Website Slapped for Repeat Source Code Theft

Rhett Pardon
SAN FRANCISCO — A federal appeals court has ruled that a district court was within its discretion to grant a permanent injunction and sanctions against a website company that hacked into a competitor’s server to gain trade secrets and access customer lists.

The 9th U.S. Circuit Court of Appeals, in a ruling Friday that asked the court to construe damage provisions in the federal Computer Fraud and Abuse Act, said that was a repeat offender and that it must abide by a court decision to pay Creative Computing’s court and attorneys fees and a permanent restraining order preventing it from accessing Creative’s source code.

“Getloaded is in a position analogous to one who has repeatedly shoplifted from a particular store, so the judge prohibits him from entering it again, saving the store’s security guards from the burden of having to follow him around whenever he is there,” 9th Circuit Judge Andrew J. Kleinfeld wrote for the court.

The court was asked to review the case between two websites that make money in the arcane but lucrative world of “deadheading.”

Truck drivers and trucking companies try to avoid deadheading, which means having to drive a truck, ordinarily on a return trip, without a revenue-producing load. If the truck is moving, truck drivers and their companies want it to be carrying revenue-producing freight. In the past, truckers and shippers used blackboards to match up trips and loads.

But Creative Computing developed a successful Internet site,, which it calls “The Internet Truckstop,” to match loads with trucks.

The site was created so early in Internet history and worked so well that it came to dominate the load-board industry.

Getloaded decided to compete but, according to the court, not honestly.

After Getloaded set up a load-matching site, it wanted to get a bigger piece of Creative’s market, according to court briefs.

Creative wanted to prevent that, so it prohibited access to its site by competing load-matching services. Getloaded company officers thought trucking companies would probably use the same login names and passwords on as they did on, so the company hacked into the code Creative used to operate its website.

Getloaded president Patrick Hull and vice-president Ken Hammond hacked into Creative Computing’s website through a back door, and once in, they examined the source code for its valuable radius-search feature.

But Getloaded went further — it used a more old-fashioned trick to get unauthorized access, according to court papers. It hired a Creative Computing employee who had given Getloaded an unauthorized tour of the website.

This employee, while still working for Creative, accessed confidential information regarding several thousand of Creative’s customers. He downloaded, and sent to his home email account, the confidential address to’s server so that he could access the server from home and retrieve customer lists.

Creative Computing first discovered what Getloaded had done at a trade show, where company officials noticed a program that looked suspiciously like

Years later, it was clear why, the court said.

During discovery, Creative uncovered a handwritten Getloaded employee’s to-do list that included “mimic”

After the Creative employee who had been feeding confidential information to Getloaded defected, Creative checked his computer and found evidence that he improperly accessed customer information before his departure.

Creative Computing sued Getloaded in U.S. District Court for copyright infringement, Lanham Act violations, and misappropriation of trade secrets under the Idaho Trade Secrets Act. Creative also sought a temporary restraining order.

The court granted a TRO that prohibited Getloaded from, among other things, removing or destroying evidence of how it had copied and used’s source code, marketed to customers on Creative’s customer list, or accessed the site. Subsequently, Creative amended its complaint, adding claims for damages under the federal Computer Fraud and Abuse Act.

But the injunction did not work. Getloaded violated it. The district court made an express finding that “Getloaded acted in bad faith as its senior management — and others under its supervision and with its knowledge — lied under oath and violated the court’s injunction.”

Creative Computing received a verdict that Getloaded had violated the Idaho Trade Secrets Act and the federal Computer Fraud and Abuse Act.

Damages awarded were $60,000 for the state law violation and $150,000 for each of three federal law violations, totaling $510,000. Pursuant to the Idaho Trade Secrets Act, the district court awarded an additional $120,000 in exemplary damages because of Getloaded’s willful and malicious conduct.

The court also awarded $300,000 in fees and $42,787 in expenses as sanctions to compensate Creative Computing for the expense of figuring out and proving Getloaded’s violations of the preliminary injunction and false statements in depositions.

The court entered a permanent injunction extending indefinitely several provisions of the preliminary injunction, such as the prohibition against Getloaded’s accessing

The 9th Circuit denied Getloaded’s appeal, agreeing with Creative Computing.

“Under the particular facts of this case, the past egregious conduct of Getloaded, its owners and employees, nevertheless justified the extraordinarily broad prohibition imposed by the district court,” Kleinfeld wrote.

The case is Creative Computing vs., No. 02-35856.