"I was a hacker long before being a hacker was cool," Sullivan wrote on a webpage the FBI later found on his hard drive, describing his affection for the plaque. "More than once I was accused (falsely?) of perpetrating acts of computer crime against various systems and agencies. But regardless if I did or didn’t, I never got caught.... And although I have ’settled in’ to a real job, Dr. Crime still lives...quietly, anonymously and discreet."

Or not. After Sullivan was demoted at snack-food maker Lance in May 1998, he planted a logic bomb. This malicious code, set to execute on Sept. 23, 1998, the anniversary of his hire date, would destroy part of the program being written for the handheld computers for Lance’s sales force. When the bomb went off?months after Sullivan had resigned?more than 700 salespeople who rove the Southeastern United States with truckloads of Captain’s Wafers, Cape Cod Potato Chips and Toastchee crackers couldn’t communicate electronically with headquarters for days, and Lance feared the attack might cost $1 million.

The evidence Dr. Crime left is unique, but the scenario? Hardly. Whether it’s sabotage or the theft of trade secrets, a growing number of companies are learning the hard way that their biggest security risks are on the inside. Employees, contractors, temps and other insiders are trusted users. They know how a company works, and they understand its weaknesses?and that gives the occasional bad apple a chance to really make things rotten.

Rather than handling the situation internally as something to cover up, as do many companies faced with insider crime, Lance decided to act. "We wanted to send the message that these types of actions were not accepted by senior management," said Rudy Gragnani, vice president of IS at the $583 million company, in an interview that his edgy legal department allowed him to conduct only via e-mail. "The livelihood of our sales representatives was being impacted, and we took this situation very seriously."

In April 2001, the then-40-year-old Sullivan?who also wrote on that webpage that he’d relocated from New York to North Carolina to give his family a better quality of life?was sentenced to two years in prison without parole and ordered to pay almost $200,000 restitution. He lost an appeal in February 2002.