Another reminder about insiders, even though in this case, no confidential data was actually compromised because a would-be spy delivered the information to an undercover federal agent. From the press release from the U.S. Attorney’s Office in Massachusetts, a case first reported by Elizabeth Heichler on Computerworld:
An employee of a high technology company headquartered in Cambridge, Massachusetts was arrested and charged today in federal court with secretly providing confidential business information over an 18-month period to a person he believed to be an agent of a foreign government.
Elliott Doxer, 42, of Brookline, Massachusetts, was charged in a Complaint with one count of wire fraud. Doxer worked in the finance department of Cambridge-based Akamai Technologies, Inc., a provider of Internet content delivery services. The Complaint alleges that on June 22, 2006, Doxer sent an email to a foreign country’s consulate in Boston stating that he was willing to provide any information he had access to, that might help the foreign country. It is alleged that in later communications, Doxer said his chief desire “was to help our homeland and our war against our enemies.” He also allegedly asked for $3,000 in light of the risks he was taking. The foreign government cooperated with the United States in the investigation.
The Complaint alleges that in September 2007, a U.S. federal agent posing undercover as an agent of the foreign country spoke to Doxer and established a “dead drop” where the agent and Doxer could exchange written communications. The Complaint further alleges that from September 2007 through March 2009, Doxer visited the “dead drop” at least 62 times to leave confidential business information, retrieve communications, or check for new communications.
The Complaint alleges that among the confidential business items Doxer provided the undercover agent were an extensive list of Akamai’s customers; some contracts between Akamai and various customers revealing contact, services, pricing, and termination date information; and a comprehensive list of Akamai’s employees that revealed their positions and full contact information. According to the Complaint, Doxer also broadly described Akamai’s physical and computer security systems and stated that he could travel to the foreign country and could support special and sensitive operations in his local area if needed.
The Complaint does not allege that any representative of any foreign government sought or obtained sensitive information in this case, nor does the Complaint charge any foreign government representative with wrongdoing.
If convicted, Doxer faces a maximum penalty of 20 years’ imprisonment, a three-year term of supervised release, a $250,000 fine or twice the gain or loss, whichever is highest, and restitution to the victim.