Oracle

An Ohio court sentenced yesterday four high-ranking TERiX executives for their role in a pirating scheme through which they stole and resold Sun and Oracle firmware patches. Three of the four execs received prison sentences.

According to court documents obtained by Bleeping Computer, TERiX founder and CEO Bernd Appleby orchestrated a scheme together with three other company executives.

The four created three fake companies —Sevanna, Summit, and Wex— through which they approached Oracle and signed servicing and support agreements for a single server, each.

As part of the servicing agreements, the fake companies received credentials for Oracle accounts through which they could log into Oracle's customer portal and download Solaris OS updates and other server firmware patches for various products.

Such updates and patches were only made available to Oracle's paying customers or authorized third-party maintenance companies, and are considered IP (intellectual property), protected under copyright laws.

TERiX made private Oracle patches available to its customes

Authorities say the four used these fake companies to download Oracle's IP and later provide it to TERiX paying customers. Court docs say the four downloaded 2,704 files from Oracle's servers from 2010 to 2014 and offered the files to over 500 TERiX customers.

The four execs used codenames such as "Boeing," "Tank," "Snow Wight," James Bond," and "Plan E" to refer to their illegal activities, in order to keep other employees from finding out about their scheme and the origin of the Oracle files.

By using these fake companies to download the Oracle patches, TERiX was able to service its clients without paying the regular servicing fee that third-party maintenance companies have to pay to Oracle.

Oracle discovers scheme after a slip-up

Court documents show that Oracle was aware of the scheme and eventually connected the dots between the fake companies and TERiX when one of the execs downloaded files from Oracle's servers via one of the fake company's accounts from a TERiX IP address.

Oracle filed a complaint with the FBI, but also a civil suit. A judge awarded Oracle damages last year totaling $57.423 million. The judge also barred TERiX from servicing Oracle products.

Yesterday, an Ohio judge sentenced the four execs in the criminal case. As the head of the operation, Appleby received the biggest sentence.

"As the head of TERiX’s executive management team and 70 percent co-owner of the company, Appleby was responsible for all aspects of the business," US Attorney Glassman said. "He designed the conspiracy and its evolution over almost 10 years, and understood and directed all aspects of the criminal activity. As the scheme was uncovered, he instructed other company employees to devise ways to avoid detection."

Name Title Sentence
Bernd D. Appleby CEO and Founder 24 months in prison and two years of supervised release and ordered to pay a $100,000 fine
James A. Olding COO and Founder 12 months and one day in prison, three years of supervised release and a $50,000 fine
Lawrence E. Quinn Director of Sales One day in prison, two years of supervised release and a $5,000 fine
Jason T. Joyce Director of Technical Services 24 months of probation and a $5,000 fine

Related Articles:

Former Microsoft Engineer Gets 18 Months in Prison for Role in Ransomware Scheme

Jury Convicts Anonymous Hacker Who DDoSed Children's Hospital, Later Got Lost at Sea

364 Idaho Inmates Hacked Their Prison Tablets for Free Credits

CoinVault Ransomware Authors Have Their Day in Court in the Netherlands

DHS Warns of Impending Cyber-Attacks on ERP Systems