IBM Office Accused of Hacking Law Firm A federal judge is considering whether a lawsuit can go ahead in which a law firm claims that IBM and an employee in its Durham, N.C., facility tried to hack into the law firm's e-mail system. The complaint alleges that more than 42,000 attempts were made to enter the firm's system.
NPR logo

IBM Office Accused of Hacking Law Firm

  • Download
  • <iframe src="https://www.npr.org/player/embed/5590278/5590279" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
IBM Office Accused of Hacking Law Firm

IBM Office Accused of Hacking Law Firm

  • Download
  • <iframe src="https://www.npr.org/player/embed/5590278/5590279" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

MICHELE NORRIS, host:

From NPR News this is ALL THINGS CONSIDERED. I'm Michele Norris.

ROBERT SIEGEL, host:

And I'm Robert Siegel.

A Washington, D.C., law firm says somebody at IBM attacked the firm's computers thousands of times. The law firm wants IBM to pay attorneys fees and for an upgrade to the firm's computer security system.

IBM wants a judge to throw out the case, as NPR's Ari Shapiro reports.

ARI SHAPIRO reporting:

It's a hacker whodunit and so far the facts are sparse. Anita Ramasastry directs the Shisler Center for Law, Commerce & Technology at the University of Washington.

Ms. ANITA RAMASASTRY (University of Washington): We know very little. We just know that, you know, apparently there have been sort of 42,000 unauthorized attempts to hack into or break into a small law firm's computer system and that IP addresses, internet protocol addresses, have been traced back to IBM.

SHAPIRO: An internet protocol address is like a signature. It identifies the computer the data came from. The IBM IP addresses led the law firm of Butera and Andrews to conclude that someone at IBM was trying to hack into the firm's system. The lawsuit does not suggest a motive and Ramasastry is hard-pressed to come up with one.

Ms. RAMASASTRY: The likely conclusion is that somebody else is doing it for other reasons, not IBM.

SHAPIRO: That was also the first conclusion Jim Neff reached. He's a law professor at Indiana University who notes that a hacker can route an attack through an unsuspecting third party.

Mr. JIM NEFF (Indiana University): Any hacker worth his salt is going to use somebody else's IP address or disguise his own in some way so that it can't get traced back to him.

SHAPIRO: Neff says if these hacking attempts came from someone outside of IBM, there's not much precedent for holding IBM accountable in court. Neither IBM nor the law firm would comment for this story.

The plaintiffs in this case say the hacker was an insider, an IBM employee. Colorado Law School Professor Paul Ohm says if that's so, the law firm still has a difficult task. They have to show that IBM was not just negligent -

Mr. PAUL OHM (Colorado School of Law): No, instead what we're going after is intentional acts. And because every cause of action that's been brought against IBM in this lawsuit requires intentionality, that makes it a very, very hard case for this law firm to prove.

SHAPIRO: In fact, half a dozen law professors interviewed for this story all agree that the law firm's claims in this case are puzzling at least. Some called the allegations farfetched. Professor Ohm has a theory about why a small law firm might bring such a suit.

Mr. OHM: My guess, and I'm completely reading tea leaves here, my guess is this law firm thought these are defendants of very deep pockets. So if we could have any success at all in this case, that might force this big corporation to settle with us.

SHAPIRO: IBM does not seem ready to settle yet. The company has asked a judge in Washington to throw the case out. Both sides are waiting for the judge's ruling.

Ari Shapiro, NPR News, Washington.

Copyright © 2006 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.