Infrastructure, “The contents of [Evans'] letter highlight the following: the Director-General’s concerns about the possible damage to UK business resulting from electronic attack sponsored by Chinese state organisations, and the fact that the attacks are designed to defeat best-practice IT security systems.”

The People’s Liberation Army (PLA) has allegedly been supporting computer hackers for some time now, and it’s thought that they have already used limited cyber-warfare as a response to recent public U.S. missteps – such as the bombing of the Beijing Embassy in Belgrade in 1999 and after a U.S. spy plane collided with a Chinese fighter in 2001.

Although Beijing denies any connection to the recent attacks, China is undeniably building up what Time Magazine appropriately labels a “cybermilitia” (see the linked story above). One example is a recent cash contest sponsored by the PLA to recruit the most talented local hackers across the country.

The letter from Evans shows the growing concern that western nations have over electronic security threats but, according to Graham Cluley, senior technology consultant for Sophos, it is “unusual for a country to so openly accuse another of engaging in this activity – especially when it can be extraordinarily difficult to prove an attack is being sponsored by a government or is a lone hacker acting independently.”

Over a 16-hour period in September, the company discovered 1,100 emails from a supposed employment agency containing files allegedly offering information on potential job candidates. The emails included personal details of the targeted executives, such as full names and position titles, in order to seem more reputable.

What MessageLabs discovered is that the files, most of which were in Microsoft Word format, included Trojan horses designed to steal corporate secrets.

Trojan horses, or Trojans, have been around for quite some time in the computing world. They become installed when a user unwittingly opens a program containing malicious code. The program then infects the computer, allowing hackers remote access. More recently, hackers have been able to develop Trojans that install themselves after a user opens an image or PDF file containing the rogue program.

In the past, similar attempts at data mining included “phishing” schemes, where scammers who posed as reputable sources sent out emails asking for personal information such as bank accounts or social security numbers.

The danger with the new methods, as experts point out, is hackers are becoming increasingly adept at making infected email attachments appear legitimate and increasing the chances that those files get opened by the recipient.

Commentary: Trojans can come from more than just emails, it’s also possible to acquire them through downloads, websites, peer to peer programs and, on rare occasions, physically being installed on a computer. Although they have been around for awhile (at least since the early 80′s), many people are still oblivious towards the harm they can cause.

The quick fix: keep business computing use for business purposes. Don’t put yourself at risk by viewing less than reputable websites or downloading unnecessary programs. And, most importantly, if you get an email attachment from a sender you don’t recognize: don’t open it!

The first man, Odalis Bostic, is accused of trying to steal $420,000 from the mayor through two forged checks in the name of Bloomberg’s financial manager.

Bostic attempted to deposit the two checks, both issued from Bloomberg’s personal account with Bank of America, into accounts he established with Sovereign Bank and PNC. Due to the large amounts of the checks, both banks put holds on the checks and discovered the fraud.

Another instance of attempted fraud against the mayor was discovered during the investigation of Bostic. Charles Nelson was charged with an unrelated case of fraud citing his transfer of $10,000 from Bloomberg’s personal account to an E*Trade account established in his name.

Authorities found a computer, various documents and two guns on Nelson when he was arrested in Newark, New Jersey.

The ban is based on concerns brought up by France’s General Secretariat for National Defense over two years ago after a study, released by France’s head of economic intelligence, claimed that Blackberries cause a security threat.

Research in Motion (RIM), maker of the Blackberry devices, believes their products are secure as “no one, including RIM, has the ability to view the content of any data communication sent using the BlackBerry Enterprise Solution,” the company said. Additionally, the device has been approved for official use by the UK, U.S., Australia, New Zealand, Austria, Canada and NATO.

Commentary: Despite the ban, there have been reports of French government officials using the device in secret. Vive la resistance.

A San Jose U.S. District Court grand jury indicted Lan Lee, 42, of Palo Alto and business partner Yuefei Ge, 34, of San Jose for allegedly developing microchips through their company, SICO Microsystems Inc., based on stolen designs. They are accused of reaching out to Chinese government agencies for funding, including a branch of the Chinese military.

Mountain View-based NetLogic Microsystems Inc. and the San Jose office of Taiwan Semiconductor Manufacturing Co. are two of the companies from which Lee and Ge allegedly stole classified documents.

Only three people have ever been found guilty of economic espionage in the United States – all were from Silicon Valley.

The defendants used the information to file over 365 fraudulent federal tax returns in 27 states, according to U.S. Attorney John Wood.

Some of the money obtained through the conspiracy was wired to bank accounts in Kenya, where at least 12 of the defendants were born or held citizenship, Woods said. The money was then withdrawn from ATM machines within Kenya.

The tax returns were filed online through computers at public coffee shops and restaurants in order to conceal the conspirators’ identities. The filing fees were paid with credit cards opened in identity theft victims’ names.

Ten of the defendants are being held in custody, three are believed to have fled to Kenya and four have yet to be accounted for, prosecutors say.

The study says that companies with over $5 billion in revenue lost more than $20 million on average due to fraud-related damages over the past three years. One in ten large companies lost over $100 million due to fraud over the same period.

Andres Antonius, President of Kroll Consulting Group, said the high amount of damage is due to increased “globalization and heightened public sensitivity.”

Antonius goes on to elaborate:

“More and more companies- not just Fortune 100 organizations- are doing business all over the globe. It’s a major challenge to understand different legal frameworks and different cultural approaches to doing business.”

According to the study, the most common type of fraud is loss of physical assets.

Now the emails are posted on various sites around the web.

One key strategy that MediaDefender employs to combat illegal downloads is flooding various BitTorrent applications with phony material. However, the stolen emails also exposed some of MediaDefender’s less-scrupulous endeavors.

One such strategy was a fake pirate site called WiiVii.com that offered copyrighted files ready to download. As someone downloaded from that site, their IP address was saved in MediaDefender’s databases. Additionally, software was unknowingly installed on the user’s computer effectively turning it into a “zombie machine” helping to send fake files across file-sharing networks.

Commentary: There’s no real “good guy” in this situation. Yes, the emails were stolen, but they showed off some of the dirtier tactics employed by MediaDefender. Companies have started using progressive methods of fighting piracy and it’s inevitable that they’re going to have to do the same thing with online file sharing. All that money and effort fighting Napster early this century didn’t put a dent in peer-to-peer networks, or the new and improved methods of downloading files through BitTorrent.

The company reported on July 3rd that the administrator illegally downloaded the information and sold it to a third party data broker, who in turn sold the data to various marketing companies.

Fidelity National confirmed that the unnamed employee had been fired.

Commentary: Over 3.5 million credit card accounts were taken along with over 1.4 million credit card numbers. This is a prime example of how one employee can cause significant damage to a large corporation, their reputation, and their clients.

Schetty, concerned that Rohm and Haas would steal Technic’s bid with Intel, convinced unnamed Technic and Amkor employees to sabotage Rohm and Haas’ test at an Amkor facility in the Philippines. Schetty is looking at a possible maximum sentence of 10 years in prison, 3 years probation and a $250,000 fine. He agreed to pay $15,536 in restitution to Rohm and Haas.

Read the full article.

Commentary: Talk about going to extremes to stop the competition. Schetty actually convinced Technic employees that it was ‘good business’ to destroy a rival’s product. Another example of how one employee can ruin an entire company (even their own).

To help protect its reputation, IBM announced this week that it was establishing a code of conduct to govern its more than 5,000 employees who have a presence (or “avatar”) on “Second Life” and other online universes.

IBM appears to be the first corporation to create rules governing virtual worlds- its guidelines address such things as protection of intellectual property, export controls (!), proper attire, and even sexual harassment and discrimination:

IBM strives to create a workplace that is free from discrimination or harassment and takes steps to remedy any such problems. External virtual worlds, however, are outside of IBM’s control. If you are in a virtual environment in conjunction with your work at IBM and you encounter behavior there that would not be acceptable inside IBM, the recommended approach is to ignore such behavior and to “walk away” or even sign out of the virtual world.

Commentary:Check out the full IBM net-world guidelines here.

Back in the Q2 edition of Ethisphere, we reviewed IBM’s “real world” code of conduct and were impressed – while this online code is not quite as good, they are the first corporation to have established one of its kind, which is impressive in its own right.

See the avatar in the picture up above? That’s the avatar of Sam Palmisano, the CEO of IBM. Other than dressing himself in the IBM blue, it looks like he grew about a foot and hit the gym… sure beats having to work out for real.

The suit is asking for Pfizer to provide long-term identity theft insurance as well as compensation for damages the 17,000 employees may have incurred. Currently the company is providing a one year, $25,000 identity theft insurance policy as well as one year of free access to a national credit reporting company.

Read the story as posted by Forbes.

Commentary: Adding insult to injury, it took over nine weeks for Pfizer to inform the violated employees of the infraction after it became known to the company. This seems like an unfortunate amount of time for such important information to be known to the victims.

“Yes, we did it… but we didn’t see it.” Um…what????

SAP admitted this week that a subsidiary had completed “inappropriate downloads” of documents belonging to arch competitor Oracle. However, the company said that it had not had access to that material because firewalls had protected the downloads from SAP’s view.

“Even a single inappropriate download is unacceptable from my perspective. We regret very much that this occurred,” SAP Chief Executive Henning Kagermann said, striking a more conciliatory note than recent SAP declarations that it would aggressively defend itself in the case.

Commentary: SAP didn’t have much of a choice as they were caught RED-HANDED (we covered this in an earlier post back in March). That being said, we are more inclined to agree with JP Morgan software analyst Stefan Kuppen who says “Looking at the details they’ve given, it looks like things went wrong at the subsidiary but it doesn’t look like a concerted effort at industrial espionage.”

The bottom line is that Oracle is blowing this case way out of proportion – doing so because they know that they can win the PR war on it.

To an outsider, it is an excellent learning example for employees: a very small division of SAP is causing all kinds of headaches for a global multi-billion corporation. Some good ethics and IP (and judgment) training could have prevented this costly embarrassment.

While the result would be nothing short of a riot in the work-obsessed United States, it has become a reality in France as French intelligence officials have identified the handheld devices as a security threat. The ban on the use of Blackberries inside the presidential palace and government ministries rose from concerns of espionage and leaking of sensitive data. The main area of concern, asserts French newspaper Le Monde, is the United States National Security Agency (the logic being that Blackberry data is routed through servers here).

Commentary: This is the type of story just tailor-made for the media and it’s easy to poke fun at the French for overreacting. But, realistically, the French have an entirely legitimate concern.

Underscoring the severity of the misconduct, this was the largest fine that AMF could have levied.

At issue is that GLG allegedly illegally used sensitive information to trade shares in Vivendi, ahead of a bond issue by the French media group. Three other hedge funds – UBS O’Connor, Meditor Capital Management and Ferox Capital Management – were also fined for the same offenses.

The bookrunner for the bond issue, Deutsche Bank, was also fined €750,000 for failing to keep adequate records of phone conversations and destroying potential evidence around the illegal trading (which occurred back in November of 2002).

News of a convertible bond sale often sends a company’s shares lower – and when the news of Vivendi’s impending bond sale broke, its stock dropped 14%. Investment banks typically phone investment funds prior to this official announcement to gauge their interest in the offering in a process known as “book building”. Hedge and other investment funds are forbidden from trading on this inside information- but GLG and the other three funds apparently freely traded on the information.

Deutsche Bank was also fined $11 million earlier this year by regulators in Britain for “market misconduct” connected to two stock offerings it managed in 2004.

Commentary: This is just bad business all around. And you can be sure that for each time that fund is unlucky enough to get caught – there are 50 more instances where they weren’t. Hedge funds are rife with insider trading… and increasingly good at covering their tracks (the cases are hard to prove to begin with).

Perhaps the most widely-known incident is the lawsuit filed two weeks ago by the Connecticut Attorney General, Richard Blumenthal, alleging that Best Buy was deceiving customers. According to the suit, Best Buy maintained discrepancies between promotions found on the Best Buy Internet website and “deals” found at in-store kiosks. Blumenthal described instances when employees of the country’s largest consumer electronics retailer charged higher prices for items by using its look-alike internal website.

In a comment to the Associated Press, Blumenthal stated, “Best Buy gave consumers the worst deal – a bait-and-switch-plus scheme luring consumers into stores with promised online discounts, only to charge higher in-store prices.”

Another headache for Best Buy was the April arrest of one of its “Geek Squad” employees for allegedly trying to tape a customer as she showered while the employee was in her home setting up equipment. The family, of course, filed a lawsuit, on the premise that they had relied on the company to screen and train agents before sending them into people’s homes – as their Geek Squad brochure promises to provide “agents you can trust.”

To top things off, one of the attorneys for Best Buy, Timothy Block, admitted last week to committing one of the ultimate sins in the legal profession: falsifying e-mails and a memo before turning them over to plaintiffs in a nationwide class-action lawsuit. This stems from a 2003 lawsuit against Best Buy and MSN which accused the companies of signing up at least 100,000 customers for trial subscriptions to Microsoft Corporation’s MSN Internet service from 1999 to 2003, in many cases without the customer’s knowledge

King County Superior Court Judge Douglass North Jr. has previously scolded Best Buy for not being forthcoming with documents related to the case. This new revelation will make it hard for Best Buy to dismiss the case, and in all likelihood will tack on tens of millions of dollars in damages to any judgment.

Commentary: We are surprised at these series of events surrounding Best Buy. Our analysis of Best Buy’s operations has historically suggested a relatively strong commitment to compliant and ethical business practices. Are these isolated problems, or symptoms of a larger, systemic cultural and business issue? Time will tell. Our advice would be to try and get these cases settled as soon as possible rather than letting them drag on through the courts and continue to damage the company’s reputation.

The WSJ article was all about how a cottage industry has sprung up to try and remove negative information about people and companies – or at least lower the placement of such items – on search engines:

“…a company called ReputationDefender Inc. that promises to help individuals “search and destroy” negative information about them on the Internet. Businesses and others have long employed so-called search-engine-optimization techniques to try to make themselves appear higher in Web-search results. Now services like ReputationDefender and DefendMyName are charging fees that can run into hundreds of dollars to help clients remove or downplay unflattering online information.

The companies cite success stories of customers who have buried snippy blog comments, embarrassing photos or critical mentions of their names. But, as [one client] found out, the services can’t wipe everything off the Internet, and their efforts can backfire. ReputationDefender sent a letter to political blog Positive Liberty asking it to remove [a client's] name from a critical entry on the grounds the post was “outdated and invasive.” Blogger Jason Kuznicki refused, and posted a new entry mocking the request. He says he “had a good laugh over it.”

ReputationDefender also sent a takedown request to Consumerist, a Gawker Media blog that had written about a man who was briefly jailed for harassment after repeatedly calling online travel agent Priceline.com Inc. for a refund. The letter asked the blog to remove or alter the archived post, saying it was “outdated and disturbing” to its client. Consumerist editor Ben Popken blasted the request with a profanely titled entry, calling it an attempt at censorship. “It’s not like we’re spreading libel,” he said. “They were trying to put the toothpaste back in the tube.”

Commentary: Okay – the WSJ piece raises some legitimate issues, some of which we have already written about (see the Ethisphere Q1 Edition cover story, “Is Google Labeling Your Company Unethical?”). The bottom line is that in the online world, it is going to be very hard to control what people say about your or your brand unless it is clearly defamatory (an example of defensiveness is illustrated in the Ethisphere Q2 Edition article, “What’s Ailing Johnson & Johnson?,” which discusses J&J’s purchases of negative domain names such as www.thepatchkills.com in order to try to head off negative online postings).

Oh so often we are reminded that life is stranger (and funnier) than fiction. Poor Segev.

The perpetrator of the trade secret theft, Joya Williams, had faced up to 10 years in prison on the single conspiracy charge in a failed scheme to sell Coke’s trade secrets to rival Pepsi for at least $1.5 million.

U.S. District Judge J. Owen Forrester departed from federal sentencing guidelines (which would have recommended 5 years) and said to the court that he was meting out a longer sentence because, “This is the kind of offense that cannot be tolerated in our society”… and that “I can’t think of another case in 25 years that there’s been so much obstruction of justice.”

Commentary: While this was a very straight-forward case and a very obvious conviction, we have to admit that we were surprised that the judge imposed as stiff a sentence as he did. In part, our surprise is simply because most other judges in the country fail to impose extended prison terms for what some people feel is a ‘victimless’ crime unless it involves national security issues.

Hmmmm…. memo to potential trade secret criminals: if you are thinking about pursuing a dastardly life of corporate espionage and crime, it’s better to live in Connecticut than Georgia. Better yet, just don’t do it – as companies (and judges) are getting tougher on it for the most part.

Telemarketing fraud, once limited to small-time thieves, has become a global criminal enterprise preying upon millions of elderly and other Americans every year, authorities say. Vast databases of names and personal information, sold to thieves by large publicly traded companies, have put almost anyone within reach of fraudulent telemarketers. And major banks have made it possible for criminals to dip into victims’ accounts without their authorization, according to court records.

The banks and companies that sell such services often confront evidence that they are used for fraud, according to thousands of banking documents, court filings and e-mail messages reviewed by The New York Times.

Although some companies, including Wachovia, have made refunds to victims who have complained, neither that bank nor infoUSA stopped working with criminals even after executives were warned that they were aiding continuing crimes, according to government investigators. Instead, those companies collected millions of dollars in fees from scam artists…

In a lawsuit filed last year, the United States attorney in Philadelphia said Wachovia received thousands of warnings that it was processing fraudulent checks, but ignored them. That suit, against the company that printed those unsigned checks, Payment Processing Center, or P.P.C., did not name Wachovia as a defendant, though at least one victim has filed a pending lawsuit against the bank.

During 2005, according to the United States attorney’s lawsuit, 59 percent of the unsigned checks that Wachovia accepted from P.P.C. and forwarded to other banks were ultimately refused by other financial institutions. Wachovia was informed each time a check was returned.

“When between 50 and 60 percent of transactions are returned, that tells you at gut level that something’s not right,” said the United States attorney in Philadelphia, Patrick L. Meehan.

Other banks, when confronted with similar evidence, have closed questionable accounts. But Wachovia continued accepting unsigned checks printed by P.P.C. until the government filed suit in 2006.

Commentary: It isn’t news that people are defrauding the elderly. The elderly has long been obvious and easy targets. Is it easier in the age of the Internet and identity theft? Maybe, maybe not. What is interesting about this case is Wachovia’s apparent willful blind eye to the activities. As readers of Ethisphere know, the Q2 Edition of Ethisphere Magazine publicized the 2007 Rankings (by industry) of the World’s Most Ethical Companies. Neither of the two banks featured in this article (Wells Fargo and Wachovia) made their financial service industry’s ethical leadership list. However, Wells Fargo was relatively close – and Wachovia missed out by a long shot. This is an interesting fact considering if you read this article closely, the business practices being spelled out by the NY Times closely and accurately affirm what the rankings have found.