Woman charged with breaking into company's e-mail system

Computerworld - Massachusetts Attorney General Tom Reilly has filed charges against a Middleton, Mass., woman, accusing her of hacking into her former boss's computer system and forwarding confidential e-mails to former co-workers.
According to a statement issued by Reilly's office, Wendy Sholds, 38, faces two counts of unauthorized access to a computer system. She is scheduled to be arraigned July 1 in Salem District Court.
The charges against her stem from an incident at Middleton-based Business Travel International (BTI) in February, Reilly's office said.
At that time, two BTI employees reported that they had received an e-mail that appeared to have been sent by the company's CEO, according to Reilly. The e-mail allegedly contained actual correspondence between the CEO and a company vice president discussing the termination of the two employees, Reilly's office said.
An investigation by Massachusetts State Police assigned to Reilly's office and the Boston Computer Crime Unit found that the CEO had not sent the e-mail to the two employees. Through the investigation, the law enforcement agencies found that Sholds had allegedly used the CEO's user name and password to access the CEO's BTI e-mail account and then forwarded the message to the two employees.
The attorney general's office said Sholds also allegedly used the vice president's user name and password to access private information on the password-protected BTI Web site.
Sholds couldn't be reached for comment today.
John Grossman, chief of the Attorney General's High Tech and Computer Crimes Division, which is handling the case, said Sholds could face 30 days in the state House of Corrections if convicted of the misdemeanor crime.
Reilly's office has filed legislation to increase the penalties for hacking, but the bill has not yet been acted on by the state Legislature, he said.
Under that measure, anyone convicted of a serious hacking incident such as breaking into a pharmacy's computer system, downloading customers' personal information and posting it to another Web site, could be sentenced to up to five years in state prison, Grossman said. Such a crime would be considered a felony.
Someone convicted of a lesser, misdemeanor hacking offense such as unlawful trespassing could be sentenced to up to 2 1/2 years in prison. Currently, Grossman said, both such crimes are considered misdemeanors and thus subject to the maximum penalty of 30 days behind bars.
"These statutes were passed in the early '90s, when no one envisioned [what's happening now], and the state didn't comtemplate the damage that could be done," Grossman said.