InformationWeek

High-Tech Thieves

The temptation is great and the opportunities are greater; chip theft hits an all-time high

By Bob Violino
Issue date: May 29, 1995

When the phone rings on any given Monday morning, detective Sgt. Ray Smith of the Santa Clara police department has a good idea who it might be. "It's not uncommon for companies to call us and tell us their employees can't start their computers because someone has taken the memory out of them," he says. "It happens all the time."

Smith, who recently was named head of his department's high-tech crime unit, is one of a growing number of law enforcement officials battling an explosion in computer-related thievery. That theft feeds a black market for PC components such as processors, memory chips, and hard drives. Smith calls it "an epidemic."

Corporate technology chiefs are bracing for the fallout from computer-related crime. They worry it could include rising PC prices, falling product quality, and problems with availability. Worst-case scenario: financial losses from theft by their own employees.

"Someone might say: 'You know, we could walk out with some pretty valuable components in a brief case,' " says Chuck McCaig, senior VP and managing director of information services at the Chubb Corp., a Warren, N.J., insurer that has had to pay claims to some victims of chip theft. "They could carry out a ton of stuff while the security guard is looking to make sure no one walks out with a PC." (For related story on chip theft click here)

Tem ptation Too Great
And that's starting to happen. "People have become more knowledgeable about computers and their value," Smith says. "Companies are taking steps to improve security, and that has helped. But the problem is the chips are so small and of such value. You have employees who otherwise may not steal, but the temptation is too great."

Indeed, officials report a rise in thefts by employees of large companies who crack open PCs to get to the tiny processors that they can sell on the street for hundreds of dollars apiece. Helping to fuel the crime wave: a worldwide shortage of processors and the ease with which they can be sold on the black and gray markets. A Pentium processor--the chip of choice for tech thieves these days--sells for $700.

That's a lot of temptation. "If you take a Pentium a week, you've got a $40,000 salary," notes Winn Schwartau, a computer security analyst in Seminole, Fla.

Though information systems managers are reluctant to discuss problems of employee th eft and internal security, experts say computer-related pilferage is increasing.

"[IS execs] are in denial," says Arthur Bourque, president of Surveillance Securities Ltd., a Lynnfield, Mass., company that specializes in hidden camera surveillance. "They can't believe that their security may be lax or that they've hired someone who would steal." Bourque says his company has seen a dramatic increase in the number of thefts in which computers are being opened and memory chips stolen.

Still, the primary targets for high-tech thieves are the manufacturers and distributors that stock valuable components in bulk. "By far, the highest volume of chips are stolen by insiders, people legally in contact with the products--assemblers, testers, truck drivers, warehouse workers--the people handling the chips," says Jim Freeman, special agent in charge of the FBI's High-Tech Crime Unit, which was created in 1994 to investigate chip thefts in the San Francisco Bay area as well as in Houston, Boston, Phoenix, and Los An geles.

High Tech Crime Wave
Several high-tech crime cases have come to light. Dallas Semiconductor Inc. in Texas discovered through hidden surveillance cameras that its employees were stealing chips to sell on the gray market. Last year, hard-disk-drive maker Quantum Corp. in Milpitas, Calif., also used hidden cameras to catch employees loading boxes of stolen drives into a car.

The high-tech crime wave is devastating the electronics industry. San Jose, Calif., police estimate that thefts cost Silicon Valley companies alone a total of $1 million a week. The Engineering and Safety Service of the American Insurance Services Group says technology-related crimes now cost as much as $8 billion annually. The toll is expected to increase dramatically through the end of the decade.

The American Electronics Association, a Washington trade group, says chip theft alone amounted to $40 million in losses in 1993. While more recent records aren't available, the problem has gotten much worse , says Paula Silver, the association's marketing director.

"What makes chips so attractive to steal is they're hard to trace," says the FBI's Freeman. "They can move from the thief to a middleman back out to a distributor without anyone knowing they're hot." In some cases, Freeman notes, the original manufacturer ends up buying back its own chips.

Adds Frank Barry, a deputy district attorney for Santa Clara County in California who specializes in prosecuting people who buy stolen chips: "After two or three turns, they look like ordinary chips. The first buyer knows they're stolen, the second suspects, and after that the paperwork appears normal."

Who's buying the hot chips? "Small businesses, brokers, anyone who wants chips," says Barry. "And there are plenty of people who want to buy."

Very eager to buy are gray marketers, who sell chips to smaller computer companies that put together maybe 10 systems a month, says Schwartau. "They don't care where they get their chips from," he adds.

Techn ology chiefs generally viewed high-tech thefts with little more than a passing interest. Not anymore. "It's forced me to give different consideration to how we acquire PCs," says Robert Schoening, senior VP of IS at retailer Giant Food Inc. in Washington. "We're going to make sure the systems integrator that makes our PCs is not cutting costs by going to second sources that may be using stolen chips."

One of the biggest concerns of chief information officers is that they'll end up with inferior products. "You hear about people digging through dumpsters to retrieve parts that the manufacturer tossed because they didn't meet requirements," says Schoening. "Now, when a software application isn't running right, we're going to wonder if that's why."

Manufacturers are attempting to deal with the problem. For example, Dallas Semiconductor has begun sending its rejects to a surplus parts dealer that destroys them, says David Arbaza, facilities manager.

Chip Chop Shops
At Chase Manhattan Bank N.A. in New York, "the greatest concern is with the relabeling of stolen chips. People are stealing and reselling the chips as something they're not," says Craig Goldman, CIO. "It's fraudulent. You're not getting what you pay for."

Indeed, the FBI's Freeman warns that many of the stolen chips end up in PCs used on the desktops of U.S. companies. "We've traced where these chips go, and found that many go offshore and come right back into this market as part of clones made to look like the original equipment," Freeman says.

Goldman says Chase is minimizing its exposure to the chip-theft problem by dealing directly with only a handful of PC vendors, including Compaq, IBM, and AT&T.

Joe Campbell, senior VP of business information and operations services at Home Insurance Co. in New York, says he plans to call PC suppliers to see what they're doing to ensure that inferior products are not being sold under their labels. So does Katherine Holland, VP and CIO at Peco Energy Co. in Philadelphia. "Th e integrity of the computers we're buying depends on the quality of the chip," Holland says. "It's the most important component."

Chip Tracking
Chipmakers are struggling to ensure the integrity of their products. Market leader Intel in Santa Clara, Calif., began a pilot program last fall to place identifiers similar to serial numbers on its Pentium and high-end 486 processors. The company is now working with some of its largest customers to develop a database for tracking chips as they move through the distribution chain, says an Intel spokesman.

National Semiconductor Corp., also in Santa Clara, is developing ways to track its products as they move through the chain, and is also bolstering internal security, such as requiring workers with access to chips to wear specially encoded badges.

In the past, National relied on several carriers to move products from manufacturing plants to distributors; it now uses just one, Federal Express, to keep better track of the products. Amer ican Micro Devices Inc. in Sunnyvale, Calif., is using a "proprietary method" of marking and tracking its chips, according to a spokesman.

Some IS chiefs worry that the crime wave could affect the availability of some PC models. "Quite often, we want a box and it's not available. I don't know if that's because of chip thefts or not, but I'm speculating that it is," says Ted Tomblinson, group senior VP of IS at World Savings &Loan Association in Oakland, Calif.

To deal with the computer component crime wave, the American Electronics Association is urging members to improve security, use just-in-time inventory management programs, and conduct pre-employment screenings. "Since January, we've seen a lot more incidents of theft," says Silver. "Part of that is because the demand for chips has increased."

Major PC vendors say they're not concerned that stolen or defective chips will end up in their machines. The IBM PC Co. says the processors in its PCs are produced by IBM under a licensing agreement between Intel and IBM's own chipmaker, IBM Microelectronics. A spokesman for Dell Computer says Dell doesn't use chip distributors or other third parties, but instead deals directly with chip manufacturers.

Regardless of the type of high-tech crime, it's the CIOs' job to protect their companies' information technology from insiders and outsiders, says Goldman of Chase Manhattan. "It's important that we establish lines of communication throughout the organization, so if there are system failures due to stolen parts, they can be tracked," he says. "If people are compromising the quality of our information, that's going to have a big impact on the business."

--Additional reporting by Jill Gambon

Comments on this story?