ARTICLES

Counter Counterfeit Versions of Licensed Software

One of the first known instances of software piracy occurred in the late 1970s upon Microsoft's release of its first software package. The software, pre-dating even floppy disks, was printed on paper tape, which could be easily replicated with a printer and ink by individuals wishing to bypass procurement processes. Since the 1970s, software piracy has grown into a huge market, with the latest statistics putting losses from software piracy at $8.6 billion USD in the United States and $6.8 billion USD in China.i

In the intervening years between the late 70s and today, software and the ability to track licenses has improved significantly. Most modern software is built with controls that allow the software to “phone-home” and send information back to the licensor. This helps crack down on unlicensed versions, but several problems exist. First, legacy software still in use may not contain this feature. Second, the concept of “phoning home” is controversial, with opponents arguing that the tracking being done goes beyond software-specific data and can surreptitiously record licensees’ system information and other, non-software related information that shouldn't be made available to these businesses.

Nonetheless, individuals and businesses selling software deserve to be paid for their work. Yet, unlicensed usage persists. Ted Miracco, Co-founder and CEO of Cylynt, an anti-piracy company, was working as a software developer for a semiconductor company in the late 1990s when he first realized the scope of the software piracy problem. “Sixty percent of our users were using pirated versions of our software,” he told the TAG Cyber analyst team during a recent call. “They didn’t know it, and we didn’t have any processes or tools in place to prevent this. So we developed our own.”

Preventing piracy

Flash forward to 2014 when Miracco and co-founder, Chris Luijten, decided businesses selling software deserved better than compensation for only part of their work. Today the company offers a complete anti-piracy solution with a choice of deployment approaches for differing situations.

All three products utilize a software development kit (SDK) and can detect counterfeit software applications, whenever and wherever they exist. When the software is opened/run, Cylynt looks for underlying modifications in the dynamic-link library (DLL) that may indicate pirated or tampered copies and reports back to a customer SaaS portal. All function calls are heavily obfuscated and communications are encrypted, Miracco tells us, which prevents criminals from detecting they're being tracked. In addition to modification information, Cylynt collects telemetry data including user activity data, IP- and Wi-Fi-based location data, configurations, and more. With this data, software licensors can identify when software is being used outside of licensing agreements and track down perpetrators when the use is intentional or malicious and warn users if the hacked application was inadvertently installed or over deployed.

To cover their bases with cyber and data security laws and regulations, especially in the cases of valid buyers/users, Cylynt assures us their products are designed to be completely compliant with data privacy legislation and do not overstep data collection or sharing rules. The goal is to fight piracy and non-compliance, not be the watchdog for legitimate purchasers and users.

One problem with software piracy, Ted explained, is that many users are not aware they’re purchasing illegal copies. Pirates, like more traditional cyber criminals, use savvy marketing techniques to sell stolen copies. They may market their copies on search engines or in marketplaces, and as with phishing, buyers/users may not notice the tiny details that indicate fraud—like a logo that’s not exactly right or messaging that doesn’t entirely reflect the original.

While pirated software results in loss of revenue for developers and authorized sellers, uninformed buyers who purchase pirated software run the risk of using software that contains malware or some other potentially damaging flaw. This isn’t a one-sided victim scenario. In the case of users who are trying to circumvent licensing constraints or avoid paying for software, that’s another story, and Cylynt can help mitigate that threat.

Increasing revenue

Cylynt’s message isn’t only that they help companies prevent stolen copies of their software—whether it’s new software recently released or legacy software still available and viable in the market. The company also wants to help developers and businesses regain control over lost software revenue streams and get clearer insight to how users are using software so that they can explore new offerings or enhance existing products. Usage analytics include details about what features of software are being used, how they’re being used, consumption rates, and more. There is also a brand protection element to Cylynt’s offerings; pirated software, especially if it doesn’t function as intended or delivers malware to buyers, can end up hurting the legitimate business when users are not aware they are using a fake. Fair or not, unwitting consumers may post negative product reviews and/or spread unfavorable word of mouth.

Cylynt’s target customers are B2B software developers/sellers who publish complex, high cost or high-volume apps (though anyone who wants to prevent piracy against their products is certainly a candidate).

There is a lot more to the Cylynt story and we didn’t dig in more than skin deep, but Miracco and team have a compelling story for any business or individual that wants to protect their intellectual property. Yes, developers can build in certain protections on their own, but Cylynt has a robust suite that's ready to use straight “out of the box.” For any company with a large B2B packaged software install base that’s concerned about cracked copies floating around the web, this is worth a conversation.