An IT security consultancy that provides vulnerability testing for some federal and state government agencies has been allegedly stealing software from Internet Security Systems.
Threatening "to prosecute to the full extent of the law", Internet Security Systems (ISS) managing director Kim Duffy said the "unethical" consultancy had used cracked keys to steal its Internet security scanner to undertake testing for bigname clients without paying licensing fees for the software.
"I don't know how they can call themselves a legitimate security consultant when they are using illegal software; you can see their cracked keys," Duffy said.
Pending legal action prevents naming the company in question, but Duffy understands clients of the IT security consultancy using the pirated scanners include prominent state and federal departments.
While the use of cracked software means no licensing fees for ISS, Duffy said the issue of real concern for customers is the ethics involved in such activity.
"These firms have big clients and are charging big fees; companies place a lot of trust in their security consultancy and the fact that a security firm would use pirated software is highly unethical," he said.
Duffy said ISS had begun investigations months ago to catch thieves using cracked keys but was still collecting evidence.
He warned customers to check the bona fides of security consultants before engaging them, adding "are you prepared to trust someone that breaks the law by using cracked keys?"
Duffy even offered a moratorium for crackers using software allegedly stolen from ISS to come forward as soon as possible, but stressed investigations will continue.