SAP Admits to 'Inappropriate' Downloading of Oracle Code

netbuzz writes "SAP's CEO Henning Kagermann uses the undoubtedly lawyered term 'inappropriate download' to describe the company's questionable actions. Henning blames a rogue business unit, but there can be no mistaking the fact that Oracle caught SAP with its hand in the IP jar on this one. The legal proceedings that will follow should prove interesting. 'The admission hurts SAP's reputation in the battle with Larry Ellison's Oracle in the $56 billion market for software that manages tasks such as payroll. The rivalry between SAP and Oracle escalated when Oracle filed its March 22 lawsuit claiming SAP workers hacked into a Web site and stole software codes on a grand scale.'"

Sound familiar?

[EveryNickIsTaken (1054794)]

I did not have inappropriate downloads with that source code!

Re:Sound familiar?

[Torvaun (1040898)]

Now can you show me on the doll where that bad man compiled you?

Who would have guessed

[Timesprout (579035)]

Oracle has pr0n embedded in it's downloads.

Codes plural?

[Random BedHead Ed (602081)]

and stole software codes on a grand scale

They stoles codes? Oh noes!

Re:

[$RANDOMLUSER (804576)]

...software codes...

<blink> <blink>
(checks again)
developers.slashdot.org
(pounds head on desk)

Re:Codes plural?

[IWannaBeAnAC (653701)]

It depends on the subculture. In scientific computing and high-performance computing, it is common to refer to programs as 'codes'. This language originates from one of the original supercomputer applications, hydrocodes [afrlhorizons.com].

If you went to the system administrator of a large computing cluster and asked "what codes are you running now?", he would immediately grok that you know what you're talking about. I wouldn't be at all surprised if big iron Oracle people used the same terminology.

Re:

[Dachannien (617929)]

Yep, they downloaded one code over each internet.

Bah

[Richard McBeef (1092673)]

Just a little harmless copyright infringement. There shouldn't be a problem here.

Can I get a consensus opinion?

[shark72 (702619)]

I believe that the Slashdot zeitgeist is that the word "stole" is used incorrectly here -- many Slashdotters believe that the term "to steal" should only be applied to an instance where a physical item is moved from one place to another, and should not be applied to instances of copyright infringement or unauthorized duplication -- although I presume that exceptions can be made for "theft of service," "identity theft," "you stole my thunder," "stolen kisses" and the like.

So -- was the code really stolen?

Re:

[johnw (3725)]

It's not a question of belief - the term "theft" has a very precise definition, and it doesn't include making unauthorised copies of someone else's software or films, despite what F.A.C.T. and F.A.S.T. would want you to believe.

That doesn't mean that copyright infringement isn't wrong or illegal - it just isn't theft.

Re:Can I get a consensus opinion?

[Brian Gordon (987471)]

But it is illegal- we'll have to see whether SAP shields its hacker team behind the veil of corporate responsibility or exposes them to be criminally prosecuted individually.

Re:

[dattaway (3088)]

So -- was the code really stolen?

They should have used Bill Gates' precident: removing code from a dumpster. That went unchallenged for years and now that method is not enforceable.

When you take something that doesn't belong to you

[geoffrobinson (109879)]

...that's stealing. People may try to justify stealing because the laws are bad (and the laws may need to be changed) but that doesn't change the fact that we steal things that don't belong to us.

We are stone-cold thieves. That's the human condition.

Re:

[javilon (99157)]

Well, you can even get the consensus opinion from SAP lawyers. They said "innapropiate download" as opposed to "stealing of code" so there you go.

Re:Can I get a consensus opinion?

[bobcat7677 (561727)]

Oh for pete's sake! The article writer obviously had no clue what they were talking about. No "Code" or "codes" were "stolen" or otherwise questionably acquired by SAP. Some guys in a support center used logins that weren't theirs (but they were given permission to use) to gain access to software patches and support documents that Oracle was too stingy to give them access to in the first place. They were just trying to do their job and help out customers. At worst it could be considered trespassing...but "stealing code"??? Thats really stretching the definitions of both the term "code" and the term "stealing".

Re:Can I get a consensus opinion?

[Red Flayer (890720)]

SAP & Oracle both provide support for Oracle systems. So, it goes a little deeper than you would suggest, since the patches etc were then further distributed. Furthermore, the code in question went beyond the scope of the support being provided to the client.

The issue here is that SAP used underhanded (and illegal, likely) tactics to derive an advantage over a direct competitor in the support space -- they "stole" trade secrets.

Sure, it doesn't seem like a big deal, but remember that Oracle paid developers to write and test that code -- and SAP got an easy hand up in building similar patches / support mechanisms for what they address.

Re:

[Red Flayer (890720)]

You shouldn't have to pay a company to release a patch to you that they are holding for ransom.

Well, there are differences between essential patches and non-essential ones. Security holes, operating flaws, sure -- I agree with you. But a lot of other patches are to introduce more functionality or to improve efficiency, and if you choose to buy software as-is, and then go elsewhere for support -- well, then, why should you have access to those patches? You certainly aren't contributing financially to the

Re:

[rolfwind (528248)]

"identity theft,"

Well, as dictionary.com defines it:
1. the act of stealing; the wrongful taking and carrying away of the personal goods or property of another

With identity theft, you are taking someone else's reputation/credit and depriving them of it (by ruining it)

Re:

[kebes (861706)]

Yes, you're quite right. This is not "theft" in any useful sense. Certainly in regards to the law, "theft" has a specific meaning. The present actions, if true, are probably illegal, but are not theft.

Similarly, the other examples you gave: "theft of service," "identity theft," "you stole my thunder," "stolen kisses". None of those are "theft" in the legal sense (in fact half are not even illegal). Moreover, if you were trying to have a refined argument about any one of those topics, I believe most rational

Identity theft

[HalAtWork (926717)]

You can't have your identity stolen, because according to the government, your identity is not within you, it's some intangible record. It can be misappropriated though, in the sense that someone other than you can use it. It's a flaw that criminals take advantage of to view private information, take your stuff, or take actions on behalf of you, and THAT is the actual problem.

As for stealing code, I think the problem is not actually that the code is stolen but that the copyright and license have been vi

Re:

[misleb (129952)]

It doesn't sound like it was "code" at all. The TFA mentioned "fixes and support documents." Perhaps Oracle was not providing good enough support so SAP took it upon themselves to get the information they needed? Who knows.

Stolen Code

[nurb432 (527695)]

Well, did they "remove" the code from all of oracles servers and backups or in anyway harm the original code? If so, it wasn't stolen.

If they merely copied, then no, nothing was stolen.

Why does the press refer to IP infringement as theft? It gets the common folk riled up. Remember the press is tied directly to the 'media' which desperately needs this to move their agenda along.

Re:

[abigor (540274)]

So what you're saying is, if I break into your house and write down the combination for your safe, I haven't stolen the combination? I think the popular use of the word "theft" would cover such a case. I've stolen the secrecy, which is the value in a secret combination.

Re:

[The-Ixian (168184)]

However, you have not deprived the owner of the combination and he/she is able to change it.

Re:

[MBGMorden (803437)]

No, you HAVEN'T stolen anything. You're guilty of breaking and entering. If you use that code to his safe to take anything out of it THEN you'll be guilty of theft.

Just knowing his safe code is not a crime; obtaining it through illegal means (the aforementioned breaking and entering) is the part that is against the law.

Re:

[by Anonymous Coward]

> So what you're saying is, if I break into your house and write down the combination for your safe, I haven't stolen the combination?

YES, I AM SAYING EXACTLY THAT!

Pretend now that my safe is on display at the end of my driveway, and you, passing by, happen to see the combination written on the front of it. Have you stolen it? No. The only thing you've done illegally in your example is Break and Enter.

Pretend I leave my wallet open on a table, and you read my credit card number. Have you 'stolen' the 'se

Re:

[misleb (129952)]

I'm pretty sure "secrecy" is not something that can be stolen. I can't sue (or press charges against) someone just because they found out something about me that I didn't want them to know. Breaking and entering is the only crime in this particular hypothetical case.

-matthew

Re:

[UncleTogie (1004853)]

I'm pretty sure "secrecy" is not something that can be stolen.

Tell that to the Rosenbergs... [wikipedia.org]

Re:Can I get a consensus opinion?

[kevin_conaway (585204)]

So what you're saying is, if I break into your house and write down the combination for your safe, I haven't stolen the combination? I think the popular use of the word "theft" would cover such a case. I've stolen the secrecy, which is the value in a secret combination.

I don't follow you. Can you try again with a car analogy?

Honeypot?

[CastrTroy (595695)]

How likely is it that Oracle left a honeypot for SAP, MS, MySQL, or any other competitor to walk into, so that they could get rid of that competitor, or at least ruin their reputation and get some money? The fact that their was code on a website accessible to the outside world seems a little suspicious to me. Who leaves code on a publicly accessible server? I think that Oracle would at least be security savvy enough not to let their code be stolen. Anyway, not to start any conspiracy theories or anything, but I just find it a little odd.

Re:

[Vancorps (746090)]

This is pretty common practice with Oracle, this is why people pay good money for Metalink access. It's a very valuable tool if you have to work with Oracle products. We used it extensively to get our in-house application working flawlessly with Oracle 10g. There is tons of sample code up there. I doubt they found any actual DBMS code.

Re:

[CastrTroy (595695)]

If it's pretty common practice for them to give out this code to their users, then why was SAP in the wrong with downloading it. Are they complaining that SAP downloaded some code off of Oracle's website that was right out in the open for their customers to download? The article seems to be a little light on the details, so what did SAP actually download, and how hard was it for them to "hack" in to the Oracle website containing the code?

Re:

[Fox_1 (128616)]

Both Companies, SAP and Oracle make money supporting each others products for their customers, kind of a 1 Support solution even though there is more then 1 Vendor involved. SAP was able to download product patches and updates that allowed them to provide support for Oracle products, but they were downloading files meant for Oracle customers who had paid Oracle for Support. SAP was able to use those files to support customers who had not paid Oracle for support, but had chosen SAP for Support. It's just

Re:

[OG (15008)]

From a quick perusal of news stories, that doesn't seem be the case. It looks like some TomorrowNow employees used credentials from their clients to access information from Oracle's website that they would not otherwise have access to. As to what the did with it...the only concrete thing I've seen so far is republishing Oracle info for some fix with the TomorrowNow logo and representing it as their own work.

Confused

[Reason58 (775044)]

SAP workers hacked into a Web site and stole software codes

Am I the only one confused as to why Oracle would be keeping source code on a production web server?

Re:

[OG (15008)]

As someone else stated, the code that was downloaded probably wasn't Oracle DBMS code. Rather, it was coding examples like people would usually find on a developer network site, such as MSDN.

Most inappropriate use of the word "inappropriate"

[Trails (629752)]

Inappropriate? Inappropriate is when my boss caught me photoshopping my buddy's head onto a screen cap of the Pamela and Tommy video (It was for his bachelor party, I swear it).

This is illegal and perhaps fradulent (ie they claimed they were customers seeking service). But what gets me the most about this is how blisteringly stupid it is. "There's no way they could know it's us! Well, there's no way, apart from the webserver logs, that they could know it's us!".

From the article:

Oracle said TomorrowNet used identities of Oracle customers and phony users to gain access to its systems. Customers for whom SAP allegedly conducted illegal downloads include Merck & Co. and Bear Stearns & Co., according to the March 22 lawsuit.

So not only are they picking a legal fight with Oracle, pissing of the DOJ, and destroying their reputation, but they've basically shown they're not above pretending to be their customers. I bet the SAP CEO is turfed before the end of the next quarter.

Re:Most inappropriate use of the word "inappropria

[Red Flayer (890720)]

None of that matters in the long run.

FTA (emphasis mine):

``Although many will see the legal teams as the cavalry in this battle, the troops that really matter are the PR special forces contingent,'' Ovum Plc analyst David Mitchell said. ``PR is where this battle will be won or lost.''

That is most certainly the case.

And now for the snark. Wtf? PR special forces? What kind of training does that require? Going seven days without using buzzspeak or powerpoint? Writing press releases and giving presentatio

Re:

[Qrlx (258924)]

And, most importantly, what color are their berets?

Blackberry.

Re:Most inappropriate use of the word "inappropria

[Dogtanian (588974)]

Inappropriate? Inappropriate is when my boss caught me photoshopping my buddy's head onto a screen cap of the Pamela and Tommy video (It was for his bachelor party, I swear it).

Would have less inappropriate if it hadn't been *Pamela's* body you chose to paste his head onto...

Re:Most inappropriate use of the word "inappropria

[Asic Eng (193332)]

It's not terribly clear to me why that should be inappropriate at all. It seems their services company (TomorrowNet) would download patches from Oracle servers for Oracle customers. So if I understand this correctly, the customer (e.g. Merck) would call TomorrowNet (who they have a support contract with) and ask them to help them with some problem on their Oracle installation (which they bought and have the right to receive patches for). So now the TomorrowNet employee using Merck's login downloads the patc

Too bad...

[rootology (905480)]

Just think how many problems like this could be solved if someone went and invented some sort of free software licensing system, and everyone adopted it...

Re:

[kinglink (195330)]

As long as the license creator didn't throw a fit when someone tried to make money off of the license in a way he didn't think of, and feels the need to write a new license that locks out those people. Oh yeah and basically acts like a spoiled baby.

I'm all for free software licensing. I just don't think the people at the forefront of the free software licensing are the people who should have any control over it at all.

Not Source Code

[by Anonymous Coward]

There was no source code on the website!
It was Technical Support documents and patches that SAP was downloading. The only "theft" here is that SAP did not have support contracts to download the patches and documents.

Re:Not Source Code

[OG (15008)]

And, according to one news article I saw, republished one of the support documents with their own logo, passing it off as their own work.

Heh

[glwtta (532858)]

"Unbreakable", my ass.

Summary is slanted - no "hacking" involved...

[Marcika (1003625)]

The article summary by "netbuzz" is plain flamebait. As TFA says, SAP was authorized to download materials from Oracle's Web site on behalf of customers. The SAP support people made "inappropriate downloads" of fixes and support documents without direct customer need, but they don't state anywhere that there was any hacking or any "stolen" code or "intellectual property" beyond what Oracle specifically made available for support purposes!

Re:

[Trails (629752)]

Then, if that ever came out, the reputational and legal implications for Oracle would be disastrous.

While it's feasible someone with "pull" at Oracle is dumb enough to try something like that, it's not within the realm of reasonable probability. Courtesy of Sorbannes-Oxley, companies have checks and balances built in to prevent just these types of things (audits and reviews), meaning that the collusive elements required to pull this off would be fairly distributed, and difficult to contain.

Re:

[Aladrin (926209)]

I think you qualify for a tinfoil hat license now.

Seriously, though. If they HAD paid someone to do that... Would that person not be sitting on a ton of blackmail? Oracle could never get away with it.

Re: SAP Admits to 'Inappropriate' Downloading

[Is0m0rph (819726)]

Umm this is SAP we're talking about. If you've ever used SAP you'd know there's no possible way they improved anybody else's code ;)