SAN JOSE – 8 September – LAWFUEL – The Law News Network – The United States Attorney’s Office for the Northern District of California announced that William Carl Shea, 39, of San Jose, California, the former Program Manager of a Silicon Valley-based debt collection company, was convicted late yesterday afternoon by a federal jury in San Jose of intentionally causing damage to a computer, in violation of 18 U.S.C. §§ 1030(a)(5)(A)(I) & 1030(a)(5)(B)(I) and 1030(c)(4)(A). The jury deliberated for approximately two hours.
According to the indictment and evidence introduced at trial, Mr. Shea placed malicious computer code on the network of the Bay Area Credit Services, Inc. in San Jose that caused the deletion and modification of financial records and disruption of the proper functioning of the computer network. More than 50,000 debtor accounts were ultimately affected by the operation of the code before it was stopped. Testimony at trial indicated that the loss to the company as a result of the defendant’s time bomb exceeded $100,000, though the exact amount has not yet been determined.
Evidence presented at the six-day trial showed that Mr. Shea was hired around August 2001 as a programmer and manager of the company’s specialized financial software computer network. In this position, Mr. Shea had administrative level access to and familiarity with the company’s computer systems, including the database server. After Mr. Shea was advised of adverse employment issues near the end of 2002, he was placed on a performance improvement plan on January 6, 2003. The evidence showed that a “time bomb” was placed onto the company’s network around that time. When the defendant failed to show up at work without any prior notice on January 17, 2003, he was terminated. Company officials did not know at the time that he had placed malicious code on the computer network that was set to delete and modify data at the end of the month.
After the code corrupted financial records, investigators and others traced the access and modification of the time bomb to the defendant. Each point of access was through one of the defendant’s accounts. The malicious code was written to delete the source code but officials eventually found a copy on a backup tape, which further confirmed Mr. Shea’s involvement. Evidence was also presented that Mr. Shea deleted computer records concerning his command history of access to the time bomb.
The maximum statutory penalty resulting from the conviction is five years in prison, a maximum fine of $250,000 or twice the gross gain or loss whichever is greater; a three year term of supervised release; and $100 mandatory special assessment. However, any sentence following conviction would be imposed by the court after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. § 3553. United States District Judge Ronald M. Whyte, who presided over the trial, set sentencing for November 21, 2005, at 9:00 a.m. in San Jose.
The prosecution is the result of an investigation by the Federal Bureau of Investigation’s Cyber Crime Squad in Oakland. The investigation was overseen by the Computer Hacking and Intellectual Property (CHIP) Unit of the United States Attorney’s Office for the Northern District of California. Mark L. Krotoski is the Assistant U.S. Attorney from the CHIP Unit who is prosecuting the case.