BSA Nails Corporate Software Pirates

Trade group's Web crawler uncovers illegal file sharing among employees

The Business Software Alliance (BSA) is using a new tool to track illegally distributed commercial software, and its detective work has in some cases led to big business.

Corporate workers using peer-to-peer file-sharing software to trade copyrighted files are turning up in the BSA's searches. In some instances, the digital detective work has led to the dismissal of those employees. The trade group's discovery of file sharing under the noses of IT managers also illustrates glaring computer security weaknesses at some firms.

"Any peer-to-peer system that can penetrate a firewall is an open doorway to any system that is connected to a corporate network," said Michel Kabay, a professor of information assurance at Norwich University in Northfield, Vt.

Smart Agents

The BSA last week said it's using a system from New York-based MediaForce Inc. that deploys intelligent agents to crawl, or search, the Internet for illegal distributors. The system displays the software and the distributor's IP address. The BSA looks up the owner of the address in the Whois database of the Chantilly, Va.-based American Registry for Internet Numbers and sends a "takedown notice" informing the owner of the illegal activity.

Many large and midsize corporations own blocks of IP addresses and are contacted by the BSA directly. In other cases, the Internet service provider (ISP) is contacted, which in turn identifies the distributor and terminates the service.

The automated search agent has made a big difference in the BSA's ability to root out software piracy. Last year, the trade group distributed 5,200 notices to ISPs. Within the first three months of using the Web crawler, more than 8,500 notices were sent out.

The BSA released the preliminary results of its efforts last week but was unable to provide a breakdown of how many notices went to corporations compared to universities and other sources of peer-to-peer file swapping, or how many workers were dismissed. However, at least two companies sent letters to the BSA confirming employee terminations.

There are steps IT managers can take to stop employees from such activities. Windows 2000 and Windows NT have controls that allow systems administrators to prevent program installation. With earlier Windows versions, better user policies and training may help, said Diana Neuman, a security expert at En Garde Systems Inc. in Albuquerque, N.M.

Peer-to-peer systems change the way they operate in an effort to fool firewalls, but corporations that have good firewalls and intrusion logs should be able to identify anomalies, said Neuman.

The BSA said business software makers, including alliance members such as Microsoft Corp. and San Jose-based Adobe Systems Inc., are losing $12 billion per year to piracy worldwide. It said most of the piracy isn't due to illegal file sharing over the Internet, but rather businesses that have illegally deployed software in excess of license agreements.

1by1.gif

Download Concerns

blue_square.gif
Problem: A survey released last week of 1,026 adults found that more than half of those who have downloaded commercial software seldom or never pay for it.

blue_square.gif
Solution: The BSA says education is the best tool for helping people understand that not all software is free.

Copyright © 2002 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon