SAP Admits to 'Inappropriate' Downloading of Oracle Code

← Back to Stories (view on slashdot.org)

SAP Admits to 'Inappropriate' Downloading of Oracle Code

Posted by Zonk on Tuesday July 3, 2007 @04:22AM from the think-then-do-think-then-do dept.

netbuzz writes "SAP's CEO Henning Kagermann uses the undoubtedly lawyered term 'inappropriate download' to describe the company's questionable actions. Henning blames a rogue business unit, but there can be no mistaking the fact that Oracle caught SAP with its hand in the IP jar on this one. The legal proceedings that will follow should prove interesting. 'The admission hurts SAP's reputation in the battle with Larry Ellison's Oracle in the $56 billion market for software that manages tasks such as payroll. The rivalry between SAP and Oracle escalated when Oracle filed its March 22 lawsuit claiming SAP workers hacked into a Web site and stole software codes on a grand scale.'"

34 of 149 comments (clear)

Min score:

Reason:

Sort:

Sound familiar? by EveryNickIsTaken · 2007-07-03 04:26 · Score: 5, Funny

I did not have inappropriate downloads with that source code!
1. Re:Sound familiar? by Torvaun · 2007-07-03 07:35 · Score: 3, Funny
  
  Now can you show me on the doll where that bad man compiled you?
  
  --
  I see your informative link, and raise you a pithy comment.
2. Re:Sound familiar? by c0d3h4x0r · 2007-07-03 11:00 · Score: 2, Funny
  
  I did not have inappropriate downloads with that source code!
  
  The logfile in my server closet says otherwise -- your grep is all over it.
  
  --
  Moderator hint: a comment is neither "Flamebait" nor "Troll" if it is true.
Codes plural? by Random+BedHead+Ed · 2007-07-03 04:28 · Score: 5, Funny

and stole software codes on a grand scale

They stoles codes? Oh noes!
1. Re:Codes plural? by $RANDOMLUSER · 2007-07-03 04:34 · Score: 2, Funny
  
  ...software codes...
  <blink> <blink>
  (checks again)
  developers.slashdot.org
  (pounds head on desk)
  
  --
  No folly is more costly than the folly of intolerant idealism. - Winston Churchill
2. Re:Codes plural? by IWannaBeAnAC · 2007-07-03 08:43 · Score: 3, Informative
  
  It depends on the subculture. In scientific computing and high-performance computing, it is common to refer to programs as 'codes'. This language originates from one of the original supercomputer applications, hydrocodes.
  
  If you went to the system administrator of a large computing cluster and asked "what codes are you running now?", he would immediately grok that you know what you're talking about. I wouldn't be at all surprised if big iron Oracle people used the same terminology.
Bah by Richard+McBeef · 2007-07-03 04:29 · Score: 2, Insightful

Just a little harmless copyright infringement. There shouldn't be a problem here.
Can I get a consensus opinion? by shark72 · 2007-07-03 04:30 · Score: 4, Insightful

I believe that the Slashdot zeitgeist is that the word "stole" is used incorrectly here -- many Slashdotters believe that the term "to steal" should only be applied to an instance where a physical item is moved from one place to another, and should not be applied to instances of copyright infringement or unauthorized duplication -- although I presume that exceptions can be made for "theft of service," "identity theft," "you stole my thunder," "stolen kisses" and the like.

So -- was the code really stolen?

--
Sitting in my day care, the art is decopainted.
1. Re:Can I get a consensus opinion? by johnw · 2007-07-03 04:33 · Score: 2, Informative
  
  It's not a question of belief - the term "theft" has a very precise definition, and it doesn't include making unauthorised copies of someone else's software or films, despite what F.A.C.T. and F.A.S.T. would want you to believe.
  
  That doesn't mean that copyright infringement isn't wrong or illegal - it just isn't theft.
2. Re:Can I get a consensus opinion? by Brian+Gordon · 2007-07-03 04:51 · Score: 3, Interesting
  
  But it is illegal- we'll have to see whether SAP shields its hacker team behind the veil of corporate responsibility or exposes them to be criminally prosecuted individually.
3. Re:Can I get a consensus opinion? by bobcat7677 · 2007-07-03 04:52 · Score: 5, Informative
  
  Oh for pete's sake! The article writer obviously had no clue what they were talking about. No "Code" or "codes" were "stolen" or otherwise questionably acquired by SAP. Some guys in a support center used logins that weren't theirs (but they were given permission to use) to gain access to software patches and support documents that Oracle was too stingy to give them access to in the first place. They were just trying to do their job and help out customers. At worst it could be considered trespassing...but "stealing code"??? Thats really stretching the definitions of both the term "code" and the term "stealing".
4. Re:Can I get a consensus opinion? by abigor · 2007-07-03 04:52 · Score: 2, Insightful
  
  So what you're saying is, if I break into your house and write down the combination for your safe, I haven't stolen the combination? I think the popular use of the word "theft" would cover such a case. I've stolen the secrecy, which is the value in a secret combination.
5. Re:Can I get a consensus opinion? by kebes · 2007-07-03 05:02 · Score: 2, Insightful
  
  Yes, you're quite right. This is not "theft" in any useful sense. Certainly in regards to the law, "theft" has a specific meaning. The present actions, if true, are probably illegal, but are not theft.
  
  Similarly, the other examples you gave: "theft of service," "identity theft," "you stole my thunder," "stolen kisses". None of those are "theft" in the legal sense (in fact half are not even illegal). Moreover, if you were trying to have a refined argument about any one of those topics, I believe most rational debaters would agree that none of them are "theft" in the strict sense of the word. The word "theft" is being applied in those cases to make the term catchy and easy to remember.
  
  In regards to copyright infringement being inappropriately called "theft" (which is what you were indirectly referring to), similar arguments apply. It is not "theft" in the legal sense of the word, and I believe in a critical argument of the subject, using the term "theft" is imprecise and essentially an appeal to emotion rather than logic. The reason why many people in the copyright debate request that the terms "theft" and "piracy" be expunged from the debate is that, while they are catchy and easy-to-use terms, they muddy the debate by injecting moral preconceptions into the debate. (Thus, by using the terms one is implicitly already supporting a certain moral position, making impartial debate more difficult.)
  
  Similarly, I think if there was a serious debate about the morality of giving one's lover a quick kiss, it would be a weak argument from the anti-kiss debaters if they said "stealing a kiss is, like all forms of stealing, immoral since theft is wrong." The pro-kiss debaters would be well within their debating rights to request that the term "stealing kisses" not be used, and the more neutral term "quick kiss" be used instead.
6. Re:Can I get a consensus opinion? by The-Ixian · 2007-07-03 05:03 · Score: 2, Insightful
  
  However, you have not deprived the owner of the combination and he/she is able to change it.
  
  --
  My eyes reflect the stars and a smile lights up my face.
7. Re:Can I get a consensus opinion? by Anonymous Coward · 2007-07-03 05:12 · Score: 2, Insightful
  
  > So what you're saying is, if I break into your house and write down the combination for your safe, I haven't stolen the combination?
  
  YES, I AM SAYING EXACTLY THAT!
  
  Pretend now that my safe is on display at the end of my driveway, and you, passing by, happen to see the combination written on the front of it. Have you stolen it? No. The only thing you've done illegally in your example is Break and Enter.
  
  Pretend I leave my wallet open on a table, and you read my credit card number. Have you 'stolen' the 'secrecy' of my number? No. You haven't 'stolen' ANYTHING! However, should you choose to use my credit card number, you'd be charged with Identity Fraud and theft (since at that point, you would be stealing my money).
8. Re:Can I get a consensus opinion? by kevin_conaway · 2007-07-03 05:19 · Score: 5, Funny
  
  So what you're saying is, if I break into your house and write down the combination for your safe, I haven't stolen the combination? I think the popular use of the word "theft" would cover such a case. I've stolen the secrecy, which is the value in a secret combination.
  I don't follow you. Can you try again with a car analogy?
9. Re:Can I get a consensus opinion? by Red+Flayer · 2007-07-03 05:25 · Score: 5, Informative
  
  SAP & Oracle both provide support for Oracle systems. So, it goes a little deeper than you would suggest, since the patches etc were then further distributed. Furthermore, the code in question went beyond the scope of the support being provided to the client.
  
  The issue here is that SAP used underhanded (and illegal, likely) tactics to derive an advantage over a direct competitor in the support space -- they "stole" trade secrets.
  
  Sure, it doesn't seem like a big deal, but remember that Oracle paid developers to write and test that code -- and SAP got an easy hand up in building similar patches / support mechanisms for what they address.
  
  --
  "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
10. Re:Can I get a consensus opinion? by UncleTogie · 2007-07-03 06:06 · Score: 2, Interesting
  
  I'm pretty sure "secrecy" is not something that can be stolen.
  Tell that to the Rosenbergs...
  
  --
  Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
11. Re:Can I get a consensus opinion? by Red+Flayer · 2007-07-03 06:11 · Score: 2, Insightful
  
  You shouldn't have to pay a company to release a patch to you that they are holding for ransom.
  Well, there are differences between essential patches and non-essential ones. Security holes, operating flaws, sure -- I agree with you. But a lot of other patches are to introduce more functionality or to improve efficiency, and if you choose to buy software as-is, and then go elsewhere for support -- well, then, why should you have access to those patches? You certainly aren't contributing financially to the development of them.
  
  This is not abnormal for software companies -- if you want access to upgrades & non-essential patches, you pay for support of that software from the developer, or from authorized resellers. Pretty much an industry standard from my experience.
  
  --
  "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Honeypot? by CastrTroy · 2007-07-03 04:30 · Score: 2, Interesting

How likely is it that Oracle left a honeypot for SAP, MS, MySQL, or any other competitor to walk into, so that they could get rid of that competitor, or at least ruin their reputation and get some money? The fact that their was code on a website accessible to the outside world seems a little suspicious to me. Who leaves code on a publicly accessible server? I think that Oracle would at least be security savvy enough not to let their code be stolen. Anyway, not to start any conspiracy theories or anything, but I just find it a little odd.

--

Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
1. Re:Honeypot? by Vancorps · 2007-07-03 04:36 · Score: 2, Informative
  
  This is pretty common practice with Oracle, this is why people pay good money for Metalink access. It's a very valuable tool if you have to work with Oracle products. We used it extensively to get our in-house application working flawlessly with Oracle 10g. There is tons of sample code up there. I doubt they found any actual DBMS code.
2. Re:Honeypot? by OG · 2007-07-03 04:51 · Score: 2, Interesting
  
  From a quick perusal of news stories, that doesn't seem be the case. It looks like some TomorrowNow employees used credentials from their clients to access information from Oracle's website that they would not otherwise have access to. As to what the did with it...the only concrete thing I've seen so far is republishing Oracle info for some fix with the TomorrowNow logo and representing it as their own work.
Confused by Reason58 · 2007-07-03 04:35 · Score: 2, Interesting

SAP workers hacked into a Web site and stole software codes Am I the only one confused as to why Oracle would be keeping source code on a production web server?
Most inappropriate use of the word "inappropriate" by Trails · 2007-07-03 04:35 · Score: 3, Interesting

Inappropriate? Inappropriate is when my boss caught me photoshopping my buddy's head onto a screen cap of the Pamela and Tommy video (It was for his bachelor party, I swear it).

This is illegal and perhaps fradulent (ie they claimed they were customers seeking service). But what gets me the most about this is how blisteringly stupid it is. "There's no way they could know it's us! Well, there's no way, apart from the webserver logs, that they could know it's us!".

From the article:
Oracle said TomorrowNet used identities of Oracle customers and phony users to gain access to its systems. Customers for whom SAP allegedly conducted illegal downloads include Merck & Co. and Bear Stearns & Co., according to the March 22 lawsuit.
So not only are they picking a legal fight with Oracle, pissing of the DOJ, and destroying their reputation, but they've basically shown they're not above pretending to be their customers. I bet the SAP CEO is turfed before the end of the next quarter.
Too bad... by rootology · 2007-07-03 04:36 · Score: 2, Funny

Just think how many problems like this could be solved if someone went and invented some sort of free software licensing system, and everyone adopted it...
When you take something that doesn't belong to you by geoffrobinson · 2007-07-03 04:41 · Score: 2, Insightful

...that's stealing. People may try to justify stealing because the laws are bad (and the laws may need to be changed) but that doesn't change the fact that we steal things that don't belong to us.

We are stone-cold thieves. That's the human condition.

--
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
Not Source Code by Anonymous Coward · 2007-07-03 04:52 · Score: 5, Informative

There was no source code on the website!
It was Technical Support documents and patches that SAP was downloading. The only "theft" here is that SAP did not have support contracts to download the patches and documents.
1. Re:Not Source Code by OG · 2007-07-03 04:56 · Score: 3, Interesting
  
  And, according to one news article I saw, republished one of the support documents with their own logo, passing it off as their own work.
Heh by glwtta · 2007-07-03 04:54 · Score: 3, Funny

"Unbreakable", my ass.

--
sic transit gloria mundi
Re:Most inappropriate use of the word "inappropria by Red+Flayer · 2007-07-03 04:59 · Score: 2, Interesting

None of that matters in the long run.

FTA (emphasis mine):
``Although many will see the legal teams as the cavalry in this battle, the troops that really matter are the PR special forces contingent,'' Ovum Plc analyst David Mitchell said. ``PR is where this battle will be won or lost.''
That is most certainly the case.

And now for the snark. Wtf? PR special forces? What kind of training does that require? Going seven days without using buzzspeak or powerpoint? Writing press releases and giving presentations under hostile fire?

And, most importantly, what color are their berets?

--
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Summary is slanted - no "hacking" involved... by Marcika · 2007-07-03 05:29 · Score: 4, Informative

The article summary by "netbuzz" is plain flamebait. As TFA says, SAP was authorized to download materials from Oracle's Web site on behalf of customers. The SAP support people made "inappropriate downloads" of fixes and support documents without direct customer need, but they don't state anywhere that there was any hacking or any "stolen" code or "intellectual property" beyond what Oracle specifically made available for support purposes!
Re:Most inappropriate use of the word "inappropria by Asic+Eng · 2007-07-03 05:57 · Score: 2, Interesting

It's not terribly clear to me why that should be inappropriate at all. It seems their services company (TomorrowNet) would download patches from Oracle servers for Oracle customers. So if I understand this correctly, the customer (e.g. Merck) would call TomorrowNet (who they have a support contract with) and ask them to help them with some problem on their Oracle installation (which they bought and have the right to receive patches for). So now the TomorrowNet employee using Merck's login downloads the patch for them and (using the documentation which comes with the patch) explain to the Merck employee what they have to do to get the patch installed.
I presume somewhere in the contract between Oracle and Merck there is something which says "only your employess may use this account", and there is probably a notice on the website which states that you can only access the account with your own login. The whole setup would be used to prevent other companies from supporting Oracle installations, I guess.
It's all about preventing competition and replacing innovation with lawsuits, in my opinion.
Re: SAP Admits to 'Inappropriate' Downloading by Is0m0rph · 2007-07-03 06:29 · Score: 4, Funny

Umm this is SAP we're talking about. If you've ever used SAP you'd know there's no possible way they improved anybody else's code ;)
Had to happen sometime by Anonymous Coward · 2007-07-03 07:32 · Score: 2, Informative

I used to work for SAP's IT dept. TomorrowNow is a third party support provider for Oracle products, including PeopleSoft and JD Edwards. SAP purchased them to provide a support bridge for products Oracle would be sunsetting, and hopefully bring those customers to SAP's product line as they eventually migrated away from the legacy products.

Clever idea, but this sort of situation was always a concern. How do you provide support for your competitors' products without getting dangerously close to (actual or apparent) IP theft when you need to look something up or do research on those products?

SAP always took that concern very seriously and had very, very strict security policy and access restrictions in place between TN and the rest of the SAP world to try to isolate any exposure. Even still, it always felt (to me, at least) like it was just a matter of time before this happened.