Vendors are waging a losing security battle against software pirates. With V.i. Labs, eWEEK takes a look at how software pirates promote their wares on the Web.
According to the Business Software Alliance, more than one-third of all
software installed on personal computers worldwide is pirated, costing the
software industry nearly $48 billion. At one end of that food chain is the
consumer. On the other end is the network of crackers, suppliers and
distributors involved in the piracy scheme.
Somewhere in the middle are sites such as NFOHump.com, where software
pirates post .nfo files advertising their wares.
V.i. Laboratories took eWEEK on a brief tour of the piracy underground,
offering insights into how such sites operate. In its research, V.i. Labs has
found about 50 pirate Web search engines, including international ones. The
number excludes IRC (Internet Relay Chat) channels and secure FTP sites that
also allow access to search for pirated software.
Once software is cracked and a counterfeit version is ready for release,
groups will announce it over IRC. The actual software and .nfo files promoting
the release are pushed to topsites with exclusive membership, explained Victor
DeMarines, vice president of products at V.i. Labs. It is this second group that
distributes the software and makes information about it available through .nfo
files on sites such as NFOHump.com.
According to Web information company Alexa Internet, NFOHump.com has a traffic
rank of 15,091 as of Nov. 13. However, sites that actually distribute or
facilitate the distribution of pirated software rank much higher. For
example, ThePirateBay.org-a site where users can download torrent files-has a
traffic rank of 123; Walmart.com, by contrast, is ranked 257.
Travel to NFOHump.com, and you'll find lists of .nfo files for everything
from pirated DVDs to enterprise software. The .nfo files, DeMarines explained,
are essentially press releases for piracy groups.
"They follow certain vendors and their software, and when they crack
the software ... they will put out an announcement and celebrate the fact that
they have this release available," he said. "They'll also recruit
people who work for the group as well."
Finding sites such as NFOHump.com seems to be the easy part. Tracking down
the pirates themselves, however, is more difficult.
"It's difficult since pirates can easily change their user names or
account names, or even change which computers they're working from," said
Rodger Correa, compliance marketing director at the Business Software
Alliance. "It's quite easy to hide on the Internet, which [creates]
quite a challenge from a law enforcement perspective."
Periodically, though, law enforcement does catch up to piracy gangs. In July
2007, the FBI, working in tandem with Chinese authorities, busted two crews of
software pirates and seized more than $500 million worth of software. And vendors
such as Microsoft and Symantec have not been shy about making moves against
counterfeiters on their own, suing
resellers suspected of trafficking in pirated goods.
Much of the pirated software circulating the globe is available on
peer-to-peer Web sites, Correa said. For software vendors, such piracy can cost
big bucks. V.i. Labs recently evaluated 17 leading EDA (electronic design
automation) and PLM (product lifecycle management) vendors such as Agilent and
Siemens and discovered nearly 1,000 crack releases in the last three years
alone. Almost 80 percent of those releases were CAD- or PLM-related.
"We've seen software in the price range of $4,000 sell for as little as
$50," Correa said. "Overall, the price discrepancy between pirated
and legitimate product is enormous."
Editor's Note: This story was updated to add information about ThePirateBay.org.