EEJournal

feature article
Subscribe Now
July 30, 2020

Protecting Your Software from Cyberslime

by Max Maxfield

Are you a company that creates cunning software products? If so, how can you tell if someone counterfeits your software, perhaps inserting malware, and then distributes it as though it were a legitimate copy? Well, this is your lucky day, because the folks at Cylynt have you covered.

I was just chatting with Ted Miracco, who is the co-founder and CEO of Cylynt, home of the SmartFlow Professional and SmartFlow Enterprise anti-piracy compliance solutions. We will return to these solutions shortly. Unfortunately, talking with Ted has sent my poor old noggin churning with a tangled bundle of interrelated thoughts that will keep on bouncing around unless I write them down.

Growing up in Sheffield, England, in the 1960s, I thought that I was living a regular life. Looking back with the benefit of hindsight (the one exact science), I’ve come to realize that I had an idyllic childhood. There was never any argy-bargy (noisy quarrelling or wrangling) in our house. My parents never raised their voices to me. My dad could speak volumes with a raised eyebrow, while my mother had a “look” that could paralyze an impressionable youngster at 50 paces (the scary thing is that she has continued to hone and refine this look over the years — be afraid, be very afraid).

I was brought up with a set of principles that are now so ingrained I cannot imagine fighting against them. One was “waste not, want not.” We didn’t have a lot, so we did our best not to waste anything we did have. To this day, for example, I turn the cold water tap off while I’m brushing my teeth until I’m ready to rinse things off. Another was that littering was a disgrace. Wherever we went, the rule was to leave things nicer than when we got there. On our summer vacations, for example, the last thing my cousin and I did at the beach each day was to gather all of our families’ rubbish, after which we spread out picking up anyone else’s garbage in the vicinity.

One thing that was really drummed into me was that taking anything that didn’t belong to you was a terribly bad thing to do. When I got my first job, I was living in a council flat in Manchester, England. Shortly after I received my first pay packet, one of the things I invested in was a hammer to hang some pictures on the wall. My father had impressed on me that it was always a good idea to pay a bit more for a good tool, so I was tremendously proud of my perfectly balanced, rubber-handled hammer. A few days later, I returned to my flat to discover the front door hanging off its hinges. I’d been robbed. The one thing they’d taken was the only thing I owned that was worth anything — my perfectly balanced, rubber-handled hammer. This was 40 years ago as I pen these words, and it still brings a little tear to my eye to this day.

It was shortly after I’d bid a sad farewell to my prize hammer — did I mention it had perfect balance and boasted a non-slip rubber-clad handle? — that one of our friends told us her sister was getting married and we were all invited to the wedding. This event took place in our friend’s birthplace, which was a small village somewhere on the south coast of England. A group of us drove down a couple of days early and we camped in our friend’s parent’s garden.

On the day before the wedding, we were wandering through the village when one of our number found herself in need of a restroom. “Don’t worry,” said our friend, who pointed to the nearest cottage, “the door will be unlocked and you can use the restroom in here.” We were surprised, to say the least, but our friend assured us that — so long as we were with her — we could pretty much go anywhere in the village, and she was right.

Once, when I was ambling through Hong Kong circa 1985, someone came up to me on the street and asked if I would like to purchase “a genuine fake Rolex watch.” I can’t swear to it, but he looked like he was wearing a genuine false moustache. I had to admire his honesty in a convoluted sort of way.

On another occasion, I found myself in Singapore, as you do. (As I mentioned in The Times They Are a-Changin’, during his time in the Royal Navy, my grandfather was in the team that charted Singapore Harbor using rowing boats, surveying equipment, and weighted lines to measure the depth of the water.) A local friend took me to a small backstreet store where he said I could purchase some cheap jeans. I found a pair I liked and took them to the checkout, where a little old man was perched on a stool between a cash register and a sewing machine. The old man asked what sort of jeans I liked in a conversational sort of way, and I replied that I was quite fond of Levi 501s. As quick as a flash, he whipped open a draw full of small compartments each packed with different labels, pulled out a Levi 501 label, and sewed it onto my new jeans. A few seconds later, I found myself standing in the street, the perplexed possessor of the first (and only) pair of counterfeit jeans I ever owned.

Stop whimpering. I did warn you. Right at the beginning of this column I told you that my poor old noggin was “churning with a tangled bundle of interrelated thoughts” that would keep on bouncing around until I wrote them down. So, the fact that you are still here tells us either that I’m an extraordinarily gifted writer, or that you have nothing better to do with your time (if you have any self-respect, I know which option I’d go for if I were you).

Are You Guilty?

Things are a little on the hectic side at the moment, what with a global pandemic and all. A lot of us are working from home trying to meet project deadlines while juggling familial distractions. As part of this, many of us end up exploring the internet and downloading various software tools and applications to help ease, or at least smooth, our workloads.

Oftentimes, it’s not easy to spot something as simple as a counterfeit pair of jeans (unless they are counterfeited under your very nose). Things are much harder when it comes to sophisticated software applications.

How do we know that the tools and applications we download over the internet are legitimate copies provided by their original creators or certified partners, and not counterfeit copies that have been hacked by nefarious parties? If we aren’t careful, we could easily end up in violation of the software owner’s copyright. Even worse, we could be talking about an unlicensed, pirated copy of the software carrying a payload of malware that’s poised to set off a chain reaction in our home, office, or company’s IT network.

Returning to Cylynt, Ted tells me that a lot of these problems originate in China, Russia, and Iran, where legitimate software is first hacked and then distributed. Ted also says that there is an abundance of websites that are cleverly marketed to have an “air of legitimacy.” As an experiment, he performed a Google search for a well-known software application and purchased “deeply discounted special offers” from a bunch of seemingly legitimate websites, only to discover that these were all hacked copies. How did he know? Because the software’s creators were using Cylynt’s SmartFlow technology.

So, how did this all come about? Well, in 1994, Ted co-founded the EDA company AWR Corporation, which was subsequently acquired by National Instruments in 2011, and later purchased by Cadence Design Systems in 2020. AWR is a suite of RF and microwave design software that sells for tens of thousands of dollars a seat. Back in Ted’s time. they had lots of sales in the USA, Europe, and Japan, but minimal sales in the rest of Asia. This they found to be strange, because there was a huge market in Asia for training on AWR software.

The company’s investors wanted to know how much of their software was being pirated. All Ted could do was shrug his shoulders because the third-party licensing software they were using couldn’t stand up against determined hackers. As a result, Ted and his partners eventually developed their own antipiracy software, sold AWR, and formed a new company called SmartFlow, which they subsequently rebranded as Cylynt.

Things have progressed in leaps and bounds. Today, Cylynt’s SmartFlow technology is used by a very impressive portfolio of clients to protect $44B of software a year, and this number is rising as we speak.

What can SmartFlow do and how does it do it? I’m glad you asked. I’m only sorry that I’m not allowed to tell you. All I can say is that Cylynt provides a software development kit (SDK), which their clients use to configure their software with the desired level of protections, reporting abilities, and response capabilities prior to the product’s compilation, distribution, and deployment.

Once the SmartFlow-enabled application has been released into the wild, the application’s creators can determine who is using it, where it is being used, if it’s in its original state or if it’s been hacked, and what they want the software to do about it. Apart from anything else, this results in significant revenue possibilities, because the first line of defense is to send a letter to whomever is using the software saying something like: “We know that, for the past three months, you’ve been using 10 instantiations of our software that you have not yet paid for. We’re sure this is an oversight, so here’s what you currently owe, plus the cost of your next year’s licenses. We look forward to receiving your payment before the end of the month.”

Of course, there are increasing levels of potential response, including having the software disable itself or delete itself from the system. I did raise the possibility of implementing a nuclear response in the form of deleting any files in the vicinity before taking the suspect network down in its entirety, but Ted quickly changed the subject and started waffling on about all the good stuff on Cylynt’s Success Stories and Resources pages, including articles on anti-piracy and software license compliance.

There is indeed a lot of interesting information on these pages, but I fear my mind is now meandering off in a new direction thinking of a variety of responses I would like pirated software to perform. These thoughts are unbecoming for an honorable man, so you can be assured that, if I meet one, I’ll tell him not to think them. In the meantime, what punishments do you think would be appropriate for the people who hack other people’s software, the people who knowingly use counterfeit or compromised applications, and the people who create and distribute malware?

Leave a Reply

featured blogs
Must-Have Reads from No Starch Press
Jul 20, 2024
If you are looking for great technology-related reads, here are some offerings that I cannot recommend highly enough....
More from Max's Cool Beans...

featured video

How NV5, NVIDIA, and Cadence Collaboration Optimizes Data Center Efficiency, Performance, and Reliability

Sponsored by Cadence Design Systems

Deploying data centers with AI high-density workloads and ensuring they are capable for anticipated power trends requires insight. Creating a digital twin using the Cadence Reality Digital Twin Platform helped plan the deployment of current workloads and future-proof the investment. Learn about the collaboration between NV5, NVIDIA, and Cadence to optimize data center efficiency, performance, and reliability. 

Click here for more information about Cadence Data Center Solutions

featured chalk talk

GaN Solutions Featuring EcoGaN™ and Nano Pulse Control
Sponsored by Mouser Electronics and ROHM Semiconductor
In this episode of Chalk Talk, Amelia Dalton and Kengo Ohmori from ROHM Semiconductor examine the details and benefits of ROHM Semiconductor’s new lineup of EcoGaN™ Power Stage ICs that can reduce the component count by 99% and the power loss of your next design by 55%. They also investigate ROHM’s Ultra-High-Speed Control IC Technology called Nano Pulse Control that maximizes the performance of GaN devices.
Click here for more information about ROHM Semiconductor GNP1 EcoGaN™ 650V E-mode GaN FETs
Oct 9, 2023
35,444 views