Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

How Microsoft tracks down pirates

How Microsoft tracks down pirates

  • Comments 3

I read a pretty good article on PC World today on how Microsoft tracks down pirates, that is, people who make illegal copies of their software (not the ones that roam the Caribbean).  Piracy costs the industry billions each year, and the most recent study that I read last year estimates that the worldwide piracy rate is around 40%.  This is actually down because in 2004 it was around 45%.  So, there’s some good news.

You’ll certainly want to read the entire article, but here is an interesting excerpt:

One of the means of tracking physical discs is to actually examine the minute defects a CD-ROM stamper creates as it presses the discs. These pits, grooves, or other defects can be scanned and placed into a database, to help track the spread of physical discs across the globe.

Each unique disc stamp is called a "strain"; Microsoft has tracked over 580,000 throughout the world. When a disc's "fingerprints" are matched to a database that Microsoft maintains, the disc's origin can be linked to a particular facility, which could be tied to a piracy operation. Tracking the discs allows Microsoft and investigators to build "intelligent maps" of a piracy operation and its distribution methods.

This is similar (or rather, it sounds similar) to what you see in the movies when there is a crime involving a gun and the police investigator looks at the shell, traces it back to its manufacturer and then figures out who bought it.  I think that happened in either Casino Royale or Quantum of Solace.

Microsoft also embeds security features into its discs and packaging to foil pirates, who can spend a great deal of time to try and foil them.

Microsoft's chief weapon is embedding hard-to-copy security features directly into the disc itself, such as an embedded hologram of the Windows logo. Pirates, however, typically affix a hologram sticker to the front of the disc, and replicate the design of the Windows or Office disc with a sophisticated – but removable – peel-off label. Microsoft also designs the holograms so that they shift and move when the disc is rotated

A second security feature is the use of an actual embedded thread, which is added to the "genuine" paper Microsoft uses to print its COAs (certificates of authority) at the point of manufacturing. The thread is used to distinguish the real article. Pirates typically simulate the thread, printing it instead of embedding them.

In some cases, however, pirates have been willing to go almost as far as Microsoft has to establish authenticity. In 2007, a major syndicate headquartered in southern China was accused of distributing $2 billion of Microsoft software, including fake versions of thirteen Microsoft products, including Windows Vista, Microsoft Office, and Windows XP, in at least eight languages. Software worth $500 million was actually recovered. The six-year investigation, including evidence gathered from 1,000 customers and partners, culminated in the 11 ringleaders receiving prison sentences.

The pirates printed five separate layers of labels onto the discs itself, trying to duplicate the shifting holograms that Microsoft had added. Actual thread was woven into the COAs, in an attempt to duplicate the real article. Using the CD stamper tool Microsoft developed, Chinese authorities tracked down the manufacturing operation. When they did so, Microsoft discovered a shocking fact: the counterfeiters had a larger manufacturing operation than Microsoft's own in the Europe, Middle East, and Asia (EMEA) region.

"We found enough thread on site to make over a million COAs," Krumm said.

The reseller purchased counterfeit COAs from China, then obtained the keys via fraud, and added them to his own counterfeits. The technique was so successful that investigators were fooled until the fraudulent keys were tied to the fake COAs.

This illustrates the problem that software developers have when it comes to creating their product.  Once you become so popular that you make lots of money, people will want to copy you and leech off of your product.  In this case, a cybercrime syndicate went to a lot of work to make the fake pieces of hardware look as genuine as possible.

It’s difficult to say what extent Chinese authorities are clamping down on stuff like this.  On the one hand, they were involved in breaking up a counterfeit operation.  On the other hand, they seem to be involved in cybertheft and digital intrusions upon foreign governments and foreign corporations (like Google).  While we can’t say for certain, given how closely the Chinese government monitors its digital traffic outside of the country it’s a bit of a stretch to believe that they aren’t aware of it, can’t monitor it or aren’t tracking it in some manner.  It’s tough to tell whose side of the fence they are on.

Anyhow, the point is that counterfeit software costs businesses annually.  As business keeps making its security better to fight forgeries, the criminals evolve and catch up.  It’s not as easy as it used to be, however:

"At the highest level, counterfeiters keep raising the bar because they have to," MacNaughton said. "In 2001, it honestly wasn't that difficult to counterfeit a decent passoff of our products. As time has passed, however, it has narrowed the number of people and the organizations' ability to counterfeit these products."

Indeed.

Leave a Comment
  • Please add 6 and 8 and type the answer here:
  • Post
  • Interesting info; no doubt the stealing costs some sales, but the quoted amounts of loss are as questionable as ever.

    I am left wondering wondering if the article was commissioned in response to:

    http://arstechnica.com/tech-policy/news/2010/04/us-government-finally-admits-most-piracy-estimates-are-bogus.ars

  • To what extent would moving to "download only" alleviate or exacerbate the piracy problem?

  • As noted here, they are breaking down on piracy in the physical form- but what about ISO downloads? Are those tractable by means of the internet? How are they cracking down on those thieves that go with torrents and such?

Page 1 of 1 (3 items)