Presentation on theme: "Taking Action Against a Global Counterfeiting Syndicate: the Microsoft experience in China 09/15/2008 WIPO - Geneva Laurent Masson EMEA Director-Anti-Piracy."— Presentation transcript:
Taking Action Against a Global Counterfeiting Syndicate: the Microsoft experience in China 09/15/2008 WIPO - Geneva Laurent Masson EMEA Director-Anti-Piracy & Internet Safety
Introduction Worldwide counterfeiting rates Counterfeiting & Software Piracy The Chine Syndicate case Case Summary Building the case MS Team The July 2007 Actions PR Coverage
Worldwide Counterfeiting And Software Piracy Rates Tier 1 - Piracy Rate Below 50% Tier 2 - Piracy Rate 50% to 80% Tier 1 - Piracy Rate Above 80% California is Center of U.S. Counterfeiting Industry Guandong Center of China Counterfeiting Industry
MS Strategy and approach Intelligence Enforcement Internal/External PR Awareness and Education Governement outreach
Software protection and IPRs Copyright Patent Trademark Know-how Secret and confidentiality
Counterfeiting & Software Piracy The Most Common Types of Piracy END USER COPYING MISCHANNELING HARD-DISK LOADING INTERNET PIRACY (CDs/DVDs and digital downloads) COUNTERFEITING (low quality / high quality)
Syndicates Manufacturing and Distribution Model Asia Asia LatAm Centralized in Taiwan Singapore & Hong Kong Worldwide Many Organizers/ Financiers Counterfeit Manufacturers Exporters and Brokers Distributors Resellers End Customers
Case Summary The most significant crackdown on software piracy according to industry executives Microsofts LCA investigative team has been tracking the syndicate since 1999 and is the largest operation ever investigated First identified after influx of Win 98 and Office 2000 counterfeits bearing a legitimate Security features appeared in the market Various enforcement actions over the years took out some key players but never completely dismantled the organization 2003 organization move from Taiwan to S. China increased complexity of case Investigators and forensic experts continued target surveillance and evidence gathering in hopes of convincing law enforcement to accept case In 2006, MS Investigators and attorneys presented case to the US Dept. of Justice resulting in subsequent high level meetings between FBI and Chinese authorities
Resulting in Major Action A June 2007 meeting between FBI Los Angeles and Chinese authorities resulted in swift action against Syndicate targets Actions took place July 6 to July searches in 3 cities 25 arrests Seizure of $500 M of counterfeit software and components including: 22 master replication disks 70K units of counterfeit Vista, Windows XP and Office K counterfeit Certificate of Authenticity labels (COAs) 60K units of user guides, product cases and security labels Counterfeit production equipment and other raw materials
Building the Case 6 Years of investigation…
Microsofts Involvement prior to the raids in China The Chinese syndicate is the largest operation Microsoft has ever investigated Microsofts 75-member antipiracy team had been tracking the syndicate since May 2001 Prior to the July 2007 raids, Microsoft obtained nearly 290K copies of counterfeit software from test purchases, seizures by law enforcement and customs and submissions made by customers and partners Acquisitions from 27 countries, 13 titles, 8 languages Forensic examination revealed at least 30 unique production lines Estimated value of counterfeit Microsoft software produced by this syndicate is $2 billion Microsoft provided intelligence and evidence to law enforcement and supported their efforts to take legal steps against the syndicate
Proliferation of Syndicates Counterfeits Units by Country 100,000 to 400,000 10,000 to 99,999 1,000 to 9, to to 99
OCO Products 2 Product Types 40% full packaged product E2E and IMBH only versions 60% stand alone COA labels Old TDRL pink imbedded thread 3M clear-de-cyan DLR Porthole Porky and retail 19 Product Lines 75% Windows OS 22% Office 3% Windows Server 11 Languages Although English made up the majority of finds an ever expanding range of languages was being identified. Counterfeit Title % of WW Acquisitions Windows XP Professional37% Windows 98 SE20% Windows 2000 Professional10% Office 2003 Professional7% Office 2007 Professional7% Office 2000 Professional4% Windows 2003 Server3% Office 2003 SBE2% Windows XP Home2% Windows Vista Business2% Windows XP Professional x641% Windows Me1% Windows Vista Ultimate<1% Office 2000 SBE<1% Windows 98 (Original)<1% Office 2000 Premium<1% Windows 2003 Small Business Server<1% Windows 2000 Advanced Server<1% Windows 2000 Server<1%
Auction Sites used as distribution vehicle by syndicate MS investigated 21,568 units of software from 2,033 auctions originating from 17 countries – 86 % counterfeit/infringing software. – 38% of all counterfeit software from China Syndicate Dramatic increase YOY in the number of OCO counterfeit software auctions as syndicate attempts to access developed markets through domestic online auctioneers.
High Quality Syndicate responsible for the manufacture and distribution of the highest quality counterfeits on the market Significant investment made by syndicate to simulate Microsofts anti-piracy security features including: Holograms Imbedded threads Product activation Most customers did not realize they have been duped until they failed the Validation process Prices were very similar to genuine product by the time product got to final market destination.
Range of Products and Components
Extensive investigations by Microsoft identified the major targets 17 Mr BIG
Taking action Microsoft Team 12 employees dedicated Combination of expertise : Business analysts, forensic experts, investigators, attorneys….in several countries Key points : product identification and tracing; understanding of the distribution channels; coordination with LE in the US and in China.
The Raids in China
July 2007 Action in China A June 2007 meeting between FBI Los Angeles and Chinese authorities resulted in swift action against Syndicate targets Actions took place July 6 to July searches in 3 cities 25 arrests Seizure of $500 M of counterfeit software and components including: 22 master replication disks 70K units of counterfeit Vista, Windows XP and Office K counterfeit Certificate of Authenticity labels (COAs) 60K units of user guides, product cases and security labels Counterfeit production equipment and other raw materials
Raid uncovered massive stocks of components ready for assembly. Microsoft Investigators analyze and inventory seized product Security Thread for new COAs1000s of mylar E2E labels Security thread for old COAs Counterfeit COAs
Deceiving the Customer: Mylar Label The use of the Mylar label is what distinguishes these counterfeits for all other counterfeit producers The simulated Mylar label is very deceptive to end-users and law enforcement agents Components seized on raid showed how syndicate had continued to improve manufacturing process Scratch off version Peelable label w/ lip Spindle of counterfeit Win XP Pro
Deceiving the Customer: COA w/ Thread Simulated security thread to high level Port-hole security feature adequately simulated; good enough to fool customer
Deceiving the Customer: Product Activation Keys found on Windows XP Pro COAs are typically keygen VL keys created using illicit tools on the internet. These keys will bypass activation but will fail validation. The first Office 2003 Pro COA keys were Windows XP Home keys that customers used in a phantom or fake activation – the actual key used is a leaked volume license key that was baked into bits by the counterfeiters. This product will bypass activation and since the leaked key is NOT blocked, will also pass validation Keys found on Windows XP Home COA are authentic royalty OEM keys – this one traces to ACER. These keys will generally pass both activation and validation. These Vista COA keys are actually Windows XP Pro keygen VL keys. They will not work for Vista and the customer will fail both activation and validation after 30 days. The counterfeiters tried to provide users access to a server that would allow for activation and validation, but this server has been removed and will not work. (No keygen Vista keys available due to implementation of SPP) The second version of Office 2003 COA used keygen VL keys. These keys will bypass activation but will fail validation Keys found on Office 2007 COAs are also keygen VL keys. Office did not create a stronger product key like Vista so keygen keys for 2007 were immediately available to the counterfeiters. They will bypass activation but fail validation.