Sophos drops Quadsys following guilty verdicts

Five Quadsys employees, including three directors, were found guilty of hacking the email account of a rival reseller's owner

Security vendor Sophos has dropped disgraced reseller Quadsys after five of its employees were found to have hacked the email account of a rival firm's owner.

The five employees, three of whom are directors, pleaded guilty to hacking into the email account of ITBus' (ITB) owner.

The quintet were arrested and charged with conspiracy to commit fraud last year before being charged with "obtaining unauthorised access to computer materials with intent to commit an offence" earlier this year.

Among the defendants (full details below) were three Quadsys directors: managing director Paul Cox, 42; Paul Streeter, 41; and Alistair Barnard, 39. The trio were joined by John Townsend, 37; and Steve Davis, 35.

In a statement to CRN Jonathan Bartholomew, channel director for the UK and Ireland at Sophos, said: "Sophos will be discontinuing its relationship with the IT security reseller Quadsys following the sentencing of its directors and several members of staff for an offence under the Computer Misuse Act last Friday.

"We felt that it was inappropriate both to comment or to make a decision on our business dealings with Quadsys until the full facts were known and the case had concluded.

"Now that this information is in the public domain and the sentence has been passed, we have decided to cease any further dealings with the company and the convicted individuals.

"We will be happy to talk individually to any Sophos customers who have purchased from Quadsys and are concerned about what this move means for them."

According to a statement published by Thames Valley Police and the South East Regional Organised Crime Unit (SEROSCU), Quadsys employed a technical engineer from ITB who supplied the directors with the email address and password of an ITB director.

This allowed them to access quotes for ITB contracts and offer a lower price, SEROSCU said.

Detective sergeant Rob Bryant of SEROCU's Cyber Crime Unit said: "Today's results follow an extensive and thorough investigation by officers from SEROCU's Cyber Crime Unit.

"The criminals knew what they were doing was illegal and would damage their competition and I hope that today's sentencing can start to provide some closure to the victim.

"Cyber crime is an emerging challenge both for law enforcement and wider society, which will increasingly dominate policing activity over the coming years."

The five Quadsys employees were found guilty of breaching section 1 of the Computer Misuse Act 1990.

All five received a 10-month prison sentence suspended for two years, 150 hours of community service over a 12-month period, a 12 month disqualification of directorship, a £1,657 fine, and were ordered to wear an electronic tag until 31 December.

Sophos has become the second vendor to cut ties with Quadsys after Kaspersky broke off its relationship with the reseller last month.

Quadsys was unavailable to comment at the time of publication.

Full details of the five are as follows:

• Paul Cox, 42 years old, of Acremead Road, Wheatley, Oxford, pleaded guilty to one count of securing unauthorised access to computer material contrary to section 1 of the Computer Misuse Act 1990 and was sentenced to a 10-month custodial sentence suspended for two years, 150 hours of community work over a 12-month period, disqualification of directorship for 12 months, fined £1,657 and ordered to wear an electronic tag until 31 December 2016.

• Paul Streeter, 41 years old, of Blakes Avenue, Witney, pleaded guilty to one count of securing unauthorised access to computer material contrary to section 1 of the Computer Misuse Act 1990 and was sentenced to a 10-month custodial sentence suspended for two years, 150 hours of community work over a 12-month period, disqualification of directorship for 12 months, fined £1,657 and ordered to wear an electronic tag until 31 December 2016.

• Alistair Barnard, 39 years old from Bampton Road, Aston, Bampton, pleaded guilty to one count of securing unauthorised access to computer material contrary to section 1 of the Computer Misuse Act 1990 and was sentenced to a 10-month custodial sentence suspended for two years, 150 hours of community work over a 12-month period, disqualification of directorship for 12 months, fined £1,657 and ordered to wear an electronic tag until 31 December 2016.

• John Townsend, 37 years old, of Pensclose, Witney, pleaded guilty to one count of securing unauthorised access to computer material contrary to section 1 of the Computer Misuse Act 1990 and was sentenced to a community order of 275 hours of community work and ordered to wear an electronic tag until 31 December 2016.

• Steve Davis, 35 years old, of Grahame Close, Blewbury, Didcot, pleaded guilty to one count of securing unauthorised access to computer material contrary to section 1 of the Computer Misuse Act 1990 and was sentenced to a nine-month custodial sentence suspended for two years, 150 hours of community work over a 12-month period, and ordered to wear an electronic tag until 31 December 2016.