Counterfeit software discovered in Singapore sold as authentic in the Asia Pacific region

This image depicts a counterfeit Certificate of Authenticity (COA). It only displays the product name and lacks any anti-counterfeiting measures.

Microsoft recently uncovered a case of software piracy originating from a supplier in Singapore. The case involved an Australian reseller found to be in possession of fake COAs and other counterfeit software and hardware.

COAs are labels or stickers affixed to the packaging of products like Windows, Office, and Windows Server. Their purpose is to verify the software’s legitimacy. Although COAs hold no independent monetary value and can’t be sold separately, their presence on pirated software creates a deceptive appearance of licensed authenticity.

This image shows a genuine COA. In addition to the product name, it incorporates anti-counterfeiting features. These include a woven security thread with visible paper fibers and color-shifting ink that changes from green to magenta depending on the viewing angle.

Earlier this month, Singapore’s Intellectual Property Rights Branch (IPRB) conducted a raid on the reseller’s location in Sim Lim Square. They confiscated over 1,000 counterfeit Windows 8.1 COAs, along with 1,000 counterfeit software and hardware components, with an estimated total value of S$167,000. This operation represents the most significant counterfeit COA seizure in Southeast Asia to date and the largest cross-border case of its kind involving Singapore.

Months of thorough investigation revealed that the reseller had been supplying substantial amounts of counterfeit COAs to both local and international new and refurbished computer sellers. These sellers would then deceive customers into thinking that the pirated software installed on their devices was legitimate.

The case came to light when Microsoft’s Australian team, who had been investigating a reseller selling over 500 counterfeit COAs, traced the origin back to the perpetrator in Singapore’s Sim Lim Square.

As a result of the raid, Microsoft issued a warning urging consumers and small businesses to exercise caution when encountering significantly discounted software from resellers. The company emphasizes the importance of buying software exclusively from authorized retailers to prevent the inadvertent purchase and use of counterfeit products. This advice is especially relevant as Windows 10 will be offered as a free upgrade to eligible devices running genuine versions of Windows 7, Windows 8.1, and Windows Phone 8.1.

Genuine software commonly comes with COAs. These COAs feature the product name and include security measures like a woven security thread and color-shifting ink on the edge to prevent counterfeiting.

“COAs have many security elements that are difficult to replicate. However, inattentive consumers might not even notice they’ve purchased counterfeit software, ending up paying for fake products. Therefore, consumers need to be extra careful when buying computers. We strongly recommend purchasing from a trusted computer vendor and demanding genuine software to avoid future problems,” advised Jonathan Selvasegaram, Corporate Attorney, Digital Crimes Unit, Microsoft Asia.

“The nature of software piracy has changed. We’re now observing international cases like this one where counterfeit COAs were discovered in Australia, leading back to their source in Singapore. While cost remains the primary motivator for buying counterfeit software in emerging markets, the situation is different in developed markets such as Singapore. Here, we’re witnessing consumers being tricked into believing the software they’re purchasing is genuine. Software piracy remains a significant issue for everyone due to the potential harm it poses to unaware users. Such software can expose computers to spyware, malware, and viruses, potentially resulting in identity theft, compromised personal data, and sudden system failures. The threat also poses a serious risk to businesses, as operational disruptions stemming from malware and viruses could translate into substantial financial setbacks.”

Data compiled by the Microsoft Cybercrime Satellite Centre in Singapore, the Asia Pacific hub for Microsoft’s Digital Crimes Unit’s cybercrime and cybersecurity initiatives, show that over 4.1 million malware pings were detected from 8,400 Singapore IP addresses in just one week. These pings signal attempts by harmful botnets installed on these computers to communicate with the cybercriminals controlling them. This poses immediate threats to individuals and businesses in the region.

Further examination of the data highlights the Bladabindi/Jenxcus (B106) botnet as the most significant current threat in Singapore and Southeast Asia. This malware family can steal confidential user information. Without active disruption, unsuspecting consumers and businesses risk losing crucial data to malicious actors.

A collaborative study by International Data Corporation (IDC) and the National University of Singapore (NUS), titled The Link Between Pirated Software and Cybersecurity Breaches, published in March of the previous year, revealed that Asia Pacific (APAC) enterprises are projected to spend almost US$230 billion addressing issues arising from malware intentionally embedded in pirated software. The bulk of this expenditure (US$170 billion) will be directed toward managing data breaches, while the remaining funds will tackle security concerns. Moreover, the study indicated that 65% of surveyed APAC consumers cited the loss of data, files, or personal information as their biggest fear regarding infected software. This was followed by unauthorized internet transactions (48%) and the potential for identity theft (47%).

“Most businesses in the Asia-Pacific region lack a complete grasp of the security and malware hazards associated with counterfeit and unlicensed software, and this needs urgent attention. Our BSA Global Software Survey conducted last year revealed a concerning 62% of software installed on computers in this region in 2013 wasn’t properly licensed – a 2% increase from 2011. While Singapore boasts one of the lowest unlicensed software usage rates in the Asia-Pacific region, it’s still crucial for both consumers and businesses to remain alert in the face of escalating security risks and increasingly sophisticated cybercrime globally,” stated Tarun Sawney, Senior Director – Asia-Pacific, BSA | The Software Alliance.

Singapore has some of the strictest copyright laws globally. If found guilty of manufacturing for sale, selling infringing copies, or possessing or importing infringing copies, offenders face a maximum fine of S$10,000 per copy, up to S$100,000 per charge, or a prison sentence of up to five years. Convicted offenders may also be subject to both a fine and imprisonment.

Interested?

Verify the legitimacy of Microsoft products on the Microsoft website.

Learn about a 2014 Microsoft raid in a WorkSmart Asia blog post.

Read a TechTrade Asia blog post on the IDC-NUS study concerning the financial implications of malware found in pirated software.

Licensed under CC BY-NC-SA 4.0