Software piracy: You're under attack!

Pirated software is a business worth $62m a year in Qatar, and in a few cases it hides an even bigger threat: cyber attacks. Computer security expert Thierry Sans plays the bad guy, producing malware that takes your bank password, spies on you, enters your computer and steals your data — all for the noble cause of creating better security systems. Arabian Business Qatar investigates this illegal market by following this professional pirate.

 

Most of the time, it comes as a challenge, a puzzle for hackers. The drive is not the cash, but pirated software is a business that touches one out of every two personal computer users in Qatar, shaping an illegal market as big as the conventional one we see in shopping mall outlets.

The potential commercial value of this illegal business in Qatar is around $62m, according to a study into the issue by the Business Software Alliance (BSA) and International Data Corporation (IDC), and it’s not even the biggest market for the problem in the Middle East.

The region’s average piracy rate is 58 percent, but in the context for the Gulf, Saudi Arabia sits at a 51 percent piracy rate, while the UAE is all the way down to 37 percent. Iraq and Yemen take the unwarnted record with respectively 86 percent and 89 percent.

‘Cracked software’ is all over the internet. Nerds define it as a ‘smart cow’ problem. It only takes one smart cow to open the latch of the gate, and then all the other cows follow. In this case, it only takes one skilled hacker to remove the software protection out of a legitimate copy of a programme and then distribute a cracked copy on the internet. Only basic computer skills are required to download the software from the internet and install it on your computer for free. And that’s it.

As dramatic as this business loss is for the software industry, cracked software can be potentially developed with an even more damaging goal in mind.

“Pirated software is a very good vector for cyber attacks,” says Thierry Sans, a computer science professor at Carnegie Mellon University Qatar. Sans works with his students to develop the most audacious and malicious software in order to see how it works, in a bid to create better security systems. In a nutshell, they spend the whole day playing the bad guys for a higher cause: our web security.

“If I want to hack into several thousand computers, I take a popular pirated software, I modify it by adding a Trojan horse and distribute it over the internet,” he  adds.

Diving into the detail, Sans explains that this Trojan horse will allow the hacker to control other people's computers. The victim enjoys his free pirated software and the hacker, in return, gets free login passwords and credit card numbers. He also now has the ability to use the victim’s computer as a spam server or to perform large-scale cyber attacks from it. And all of this can take place without the victim being aware of it.

“In other words, if I want to break into your apartment, there’s nothing easier than giving you a shiny new lock for your door for free,” says Sans.

Illegal hacking into computers reaches a whole new level of complexity when it comes to cyber weapons. Last year, several Gulf states were invaded by Flame. One of the most highly developed cyber-weapons ever created, Flame is an advanced spying programme containing a key-logger, which takes screenshots and also copies files and sends them abroad.

Article continued on next page...