Better The Devil You Know? — Dangers Of Corporate Hacking By Former Employees Highlighted In Conviction Of Former Exel Transportation Systems Officer

Posted On Wednesday, March 6, 2013
By:

Corporate America has been rocked recently by revelations of hacking into company-wide computer systems from overseas, including concerns that the unlawful conduct is state-sponsored.  The more likely and immediate threat to all corporate systems, however, is the damage that can be done by individuals within or recently departed from a company.  A prime example of this problem is the hacking of the computer system of Dallas-based Exel Transportation Services by its former president Michael Musacchio and other former employees.  The case culminated with the conviction of Musacchio on Friday by a federal jury in Dallas for conspiring to hack into his former employer’s computer network.  United States v. Musacchio, No. 3:10-cr-00308-P (N.D. Tex.)

The Mussachio case represents a cautionary tale, both to companies concerned with cyber security and entrepreneurs looking for an edge against competition.  The genesis for the wrongful conduct was the desire for a market advantage by individuals who had left Exel to form a competing venture, Total Transportation Systems, LP, in 2004.  Now, with the settlement of a civil suit between the companies and three federal convictions in its wake, the Exel case stands as a stark reminder of how sensitive corporate information can be compromised by the combination of outrageous conduct by former company officials and a company computer system left susceptible to attacks by former employees.

According to the government, evidence submitted at trial demonstrated that that between 2004 and 2006, Musacchio, Brown and Kelly engaged in a scheme to hack into Exel’s computer system for the purpose of conducting corporate espionage.

In 2004, Musacchio left his position as President of Exel to form a competing company, Total Transportation Services, LP, where he was the original president and CEO.  Two other former Exel employees, Joseph Roy Brown and John Michael Kelly, also went to work at Musacchio’s new company.   According to the government, evidence submitted at trial demonstrated that between 2004 and 2006, Musacchio, Brown and Kelly engaged in a scheme to hack into Exel’s computer system for the purpose of conducting corporate espionage.  Through their repeated unauthorized accesses into Exel’s email accounts, the co-conspirators were able to obtain Exel’s confidential and proprietary business information and use it to benefit themselves and their new employer.

The criminal case against Musacchio was initiated with the indictment of Musacchio, Brown and Kelly in November of 2010.  Brown and Kelly entered guilty pleas in 2011, but have not yet been sentenced.  Following a 9-day trial in Dallas, the jury found Musacchio guilty of one felony count of conspiracy to make unauthorized access to a protected computer (hacking) and two substantive felony counts of hacking, under 18 U.S.C. §1030.

The matter had first come to light in 2006 when Exel filed a lawsuit against Total Transportation Services, including claims under the Computer Fraud and Abuse Act, the Stored Communications Act and the Texas Theft Liability Act, as well as common law claims for theft of trade secrets and tortious interference with contractual relations.  In that case, Exel alleged that Musacchio and others had systematically accessed Exel’s computer system and company e-mail accounts to obtain Exel’s trade secrets and other confidential and proprietary information in order to help establish Total Transportation Services.  Exel alleged further that the former employees used Exel passwords to hack into its computer system almost 1,200 times, accessing about 65 individual e-mail accounts.   The complaint alleged that they then used confidential company information to lure customers, employees and independent contractors to Total Transportation Services. 

The Exel case also demonstrates the high price of hacking for all of those involved.  According to separate announcements by both companies, the civil case was settled in May of 2007 under terms that required Total Transportation Services to pay Exel $10 million.  The settlement also included an agreement by Total Transportation Services to pay 10 percent of its gross margin for business with Exel’s top 25 customers over 18 months, and restrict themselves from soliciting, hiring and contracting with Exel’s agents or sales agents for 20 months.

Las Vegas Sands Corp. States That FCPA Violation Is ‘Likely’

Posted On Tuesday, March 5, 2013
By:

On Friday, Las Vegas Sands Corporation filed its 10-K with the Securities and Exchange Commission and, in its discussion of ongoing litigation, announced that the preliminary investigation revealed “that there were likely violations of the books and records and internal control provisions of the FCPA.”  The company balanced these remarks by stating that the findings do not have “a material impact” on the financial statements of the company and restatement of past financial statements is not warranted. 

The investigation began when, on February 9, 2011, Las Vegas Sands received a subpoena from the SEC requesting documents related to its compliance with the FCPA.  The company was aware that the DOJ conducting a similar inquiry which may have resulted from litigation brought by a former CEO of a Las Vegas Sands subsidiary.  The subpoena prompted the company to authorize its audit committee to investigate alleged FCPA violations.  While the audit committee found “likely violations” of the FCPA, the 10-K noted that the company had “improved its practices with respect to books and records and internal controls” and, while it was “cooperating with all investigations,” it was “unable to determine the probability of the outcome of this matter.” 

The company emphasized that it did not state that it had violated the anti-bribery provisions of the FCPA, but the “likely violations” were of the accounting provisions of the FCPA. 

After media reports targeted Las Vegas Sands for FCPA violations, including a New York Times headline stating “Casino Says It Likely Cheated,”  Las Vegas Sands issued a press release on Sunday directed at “misleading and sensationalistic reporting.”  The company emphasized that it did not state that it had violated the anti-bribery provisions of the FCPA, but the “likely violations” were of the accounting provisions of the FCPA.  The press release focused on the New York Times article which it characterized as “inflammatory and defamatory”.  Later that day, the New York Times clarified its article and admitted that “No Sands-owned ‘casino’ said that ‘it likely cheated.’” 

The past two years have witnessed significant developments in FCPA enforcement.  DOJ set records in 2010 and 2011 for the number of cases resolved, and for the length of prison sentences achieved in criminal prosecutions under the Act. In 2011, however, there was a rise in the number of FCPA matters taken to trial, a trend that is expected to continue.   It is estimated that 87 companies are currently under investigation for FCPA violations.  While the largest settlements to date have been with foreign companies, most of the companies currently under investigation are believed to be American companies, including Eli Lilly, Medtronic, Pfizer,  Alcoa, Goldman Sachs and Wal-Mart.

Categories