A Software Piracy Supply Chain

Software Piracy: Ask a random person on the street to name the first counterfeit product that pops into his head and you’re likely to hear “Rolex watch” rather than “Microsoft Office.” But the software industry is dealing with a counterfeiting epidemic that’s as costly as that which confronts luxury goods. According to the Second Annual BSA and IDC Global Software Piracy Study, released in May 2005, the piracy rate in 2004 was 35 percent worldwide in a market worth more than $90 billion.

Software piracy groups, which have a heavy presence in China, Russia, Romania, Poland and Brazil, are very well-organized, says Dr. Herbert Thompson, chief security strategist at Security Innovation, an application security company. (See “Faked in China,”) “Ten years ago it typically was a high school kid in Europe that would get the latest copy of [Microsoft] Windows, crack it and send it to his buddies. Now these reverse-engineering groups have formed that are run almost like companies,” he says.

Thompson says these 21st-century pirates have specific roles. Couriers and suppliers, the first level, get their hands on original copies of software. Then crackers, highly skilled, ethically challenged geeks, are tasked with defeating a software’s defenses through reverse engineering. Packers, the next step, package the cracked software for easy distribution. The last group (before the distributors) are the testers who make sure the cracked software works like the original.

Can the good guys stop reverse engineering? “It’s practically impossible to do,” Thompson says.