A Jackson, Mississippi man is free on $10,000 bail after his arrest for allegedly threatening to expose weaknesses in retailer Best Buy's computer system unless the chain paid him $2.5 million, according to federal investigators.
Thomas E. Ray III appeared in federal court in Minnesota January 6 and pleaded not guilty to two felony charges of making extortion threats to damage property or reputation and extortion threats to damage computers, according to the Star-Tribune.
If convicted, Ray faces a maximum two years in prison and a $250,000 fine for the first charge and a maximum five years, plus the same dollar fine, for the second.
Ray was already under indictment in federal court in Mississippi, having been accused in December 2003 of threatening Best Buy about its Website's security, the paper said. The retailer said no breaches were found in their systems, but they did contact federal authorities about Ray's alleged demands. The feds got help from the Minnesota CyberCrime Task Force, America Online, and Netscape, the latter two the Internet service providers Ray usually used, the paper added.
Using a fake name and address, Ray's first such alleged demand appeared October 16, saying there was a flaw in Best Buy's Website that would let a sender review all customer accounts and take over the site's ownership by moving it to another register or server. At first, the Star-Tribune said, the e-mailer offered to set up an "unspecified business relationship," saying without any Best Buy response the sender would reveal the hole to the public "for their protection. As a result, Best Buy may experience a loss in business, thefts, and lawsuits."
The demand for $2.5 million first appeared in an e-mail sent the following day, the paper said, with the sender threatening to list all Best Buy customers and their credit numbers unless the payment was made. When Best Buy contacted the e-mailer, the paper added, they got a second demand for the same amount on October 22, with an October 24 deadline. The federal government got a search warrant on the deadline morning and used an Internet Protocol Address Verifier to track and identify Ray as the sender.
