Help With Unwilling "business Partner"

[faivdolla]

Hi

First up, i have no idea where to put this threat, so I’ll start it here, if It’s in a wrong place, please admins, move it. If this threat is not acceptable or bad in any other way, please, let me know and delete it, no hard feelings. :)

I would like to point out, that English is not my native language, so please be kind :P

I thought long and hard, how to present this case to u all and I think honesty should be my best bet.

OK, here we go.

A ~2 years ago my friend was asked to make an accounting program (web app), it was a huge project and money was good. He was the team leader and there were few other coders. Everything was ok, had all the contracts and other paper works as it should..(he has his own firm, from under he made that project) Then the company (ordering side), changed- new name, same people- telling us, that everything is ok, and let’s keep on working. So we did. Contracts remain with old names. We knew that this isn’t right, but they were paying and everything else didn’t matter. (I know, stupid)

At some point, they started to delay with payments, and so on, until they stop paying at all, but here’s the kicker- they said “ that doesn’t mean that u should stop making it, everything is fine “ :D Of course my friend, good heart as he have, continued his work, for .. I honestly don’t know for how long, four months or maybe more. Our accountant sent all the bills with interest, and all the replay we had was “why have u stopt making it”.

As he made this program, he had a remote access to the server, where the web app and databases were and using that access he closed the program down, but left it in there. Now, them fellows paid (as far as I know) pretty good amount to another programmer there (who were “let go” few months earlier.. or something) to reopen that program and to block/delete my friends access and change passwords) ..fun huh? :)

And the best part, they are now using it and making money.. app itself is far from finished, but usable – they needed it fast.

Now, because he’s just a coder and I’m a good friend :) (somewhat involved in his business), I thought I’ll give it a try. Maybe u guys here, can help. I am 100% certain that they have no intend to pay us, so, my big plan was as follows- IF there is any chance to completely remove it, then, IF they want to keep using it, they pay what they owe and get it back ( so called buy it out, because the app belongs to our company, until its finished, and they have said them selves, that it isn’t finished ) But I would point out, that this is not about money , my friend has completely lost hope, and given up, and he is certain that he won’t see that money (and all this has shaken his confidence). Me, I just want to give those guys what they deserve, IF we get that money, all the better.. :)

As I understand it, there is an linux (opensuse) machine where the databases stand on, and on that linux there is a virtual drive with win7 where’s that web/app runs on IIS. In front of all that, there should be some sort of firewall that redirects traffic, because suse and win have the same ip, just different ports. So, if someone could delete that virtual drive, that would be enough.. As far as I know, no one has updated those systems, for a long time..

The good thing about this all, is that all of this is legal, as I discussed it with my friend, because the app still belongs to us and we shall call it a “ security audit” ;) that’s why we don’t want to touch the databases, only the program.. but, if the databases will be lost, that’s not our problem- they knew that it’s not finished and there’s no backup system implemented yet and they choose to use it anyway.

Maybe here is someone whos willing to take on that nice little challange.. :)

I have that ip, some ports- that were open sometime ago and some user names for opensuse. I would prefer to give them out to people that ask, not to put them out here for public..or should I just put them out here?

I know that this probably is a lost cause, but hey, no shame in trying..

I try to answer every question to this subject as good as I can, please, no remarks how he should have handled this, what’s done is done.

Tnx in advance and let’s hope for the best (what doesn’t kill, makes u stronger, right) :)

[Calianna]

Ok question, how can you comfirm that the application is yours?

[faivdolla]

That’s actually a really good question, I thought about that myself, I think it’s a question of trust most of all..

We have have exact path of app, database, virtual drive to (at least I think and hope he knows that), but most certainly he has that real app and code and so on..

I know it’s not mutch..but maybe it’s enough, or is there anything else we should have to prove our point?

Dont get me wrong, i know exactly how it all sound :D

Edited May 25, 2011 by faivdolla

[Calianna]

On another note, even with all the information you have, it's on someones property which you don't own, so going onto it would be illegal no?

Same thing as hmmm Police take your Car away and stick it in the impound, it might be yours but you go and try and take it away, your doing that illegally?

[faivdolla]

Police sample is nice and all, but the police gives u a paper or something, saying that car is in our posession and u have no right to it..something like that.

In our case, as far as we are conserned (and they are to, probably) the contract has not been ended, on paper atleast( and thats what counts), meaning, they have not said officially(on paper) that we can not access our app. Thats whay i said that we shall call it a security audit :) We talked it throu and agreed, that legally this should be fine..

[digip]

What you are asking us to do is illegal. Bottom line, get a good lawyer. Sorry, but no one here can help you with this. Not that they carry cases like this, but maybe consult with http://www.eff.org/

[faivdolla]

digip Tnx for honest point of view :) As i understand this eff.org operates in US, we are far from it- Baltic region to be exact..

Ur point in this, i don't think it's true- fact remains, program belongs to us, and contract is valid. On paper we have every right to access that machine.. So how is this illegal, could u please explain, maybe theres something we are missing.

Oh, and i forgot, IF the deed is done, we had planned to contact them, and say it out, that we did it..maybe then, they want to talk with us again :D

Edited May 25, 2011 by faivdolla

[digip]

digip Tnx for honest point of view :) As i understand this eff.org operates in US, we are far from it- Baltic region to be exact..

Ur point in this, i don't think it's true- fact remains, program belongs to us, and contract is valid. On paper we have every right to access that machine.. So how is this illegal, could u please explain, maybe theres something we are missing.

Even if what you say is true (we can't prove one way or the other), YOU may have access to the system, but that doesn't grant us any exclusive legal rights to do the same.

If any of us accessed these machines, even if given the IP and password by you, we would still be breaking the law. We don't have a contract with these people, nor have WE ever been given permission to access their servers or data. Giving us passwords doesn't make that any more legal than us attacking and breaking in without them.

What you ask is simply not legal for us to do. Any way you slice it, you should contact a lawyer, because even you accessing the system in question at this point might be illegal for yourself. If you already have the logins and IP, why ask us to do something you say you are aloud to do yourself and could do on your own?

[faivdolla]

As i said before, English is not my native language, maybe i wrote something wrong at some point :) I have IP's and user names ( at least the ones that were in use before they desided to kick us out), i do not have passwords. And we do not have nessesery skills to do this..

For that ongoing legal issue :) I talked it over with my friend and said everithing U have- he is still confident, that it's legal. Because We have ongoing contract(where is written that program belongs to us), He is project leader and that means, he can allow anyone who he pleases to access that system. We dont "hack" the machine, we are accessing application, as i said before- "security audit" :D

Pluss, he is confident that all they will do is coming knocking on our door. They can not go to authorities, their companis paperwork is only good on someones head..basically they are "milking the country" as we have discovered :D

[Calianna]

Bottom line from the discussion is it's not legal for me or the next man/woman to do. Time for you to learn to get it covered yourselfs...............althought I'd agree with the Lawyer side of things. If your contact states that the software is the property of the Software Engineer and not the company then you'll roflstomp them in court.

[faivdolla]

Seems like the lageal issue is pure point on view, i'm not saying that ur wrong, and theres no hard feeling for that :) Going to court will need money, wich we don not have sadly..

pluss here, where we live, courts does not seem to work that well

lol, my friend just called me, and gave me the cookie, for me to access the web app itself(that he still can do), seems like today 4 contracts for accounting were made :D

[Jamo]

Definitely get a good lawyer, or at least ask from one, who knows your countries law.

Do you still have access to that server, where the software is located, you haven't ended the contract, but they have stopped paying for you.

If you have access "continue developing" the app, back it up (+ all important database's just in case) then make some little changes to your software so it wont work correctly anymore, but it still does something, don't just delete it.

Then hopefully the will notice, that app has stopped working and they'll call to you and ask for help. Or just get someone to fix it.

Just to remind you, we can try help you, but no one will take any legal response whatever happens.

Good luck!

[Infiltrator]

1) This is definitely looking like a real case scenario to me. You should contact a lawyer and get this matter dealt with.

2) Hacking into your employers computer system its not only illegal but could have huge implications for you and your friend.

[faivdolla]

Tnx for all the input.

Infiltrator we are not asking anyone to take blame for this crusade, this is actually the point, all the blame should point to us- IF they want, they can take us to court (wich they won't do)

We have talked to people, who have experience with these sorts of things, even they say, that theres nothing they can do (something to do with that new company they made). But theres something fishy also, thats why they won't co to court themselves..more likely want to start a "fistfight" :D

Jarmo More or less, that what we did, at first. We stop't development and closed down site, with notice "unpayed bills" or something. After we did that they called as, asking "why would u do that and everithing is fine, u'll get ur money" and after a few days, they brought in that other guy, who was also coding it for some time. And he opend it up again and changed all the passwords.

Some time ago we still had access to win2003 server, with remote desktop (limited user rights, i think), witch was sitting at the same network that those linux and win 7 machine- if that would help..

I'ts good to know, that people are willing to help, and as i stated above, we are not planning to blame anyone, only ourselves. And as i understand, from some interesting choises of words, this kind of case is certanly not the first one..

Someone offerd me to ddos that site- as i understand, it only blocks that site, not removes it completly? And if ddos attack ends, then site comes back up?

But..is what i am asking, even doable?

all the best :)

Edited May 27, 2011 by faivdolla

[digip]

I'm sorry, but this thread should have been locked from the get go. We do not vigilante hack or attack other peoples work, sites, servers, data, etc. That is not who we are, and asking us to do so is also against the forum rules (ie: don't ask us to hack your school, this is basically the same thing, but on a larger scale).

What you want us to do is illegal. DO NOT TRY TO JUSTIFY IT! NO ONE HERE WILL DO THIS FOR YOU! DOESN'T MATTER IF YOU ARE TELLING THE TRUTH!

If you want to do it yourself, that is your own doing. If you want to learn how to do these things, hack, understand how to do a DDoS, etc, for education purposes, or your own actions, that is what this forum is for, an open discussion and dialog about computers, technology, and hacking. It is not for having anyone do illegal things for you. Knowledge is not a crime, what you are asking someone to do is.

Edited May 27, 2011 by digip

[faivdolla]

Fair enough :) I suppose it's case closed then..

[redhook]

The good thing about this all, is that all of this is legal, as I discussed it with my friend, because the app still belongs to us and we shall call it a “ security audit” ;) that’s why we don’t want to touch the databases, only the program.. but, if the databases will be lost, that’s not our problem- they knew that it’s not finished and there’s no backup system implemented yet and they choose to use it anyway.

Not legal no matter how you candy coat it, unauthorized access is unauthorized access. The only options you have at this point are to litigate or let it go. That company also happens to own whatever you guys have been paid for, and if they have someone else continuing from where you left off that new code does not belong to you. I hope your friend has kept track of all hours that were spent on the project, how much he was paid and how much he is owed. He also will need copies all all correspondence with that company in order to prove that they wanted him to continue working. In the future he should remember to renegotiate contracts when a company changes hands or name.

One other option would be to start collections proceedings, however I would speak to an attorney before doing anything.

Edited June 12, 2011 by redhook