Ex Sourcefire employee goes rogue, legal wrangle looms

Abusive e-mails target Sourcefire partners in Asia Pacific...

Sourcefire partners in the Asia Pacific region have been bombarded with abusive e-mails purporting to come from Ammar Hindi, the company's APAC and Japan managing director.

Hindi isn't sending the mail. The company suspects the messages are the work of a disgruntled ex-employee based in Singapore. "We have strong suspicions who it is, but haven't been able to establish it definitively," a source close to the matter told Risky.Biz. "It was our hope that they'd lose interest and move on, but after every period of quiet, another wave goes off."

The e-mails appear designed to cause embarrassment to Hindi. "Mother f--ker! Wake up your idea and be more productive with more f--king sales order of Sourcefire in the next 30days so that Sourcefire can have a f--king good Q1 2010 under my charge," says of the e-mails, sent from a Gmail account set up in Hindi's name.

"Wake up your f--king idea and focus on f--king Sourcefire sales only or else you are not my f--king good partner for APAC," reads another.

One partner interviewed by Risky.Biz says the e-mails are a particularly bad look for an information security software company. "Because its Sourcefire... it is worse in that they should be more responsible in protecting information," he says. "But at the same time, its only email addresses to partners which are probably available to most staffers. Any disgruntled employee could have easily taken some or all of this info prior to walking into an exit interview or to resign."

The partner expressed surprise that Sourcefire hasn't reached out to those affected to explain the situation. For its part, sources within Sourcefire say they don't want to respond as it may encourage the alleged offender.

All of the e-mails target Hindi, according to the source, and the company is making slow progress in pinning down the alleged offender. "The [legal] tools that are available to us are relatively blunt," the source says.

Impersonation is a form of fraud in many jurisdictions, the source says, but in others the behaviour is harder to pigeonhole into a specific offence.

"John Doe" court actions have been filed against the sender of the e-mails in various jurisdictions, the source says, and the company is working hard to prove the identity of the miscreant. "We'll keep plugging away until we can develop a record and hand it over to the police," the source says.

Until that happens, it seems Sourcefire partners will have to cope with the occasional, expletive-laden, poorly-written rant.

Follow Patrick Gray on Twitter here.

Anonymous comments enabled.