Roanoke Times
Copyright (c) 1995, Landmark Communications, Inc.
DATE: THURSDAY, November 25, 1993 TAG: 9311260025
SECTION: NATL/INTL PAGE: A-18 EDITION: HOLIDAY
SOURCE: DIANA JEAN SCHEMO THE NEW YORK TIMES
DATELINE: HEMPSTEAD, N.Y. LENGTH: Long
And when Michael Lafaro realized he might not get paid, he used his art and singular access as a software designer: he infected the client's system with a virus that would destroy his business unless he paid up, the Nassau County police said.
On Monday, Lafaro, president of MJL Design of New York, became the first casualty of a new state law stiffening the penalties for computer tampering, a revision backed by the software industry in a bid to increase the security of computer data networks.
Lafaro, 29, of North Babylon, N.Y., and one of his technicians, John Puzzo, 22, of Huntington Station, N.Y., face up to seven years in prison if convicted. The charges also include a maximum fine of $10,000 for Lafaro and $5,000 for Puzzo. Both have denied the charges.
The police said the dispute with Haberman, chief executive of Forecast Installations of Westbury, N.Y., began when Haberman ordered a $3,600 software system to track accounts.
Haberman's company, a 15-year-old business with 20 employees, builds sets for cable television networks like ESPN, HBO and E! Entertainment Television.
Haberman paid the first $1,200 of his bill when work on the software system began, but after working with the program, he was dissatisfied and held back payment, said Lt. Lawrence Mulvey.
After hearing Haberman's complaints, Lafaro sent a technician back to Forecast Installations, ostensibly to work out kinks in the software program. But in a scene reminiscent of a subplot in the movie "Single White Female," the police said, Lafaro had the technician introduce a virus into the computer that would automatically shut down the business's access to information on Nov. 15 - causing an estimated half-million dollars' damage.
David Gabor, an attorney for Forecast Installations, said the company learned of the virus in messages Lafaro left for Haberman earlier this month. The lawyer said his client hired an independent computer expert who examined the system and confirmed the presence of a virus that would be activated by date or time and would automatically shut the system down.
He said that Forecast Installations did not intend to renege on its bill, and had paid the balance before learning of the virus. Gabor said Puzzo was arrested when he returned to Haberman's business to take out the virus.
"We were waiting for him to arrive, and once the virus was removed, we identified ourselves to him and made the arrest," Mulvey confirmed.
Gabor said his client was not eager to see Lafaro prosecuted under the new law, but was concerned that Lafaro might have used similar tactics against other customers.
Gabor added that Lafaro had also made physical threats against Haberman, who he said wanted an order of protection against Lafaro.
Daniel Nieroda, Lafaro's attorney, denied that his client had arranged to have a virus installed.
He admitted that Lafaro had "indicated an interest" in a program that would remind Haberman that his bill was due, but did not admit he had installed such a program in Haberman's computer system, and said the program would not have destroyed data.
Nieroda called the charge of computer tampering an inappropriate application of the new legislation.
"At most, what may have been put on may have been a signal that there was an outstanding payment due, and that payment had to be made prior to a given date," he said.
Nieroda said there were no dormant viruses lingering in Haberman's system. Lafaro, he stressed, had never used such tactics in the past. "I think the normal businessman uses the mail."
Puzzo, the technician charged with installing the virus, spoke briefly to a reporter Monday. "It wasn't a virus," he said, before his father cut short an interview at his home.
The new law, which took effect Nov. 1, catapults New York to the forefront of states equipped to prosecute computer tampering. Previously, tampering was considered the lightest form of felony, and usually plea bargained down to a misdemeanor.
The current law is tougher overall, and creates a ladder of felony classes and penalties ranging from maximums of one to 15 years and fines up to $5,000.
"If you destroy computer data or program, causing damage, that in effect is property, and it certainly can affect the rights of others," said Lawrence Zinn, an assistant district attorney.
"Data could be crucial to the survival of a company or even the security of the country. This escalates the penalty available based on the value of what has been damaged or taken."
Robert McCrie, an associate professor of security management at John Jay College of Criminal Justice in New York, said he was unaware of any other cases in which a computer software company had used its expertise against a client. But the industry, he added, was still evolving.
"These are protean experiences in creating specialized software, and quite frequently the disagreement occurs because software people get into writing the program, and find it's more costly than they thought," he said.
"It's simply not easy to do custom software and consistently get full payment for the work done."
Assemblyman Daniel Feldman, D-Brooklyn, who sponsored the computer tampering legislation, said Monday: "I didn't foresee this kind of problem. We were really responding to the kinds of things that were more customary."
by CNB