Help the refugees

If you move around the world by choice, consider helping those forced from their homes by conflict. Donate to the UN Refugee Agency today.

Home News Intelligence services data thief found guilty

Intelligence services data thief found guilty

Published on 23/11/2016

An IT specialist has been given a suspended prison sentence of 20 months for trying to sell data he stole from the Federal Intelligence Service (FIS).

Prosecuors had demanded a five year term, saying the 48-year-old had endangered Swiss security domestically and abroad as well as FIS employees, their partners and sources.

The judge at the Federal Criminal Court in Bellinzona agreed with the gravity of the offence which “could have had serious consequences.”

But a lesser prison sentence was handed down, suspended for three years. The defence team said their client had committed the act to fight back against bullying at FIS and that he was currently receiving psychological treatment in Italy.

The defendent was found guilty of attempted violation of official secrecy and political intelligence. The latter is defined in law as acting illegally in the interest of a foreign state or individual and against the interests of Switzerland.

In May 2012, the man stole a hard disk of allegedly “secret, classified and particularly sensitive” data which he then wanted to sell “to foreign parties or organisations” for at least CHF100,000 ($98,800) – something he was ultimately unable to do.

He blew his cover when he told a UBS employee in Bern that he wanted to open a numbered bank account because he was expecting up to a million francs from the sale of federal data. The banker notified the authorities, who searched the man’s house and found the data.

The trial had been set to start in March 2016, but it had to be postponed since the accused, who was born in Italy and now lives there, was unfit to stand trial, according to an Italian assessment.

Criticism of the authorities

A special commission in 2013 into the data breach was highly critical of the FIS, which, the commission said, had seriously compromised its information security before and after the incident.

Without the tip-off from UBS, the FIS would not have been able to track down the data thief within a reasonable period of time, the investigation said. It added that it had no reason to believe that the “at best rudimentary existing” controls at the service would have generated any evidence.

The IT specialist was able to access sensitive material and managed to copy and save the FIS’s entire email database, including those sent to and from management and the board.

The commission also slammed FIS chief Markus Seiler, who, it said, had seriously downplayed the FIS’s role in the breach. It also criticised him for signing off on measures to prevent a similar incident from happening again when, in fact, those measures had never been taken. and agencies