TomorrowNow Sentenced on Computer Intrusion Charges

Monday, September 19, 2011



TomorrowNow, Inc., a non-operating subsidiary of SAP, today was sentenced to probation and ordered to pay a fine to the United States of $20 million for unauthorized access to computer servers belonging to Oracle Corporation (Oracle) and for willfully infringing copyrights held by Oracle, United States Attorney Melinda Haag announced.

Through a corporate representative, TomorrowNow entered its guilty pleas to the unauthorized access and criminal copyright infringement charges immediately before sentencing. The sentence was handed down by United States District Judge Phyllis J. Hamilton in Oakland.

TomorrowNow, which was headquartered in Bryan, Texas, provided third-party maintenance and support services to business, government, and other organizations that used enterprise software licensed from Oracle or one of its related entities, including from PeopleSoft, JD Edwards, and Siebel Systems.

In doing so, TomorrowNow directly competed not only with other third-party maintenance and support providers, but with Oracle itself, which also offered such maintenance and support services.

From at least 2005 to 2007, TomorrowNow engaged in efforts to convince Oracle customers, who had purchased licensed Oracle software, to terminate their use of Oracle’s maintenance and support services for that software and instead retain TomorrowNow to provide those services.

Unauthorized Access Charges

The unauthorized access charges to which TomorrowNow pleaded guilty pertain to TomorrowNow employees’ downloads of Oracle software and related documentation from Oracle computer servers. Oracle maintained computer servers at a data center in the Northern District of California, among other locations.

Those servers contained software and related documentation pertaining to certain Oracle product lines, which could be downloaded over the Internet by Oracle customers. The authority of any particular customer to download materials was governed by Oracle’s license agreements with that customer, as well as by the terms of use specified on Oracle-maintained websites.

As a result of TomorrowNow’s efforts to convince Oracle customers to retain TomorrowNow to provide maintenance and support services, a number of Oracle customers did in fact switch from using Oracle’s maintenance and support services to using TomorrowNow for such services.

In order to service some customers, TomorrowNow obtained copies of the Oracle software and related documentation that the customer had licensed from Oracle. TomorrowNow obtained some of these materials by downloading the materials from Oracle servers.

According to the plea agreement, TomorrowNow admitted that on numerous occasions alleged in the Information between December 2006 and April 2007 its employees downloaded Oracle software and related documentation from Oracle’s computer servers. TomorrowNow admitted that, on these occasions, either (1) the log-in credentials of the Oracle licensees that were used by TomorrowNow employees had expired and, therefore, the TomorrowNow employees’ access to Oracle’s servers was unauthorized or (2) although the log-in credentials for the Oracle licensees had not expired, the items downloaded by the TomorrowNow employees were in excess of the access rights granted to the customers by Oracle under Oracle’s license agreement with those customers.

Therefore, in each instance alleged in the Information, neither TomorrowNow, nor the Oracle customer whose log-in credentials were used, had authorization from Oracle to download the specific items identified in the Information.

Kyle F. Waldinger and Susan F. Knight of the Computer Hacking and Intellectual Property (CHIP) Unit are the Assistant U.S. Attorneys who prosecuted the case with the assistance of Jacquelyn Lovrin and Lauri Gomez. The prosecution is the result of an investigation by the Federal Bureau of Investigation.


Possibly Related Articles:
Legal Oracle Headlines SAP Information Security Copyright vendors Courts TomorrowNow Computer Intrusion
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked