We took a case several years back for a client that had developed specialized software to protect computers in cyber cafes from unwittingly downloading malware or unauthorized programs. The company discovered that someone had counterfeited their software, removing the activation algorithm and posted the fraudulent program on the Internet for free downloading. The individual who had counterfeited the product clearly identified himself, posting his full name and city of residence on the site. Our client asked us to verify the individual’s identity and attempt to make contact.
Our research confirmed that the individual did indeed live in the city of Rosario, in the Province of Santa Fe. We also determined that the individual was only 15 years old and therefore considered a minor under local law.
Fearing backlash and damage to the brand if they took legal or criminal action against a minor, our client asked us to visit the individual and his parents in an attempt to reason with him and remove the software from the site. This was before the era of P2P and Torrenting, so at this stage the counterfeit software was confined to one or two sites where it could be downloaded.
When we arrived in the city, we found that the young man’s residence was located in one of the city’s poorer neighborhoods. The house was small, with two bedrooms, exposed concrete floors and a tin roof.
We timed our arrival to coincide with the subject’s return from school. His mother let us into the house, where we sat and spoke with both of them regarding the potential consequences of his actions. To our surprise, the subject showed no signs of being nervous or even concern that we had found him. He openly admitted counterfeiting the product, defeating the activation algorithm and posting it.
Even more interesting, however, was the reason he posted the software. The young man told us that when he had purchased a copy of the software, he downloaded it onto a computer used by him and his two younger brothers – him for doing homework and programming, and them for playing computer games. He explained that the computer had been infected twice by viruses and malware, apparently from his brothers’ gaming sites. So, he purchased and installed the software to protect the computer from infections.
He explained further that soon after he purchased the software, he unfortunately misplaced its activation algorithm. So, he contacted the company via online chat. The company’s representative informed him that they could not provide a replacement. When he asked why, the representative responded, “because that would allow people who have not bought the software to download and utilize, like you are trying to do right now.”
The young man countered that he had purchased the software legally, but the representative did not believe him and accused him of wanting the algorithm so he could illegally activate copies of the software. The young man had saved the exchange and showed us the complete dialogue, in which the company’s representative became increasingly aggressive in his comments. He told us the experience had prompted him to hack the activation algorithm and post the software for free downloading.
We relayed the results of our interview to the client, who requested that we offer the young man a sincere apology and free software for life in exchange for removing the free download. He refused.
Next, the client offered to pay the young man to demonstrate how he had hacked the activation algorithm. Again, he refused.
The client went on to offer the hacker a red-team job with the company, in which he would continue trying to penetrate their future software algorithms to help them protect the security of their software. He refused yet again.
Last, the client pleaded with the young man and his mother, stating that the jobs and livelihood of the company’s 75 employees were at stake. But the stubborn youth remained unmoved. The mother sided with her son, stating that nobody had a right to mistreat another person, and she asked us to leave.
In the weeks that followed, the client saw sales dwindle and profits decrease dramatically. The client then sent a cease-and- desist letter to the young man and even threatened lawsuits, but the drop in profits was so swift, as word spread about the free download, that the client ended up laying off their entire sales and administrative staff, retaining only a handful of programmers desperately working to develop an improved and updated version of the software. Even then, the small team labored under the fear that their new software would be hacked and posted by that same young man.
This case illustrates how fragile a brand can be – the acts a 15-year-old individual almost brought down a company operating on a global platform.
As a postscript, our client asked us to contact the young man before they released the updated software and ask if he intended to hack the algorithm. He responded that he had no interest in the new version – unless he was mistreated by the company again. He added that he had moved on; his new computer no longer required the software.