Software piracy: You're under attack!

Pirated software is a business worth $62m a year in Qatar, and in a few cases it hides an even bigger threat: cyber attacks
Flame is an advanced spying programme containing a key-logger, which takes screenshots and also copies files and sends them abroad.
By Francesca Astorri
Thu 14 Mar 2013 10:54 AM

Pirated software is a business worth $62m a year in Qatar, and in a few cases it hides an even bigger threat: cyber attacks. Computer security expert Thierry Sans plays the bad guy, producing malware that takes your bank password, spies on you, enters your computer and steals your data — all for the noble cause of creating better security systems. Arabian Business Qatar investigates this illegal market by following this professional pirate.

 

Most of the time, it comes as a challenge, a puzzle for hackers. The drive is not the cash, but pirated software is a business that touches one out of every two personal computer users in Qatar, shaping an illegal market as big as the conventional one we see in shopping mall outlets.

The potential commercial value of this illegal business in Qatar is around $62m, according to a study into the issue by the Business Software Alliance (BSA) and International Data Corporation (IDC), and it’s not even the biggest market for the problem in the Middle East.

The region’s average piracy rate is 58 percent, but in the context for the Gulf, Saudi Arabia sits at a 51 percent piracy rate, while the UAE is all the way down to 37 percent. Iraq and Yemen take the unwarnted record with respectively 86 percent and 89 percent.

‘Cracked software’ is all over the internet. Nerds define it as a ‘smart cow’ problem. It only takes one smart cow to open the latch of the gate, and then all the other cows follow. In this case, it only takes one skilled hacker to remove the software protection out of a legitimate copy of a programme and then distribute a cracked copy on the internet. Only basic computer skills are required to download the software from the internet and install it on your computer for free. And that’s it.

As dramatic as this business loss is for the software industry, cracked software can be potentially developed with an even more damaging goal in mind.

“Pirated software is a very good vector for cyber attacks,” says Thierry Sans, a computer science professor at Carnegie Mellon University Qatar. Sans works with his students to develop the most audacious and malicious software in order to see how it works, in a bid to create better security systems. In a nutshell, they spend the whole day playing the bad guys for a higher cause: our web security.

“If I want to hack into several thousand computers, I take a popular pirated software, I modify it by adding a Trojan horse and distribute it over the internet,” he  adds.

Diving into the detail, Sans explains that this Trojan horse will allow the hacker to control other people's computers. The victim enjoys his free pirated software and the hacker, in return, gets free login passwords and credit card numbers. He also now has the ability to use the victim’s computer as a spam server or to perform large-scale cyber attacks from it. And all of this can take place without the victim being aware of it.

“In other words, if I want to break into your apartment, there’s nothing easier than giving you a shiny new lock for your door for free,” says Sans.

Illegal hacking into computers reaches a whole new level of complexity when it comes to cyber weapons. Last year, several Gulf states were invaded by Flame. One of the most highly developed cyber-weapons ever created, Flame is an advanced spying programme containing a key-logger, which takes screenshots and also copies files and sends them abroad.

Article continued on next page...

Flame is a malware (malicious software) tool, which secretly collects information from a wide variety of sources, hunts for emails and many different kinds of other high-value specified files. The virus acts surgically. At least two computers in Qatar, along with eleven in Saudi Arabia, two in the UAE and one in Bahrain were infected by Flame last year, even if the main target was believed to be Iran.

In recent years, Iran’s nuclear power programme has been targeted and sabotaged by cyber attacks. A virus known as Stuxnet caused havoc to the Islamic Republic’s atomic power project back in 2010 by targeting uranium enrichment infrastructure. Around a thousand Iranian computers were destroyed by this virus.

These viruses, or worms, have very sophisticated infection techniques — some even enter via the printer when there is no direct contact with the computer — but whoever is behind the virus does not have total control over where the worm will eventually spread. As a result, it can be impossible to tell whether you have been targeted deliberately or accidentally. When, for example, the virus hit the oil and gas industry last year, the results were astonishing.

Qatari firm RasGas and Saudi Aramco were both targeted last year. The New York Times defined the cyber attack faced by the latter as “the most destructive act of computer sabotage on a company to date”. Unofficial numbers claimed that over 30,000 machines were hit during the attack on Saudi Arabia’s national oil company. The virus, known as Shamoom, erased data on three quarters of Aramco’s corporate PCs, including documents, spreadsheets, emails and files. All of that material was replaced with an image of a burning American flag.

Naturally, there has been plenty of speculation as to who is behind these attacks. If the Shamoom virus could be considered the work of an amateur, Stuxnet was a real work of art in the opinion of most computer experts. It costs millions of dollars to develop such cyber-weapon and it also requires a plenty of manpower, new techniques and know-how. As a result, most experts have concluded that the only kind of entity that has the kind of financial and political muscle to pull this kind of weapon off is a national government. Avoiding a cyber attack may be tough, but preventing someone from entering your web-apartment might be a battle within everyone’s reach.

“There are various protection mechanisms. It goes from verifying a valid licence key to sending a software fingerprint to a server. However, these mechanisms rely on the fact that the security mechanism is hidden in the code of the software,” says Sans.

Software developers use obfuscating codes and encryption techniques to make sure that these protections cannot be bypassed easily, but hackers look at what the software do by using specific tools that analyse computer memory.

“Once you know how it works under the hood, you can modify its code and change its behaviour to run without the security protection,” explains Sans.

And so the game starts all over again. Even pirates don’t have any safe places to hide these days.

Subscribe to our Newsletter

Subscribe to Arabian Business' newsletter to receive the latest breaking news and business stories in Dubai,the UAE and the GCC straight to your inbox.