A corporate espionage case brewing between two leading systems administration software vendors may not directly impact enterprises, but IT administrators wondered how such a breach could happen in the first place.
In federal court earlier this month, InstallShield Software Corp., Schaumberg, Ill., accused its closest competitor, Wise Solutions Inc., Plymouth, Mich., with corporate espionage, misappropriation of trade secrets and copyright infringement. The U.S. District Court for the Northern District of Illinois has issued an order to stop Wise from using intellectual property that InstallShield said was skimmed from its computers. Federal officials are investigating the issue but have not filed criminal charges.
InstallShield claimed that, for 10 months, Wise has been downloading sensitive corporate documents from InstallShield's FTP server and has been using the information to tweak its own product and marketing plans.
Specifically, InstallShield said Wise obtained the passwords of two InstallShield employees. It then allegedly gained access to a confidential mailing list, customer correspondence with technical support staff, marketing materials, beta software and training manuals, all of which were residing on InstallShield's FTP server.
InstallShield alleges that Wise used some of the information to build software with automated migration capabilities to help InstallShield customers switch to Wise with ease, among other things.
For its part, Wise's chief legal officer said his company is taking the charges seriously and is conducting an internal investigation. At this point, Patrick Ziarnak said, until Wise learns otherwise, the company believes the information in question was publicly available.
Some IT administrators said they were disappointed for two reasons. They were dismayed to learn that such sensitive information may have been so easily plucked off of InstallShield's FTP server and also that Wise may have possibly been engaged in some dirty dealings.
"For me, it's disheartening for this to take place in any environment, but especially one that is so close to the community," said Larry Duncan, system management consultant for Collective Technologies Inc., Nashville, and also the acting chair of the Worldwide Microsoft SMS Users Group. "I'm disappointed that they may have gained competitive advantage from unfair practices. It leaves a bad taste in everyone's mouth."
It's unlikely that IT administrators will be affected by the breach, unless Wise is found guilty in a trial and is fined so heavily that it causes financial problems for the company. "I can't see that happening," said Mike Niehaus, an IT consultant at Marathon Oil Corp., Houston.
Both InstallShield and Wise make similar systems management products for the Windows environment. InstallShield has two flagship software management products, InstallShield Developer 8 and InstallShield AdminStudio. Wise makes Package Studio and its own Windows installer.
InstallShield's customer base was mainly geared toward the developer community, but it is increasingly selling more software to systems administrators. Wise sells mainly to system administrators.
InstallShield CEO Viresh Bhatia said he doesn't know how Wise may have been able to get the passwords of his employees, but he said that, once someone gains a password, it's hard to detect an illegal intrusion because they are then authorized to be in the system.
Furthermore, the FTP server is visited regularly by hundreds of thousands of customers, so the logs are extensive. InstallShield was not looking through its logs for Wise IP addresses, which would have indicated traffic coming from that company. "You have a certain amount of trust that your competition isn't accessing your computer systems," Bhatia said.
InstallShield said its employees discovered the breach when they received direct mailings that were sent to fictitious "decoy" addresses contained in InstallShield's customer database. InstallShield has since revamped its site and put in a new FTP server. The company still hasn't ascertained the amount of damage done with the loss of its intellectual property, Bhatia said.
The company has since been working with U.S. district attorneys and the FBI to assess the extent of the breach. The investigation is ongoing and Wise has not been charged with a crime. Wise will conclude its own internal investigation in about two weeks, Ziarnak said.
Ziarnak also said Wise is cooperating with the FBI and with InstallShield. "Wise has had a longstanding reputation for honesty," he said. "We've never had anything like this happen before."
FOR MORE INFORMATION: