Crackers – A Lesson in Channel Marketing?

The Department of Justice announced the sentencing of a cracker to 30 months in prison – read the full press release here. This case was part of "Operation Copycat" which has resulted in over 40 convictions. It appears that in this case that Mr. Fish was caught circumventing the licensing and encryption technology being used to protect software and DVDs and was quite busy within the groups with over 13,000 software and other assets being pirated.

As many of you know, warez groups are made up individuals that fulfill specific roles, and this announcement did a good job of describing some of roles which I’ve expanded on below.

• Cracker/encoder - reverse engineer and circumvent copy protection, code protection, and licensing schemes
• Packager - builds and test crack software for release
• Equipment Suppliers - provides hardware and computers for the group
• Supplier - acquires software from within vendor or their supply chain to be provided to the group for cracking and distribution
• Brokers - find groups to participate and recruits crackers
• Courier - distributes crack releases

It doesn’t take a lot of imagination to see how this model mirrors how many software vendors market and sell their software. As I’ve said before piracy groups have become their own ISVs - they've got developers, testers and distribution.

This raises a couple of interesting questions: how can software vendors minimize the impact of piracy and is there anything they can learn from the pirates’ “business model?”

USPTO's Program for Protecting IP Theft in China

United States Patent and Trademark Office (USPTO) office annouced a new program for businesses to help protect against counterfeiting and piracy. The focus of the seminar appears to be drafting enforceable IP agreements. Although needed, when it comes to software products and digital assets agreements need to coupled with software protection approaches to be effective. Some interested data was including in the release:

"China was the number one source of counterfeit products seized by U.S. Customs and Border Protection (CBP) in 2007, accounting for 80 percent of all seizures."

"piracy and counterfeiting - which cost the American economy approximately $250 billion annually"

Combating piracy by lowering software prices?

SIIA’s Anti-piracy division 2007 year in review report lists the top pirated software titles. They include some of the most popular and used software in both the consumer and business space. If I exclude Adobe Creative Suite and AutoCAD, the software prices average out to $88 per user (using Google pricing searches- see below). I believe many these titles can remove themselves from this list by adopting a SaaS model. Given their price point and popularity I believe these vendors could see significant drop in piracy by lowering the dependence of revenue based on software installs and generating more their revenue from online subscriptions and services.  Vendors of higher value software (like EDA, CAE, and other specialized engineering software) have less of an opportunity to do this since their software must often operate offline and most of their functionally is in place with their client software. These vendors have and will continue to fight piracy with legal and software protection strategies.

2007 Software Titles Most Frequently Pirated By Companies 
Symantec Norton Anti-Virus  $20
Adobe Acrobat    $88
Symantec PC Anywhere  $199
Adobe PhotoShop   $289
Autodesk AutoCAD   $1,700
Adobe DreamWeaver  $298
Roxio Easy CD/DVD Creator $24
Roxio Toast Titanium   $49
Ipswitch WS_FTP   $89
Nero Ultra Edition   $89
McAfee Virus Scan   $65
McAfee Internet Security Suite $65
Intuit TurboTax   $40
Intuit Quicken Home & Business $60
Symantec Norton Ghost   $65
Adobe Creative Suite   $2,000

Average price Without Autodesk AutoCAD and Adobe Creative Suite = $88

China's anti-piracy efforts

After reading this recent article on the success of China's anti-piracy efforts, I realized how difficult it will be for specialized or high value software vendors to see the same gains. The article describes how "China had launched a crackdown and ordered authorities to buy computers with pre-installed legitimate software". In addition, it was also reported that 3,600 enterprises had come under the government’s "scanning". However, the applications they targeted are primarily the ones that come loaded on OEM machines (i.e. Adobe, Symantec, etc.). Buying legit pre-installed software will do nothing to prevent the pirating of specialized EDA, CAE, and other high value applications used to design and produce products in China.

-Vic

It Takes Microsoft Clout to See Anti-piracy progress in China

China is the second largest economy in the world and still has high software piracy rates. In this Computerworld article there is a informative discussion of the benefits Microsoft has seen with its anti-piracy strategy. According to the article sources, Microsoft was able to recover or convert pirated licenses revenue to the tune of $164M in one quarter. This type of revenue recovery confirms that any ISV can potentially recover revenue because real businesses are using pirated software. However, Microsoft is in a unique position to combine technology and political clout to see these gains. Although, smaller ISVs will not have resources, money, and connections to sustain an anti-piracy campaign like Microsoft there are some lessons learned:

• Used a combination of activation and data collection to aid forensic identification of infringements
• Using in country partner representation and relationships to follow-up and enforce licensing

Based on V.i. Lab’s experience we believe this means additional anti-tampering technologies to prevent crack groups from creating binary patches that disable activation and license enforcement or recover key generation algorithms.

- Vic

Content Piracy or Software IP - where should we focus

Rob Preston’s blog “Where Do You Stand On Intellectual Property Rights?” discusses the recent  SIIA case where Knowledge Networks had settled an IP infringement claim based on evidence presented by a whistle blower that executives had distributed unlicensed content. Although the content is considered IP, the industry in general needs to focus these types of programs on the rampant software IP infringements that are occurring in the emerging markets.

- Vic

Organized Crime Adopts Software Piracy

A anti-piracy raid uncovers organized crime links. Further evidence of how piracy has evolved from a hobby to a an illegal business. Crime syndicates would not be interested in piracy unless it was easy and profitable. There have been other studies that reiforced this. The below chart from UK National Criminal Intelligence Service data in 2004 showed the mark up associated with piracy goods when compared to Heroin and Cocaine was higher and had far lower risk of getting caught.

License enforcement gone wrong

Interesting post that describes how to subvert an anti-virus vendors'  weak license enforcement to shut down the AV functions.  Clearly mission critical applications like AV have consider better approach that does not introduce new vulnerabilities.

-Vic

Legitimate face of piracy

I constantly receive spam with "too good to be true" prices on high end software. Most likely a by-product of my piracy Web research. However when I visit some of these sites I am impressed with the legitimate look and feel of their on-line stores (see screen shot of an example). I can certainly see an a novice software buyer purchasing from this site and unknowingly pirating software. When I did a whois on this specific example Web site it of course pointed back to China.

Vic

New Data from BSA/IDC Indicate Piracy Growth

BSA/IDC's latest annual report is out and stills shows large losses attributed piracy. I think they nailed it in terms of true root cause for this ,

"a rapid influx of new PC users in the consumer and small-business sectors, the increased availability of pirated software over the Internet, and difficult enforcement and education over sometimes sprawling geographies."

However, the steps they suggest for reducing piracy (i.e., education/awareness, WIPO treated) do not go far enough and do not limit the availability of software piracy. This will require a combination of software protection and licensing.

Vic