The Six-Figure Software Licensing Mistake

It was late on a Friday afternoon and I was getting ready to go home for the weekend when the telephone rang. We all know that a phone call late on Friday is never a good thing. I hesitated for a moment then grudgingly picked up the phone.

“Mr. Smith?” the voice inquired.

“Yes...”

“My name is John Jones and I’m the marketing manager for MuchoLocoSecurity Inc. [All names have been changed to protect the innocent and the guilty.] We are a security software development company on the East Coast. I’m sitting here with our chief legal counsel and company president. This call is to advise you that one of your employees has illegally downloaded one of our software applications onto your network and it is currently installed on 8,441 workstations and 106 servers. The application in question retails for $39.95 per copy but we’ve decided to allow you to purchase all 8,547 licenses for $12.00 per copy for a total of $102,564. How would you like to pay?”

Gulp!

After establishing that this was legitimate and not an elaborate prank call from a deranged colleague, I told the marketing manager I’d be in touch early the next week. The weekend wasn’t shaping up well. I called my boss and advised him of the situation. The next step was to call my lead incident response guy to determine the validity of the company’s accusations. We have a fairly formal process for approving software so when they called back 15 minutes later and said the software in question was indeed installed, I wasn’t surprised. I was, however, dismayed to discover that the suspected culprit was one of my best guys—someone I wouldn’t have normally have suspected.

My next call was to legal. Do you know how hard it is to find a government attorney on a Friday evening? After interrupting several family dinners, I found an attorney and relayed my conversation with MuchoLocoSecurity. She absently said that we’d address it on Monday but I should spend the weekend gathering information. OK, how many of you have had a perfectly planned weekend ruined by a Friday afternoon phone call?

Perhaps some of you have already figured it out, but guess who was responsible for running the internal auditing tools we used for detecting unauthorized software in our environment? Yep…the same guy who had downloaded the hacked license key and illegally installed the software in question. Lest you think that I had a black hat on my staff, that was not the case. This was one of my best and most loyal security engineers. The whole incident started innocently and legally enough with him working with a sales engineer from MuchoLocoSecurity and getting an evaluation copy and license for the software. Things got very confusing after that. My guy claimed that the SE was aware of everything he had done, while the company sales guy claimed something completely different. The bottom line was that MuchoLocoSecurity knew, and had supporting evidence, that their software was installed on a specific date using an illegal license key in our IT environment.