At a crime lab in Dublin, Microsoft's (MSFT) Donal Keating uses a custom-built microscope to take 72 high-resolution images of a counterfeit software disc. Just as police use ballistics to match bullets to a suspect's gun, Keating, the company's senior forensics manager, will use the abrasions and grooves on the stacking ring, a raised ridge around the disc's center, to match it to other fakes. He'll then try to trace the counterfeit disc to the factory and the crime syndicate that produced it.
The high-tech probing is part of a campaign by the world's largest software maker to vanquish counterfeiters. Microsoft employs 75 investigators, lawyers, and analysts—many with experience in narcotics and Mafia cases—in nine labs around the world. They're armed with maps that help pinpoint where suspect products are bought or seized by law enforcement, software that identifies digital fingerprints on discs, and a program that scours the Web for downloadable fakes.
Counterfeiting probably costs the software industry about $10 billion a year in lost revenue, says John Gantz, an analyst at IDC who puts together an annual report on worldwide piracy. Microsoft facsimiles likely represent the biggest piece of that, he says.
Once Microsoft has gathered evidence about where fakes are coming from, it alerts local law enforcement. In 2007 the company helped Chinese authorities break up a syndicate that had generated $2 billion in counterfeit Microsoft products. In December the company helped Indian police raid one of that country's largest resellers of Microsoft products, which was pairing legitimate goods with knockoffs to boost profits.
David Finn, Microsoft's associate general counsel for antipiracy, set up the unit in 2000, shortly after the company lost what it expected to be a straightforward counterfeiting case in England. The judge said Microsoft hadn't provided enough evidence to prove that software discs were fake. Finn, who had prosecuted terrorists and drug lords in the U.S. attorney's office, realized the company didn't know enough about collecting and presenting evidence for a criminal case. "This is a large-scale criminal gang syndicate problem, and Microsoft's conventional legal resources were not going to be able to meet the challenge," says Finn.
Ballistics matching can be done only on a special microscope in the Dublin crime lab—a problem in jurisdictions that require criminal evidence to stay in country. So Microsoft has started using a newer method of tracking discs that requires a standard computer, a CD drive, and some software. The technique involves identifying digital traces left behind by the laser that stamped the disc.
Increasingly, pirated software is downloaded from the Internet, so the unit also uses software that scans the Web looking for illicit Microsoft products. Three weeks ago the team found a site that offered to convert free trials of Office 2010 into full versions. Microsoft found it contained malicious code that could harm computers, according to Peter Anaman, online piracy senior program manager at Microsoft. The software has been removed.
While successful prosecutions hobble organized crime syndicates temporarily, many of the gangs come back or are replaced by newcomers. Microsoft officials believe the Chinese syndicate busted in 2007 has already reemerged. "Once you crack down on one group, it can crop up elsewhere," says Robert Holleyman, chief executive officer of the Business Software Alliance, a trade group. "But you need to crack down—otherwise a small break in the dam will become a gusher."
The bottom line: Microsoft employs digital forensics and other technologies to help law-enforcement authorities bust counterfeiter syndicates.