Hal Rilbury had a ghost in the machine. Starting in late 1994, the founder and CEO of Bluebird Systems, a $10 million imaging-systems software developer based in Carlsbad, Calif., watched helplessly while his employees lost thousands of work hours to unexplained network slowdowns and crashes. And the situation was getting worse.

So in January 1997 Tilbury called in consultants from Anixter Inc., who set out to trace the problem by putting the Sniffer Network Analyzer from Network General Corp. on the company's LAN. The product zeroed in on a Web site running on a computer within Bluebird and attracting large amounts of traffic. The Web site's address: www.sierraclub.org.

Sierraclub.org? Tilbury was baffled. As far as he knew, the company operated only one Web site -- its own. A brief investigation led to the office of Bluebird's network administrator and operator of the company's Web site. As fate would have it, the employee was also a member of the Sierra Club and was responsible for creating and maintaining the nonprofit's site. And the machine he was using to do that was connected to Bluebird's LAN.

In two years, the Sierra Club site had grown dramatically -- from a few pages to more than 2,000, and from a few hundred hits to more than 200,000 a month. As a result, it was sapping Bluebird's internal bandwidth and causing the crashes, according to Tilbury, whose company only has a 56 Kb Internet connection. Tilbury believes that the employee, a nine-year veteran of the company (who has since left), didn't do anything malicious.

"I think he was in denial and scared to notify us about what had been happening," he says. As for the employee, he disputes that there was any damage or injury done through his actions.

Bluebird is now suing Sierra Club for $10 million in punitive and compensatory damages. That includes $350,000 that Bluebird estimates the Web site is worth. (Sierra Club has put its value at $4,000.) Tilbury argues that the site was created by a Bluebird employee on company time; the employee insists it was done on his own time. Sierra Club, for its part, says in a prepared statement that it had been assured that Bluebird had authorized the arrangement.

Tilbury estimates that the incident cost Bluebird several million dollars in the form of lost productivity and missed development deadlines. And he still shivers at the thought that for two years unauthorized visitors were able to penetrate Bluebird's firewall and could have jumped to the LAN and accessed the source code of its products. "The cyberworld is uncharted," says Tilbury. "The exposure to technical abuse and fraud is higher. You have no idea, when you get good tech people, what they can do, even when they mean to do absolutely no harm."