The former employee used an administrator account to generate and sell software licences. According to the indictment, €87 million’s worth was stolen.
The former employee and two partners are on trial in Oklahoma. The FBI conducted the investigation. The judge has yet to decide, but the evidence is overwhelming.
Brad Pearce was a long-term employee at one of Avaya’s US customer service departments. The former employee used his administrator account to generate tens of millions of euros in software licences. Pearce sold the licences to several resellers. His wife, Dusti Pearce, helped with accounting and money laundering. Jason Hines, owner of a resale company, was the largest client. The three face a hefty prison sentence.
Avaya develops communication software for enterprises, call centers and SMEs. Avaya IP Office is a popular phone system among small and medium-sized companies. Customers can expand the basic product with licences. Whenever you need an extra telephone line or voicemail box, you call an authorized reseller and buy a licence code. At least, that’s the intended way.
There are several methods of acquiring software products outside of authorized resellers. Ten years back, it wasn’t uncommon for software boxes to fall out of trucks. Nowadays, no supplier is crazy enough to work with CD-ROMs, but that doesn’t mean the black market disappeared. A data breach at a reseller can yield codes. Fraudsters feed the market as well, as exemplified by Brad Pearce.
Pearce’s administrator account provided access to the accounts of former employees. Pearce covered his tracks by hacking into the accounts. Codes were created on various accounts to avoid detection, which Pearce managed for years. The details of the lawsuit are private, making it difficult to determine the exact time that Avaya tracked the racket down.
Security policy raises questions
According to prosecutors, the defendants had an impact on the global market. Licence codes were sold far below retail price, reducing the demand for authorized codes. Prosecutors allege that the fraudsters made millions. The money was spent on gold blocks, among other things.
The lawsuit raises questions about Avaya’s security policies. It’s hard to believe that a customer service account provided access to software licenses, let alone the accounts of former employees.
Avaya is not the only victim. It’s impossible for resellers to compete with rock-bottom prices. Their revenues were affected. Avaya has yet to respond to the lawsuit.