Dividing the Digital Plunder

The clash of IP laws, pirated software, and protectiontechnologies force us to reexamine our attitudes.

By Kenneth Wong
Cadalyst
Feb. 1, 2008

Hackers Call for Tech Support
Roughly five years ago, when Michael Dager was the CEO of a software company, the company sold approximately $900,000 worth of software to a customer.

"Very soon, we started getting support calls for the software from all around the world, from 15 different locations in Korea alone," he recalled. "Our maintenance people couldn't find their licenses on our records. The only location where this software should be in deployment was at a specific project in Seoul."

What he eventually figured out was that the buyer had been using "$11 million worth of licenses." What stewed him more than anything was that the perpetrator was not a cash-strapped small business. It was "a $30 billion company," he said.

From Russia with Love
Payback came when Dager took the helm of Arxan, an anti-piracy vendor, which describes its products as "software hardening solutions." Simply put, they make the pirates' job harder. One of Arxan's customers is an oil-field modeling software vendor. With their sales to a Russian oil company, they became the pirates' targets.

"With every new release they shipped, within 48 hours, they began to see hundreds of illegal copies appear at the client's site," Dager said. License control tools didn't help; the hackers always managed to find ways to circumvent them. Eventually, the vendor signed on with Arxan and closed up the loopholes.

"In March of this year, they shipped their latest release," said Dager. "They anxiously waited to see if illegal copies would crop up. They waited 48 hours, then a week, then a month . . . two months later, still no piracy."

Meanwhile, the Arxan sales team was getting random calls from Russia requesting copies of the anti-piracy software. Dager believes those calls came from people attempting to reverse-engineer his client's software. To do that, they must first deconstruct Arxan's protection layers. Hence, the frantic calls.

"They wanted to buy [our software] sight unseen, no matter the cost," Dager said. "They asked us to route it to them electronically." Dager passed on the suspicious transactions.

To Defend, Detect, and React
The cornerstone of Arxan's GuardIT product is the company's patented technology, which uses small security units that "not only defend against compromise but actively detect attempted attacks and react in fully customizable ways," Arxan states.

"One of the guard types we have is called traitor tracing guards," explained Dager. "They can obtain the identity of the perpetrator by capturing his/her IP address, serial number of the PC, and other information." Arxan uses approximately 13,000 guards along with binary-code obfuscation to protect its clients' products.