John O'Neil, former CEO of Business Engine Software, pleaded guilty in a San Francisco federal court on Wednesday to conspiracy to download and steal the trade secrets of software competitor Niku over a 10-month period.
O'Neil, 43, is the third former executive of the San Francisco company to admit guilt in a case that the FBI's computer intrusion squad helped to investigate in 2002. He faces a maximum sentence of 10 years in jail and a $250,000 fine. Sentencing is scheduled for next spring.
His plea brings to near conclusion a criminal case that uncovered, in unusual detail, one company's plunge into the world of corporate espionage in the digital age.
Court documents from a related 2002 civil case against Business Engine brought by Niku, now owned by Computer Associates International, reveal the extent of the crime and how it was perpetrated. According to that complaint, Business Engine illegally obtained confidential account names and passwords that enabled broad administrative access to Niku's computers over the Internet. Both companies sell Web-based project management software.
From October 2001 until July 2002, Business Engine used the passwords to gain unauthorized access to Niku's systems more than 6,000 times and downloaded over 1,000 confidential documents containing trade secrets, the complaint alleged.The stolen documents included technical specifications, product designs, prospective customers, customer proposals, client account information and pricing.
Niku discovered the break-in after a Business Engine salesman made an unsolicited call to one of Niku's prospective clients, a Nike employee who happened to be related to Niku's chief information officer, Warren Leggett. The call raised suspicion because the Nike employee was not ordinarily responsible for software purchasing decisions, had never heard of Business Engine and had no idea how the salesman had obtained his contact information, according a declaration by Leggett.
The incident prompted Leggett to examine his company's computer logs and files from his recent meeting with Nike. He quickly determined from a trail of Internet network addresses that someone from outside the company had been stealing files. Leggett was able to trace the intrusions back to Business Engine by using Internet domain registration information and publicly available Internet tools, the declaration says. In the various break-ins, the perpetrators used 15 different user names and passwords associated with Niku employees.
How did Business Engine get its hands on 15 passwords and user names? The court documents don't discuss that and O'Neil's attorneys did not return calls requesting further information. But according to a CA executive, someone at Business Engine nabbed them from an online Niku employee training system that was not password-protected. "They hacked into a soft spot," said David Hurwitz, vice president of marketing at CA's Clarity unit, formerly Niku.
Hurwitz said he and his colleagues were pleased to learn of O'Neil's plea this week. "We think that justice has been served for these three crooks, and it definitely sends a message out to Silicon Valley that theft of intellectual property is serious theft, especially when done as brazenly as Business Engine did it," he said.
Business Engine spokesman Kazim Isfahani said the company has put the case behind it, noting that everyone involved in the crime no longer works there. "It's nothing we're involved with anymore," he said.
Business Engine settled the 2002 civil suit by agreeing to pay Niku $5 million and promising not to incorporate any of Niku's trade secrets into its products.
The criminal case, brought by U.S. Attorney Kevin Ryan, continues. Sentencing for O'Neil and the other two defendants, Robert McKimmey, former chief technology officer of Business Engine Software, and William McMenamin, its former sales chief, is scheduled for May 17 in the U.S. district court of Northern California in San Francisco.