Monthly Archives: March 2013

Microsoft: Consumers, Businesses Lose Billions Due to Software Piracy

If guilt, bounties and whistle-blowing don’t work, maybe fear will. Microsoft is combating piracy by sounding the alarm on the dangers of counterfeit software.

Can dire warnings stop software piracy?

Microsoft is hoping that new research conducted by IDC will prove more effective than some industry efforts to get consumers and businesses to think twice before torrenting a software application. Pirated software is costing individuals and companies billions of dollars, thanks to malware-riddled code, according to the software giant.

IDC’s global study concluded that consumers will spend a hefty $22 billion and 1.5 billion hours in 2013 dealing with malware delivered by pirated software. Enterprises will part with a staggering $114 billion to get rid of malicious code. The research group places the odds of getting infected by malware that sneaks in via pirated software at one in three for consumers and three in 10 for businesses.

IDC surveyed 2,077 consumers and 258 IT professionals including chief information officers for the study. It also “analyzed 270 Websites and peer-to-peer networks, 108 software downloads, and 155 CDs or DVDs,” for its findings.

The financial toll aside, unwitting users can fall prey to identity thieves, argued David Finn, associate general counsel in the Microsoft Cybercrime Center. Disturbingly, he warned, cyber-Peeping Toms can be spying into homes or private business meetings.

“Some of this malware records a person’s every keystroke—allowing cyber-criminals to steal a victim’s personal and financial information—or remotely switches on an infected computer’s microphone and video camera, giving cyber-criminals eyes and ears in boardrooms and living rooms,” Finn said in a company release.

The research suggests that software piracy is fueling, at least in part, a booming black market for illicit tools and stolen information.

“The market for credentials and other information stolen by cyber-thieves has been sized at $114 billion (2011), enough to create a multibillion-dollar market for tools to enable cyber-theft. A decent keylogger—malware that tracks keystrokes to gather passwords and account information—can cost as little as $25 on an auction market used by cyber-thieves,” said the report.

To avoid these dangers, Finn suggested taking a firm stance with PC sellers. “The best way to secure yourself and your property from these malware threats when you buy a computer is to demand genuine software,” he advised.

Chances are, however, that pirated software won’t arrive preinstalled. Users are seeking it out.

Of the counterfeit software that didn’t already reside on a computer, 45 percent was downloaded from peer-to-peer networks or Websites. Of that software, 78 percent was found to contain spyware and 36 percent carried adware and Trojans.

In an attempt to save money on software, some users are taking a big risk, according to John Gantz, IDC chief researcher.

“Our research is unequivocal: Inherent dangers lurk for consumers and businesses that take a chance on counterfeit software. Some people choose counterfeit to save money, but this ‘ride-along’ malware ends up putting a financial and emotional strain on both the enterprise and casual computer users alike,” Gantz said.

Retrieved from eWeek

Anonymous Hack of L.A. Times Traced to Former Tribune Co. Web Producer

A federal indictment was handed down March 14 accusing a man of helping hackers get unauthorized access to the Tribune Co.’s computer systems.

U.S. federal authorities have accused a Thomson Reuters social media editor of conspiring with hacktivists in the Anonymous collective to break into the Tribune Co. computer system.

Matthew Keys, 26, of Secaucus, N.J., was charged March 14 in California with one count each of conspiracy to transmit information to damage a protected computer, transmitting information to damage a protected computer and attempted transmission of information to damage a protected computer.

According to the U.S. Department of Justice, Keys was formerly employed by Sacramento-based television station KTXL FOX 40 as a Web producer and was terminated from that job in October 2010. The Tribune Company owns the station.

In December 2010, the indictment contends, individuals identifying themselves as members of Anonymous had a conversation in an IRC channel known as #internetfeds in which one person expressed a desire to obtain access to FOX computer systems.

According to authorities, Keys—operating under the nickname AESCracked—then allegedly provided members of Anonymous with log-in credentials for the Tribune Company’s content management system on an Internet chat forum. After handing over the log-in information, Keys reputedly told the hackers to use the credentials and “go [expletive] some [expletive] up.”

In the aftermath, the indictment alleges that at least one hacker used the credentials to alter an online version of a Los Angeles Times story on or about Dec. 14 and Dec. 15, 2010, to read as follows:

Pressure builds in House to elect CHIPP1337.

House Democratic leader Steny Hoyer sees ‘very good things’ in the deal cut which will see uber skid Chippy 1337 take his rightful place, as head of the Senate, reluctant House Democrats told to SUCK IT UP. By CHIPPYS No1 fan.

The indictment also alleges that Keys had a conversation with the hacker who claimed credit for defacing the Los Angeles Times Website, and that the hacker told Keys the Tribune Company system administrators had shut down the hacker’s access. According to the indictment, Keys then attempted to regain access for the hacker, and complimented the hacker when he learned of the changes to the Los Angeles Times story.

A spokesperson for Reuters said the company is aware of the indictment.

“Thomson Reuters is committed to obeying the rules and regulations in every jurisdiction in which it operates,” the spokesperson said in a statement. “Any legal violations, or failures to comply with the company’s own strict set of principles and standards, can result in disciplinary action. We would also observe the indictment alleges the conduct occurred in December 2010; Mr. Keys joined Reuters in 2012, and while investigations continue we will have no further comment.”

After the indictment was made public, Keys wrote on Twitter that he had learned of the charges through the social network.

“I am fine. I found out the same way most of you did: From Twitter. Tonight I’m going to take a break. Tomorrow, business as usual,” he wrote.

If convicted of all counts, Keys faces a maximum penalty of 25 years in prison as well as a fine.

Retrieved from eWeek