Computer Security: Do you have 30 kCHF pocket money?

I am not kidding. Do you have 30,000 CHF to spare? Give it to me, so that I can lose it. It won’t even be well invested. We will just give it away by mistake. An easy mistake, some think. A “gentlemen’s” blunder. Unimportant and, really, not at all a big deal. But, of course, that's wrong - and expensive. Here is my story.

 

Recently, a student working at CERN was supposed to make a sophisticated simulation of thermal conductivity within a metallic structure, the resulting mechanic stress and the electromagnetic field variations within it. All of his teammates were using a commercial simulation package named - for the sake of brevity - “AllSIM”. But our student failed to download AllSIM from DFS onto his office PC, since that wasn’t where he wanted to use it. He wanted to install it on his laptop so that he could work on his simulation while travelling. However, the CERN AllSIM installation would not allow for this, as roaming usage is not covered by CERN's AllSIM licence. The student had a need and was not willing to compromise i.e. by using the Windows Terminal Service. Instead, he used Google and quickly found AllSIM for free on a dubious website. Three clicks later, he was ready to go.

Enter the 30 kCHF. AllSIM permanently monitors the usage of its software and is able to identify installations with invalid licence keys. Hence, we, the CERN Computer Security Team, received an e-mail accusing CERN of running their software with a pirated licence – despite the fact that CERN possesses a pool of licences to cover all its needs. Their request: stop the illegal activity immediately, buy official licences from them and make an indemnity payment for “licence infringements”. The price tag, as you might have guessed, was 30 kCHF.

Understandably, the student was shocked when we investigated the case and he was forced to acknowledge the facts. The AllSIM licence was pirated and the student had violated CERN’s Computing Rules just for the sake of convenience. As he was affiliated with a university, CERN passed all costs to them who, in turn, passed them on to the student. So, do you have 30 kCHF to spare?

Through simple ignorance of the CERN Computing Rules, violating proprietary rights and licence conditions, downloading pirated software, and committing copyright infringement, the student has not only placed the Organization's reputation at risk, but also created a financial liability for CERN, his university and – in the end – himself. So unless you have 30 kCHF to throw away, don't forget that software vendors make a living by charging for their products. CERN offers a variety of commercial software and has all the corresponding licences you'll need for your professional use. If you can't find what you need, please get in touch with the CERN Software Licence Officer, Helge Meinhard (IT/PES).


For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report


Access the entire collection of Computer Security articles here.

by Stefan Lueders, Computer Security Team