ICQ logs spark corporate nightmare

Thousands of confidential messages between the CEO of an Internet company and top executives have been posted on the Web, stirring up a hornet's nest of corporate intrigue.

Paul Festa Staff Writer, CNET News.com
Paul Festa
covers browser development and Web standards.
Paul Festa
6 min read
Click here to Play

Protecting IM from probing eyes
Andre Durand, founder, Jabber.com
Thousands of confidential messages between the CEO of an Internet company and top executives have been posted on the Web, stirring up a hornet's nest of corporate intrigue and providing a rare glimpse into a dot-com as it struggled to cope with a brutal shakeout.

Last week, hundreds of pages of the ICQ instant messaging logs were posted on the Web and copied onto various sites, creating the kind of information security breach that has become one of the worst corporate nightmares of the digital age. The logs, which were apparently snatched from a PC used by Sam Jain, CEO of eFront, have nearly paralyzed his company and created a personal nightmare for Jain.

"I'm tired of it; I just want to go on with my company," Jain said. "People out there are stalking me, threatening me with death threats...scanning my cell phone frequency."

The logs, which read like transcripts of telephone conversations, include explosive discussions regarding business partners, employees and affiliated Web sites. Whether the files are authentic or not, they've already exposed eFront to embarrassment and could lead to possible legal troubles.

The controversy, which has been the subject of intense scrutiny and debate on various Web sites, including dot-com deadpools and other discussion sites, serves as a fresh reminder of the permanence of seemingly fleeting electronic correspondence.

At the technical core of this particular exposure of an executive's communications is the ability of the ICQ messaging application--a property of AOL Time Warner--to store a log of all incoming and outgoing messages. The feature is not shared by MSN Messenger Service, Yahoo Messenger or AOL Instant Messenger for the Windows operating system. AIM for the Mac has a logging feature, which is set to "off" in the default configuration.

As for eFront, hackers have apparently created havoc with the computer systems, possibly by using information contained in the ICQ logs. For example, eFront employees are not using the in-house e-mail server, resorting instead to Web-based e-mail services such as Hotmail "until we can get the security matter resolved," Jain said late Wednesday.

In addition, since the initial posting of Jain's ICQ logs last week, several members of eFront's senior management team have resigned, some strategic partners have publicly distanced themselves from the company, and unhappy Webmasters are aligning to take action against it.

see story: Are ICQ logs admissible? eFront runs a network of affiliate Web sites, which agree to pool traffic as a way to command higher advertising rates. Revenue is shared among all the sites based on the number of page turns they each produce. Many of the messages in the intercepted ICQ log discuss strategies for weathering an industrywide plunge in advertising revenue.

According to Jain, the logs are legitimate but have been "doctored." Several sources whose correspondence or confidential information was included in the logs have confirmed their general authenticity with CNET News.com.

An eFront representative said the issue has been referred to the FBI.

"We are aware of the allegations and we are assessing the situation, but at this time there is no active investigation," said Laura Bosley, a representative for the FBI's Los Angeles field office.

A cautionary tale
After the logs' exposure Wednesday and Thursday of last week, sources close to eFront said that members of senior management went to Jain and asked that he resign and yield check-writing privileges.

When Jain declined the offer, sources said Vice President Dennis Acebo resigned, followed by Chief Technology Officer Matt Levine and Bill Hodson, who had been considered a potential interim CEO. Vice President of Finance and Administration Bill Schmidt had resigned Wednesday, just before the posting of the logs. Vice President of Acquisitions Jonathan Roy also resigned Tuesday.

In one indication of the turmoil, the Web page listing eFront's management now redirects visitors to a contest entry form.

The posting of the logs has also complicated relationships with partners.

Net Communities, a company based in Middlesex, England, that sells ad inventory for eFront, said it is reevaluating its plans with eFront in light of the logs.

"We are reviewing our future business relationship with eFront," said Managing Director Andy Evans. "I don't think I can define it at the moment. You know as well as I do that life isn't as simple as that right now.

"I want to be 100 percent clear. My company is a supplier to eFront, and that is it. I have observed what eFront is doing, and I have my own opinions, which I'm not willing to share at the moment."

Some Web sites that posted copies of the logs this week and last have received e-mails referring to the logs as "proprietary information" and asking Web operators to remove the logs, links to other postings, and forums devoted to the controversy.

An open book?
Meanwhile, the firestorm highlights a little-understood feature of ICQ to store long-forgotten messages.

"With ICQ you have the option so that any messages you send or receive are saved to a log file on your machine," said Elias Levy, chief technology officer with SecurityFocus.com. "I did notice that in some point in the communications (Jain) mentioned that he had this functionality turned on, that he was keeping a log of his messages. So he was aware of it and was using it on purpose."

Jain said he knew the logs were being saved, while acknowledging some uncertainty about his company's information security practices.

"I was aware that my e-mail and ICQ logs were stored," Jain said. "The bottom line is that our information is stored all over the place. I don't know what's stored or where it's stored. I've been trusting everyone. I haven't kept passwords. It was foolish of me, naive of me."

But turning off the log-saving option is no guarantee of security with instant messaging, Levy warned. Most common IM applications send data through a central server where all communications are recorded and stored. There they remain should law enforcement request them--or should an unscrupulous hacker or disgruntled employee manage to steal them.

On top of that, common network "sniffers" can aid snoops in turning private instant messages into public documents. To that end, some companies, such as Mercury Prime and QuickSilver Messenger, are devising applications that can send and store encrypted instant messages.

ICQ explicitly warns people not to use the application for sensitive communications.

"Do not use ICQ for Mission Critical applications, Content Sensitive material, if the risk of exposure to objectionable material is unacceptable to you," reads the ICQ security page. Elsewhere ICQ reiterates its warning more bluntly: "NEVER send any content-sensitive material on ICQ."

Security experts extend that warning to all unencrypted electronic communications.

"Electronic communications are becoming more and more important to the enterprise," Levy said. "But whenever you use them, they might be used against you sometime in the future."

For eFront, the exposure of the logs has placed the little-known company at the center of an Internet tempest. Jain, 31, who owns about 85 percent of eFront, previously worked at a now-shuttered Ticketmaster-like company called ETM.

With a partner, Jain started Netwhirl, which merged with eFront in April 2000 to become eFront Media.

eFront now employs a dozen people in California, another handful elsewhere in the United States, and has signed on about 170 Webmasters around the world, Jain said.

Whatever good will remained among Webmasters after months of payment problems was exacerbated by the posting of the ICQ logs, according to a source close to the company who declined to be identified.

"If not for the logs, I think some of the Webmasters could be appeased, but now everyone saw the inner workings of Sam," the source said. "Even without pay, most of the Webmasters understood the market crunch and were willing to bear with (eFront) in return for free hosting, etc."

Jain acknowledges that tough times called for drastic measures.

"When the market was good, our payoff was high," he said. "When it went bad...I cannot pull money out the air."

Staff writers Mary Jo Foley and Greg Sandoval contributed to this report.