By Sharon Gaudin
July 11, 2007
A disgruntled Boeing employee was charged Tuesday with 16 counts of
computer trespass for allegedly stealing more than 320,000 company files
over the course of more than two years and leaking them to The Seattle
Gerald Lee Eastman, who was a quality assurance inspector at Boeing at
the time of the thefts, is slated to be arraigned on July 17, according
to a spokesman for the King County Prosecuting Attorney's Office. He
faces up to 57 months in prison if convicted on all counts.
According to a criminal complaint, a search of Eastman's home found
computers and storage devices containing more than 320,000 pages of
"very sensitive" documents related to Boeing's business operations.
Boeing estimated in an arrest report that if only a portion of the
stolen documents were given to competitors, it could cost the company
between $5 billion and $15 billion.
Eastman used what prosecutors called his "unfettered access to Boeing
systems" to download large amounts of data from information stores he
had no legitimate reason for accessing, according to the criminal
complaint. He allegedly transferred the information to a thumb drive and
then removed it from company property.
Eastman was arrested at his desk while at work on June 29. Police
reported finding a thumb drive that was connected to his computer
terminal via a USB cord that ran along the back of the terminal to the
storage device that was "hidden in a drawer" in his desk. He was
downloading data onto the thumb drive when he was arrested, according to
The complaint noted that Eastman told detectives he was disgruntled with
Boeing because he had brought several issues related to parts
inspections to the attention of both the company and the FAA. He said
none of his concerns had been addressed to his satisfaction. The report
contends he said he collected data to back up his claims that there were
problems with the inspection process.
Police detectives said a forensic investigation showed that Eastman had
corresponded and met with reporters, apparently supplying them with
proprietary and sensitive information that was not to be disclosed to
sources outside Boeing. "There are numerous examples of information that
was found in Eastman's personal computers and/or storage media, which
appeared in news stories," the complaint states. "We also found some
e-mail correspondence between Eastman and Dominic Gates of the Times and
James Wallace of the [Seattle Post-Intelligencer], which indicates his
intention to share information that he had on Boeing with them."
Detectives reported finding password-cracking software on Eastman's
computers. "Although the files Eastman took were not encrypted or
password protected, Eastman had to exploit a weakness in Boeing's
computer system to access them," the criminal complaint noted. "Eastman
methodically searched the Boeing system looking for unprotected file
shares and was routinely denied access to many."
Last December, Boeing fired an employee whose stolen laptop contained
identifying information on 382,000 current and former employees. The
employee, who wasn't identified, was fired because he violated company
policy by downloading the information onto the laptop and not encrypting
it, said a spokesman for Boeing. The laptop, which had been taken out of
the office, was stolen the first week of December, he added.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com