The study also concluded that while the threat of cyberextortion was real and mounting, data and research about the subject were scant. That is because most businesses, particularly blue-chip companies, are concerned about negative publicity from computer security breaches and do not want to report digital bullying and intrusions to law enforcement officials.
''Cyberextortion was the main threat I identified that I thought corporations were overlooking, said Gregory M. Bednarski, the author of the Carnegie Mellon study, who now works at PricewaterhouseCoopers as a computer security consultant. Unfortunately, I think thats still the issue most companies are still not taking cyberextortion seriously enough. They just dont see themselves as vulnerable.''
MicroPatent, based in East Haven, Conn., realized firsthand how vulnerable its data was. The company was also an exception in the world of cyberextortion victims: it chose not only to fight back and to contact the authorities, but it also assembled its own team of specialists familiar with the strategies and weaponry of cybercriminals.
Even so, MicroPatents stalker, using hijacked Internet accounts and pirated wireless networks, was remarkably elusive. What this means is that the criminals are getting smarter, said Scott K. Larson, a former F.B.I. agent and a managing director of Stroz Friedberg, a private investigation firm that helped hunt down MicroPatents stalker. ''Theres an arms race going on in cyberspace and in cybercrimes.''
MicroPatent, a business that court papers describe as one of the worlds largest commercial depositories of online patent data, first came under attack four years ago. Someone penetrated the companys databases and began transmitting phony e-mail messages to its customers. The messages were what are known as spoofs, online communications embroidered with pilfered company logos or names and e-mail addresses of MicroPatent employees that are meant to trick recipients into believing that the messages were authorized.
The spoofs, according to court papers and investigators, contained derogatory comments about MicroPatent in the subject lines or text. Some included sexually explicit attachments, such as sex-toy patents that a computer hacker had culled from the companys online files.
MicroPatent and its parent company, the Thomson Corporation, did not respond to several phone calls seeking comment. But others with direct knowledge of the hunt for the companys stalker said MicroPatent, which had grown rapidly through acquisitions, had a computer network containing stretches of online turf that were once used by acquirees but were abandoned after the takeovers.
Those digital back alleys offered access to the entire MicroPatent network to people with old passwords. Once inside, they could inhabit the network undetected in much the same way that anyone with a key to one abandoned house on a block of abandoned houses can live in a populous city without anyone knowing he is there. And MicroPatents stalker was lurking on one of its networks nether zones.
By 2003, MicroPatent had become so frustrated with its unknown stalker that it reached out to the F.B.I. for help. But with its resources spread thin, the F.B.I. could not pin down the stalkers identity, his motivations or how he managed to trespass on MicroPatents electronic turf. A year later, MicroPatent hired Stroz Friedburg and secured the services of Eric D. Shaw, a clinical psychologist who had once profiled terrorists and foreign potentates for the C.I.A.
The first order of business, investigators said, was to narrow the field of MicroPatents potential stalkers and to try to isolate the perpetrator. You need to take the temperature of the person on the other side and determine how seriously you need to take them, said Beryl Howell, who supervised the MicroPatent investigation for Stroz Friedburg. Is it a youngster or is it someone whos angry? Is it someone whos fooling around or someone whos much more serious?