Implications of Software Piracy in Nigeria
As our lives depend more and more on software usage, ensuring that the software we use are secured becomes essential. Considering that the software piracy rate in African nations is at a higher percentage, we can all agree that the chances of having a pirated software installed on every device, or being connected to a network that is already connected to a device with a pirated software installed are inevitable. Licensed software are becoming more expensive. With the subscription price of one of the most globally used software; Office 365 at $99/year, and Office Home Suite at $149.99. It is not surprising that the software piracy rate in developing nations like Nigeria is at 83 percent and that of Zimbabwe at 92 percent. I mean that is the cost of a brand new low-end laptop. In the absolute sense, one can understand why most end-users in developing nations use pirated software. (It is worth mentioning that these statistics were last collected by ChartsBin in 2009).
The implications of using pirated software are not only limited to the legality of its usage. (Yeah sure. The FBI APW seal means nothing when you’re outside the US.) But a much bigger risk is using a software that is already infected with a malware. Take the Remote Access Trojan (RAT) for example; this malware acts as a backdoor in a software, giving an attacker a remote access to a device or network the malware resides in. To most end users, using a pirated software is worth the risk it comes with. But when the same end-users connect their devices to organization/government networks. That is when it becomes a national issue.
Let us take banks as an example; what happens when an employee decides to torrent a software using the bank’s internal network because it is faster than the free wifi provided by the bank? That torrented software could have been infected with RAT, which gives an attacker access to the bank’s internal network. A more devastating scenario could be, that same software is infected with keylogger malware. This will allow an attacker to record every single keyboard stroke the employee makes. Not only is the attacker residing in the internal network, he can access customer funds while posing as the bank employee. (The technicalities behind implementing this type of attack are not that easy, but it is possible.)
With pirated software, the software vendor lacks knowledge of what has been tempered with, Hence, a pirated software can never be fully patched. So to the attacker, it will forever be a zero-day exploit. Responsible Disclosure and Vulnerability Disclosure Policy do not apply to pirated software. Besides, one can only trust a software to act as it is designed to if he/she wrote every piece of the software code. When an end-user use a genuine software (with a verified checksum), the idea is not to trust the software to be free of security vulnerabilities, but rather, to trust that the software has undergone an approved vulnerability assessment either by the vendor or whoever is responsible for distributing the software.
Yes, most if not all banks have security measures, controls, and policies to circumvent these types of security issues. But the truth is that these measures, controls, and policies are limited and undermined when the threat still exist. This makes combating software piracy in Nigeria a priority when it comes to ensuring a safer cyberspace in Nigeria. It is like the saying “To kill a snake, you have to chop off its head.” Moreover, the security issue is not limited to banks, it could be government IT infrastructure etc.
In the next writing, we are going to discuss what approaches can Nigeria take to minimize the rate of software piracy.