The increasing uptake of virtual working and service delivery has created opportunities and challenges for all. For the cybercriminals, more doors and attack vectors have been opened. At Summit Consulting Ltd and the Institute of Forensics & ICT Security, we shall be highlighting some of the common cybercrime cases to watch out for. Due to client confidentiality, we shall use pseudo names and make references to international cases, where possible.
In the following cybercrime series, we shall highlight actual cases with real victims. In this first case, we highlight how cybercriminals steal intellectual property and monetize it.
According to the world intellectual property organisation (WIPO), intellectual property refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce. WIPO adds “IP is protected in law by, for example, patents, copyright and trademarks, which enable people to earn recognition or financial benefit from what they invent or create.”
Intellectual property abuse or theft includes software piracy, copyright infringement, trademarks violations, theft of computer source code etc or use of other people’s creations illegally. In Uganda, there have been increasing cases of IP violations involving global brands, however, we are not at liberty to share specifics of the local cases which we have handled as investigators.
The Issue (What happened?);
In 2003, a computer user in China obtained the source code of a popular game – LineageII from an unprotected website. This proprietary code was then sold to several people in 2004. One of those people who bought the code set up a website, www.l2extreme.com, to offer the “Lineage” game at a discount.
Despite legal warnings from the South Korean company that owned the Lineage source code, the suspect did not shut down the site. They rented powerful servers – enough to accommodate 4,000 simultaneous gamers – and solicited donations from users to help defray the costs. The loss in potential revenues for the South Korean company was estimated at $750,000 a month.
Matters were escalated and the US FBI arrested the suspect and the website was shut down.
How the case was handled;
The South Korean company that owned the Lineage source code sent out legal warnings to shut down the suspect’s hosting site, but the suspect was stubborn. The South Korean company engaged the US FBI which arrested the suspect.
These kinds of investigations are always sophisticated as they involve cross-border collaboration and coordination, in addition to working with locals to zero down on suspects. At the government level, the international police (INTERPOL) is usually involved in the investigations. In the private sector, we usually work with the exclusive private detectives international association to unmask the culprits.
The attack vector used; Software piracy
This is a cybercrime that involves unauthorized downloading, copying, use, or distribution of copyrighted software. When someone downloads and uses software without paying for it, they are commonly regarded as a pirated software user.
Most of the software in cyberspace today is purchased with a single-user license, significantly meaning that it can be used by exactly a single authorized party or organization. Downloading and making copies of it and sharing it is considered to be violating the license terms and conditions.
Lessons for you:
Globally software piracy is rampant given the increased use of the Internet. According to the global statistics by Software Alliance, Software companies are losing nearly $46 billion a year due to unlicensed software. It is also noted that over 37% of software installed on user’s computers globally is unlicensed.
So many end-users use pirated software for both work-related concerns and personal use. They assume that risks attached to pirated software are in form of malware, rootkits, keyloggers but forgetting that software piracy can expose not only yourself but company reputation too. The following are some of the key lessons that pirated software users should learn;
- You tarnish the reputation of the company;
In so many organizations, they tend to take piracy lightly compared to any other cybercrimes. But it attached to so many bad sides among which it leads to the suffering of the Legitimate businesses. Relating to the above case, the South Korean company suffers the cost of implementing safeguards to a high number of users that download its software for free. Indeed, many giant software makers like Microsoft spend a lot of money annually in enforcing anti-software piracy strategies globally.
- You are limited to Software Update, if there are vulnerabilities, you will live with them.
Oftentimes software vendors and or manufacturers offer ongoing support to their software users by availing updates whenever software flows are found. But when users download free software and crack it, they miss out on the prevailing updates. In most cases, pirated software is required to be cracked with a patch given by the bootlegger. Then the patch stops the software from downloading updates.
Unpatched software then poses risks of data leaks once such vulnerabilities are exploited.
- You are prone to Malware
As technology takes shape and as with increased internet speeds, there is high susceptibility to malware. According to the Digital Citizens Alliance, a team of Digital citizens educating the public about the threats on the internet has it that people that use the internet are 28 times more likely to get malware when they use pirated software.
When you use pirated software, you are just a step away from giving out sensitive data stolen from you through the backdoors that come with the pirated software, being unable to access your systems after being asked to pay ransoms among other cyber threats.
For online software piracy, tracing the website IP address is usually futile in such cases. One method of investigation is to email the contact persons operating the websites.
These emails can be tracked to identify where they are being accessed from. And once the locations indicate a country where cyber laws are enforced then the investigation can continue. Otherwise, it can be discontinued.
When the suspect is traced from his IP address, then experts carry out a forensic examination of his computers and data storage devices can reveal a lot of evidence. At this point, investigators carefully identify and seize all available storage devices. e.g., HDDs, USB data storage devices etc. It is important that Investigators put in mind iPods, digital cameras and even mobile phones at the time of seizure. These can also e used to hide information.
These devices are closely examined using Winhex and all relevant evidence can be extracted.
Password cracking tools can be used in case the suspect has password-protected the devices or his computer. Additionally, analysis of the suspect’s internet usage will reveal clues as to the websites being hosted by him.
Going forward, pirated software is good to use since no penny is picked from you. But you should be aware of the risks it comes with. Internet best practices must be practised liked backing up all data on off-site storage or network, have an up-to-date anti-virus program to protect you from the inevitable. Or else if safe browsing practices fail, then better yet, just skip the pirated software altogether.