Security Watch | Matt Hines » Oracle's SAP claims highlight more corporate spying

March 22, 2007 | Comments: (0)

Oracle's SAP claims highlight more corporate spying

TAGS: Security

racle's newly-filed lawsuit against rival SAP is only the latest in a slew of recent allegations that make it seem that business leaders are still willing to seek out ways to circumvent technological security systems.

In its suit -- which accuses enterprise applications giant SAP of fraud legislation, unfair competition, and civil conspiracy, and charges the German company of "corporate theft on a grand scale" -- Oracle claims that SAP workers illegally accessed its own computerized customer support systems and stole "thousands of proprietary, copyrighted software products," as well as other confidential materials.

SAP could then study the data and use the knowledge to offer low-budget customer service to Oracle's customers, and convince said end users to move over to its own products, according to the lawsuit.

While far from being substantiated in court as of yet, the accusations follow a string of other instances where corporate leaders -- who often purport themselves to be the staunchest advocates of information and IT security -- have intentionally bypassed systems meant to protect sensitive data.

The most high-profile example of this behavior is the controversy that befell industry giant Hewlett-Packard in 2006 when it was exposed that company executives had approved an investigation into boardroom leaks that eventually involved the use of pretexting, an illegal process used to gain access to individuals' phone records.

In addition to pretexting -- through which third party investigators allegedly posed as the people whom they were spying on to see the individuals' calling records, the company was also accused of secretly tracing e-mailing conversations meant to out its boardroom leak.

After pleading that she had no direct knowledge of the tactics, judges dropped related charges of fraudulent wire communications, wrongful use of computer data, identity theft and conspiracy that were brought against HP Chairman Patricia Dunn, but only after she stepped down from her position.

HP shelled out $14.5 million in civil settlements in the case and three other defendants from the company avoided jail time by pleading no contest to related misdemeanors.

In another recent case of corporate espionage, Italian law enforcement officials arrested four Telecom Italia employees in January 2007 for carrying out an intricate spying scheme, including the company's current and former heads of information security.

Using Trojan malware program, the Telcom Italia workers reputedly spied on the head of a publishing company that ran critical newspaper stories about the firm, and stole important documents such as his company's business plan. After telling the publisher that his sensitive documents were available all over the Internet, the involved parties offered to take over IT security operations for the company, the Rizzoli Corriere della Sera (RCS) publishing group.

In another interesting spin on the security issue, identity card vendor HID essentially quashed a presentation planned by researchers for the Black Hat DC conference earlier this month that would have shown how easy its products are to hack.

Security industry analysts and software vendors have been plugging data leakage prevention (DLP) applications as the next big thing in their market space, as the tools promise to protect sensitive information from being accessed or stolen.

Based on the purported actions of people at some of the world's top companies, it appears they might be correct.

O

Posted by Matt Hines on March 22, 2007 01:44 PM

RATE THIS ARTICLE: