Computer Fraud – an Analysis on Oracle Corp vs. Sap Ag

Information carcass has been playing a grave essential role in daily business activities. everyplace the past decade, the detection rate of study processing governing body crimes concerning selective study system attacks has risen sharply. According to Kunz and Wilson (2004), reported figurer crimes have been septupled from 2000 to 2003 and leads to inestimable economic loss. Therefore, themes on development security, especially the prevention of computer thespian, have attracted increasingly attentions (Romney and Steinbart, 2009).However, it seems that perpetrators can always find new techniques to theft invaluable business secrets stored, processed or defend by those information systems. Moreover, some abuse techniques have been used in economic espionage, which causes a yearly loss of $250 billion (ibid). prophet Corp vs. run out AG could be one of the relating aspects occurred in the recent 2007 and is not yet closed till present. This essay will firstly introduce th e Case. Then by using Fraud Triangle, analyze the reason of wears commitment of computer subterfuge and data theft.Finally, suggestions on how to improve the security of companys information system will be addressed with some reflections of the Case. It has been reported that the worlds softwargon monster gull AG was sued by its largest competitor, visionary Corporation, for computer fraud and data theft in March 2007 (Anon, 2010). In the Complaint, Oracle Corporation (2007) stated that in November 2006, unusual heavy d stimulateload activities were descry on Customer Connection, a website Oracle used to serve its customers. The uncovered access originated from an IP address in one of SAPs braches with log-in IDs of PeopleSoft and J.D. Edwards customers. It is discovered later that TomorrowNow and SAP TN, two SAP subsidiaries, committed a series of unauthorized access to Oracles customer service system and more than 10,000 illegal download activities. Mass of important materia ls, including copyrighted software codes and confidential documents was theft. In this way, SAP was capable of establishing a service library for PeopleSoft and J. D. Edwards products, and launched a marketing campaign to snatch Oracles customers. The fraud resulted in Oracles 120 copyrights infringed and posed the threats of losing 358 customers (Kawamoto, 2007).On 24 November 2010, the U. S. Federal territory Court for Northern California announced that Oracle won the Case with SAP liable for $1. 3 billion compensation. As Slappendel (2010) points out, this is the largest amount ever awarded in copyright infringement cases. The core reason may lies that the verdict is based upon the fair market value of the licenses for utilizing those resources instead of Oracles profit loss. afterward the verdict, SAPs stock terms has been falling significantly and TomorrowNow had to be shut down (Anon, 2011 Team, 2010).Although SAP accepted the liability and apologized for its inappropriate behavior, the company has been rock that the penalty was contrary to the reality of the damage caused by the fraud (Margan, 2011). It is also reported that SAP has filed motions to the Court and therefore SAPs computer fraud case does not seem to end at present. The action of data theft has brought unnecessary troubles to both SAP and Oracle. In order to prevent computer fraud effectively, it is essential to fully examine the reason of SAPs behavior. Fraud Triangle will be used as an analysis tool.It is estimated by Romney and Steinbart (2009) that Fraud Triangle consists of the three normal conditions for fraud to occur pressures, opportunities and rationalizations. Figure 1 shown below is a brief summary of Fraud Triangle in the Case. 5. Homely meals in software industry FIGURE 1 FRAUD TRIANGLE OF SAP foreshortenure Opportunity Rationalization 2. Oracles lacking(p) security management 4. Theft by other companies (i. e. Siebel Systems) before 1. Financial fierce competition in the market 3. Few evidence may not be spottedFirstly, SAP is probably under the severe pressure of maintaining the top one throne in the software market. During the last decade, competition between Oracle and SAP has greatly increased and the rivalry has developed into a feud. Particularly in 2004, Oracle began a series of acquisitions, aiming at increasing the percent of enterprise applications market, where SAP owned the leadership (PeopleSoft, 2011). After realizing the seriousness, SAP fighted back by offering special discounts to woo customers, and thus a unrelenting price battle initiated.However, the strategy did not seem to rescue much, SAPs market share remains downward sloping (Team, 2010). Currently, Oracle and SAP are vying for the third-party enterprise software support and maintenance market. The enormous pressure of winning may contribute to the commitment of computer fraud, especially for spying the business secrets of the largest competitor. The sideline two ext ernal conditions may possibly be linked to SAPs unwise actions Oracles insufficient security management and an hazard to conceal the fraud.Oracle has provided the Customer Connection as a supplementary of its service to the customers. However, the semi-open system, which stores countless precious information, does not appear to be equipped with passe-partout security management techniques. A huge defect exists that allows easy access to resources supposed to be protected from outsiders. In terms of the flaw, Oracle may be partially liable of its loss. Even though Oracles detection of abnormal access is relatively sensitive, it could not take a step up of the crime.Besides, Oracles dependence on service website offers the probability to conceal fraud, since comparably less evidence would be left for detection. With technology improvement, computer fraud may become far more difficult to spot in the future (The National Fraud Center, Inc. , 2000). Moreover, the experience of being a casualty of computer crimes might have lifted SAPs rationalization of being a perpetrator. It is recorded that in 1999, SAP filed a lawsuit against Siebel Systems and claimed of being a victim of the so-called White Collar Crime (Kawamoto, 2007).Additionally, it may be reasonable to recognize the fact that most people in software industries compute the occurrence of computer fraud as homely meals, because almost all businesses in this market have grabbed some most advanced computer techniques, in concert with some abuse techniques obviously. As a result, SAPs fraud behavior may not be that severe in the eyes of the determination makers. Hence, accelerate the germination of computer crimes. After fully assessment of why SAP may err, suggestions on how to improve the security of enterprises information system will be addressed with reflections of the Case.In the perspective of prevention, several control methods could be considered to raise the security capability of the enterprise s information systems. First of all, persuade or enforce all employees, even the customers, to use strong password to access to companys database or service websites (Standler, 2007). fatality of password changes at regular time intervals would be necessary to prevent some former employees of customers company from entering the system, which may exactly Oracle needs.Secondly, secure physical and remote access to system resources unless the both the log-in ID and IP address are authorized (Backhouse and Dhillon, 1995). Thirdly, safeguard and double encrypt all data and programs. For example, materials on the Customer Connection could be double encrypted so that without further encoding, the downloaded materials would remain useless for non-employees or non-customers. Besides, techniques such as anti-virus software and firewall could to some purpose protect the system from worms and viruses attack.Although using the above prevention method could avoid some dispensable loss, perpetr ators penetrate everywhere (Romney and Steinbart, 2009). Therefore, an efficient detection system should be ready for any possible incidences. The establishment of a fraud hotline is recommended, which contains the employment of computer security officers, consultants and forensic specialists. The control system will be booked in monitoring all malicious actions and reporting back as soon as possible. In the Case, Oracle took advantage of its superior detection system and made SAPs fraud evidence traceable and suppressible (Oracle Corporation, 2007).Despite prevention and detection, there are other preparations could be made ahead of the arrival of any disasters with the intention of reducing the loss caused by computer fraud (Kunz and Wilson, 2004). These routines mainly concern insurance application, recovery plans constitution, material back-up within the whole information system. Furthermore, timely crime reporting to the government crime center and effectively legislative too l using might be helpful for retrieving fairly compensations from perpetrators, as it has been done by Oracle Corporation in the Case.Some ERP market analysts even suspect that the compositors case could be a sort of Oracles strategy to decrease the competition in the third-party enterprise software maintenance and support market. Whatever the original purpose is, Oracle has achieved benefit from winning the Lawsuit for the current period. To conclude, SAPs situation has satisfied all of the three conditions presented in Fraud Triangle, some of which heavily depend on industrial milieu as well as the design of Oracles information system.Thus, objectively, SAP may not liable for all the censure, though it really has been diligent in illicit competition using computer fraud. Oracle could be considered partially responsible for its loss and the sentenced $1. 3 billion seems somewhat too cruel for SAP to bear. Although some experts may argue that the breach of intellectual property i s unforgivable culpable negligence, it looks possible for the Court to adjust the amount of penalty towards a more realistic number. Since the next round hearings will not start until July 2011, all the outcomes remain unpredictable (Margan, 2011).It is undeniable that, however, computer fraud could bring close to huge losses for the entire society, especially when it is used in economic espionage. In the speeding advancing information century, nearly all of the impossible could be made possible. Consequently, it seems that scarce the creation of a healthy competition environment, emphasis on business ethics and proper education may aid in bringing down the upward climbing computer crime rate. REFERENCE Anon. (2007) SAP-We Will Aggressively Defend Against Oracles Claims online. Ziff Davis Media, United Press International. Available at 30 April 2011 Anon. (2010) Oracle Awarded $1. 3bn In SAP Data Theft Case online 24 November. BBC News. Available at 28 April 2011 Anon. (2011) SA P Posts crisp Profit Drop Due To Oracle Lawsuit online 26 January. Available at 29 April 2011 Backhouse,J. and Dhillon,G. (1995) Managing Computer Crime A Research Outlook online. Computer and certification 14(1995) 645-651. Available at 29 April 2011 Granick,J. S. (n. d. ) Faking It Calculating Loss In Computer Crime Sentencing online. Available at 1 May 2011 Kawamoto,D. (2007) Oracle Sues SAP On Spying Charges online 22 March. CNET News. Available at 28 April 2011 Kunz,M and Wilson,P. (2004) Computer Crime And Computer Fraud online. Available at 1 May 2011 Margan,T. P. (2011) Oracle, SAP Still Going At It Over TomorrowNow online 28 February. Available at 29 April 2011 Niccolai,J. (2010) SAP Court Lops $500M Off Oracles Potential Damages online November. IDG News. Available at 1 May 2011 Oracle Corporation (2007) Oracle Vs. SAP Lawsuit Complaint online. Available at 28 April 2011 Panorama Consulting Group. (2010) Clash Of The Titans An Independent Comparison Of SAP Vs. O racle online. Available at 10 April 2011 PeopleSoft (2011) Oracle vs. SAP online 1 May. Available at 1 May 2011 Romney,M. B. and Steinbart,P. J. 2009) Accounting Information Systems, 11th Ed. Pearson Prentice Hall. Shaw,E. et al. (n. d. ) The Insider Threat To Information Systems The Psychology Of The Dangerous Insider online. Security Awareness air No. 2-98. Available at 29 April 2011 Slappendel,S. (2010) Oracle v. SAP Highest Damages Awarded For A Copyright Infringement Lawsuit online. Available at 28 April 2011 Standler,R. B. (2007) Tips For Avoiding Computer Crime online 25 November.Available at 29 April 2011 Team,T. (2010) SAP-Oracle Lawsuit Could Weigh On SAP Market Share, Stock Price online 14 December. Available at 29 April 2011 The National Fraud Center, Inc. (2000) The evolution Global Threat Of Economic And Cyber Crime online December. Available at 1 May 2011 APPENDIX A COPY OF THE NEWS REPORT Oracle awarded $1. 3bn in SAP data theft case 24 November 2010 Last up dated at 0732 GMTOracle chief executive Larry Ellison testified during the case European software giant SAP has been ordered by a Californian court to pay US rival Oracle $1. 3bn (? 820m) after losing a data theft case. The case revolved around customer-support documents and software stolen by SAPs subsidiary TomorrowNow. Oracle alleged that the German company intended to use the data to poach the 358 customers involved, and demanded $1. 65bn compensation. SAP had claimed it owed only $40m, but the jury decided in Oracles favour. SAP give tongue to it was disappointed with the jurys decision and would look to challenge the verdict. We will pursue all available options, including post-trial motions and appeal if necessary, it said in a statement. It did, however, reiterate that it had made a mistake We regret the actions of TomorrowNow, we have accepted liability, and have been willing to fairly compensate Oracle. humongous dreams Oracle co-president Safra Catz expressed her satisf action with the verdict For more than three years, SAP stole thousands of copies of Oracle software and then resold that software and related services to Oracles own customers. The trial made it clear that SAPs most senior executives