Avaya reseller helped coordinate $88m pirate software scheme
New Jersey-based businessman, Jason Hines, pleaded guilty in an Oklahoma court on Friday
A system administrator at software firm Avaya has been indicted following his involvement in a fraud scheme that saw pirated licenses worth $88 million sold to co-conspirators over the course of several years.
US courts said on Friday that Brad Pearce conspired with New Jersey-based businessman Jason Hines in what officials described as a “massive international scheme” to profit from the sale of pirated telephone system software licenses.
Pearce, who officials said was a “long-time customer service employee” at the software firm, abused his sysadmin privileges to generate keys for IP Office software licenses.
IP Office is a telephone system used by hundreds of small businesses across the United States and abroad. To access the system, users were required to purchase access keys from an authorized Avaya distributor or reseller.
“Brad Pearce, a long-time customer service employee at Avaya, allegedly used his system administrator privileges to generate those keys without authorization, creating tens of thousands of them that he sold to Hines and other customers,” the Department of Justice said in a statement on Friday.
According to earlier court documents on the case, Pearce was alleged to have abused sysadmin privileges to use former Avaya employee accounts to generate additional license keys.
Thereafter, the licenses were purchased by Hanes’ company, Direct Business Services International (DBSI) - a New Jersey-based business communications systems provider and, up until recently, an authorized Avaya reseller.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The scheme, which lasted several years, resulted in the sale of software licenses with a retail value of over £88 million.
State of ransomware readiness 2022
Explore the business implications and personal impacts of ransomware and find out how organizations are defending against attacks today.
Officials added that Hines’ business was “by far” the largest customer in the pirated license scheme, purchasing over 55% of the total stolen.
Hines pleaded guilty to conspiracy to commit wire fraud, officials said last week.
As part of a plea agreement, the Department of Justice said it had agreed “not to advocate” for a prison sentence of more than five years.
In addition, Hines must forfeit “at least” $2 million as part of the deal and make full restitution to his victims.
For their involvement in the scheme, Brad and Dusti Pearce were charged with conspiracy to commit money laundering, as well as a charge of money laundering.
Pearce’s involvement in the conspiracy marks the second case this year in which a company employee has actively defrauded their employer, or colluded with outside individuals to do so.
In May, a UK-based IT worker was convicted of unauthorized computer access and blackmail after hijacking a ransomware attack on his employer.
Ashley Liles was found to have attempted to blackmail his employer, Oxford Biomedica, into paying a ransom in the wake of a 2018 security breach.
Liles hijacked the ransomware attack and posed as the culprits in order to blackmail company executives into paying a ransom.
Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.
He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.
For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.