Posting of Instant Messages on Net Is Firm's Nightmare

By CHARLES PILLER, LESLIE EARNEST and KAREN ALEXANDER

March 17, 2001 12 AM PT

TIMES STAFF WRITERS

Facing the ultimate digital nightmare, a Costa Mesa dot-com had thousands of confidential messages posted on the Internet, renewing concerns about electronic privacy and sharing the company’s woes with the world.

Messages written or received by Sam Jain, chief executive of EFront Media Inc., were apparently taken from a log file on his personal computer and posted to Web sites all over the world last week.

Most of the messages, sent using the popular ICQ instant-messaging system, were about mundane aspects of running a small business. But within the hundreds of pages of transcripts were bursts of sometimes unseemly discussions about how to fend off creditors, snoop on competitors and bully customers.

It is not known how the messages were obtained. Security experts said the messages could have been taken by a number of methods, from the use of specialized computer viruses to simply copying the transcript file off Jain’s computer.

The handling of the messages underscores the vulnerability of instant messaging, which now is used by at least 50 million people.

“How would you like it if everyone read your private musings? Could you stand the scrutiny?” asked one participant on an Internet discussion board that lighted up last week after the EFront messages were posted.

While the episode may represent one of the most flagrant violations of security regarding instant-message systems to date, experts warn that they are designed for convenience and openness, not privacy.

No one at the company was available to comment Friday.

But Jain, speaking to the Web-based news publication CNet, said: “I’ve been trusting everyone. I haven’t kept passwords. It was foolish of me, naive of me.”

Some top executives of EFront were reportedly engaged in disputes with Jain, and several resigned last week, around the time the messages were made public.

Dennis Acebo, a vice president who resigned last week, would say only, “I’m trying to move forward.”

Messages Reveal Firm’s Desperation

The double doors to EFront’s headquarters, in an upscale 21-story office tower next to the Orange County Performing Arts Center, were locked Friday.

An employee from a neighboring law firm, who asked not to be identified, said the company had moved out abruptly.

“Monday they came in and the locks were changed. Tuesday they were moving out computers and everything,” he said.

The purported messages not only provide a glimpse of Jain’s private life, but also a window into the desperation of a dot-com struggling to survive.

Jain told CNet that the logs were real but had been “doctored.”

One of the more notorious exchanges involved Jain purportedly messaging derogatory comments about Jennifer Moss, founder of BabyNames.com., which EFront acquired in September for certain payments to be made in the future.

Moss said Friday that EFront had missed several payments. She said she was shocked to see the comments attributed to Jain. “The transcripts show a lot of hostility toward us and our site,” said Moss, who believes the messages are authentic.

“This has been a very difficult and trying time for us.”

Founded in the summer of 1999, EFront gathers advertising revenue for a network of Web sites and distributes them according to each site’s traffic.

It became one of the fastest-growing Web properties through an aggressive acquisition strategy. It was among the 20 most frequently visited Web sites, attracting some 12.4 million viewers in July, according to Media Metrix.

Rapid Growth Caused Pain

As it acquired Web sites such as BabyNames.com, the company attracted global attention and made millionaires out of several young entrepreneurs whose businesses were swallowed up by EFront.

EFront operated as a so-called Internet portal, a Web site through which users can enter other Web sites.

EFront’s own Web site, https://efront.com, was not functioning Friday. In October, the company reported annual sales of $450,000 and said it had 75 employees.

Some of the EFront messages suggest that rapid growth caused considerable pain for EFront partners, who pleaded with Jain for past due payments.

There were also indications that there was significant tension within the company as the advertising market dramatically declined and EFront began to bleed money.

“We built this huge property, the ad market couldn’t hold it up anymore, so we got crushed by our sheer size,” said Bill Hodson, who resigned as EFront’s marketing manager last month, before the flap over the messages.

Hodson said company executives last week asked Jain to step down, but he would not. Before founding EFront, Jain worked on the Web site for ETM Entertainment Network, a Ticketmaster competitor that folded in June.

Hodson described the 31-year-old Jain as a quiet, low-key executive. Hodson visited EFront’s offices last week but said he did not talk to Jain about the messages.

“We’ve all sent e-mail and said, ‘Oops, I wish I hadn’t sent that,’ ” said Hodson, who noted that workers at EFront often sent instant messages past midnight.

“I have taken ICQ off my computer. It’s an insecure message system, as we know.”

About 40% of American corporations permit employees to use instant messaging freely, according to John Pescatore, a security expert with the research firm Gartner Group.

Officials at ICQ, a unit of AOL Time Warner, said the company makes every effort to warn users that its free instant-messaging service is not secure.

ICQ’s Web site features an unusually blunt and explicit privacy statement, warning users about a litany of potential risks, including eavesdropping, electronic trespassing and hacking.

A spokeswoman for the FBI’s Los Angeles office said the bureau is reviewing the EFront matter but would not say whether an investigation would be opened.

Federal and state laws prohibit people from cracking into a computer or network to obtain files, said Cindy Cohn, legal director for the Electronic Frontier Foundation.

But those laws might not apply if a company official in charge of EFront’s computer network obtained the logs, Cohn said. On the other hand, she said, the company wouldn’t necessarily have the right to make the logs public.

The larger message of the EFront experience may be a reminder that the apparently anonymous Internet experience often lulls users into a false sense of security, experts say.

“We don’t understand how the Net works,” said Bruce Schneier, chief technical officer of Counterpane Internet Security and an encryption expert.

“You can’t make the threat go away. . . . It’s all about managing the risk, just like the real world.”

Times staff writers Abigail Goldman, Jon Healey, Joseph Menn, Alex Pham, Edmund Sanders and David Wilson contributed to this report.