War on counterfeiters

3 Mar 2011

From an office in Dublin, software experts and ex-FBI and Interpol officers are waging war against a sophisticated $53bn counterfeiting industry linked to organised crime.

You could say Donal Keating has an interesting job that takes him to interesting places. If the physicist is not involved in a stake-out at the Gorbushka Market in Moscow, he’s accompanying a raid on one of the biggest and most sophisticated counterfeit factories in southern China. But most of the time you’ll find him and his colleagues sifting through the 6,300 pieces of evidence assembled every year at the Microsoft Forensic Crime Lab in Dublin from 39 police forces worldwide.

Tucked away in a part of Microsoft where few Microsoft employees ever tread, the Microsoft Forensic Crime Lab is on the frontline of a battle against organised crime. Keating and his colleagues, an eclectic mix of scientists, software engineers and former FBI and Interpol investigators, are tasked with battling a crime industry that is responsible for stealing $53bn a year from the global software industry. That’s about a quarter of the industry’s revenues annually.

As one of the world’s biggest software companies, Microsoft has the most to lose and that explains why the company spends $200m a year on anticounterfeit crime.

“The business risk for a company like Microsoft is loss of revenue but for Irish people to understand it, think of the lost revenue to a country in terms of tax,” Keating says.

“This is a growing problem. In the IT industry, data is considered the most valuable asset a company can have.”

According to Keating’s colleague Anthony Delaney, when someone buys a counterfeit product they are potentially funding a criminal organisation that may be involved in drugs or prostitution.

“The crime gangs have become so sophisticated that we see a lot of situations where people are placing orders with what they think are legitimate companies only to find that the product is shipping directly from China and is counterfeit.”

Race against counterfeiters

Delaney says counterfeiters and organisations like Microsoft are in a constant race.

“We try to raise the bar and make it difficult for them to make good copies. Then there’s the online dimension. From the internet perspective, we are taking down on average 800,000 sites per month, ranging from peer-to-peer to bit-torrent sites.

“From the physical perspective, it is a race against how quickly they can replicate what we have done, and for us it is about making it more difficult for them to copy.”

Keating explains that in many cases, people know they are committing a crime by buying counterfeit software on auction sites or via bit-torrent. However, in many markets, including Ireland, people are unwitting victims of counterfeiting. For example, there are computer resellers who will copy entire versions of Windows or Office onto a basic PC and charge users a premium. In cases where people buy illicit software online or in physical shops, the software can be rigged by cyber criminals to contain a virus or open a backdoor into their computers.

“One-third of the evidence we gather each year comes directly from customers who were fooled into thinking they bought the real thing. We take the view that these people are victims and replace their software with genuine software in exchange for information.

“That’s where the lab begins to build a picture then of where the software came from, how it’s distributed and marketed. We build up an intelligence picture that enables us to target syndicates and crime gangs and we give that to the customs and law-enforcement groups.”

To catch a counterfeiter

Keating describes the efforts to capture counterfeiters as a game of cat and mouse and often the criminals are one step ahead.

“A few years ago in the Garbushka market, for example, you couldn’t find a genuine copy of software and it was easy to spot the low-quality copies, but now illegal software is made to look overtly genuine.”

Keating shows me various counterfeit copies of Microsoft Office, for example, which are circulating in Asia and Europe, and they look the real deal with convincing certificates and holograms.

Three years ago, Chinese authorities and the FBI raided a sophisticated warehouse in southern China where workers assembled disks, authentication materials and manuals to be exported around the world to 36 countries in 11 languages. In that one raid, investigators got their hands on $2bn worth of counterfeit Microsoft software.

Counterfeiter gangs, which have links with other crime gangs, would happily pay up to $10m for the sophisticated machines needed to press DVDs and CDs.

“To give you an idea of how large a problem this is, the production capacity of your average sophisticated syndicate in China is much bigger than a legitimate supply chain manufacturer in Europe. A typical counterfeiter in China, backed by a powerful syndicate, could feasibly produce 30,000 units a week of sophisticated counterfeit.

“I was in Hong Kong recently and these guys can make subtle changes to suit different market conditions. They are on the ball in terms of fooling the consumer,” Keating says.

Domino effect

Software counterfeiting transcends the entire supply chain, according to Keating, from manufacturing physical copies to stolen product keys and software sold online.

In terms of how Microsoft tracks the illegal syndicates, he says every disk made anywhere in the world will feature telltale signs of the assembly line in the same way as a person would leave a fingerprint.

“In one case we discovered that the night shift in a manufacturing plant had gone rogue and was running off 100,000 counterfeit disks – our technology spots subtle tell-tale signs of marks production machines leave on disks. That goes into the intelligence picture we can create.”

Not many people might realise that the technology Microsoft uses to identify counterfeit products worldwide was developed in Ireland by a young company called Fraudhalt. Fraudhalt CEO Phelim O’Doherty says the company’s Ant-Counterfeit Engine (ACE) provides the forensics that enable global firms in various industries to pinpoint counterfeit products.

“This is a forensic technology that helps crime investigators fill in the gaps in an investigation. It can be used from spotting anomalies in manufacturing processes to enabling investigators to compare two bullets. We can apply this forensics technology to any physical item,” O’Doherty explains.

Test-purchase programmes

But despite the sophistication of these counterfeiters, Microsoft’s agents are always on the prowl, conducting test-purchase programmes as well as using sophisticated business intelligence software to pinpoint on a map where software is being used illegally.

“As far as we’re concerned, counterfeiting is in the same league as terrorism, drugs or human trafficking. Think of it like this, it’s about risk and return. Selling drugs and trafficking people is high reward and high risk. Software counterfeiting and piracy has higher returns than drugs but lower penalties. The same groups investing in software counterfeiting are also involved in growing activities like drugs counterfeiting,” says Delaney. “There will always be crime. People will always try to make money somehow.”

Delaney concludes: “As we change the way we distribute our product we expect the criminals will follow suit. We suspect what we do will evolve. I would love to think one day we’ll win, but every step they take it’s another opportunity for us to make it more difficult and to strengthen what we do.”

For the past two years, Silicon Republic has run a campaign to highlight the imperative of creating the digital infrastructure and services upon which the success of our economy depends.

The website for Digital 21 provides a forum for all those interested in accelerating the development of Ireland’s Digital Economy.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years