http://news.com.com/Oracle+sues+SAP+on+spying+charges/2100-1014_3-6169729.html By Dawn Kawamoto Staff Writer, CNET News.com March 22, 2007 Oracle announced Thursday that it has filed a lawsuit against archrival SAP, alleging the software giant hacked into Oracle's customer support center and downloaded copies of its proprietary software code. The lawsuit, filed in the U.S. Federal District Court for Northern California, names SAP and its wholly owned subsidiary TomorrowNow as defendants. Among its claims, the lawsuit [1] (PDF) alleges SAP and TomorrowNow engaged in computer fraud and abuse, computer data access and fraud, and intentional interference with prospective economic advantage. SAP will not comment until it has had a chance to review the lawsuit, a spokesman said. Oracle says that in late November it noticed an unusually heavy volume of download activity on Oracle's password-protected customer support and maintenance site for its PeopleSoft and J.D. Edwards customers. Upon a review of the Customer Connection site, Oracle alleges that it found more than 10,000 illicit downloads in which customers with expired, or soon-to-expire, support and maintenance contracts had accessed the support and maintenance site. Oracle claims that one common thread among all of the customers with allegedly misappropriated customer IDs is that they were about to become, or had recently become, an SAP TomorrowNow customer. "This systematic theft of Oracle's software and support materials did not originate from any actual customer location. Rather, the access originated from an Internet protocol (IP) address in Bryan, Texas, an SAP America branch office location and home of its wholly owned subsidiary SAP TN," the lawsuit alleges. TomorrowNow, which SAP acquired in 2005, offers support and maintenance to PeopleSoft and J.D. Edwards customers. SAP and TomorrowNow launched a major marketing campaign to woo away customers, shortly after Oracle acquired its former rivals PeopleSoft and J.D. Edwards in 2005. SAP employees allegedly used log-in IDs of multiple PeopleSoft and J.D. Edwards customers to access Oracle's Customer Connection system, but then supplied bogus e-mail addresses, user names and phone numbers. Oracle is asking the court to issue a preliminary restraining order against SAP to limit access to its customer support site, as well as an order that would require the return of the alleged illicit customer support and maintenance documents. The lawsuit alleges the misappropriated Customer Connection accounts were used to access software and support materials that went beyond the coverage in a customer's contract. "Using one customer's credentials, SAP suddenly downloaded an average of over 1,800 items per day for four days straight, compared to that customer's normal downloads averaging 20 per month," the lawsuit alleges. Oracle and SAP are both familiar with wearing the shoe on the other foot. In 1999, SAP filed a lawsuit against rival Siebel Systems alleging some of its trade secrets "mentally" went out the door when Siebel hired 27 of SAP's key employees. The parties eventually settled the lawsuit the following year. And in 2000, Oracle acknowledged it had hired private investigators to ferret out information on whether two research groups that supported Microsoft during its antitrust trial were actually funded by the software giant. The investigation firms reportedly tried to buy trash from the crews that cleaned the offices of the research firms. [1] http://www.oracle.com/sapsuit/complaint.pdf _________________________________________ Visit the InfoSec News Security Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Fri Mar 23 2007 - 00:05:58 PST