SourceFire burnt again by rogue ex-employee

Asia Pacific-based partners of security vendor SourceFire have once again been sent abusive  emails in an attack the company attributes to a “disgruntled ex-employee”.

The latest expletive-laden email is the second to be sent to the company’s APAC channel partners - both purporting to be a memo written by SourceFire’s local managing director Ammar Hindi.

The first instructed partners to “be more productive with more f--king sales order of Sourcefire”.

The company at the time blamed this message on a former employee based in Singapore.

Last week’s email follows similar lines to the March 2010 effort, using graphic language to berate partners for their sales performance.

Hindi told CRN he believed the culprit behind last year’s hoax was most likely responsible for the latest attempt to discredit him and SourceFire. He declined to comment on the culprit’s motivation due to the ongoing nature of a combined SourceFire and Singapore police investigation.

Hindi would not confirm or deny whether the former employee had made off with an internal contacts database, saying the information could have come from a number of sources including LinkedIn.

He said the company was working to prevent such a situation occurring for a third time but there was no “100 percent guarantee”.

“Frankly, I’m not so sure you could bulletproof this process,” Hindi said. “You would expect people receiving the email to figure out from the contents that it is a hoax. However we are investigating with the police, and there are new procedures and guidelines that should make it more difficult to do that.”

He said the company had engaged in some communication with its partners but declined to comment on the number of Asia Pacific partners affected by the email.

IPSec signed on as a SourceFire partner in March last year, several days after the first wave of emails came to light. Director of Operations Ben Robson said the hoax would have no effect on IPSec’s relationship with the security solutions provider.

“We have no particular level of concern. It just looks like someone with their own agenda and an axe to grind attempting to discredit someone,” Robson said.

He said the extreme nature of the language involved, alongside the use of a Gmail account, undermined the email’s credibility. 

“If it was real, the language would have been far more moderated. Even if that level of anger existed it would have been far more diplomatic language,” he said. “The fact that it was extreme made it not likely to have come from the individual it claimed to.”

Robson was unconcerned the attacker had not been caught despite the initial investigation having begun two years ago.

“At the end of the day, it’s always a business decision and [run some] risk analysis to see what will be gained by pursuing an individual,” he said. “You always run the risk of perpetuating a bad situation. It’s pretty obvious it wasn’t from SourceFire, I don’t think many would have taken it seriously. It had little capacity to do any damage.

“It’s just the background noise of the modern internet.”