The piracy prevention department at software maker Autodesk Inc. spends a lot of time on auction Web sites, looking for illegal sales of its products. One day two years ago, it began to notice that a vendor was offering an Autodesk $3,500 design program for $200 — over and over again.
Autodesk sounded the alarm, setting off an international investigation that led to the arrest of 26-year-old Ukrainian Maksym Kovalchuk, reputed to be one of the ring leaders of a worldwide software piracy and computer crime organization.
Mr. Kovalchuk was nabbed in Thailand, extradited to the U.S. and now awaits trial in U.S. District Court in San Jose.
The arrest was a high-profile example of the attention that the Justice Department is placing on computer crimes. It brings to seven the number of computer crimes cases prosecuted by the U.S. Justice Department so far this year. Fears that the department’s preoccupation with terrorism would distract it from combating computer crime have largely been allayed, in part because terrorism by computer is one of the department’s concerns.
Prosecutions for computer crimes have risen from 5 in 2000 to 25 last year, according to the Department of Justice. About a quarter of all computer crime cases brought by the Justice Department are prosecuted by the department’s Computer Hacking and Intellectual Property (CHIPs) office in San Jose.
“Many of our members have been watching this case closely,” Bob Kruger, vice president for enforcement for the Business Software Association, an industry group of software makers, said of the Kovalchuk case. “We are very pleased with the type of attention that piracy and other computer crimes have been receiving from law enforcement, especially lately.”
Piracy hits software makers to the tune of $13 billion annually, according to an estimate by the software association. About two out of every five software programs in use worldwide is a pirated copy and all it takes to find pirated software are cheap laptops, the association says. In the United States, the percentage of pirated software is just 25 percent. But U.S. companies sell worldwide and lose billions of dollars from software pirates.
The Justice Department’s war against piracy was launched in February 2000 when Robert Mueller, then the U.S. Attorney for Northern California, created the first CHIP. In July 2001, Attorney General John Ashcroft and Mr. Mueller, by then the FBI director-designee, came to the Mountain View campus of VeriSign Inc., to announce that the idea was so good it would be expanded to 12 more jurisdictions across the county.
When Kevin Ryan replaced Mr. Mueller in the Northern California region a year and a half ago, he hired Christopher Sonderby, a 1993 graduate of the University of Chicago Law School, to head the CHIP unit. Mr. Sonderby works with agents of the FBI, the Secret Service and the Postal Inspector’s office to prosecute piracy, hacking and theft of trade secrets and virus and worm cases, each of which requires a special kind of prosecutor and investigator.
“Tech crimes are factually complex, have novel legal issues, and you have to get your hands dirty with the technology,” Mr. Sonderby says. “You have to be able to explain the case in a non-technical way to judges and juries.”
He also has to earn the trust of businesses, which are notoriously reluctant to report computer crimes for fear the report will scare off customers and investors.
“We have demonstrated that we can be very successful,” Mr. Sonderby says. “There’s a benefit to showing that you will be aggressive and not an easy prey.”
The Kovalchuk case gave Mr. Sonderby an opportunity to show how far the arm of the law would reach.
Postal Inspector and Secret Service agents on the case identified a suspect in the case of the Autodesk software. The same person was also selling Adobe, Macromedia, Microsoft, Alias and Corel software. The suspect appeared to be part of a ring of software pirates in the U.S. and Eastern Europe.
According to an affidavit filed in U.S. District Court, the pirate would offer software deals in e-mails, take orders by e-mail through an e-mail server he had gained access to and would take payment by money order mailed to intermediaries, including a Russian exchange student in Philadelphia and a businessman in Massachusetts.
The individual lived in Ukraine and was a frequent user of a Web site where shadowy Web characters often gathered. Recently the site contained discussion forums on subjects like online anonymity and tools to hide your online presence. Chris Von Holt, resident agent in charge of the Secret Service office in San Jose, calls Mr. Kovalchuk “one of the main players.”
One problem: The United States does not have an extradition treaty with the Ukraine that would allow the arrest of Mr. Kovalchuk on a computer crime charge. But after gaining access to Mr. Kovalchuk’s e-mail, investigators discovered he had plans to travel to Thailand with his wife, either to sell software or for a vacation. The United States does have necessary agreements with Thailand.
On May 20, 2003, the Royal Thai Police arrested Mr. Kovalchuk at an ice cream parlor in Bangkok as three members of the San Jose-based CHIP team looked on — Mr. Sonderby, Special Agent Tom Pageler of the Secret Service and Postal Inspector Gregory Crabb. Mr. Kovalchuk appealed the extradition. He made his first appearance in the U.S. District Court in San Jose on March 29.
Mr. Kovalchuk is in the Santa Clara County Jail awaiting trial on charges of criminal copyright infringement, trafficking in counterfeit goods, international money laundering and access device fraud. He is held without bail because the Justice Department says he’d be a flight risk. He has pleaded innocent to the charges.
No trial date has been set. A pretrial meeting is scheduled next month. Mr. Kovalchuk faces more than 20 years in prison and a fine of more than $2 million.
According to an affidavit from Mr. Crabb, Mr. Kovalchuk also had in his possession the credit card numbers of 88 people. A U.S. embassy official in Bangkok told onlinesecurity.com that Mr. Kovalchuk was a pioneer of web-spoofing, the process of tricking people out of their credit car information over the Internet.
About the time that that Autodesk learned that its software was being pirated, it began to receive complaints from customers who said they had gotten a good deal on Autodesk software but that there was something wrong with it.
Sandy Boulton, director of piracy prevention for Autodesk has advice for people looking for an unbelievably good deal on software, especially if it requires you to send a money order to Ukraine: “If a deal looks too good to be true, it probably is.”