IBM sued over multiple hacking of email server

Law firm alleges IBM-controlled PCs launched 42,000 attacks

A law firm is suing IBM, claiming that the computing giant is responsible for a 2005 attack on its email server.

Butera & Andrews claims that an unknown IBM employee attempted to attack its email server in November, shortly after the law firm discovered that its computer had been taken over by an unknown attacker. Security investigators traced the source of the attack to a computer within IBM’s Cornwallis Road facility in Durham, North Carolina, the law firm alleges.

An analysis of computer logs revealed “over 42,000” attempts by IBM-controlled machines to attack Butera & Andrews servers during 2005, the lawsuit claims.

Butera & Andrews is asking the court to force IBM to disclose information related to the attacks and to award it damages, including the US$61,000 (NZ$97,000) it spent investigating the matter.

IBM has asked for the case to be dismissed, saying that Butera & Andrews “alleges no facts to justify its supposition that its systems were attacked by an IBM employee, as opposed to a computer hacker”.

The law firm may have a hard time proving that IBM is to blame for this attack, according to a computer security expert.

Although Butera & Andrews may have traced their attack to an IP address controlled by IBM, (170.224.68.57, according to court filings) that address may have been spoofed, or IBM’s servers themselves may have been taken over by outside attackers, says Russ Cooper, a senior information security analyst at Cybertrust.

“There are lots of possibilities,” he says.

Butera & Andrews’ senior partner, James Butera, declined to comment on the matter, except to point out that IBM had not denied that its computers were involved in the attack.

IBM spokespeople were not immediately available for comment.

Join the newsletter!

Error: Please check your email address.

Tags email serverIBMhacking

More about IBM Australia

Show Comments
[]