|
|
http://news.com.com/Oracle+sues+SAP+on+spying+charges/2100-1014_3-6169729.html
By Dawn Kawamoto
Staff Writer, CNET News.com
March 22, 2007
Oracle announced Thursday that it has filed a lawsuit against archrival
SAP, alleging the software giant hacked into Oracle's customer support
center and downloaded copies of its proprietary software code.
The lawsuit, filed in the U.S. Federal District Court for Northern
California, names SAP and its wholly owned subsidiary TomorrowNow as
defendants. Among its claims, the lawsuit [1] (PDF) alleges SAP and
TomorrowNow engaged in computer fraud and abuse, computer data access
and fraud, and intentional interference with prospective economic
advantage.
SAP will not comment until it has had a chance to review the lawsuit, a
spokesman said.
Oracle says that in late November it noticed an unusually heavy volume
of download activity on Oracle's password-protected customer support and
maintenance site for its PeopleSoft and J.D. Edwards customers.
Upon a review of the Customer Connection site, Oracle alleges that it
found more than 10,000 illicit downloads in which customers with
expired, or soon-to-expire, support and maintenance contracts had
accessed the support and maintenance site. Oracle claims that one common
thread among all of the customers with allegedly misappropriated
customer IDs is that they were about to become, or had recently become,
an SAP TomorrowNow customer.
"This systematic theft of Oracle's software and support materials did
not originate from any actual customer location. Rather, the access
originated from an Internet protocol (IP) address in Bryan, Texas, an
SAP America branch office location and home of its wholly owned
subsidiary SAP TN," the lawsuit alleges.
TomorrowNow, which SAP acquired in 2005, offers support and maintenance
to PeopleSoft and J.D. Edwards customers. SAP and TomorrowNow launched a
major marketing campaign to woo away customers, shortly after Oracle
acquired its former rivals PeopleSoft and J.D. Edwards in 2005.
SAP employees allegedly used log-in IDs of multiple PeopleSoft and J.D.
Edwards customers to access Oracle's Customer Connection system, but
then supplied bogus e-mail addresses, user names and phone numbers.
Oracle is asking the court to issue a preliminary restraining order
against SAP to limit access to its customer support site, as well as an
order that would require the return of the alleged illicit customer
support and maintenance documents.
The lawsuit alleges the misappropriated Customer Connection accounts
were used to access software and support materials that went beyond the
coverage in a customer's contract.
"Using one customer's credentials, SAP suddenly downloaded an average of
over 1,800 items per day for four days straight, compared to that
customer's normal downloads averaging 20 per month," the lawsuit
alleges.
Oracle and SAP are both familiar with wearing the shoe on the other
foot.
In 1999, SAP filed a lawsuit against rival Siebel Systems alleging some
of its trade secrets "mentally" went out the door when Siebel hired 27
of SAP's key employees. The parties eventually settled the lawsuit the
following year.
And in 2000, Oracle acknowledged it had hired private investigators to
ferret out information on whether two research groups that supported
Microsoft during its antitrust trial were actually funded by the
software giant. The investigation firms reportedly tried to buy trash
from the crews that cleaned the offices of the research firms.
[1] http://www.oracle.com/sapsuit/complaint.pdf
_________________________________________
Visit the InfoSec News Security Bookstore
http://www.shopinfosecnews.org