Tuesday, January 31, 2012

Exam cheat caught using a spy pen

I found, and quite unusually so, that spy pens were heavily advertised on leading dailies and sold onboard flights in India. Spy pens can be used to make copies of documents, but with mobile phones around there is no need for an additional gadget. Today’s news “Gadget guru fails to crack it” demonstrated an innovative use of spy phones for cheating in examinations. The student in question inserted the cap of the spy phone with the camera in his shirt pocket. Each time he bent over the question paper the camera clicked an image and sent it via Bluetooth to a concealed mobile phone in his trouser, which then got relayed to a friend outside who quickly replied back with the answers via a hearing aid. Unfortunately for the student, due to an alert invigilator and a cctv monitoring system, he was caught when his apparatus failed to work and he was trying to fix it.

There are several such spy cameras available in the market inserted into innocuous objects like alarm clocks. These are cheap and used for monitoring people at work, conducting sting operations, in business discussions or filming victims in a state of undress. There are however, very few reported instances of this form of surveillance either because the victim chose to keep silent or was unaware of the incident. Unfortunately because these equipment are disguised it is difficult to detect, but it pays for women to keep their eye open when they visit changing rooms in stores and in common toilets. Airport worker fired for filming women on the toilet

Saturday, January 28, 2012

15 Categories that constitute Cybercrime

It is acknowledged that there is no comprehensive definition for Cybercrime. Definitions vary, as cybercrime is a new and rapidly evolving theme. Cybercrimes are crimes that a) are targeted against a computer system such as the theft of data or service interruption or b) crimes perpetuated through the use of a computer such as asset misappropriation and cyber harassment or c) where the computer is used as an accessory such as a file sharing site.

To me cybercrime has many dimensions from economical, social, ideological, military to political. Crimes may or may not have an economic impact and may be targeted against an individual, property or government.Cybercrime can be categorized in the following 15 categories:

Piracy and Copyright Infringement
Piracy in online goods such as music, films, ebooks, games and software is a 200m$ business. Piracy occurs when individuals share these products using file sharing sites. Sites which host pirated goods may also be liable.

Pornography, Pedophilia and prohibited sexual content
Pornographic content may be legal or illegal depending on country, but the act of child pornography or pornography which depicts violence in illegal everywhere. Some laws prevent creation, viewing and storage of content (i.e. the creator and user are both equally liable) or a subset.

Corporate Espionage
Corporate espionage is the act of insiders or external hackers infiltrating an organization to steal IPR or confidential business data.

Cyber Warfare
Cyber warfare involves the act of creating cyber weapons for offense and defense by military organizations. Cyber weapons may be designed to cripple the Internet or selectively cause destruction to parts of the critical national infrastructure like power, water, and nuclear plants. When some of these weapons are used without a declaration of war, this act in my opinion constitutes cybercrime. As part of cyber warfare there is a component of military espionage which involves the theft of military plans, documents, from defense organizations and their suppliers.

Cyber warfare carried out by ideological group’s intent on creating damage or disruption to nations or organizations opposed to their cause or belief. Individuals or groups disseminating information with a view to cause national panic or threaten key figures also falls into this category.

Hacktivism is the act of undertaking denial of service attacks or hacking in protest against governments or organizations seemingly acting against the ideological beliefs of the Hacktivist.

Online Scams, Counterfeits, Drug Trafficking
The Internet abounds with online scams which deal in the sale of counterfeit or spurious goods, drugs, advance fee frauds (lottery scams), of frauds designed to dupe victims into voluntary donations or subscriptions. Most of these frauds perpetuate through email or social networks.

Social Crime
Social crime is the act of causing emotional distress through a deliberate act of harassment, bullying, slandering, black mail, hate, stalking, defamation, impersonation online. Common avenues for propagating such crime involve social media, smses, emails, tweets and blogs. Content is usually offensive or derogatory and targeted against a specific individual.

Identity Theft and Impersonation
Stealing a person’s credentials with the objective of either defrauding the individual for monetary gain or to use the person’s identity to commit or perpetuate fraud.

All forms of spying which are not sanctioned by law which violates an individual’s privacy. This includes software’s that spy on cellphones, reading emails and so forth. Such acts may be undertaken by individuals, detectives and agencies.

Insider Theft
Using computers or computer systems to commit economic fraud by employees. Computer systems may be used to manipulate internal records such as expenses and payments for individual gains. They may also be used for the willful destruction of records or theft of information for financial gains.

Hacking for profit by external parties
The act of infiltrating or disrupting the services a company offers for monetary gain by individuals or organized crime with intent to blackmail, cyber extortion, cause economic fraud or cause reputational damage. Such acts may be caused on behest of competitors.

Development of Malware, Botnets, and Sending Spam
Malware development or the setting up botnets with the intention of using them for illegal activities. Spam or sending bulk unsolicited mail is unlawful in certain countries.

Launching denials of service attacks or hacking websites with a view to disrupt their functioning for fun, protest or profit.

Obscene or offensive content
Websites designed to be offensive, hurtful, slanderous, derogatory, inflammatory, and seditious with respect to sections of society. This is sensitive area which typical ends up in a court for arbitration.

Friday, January 27, 2012

Personal Data Websites Collects Online

Google recently released its new Privacy Policy which explains what information it collects and its use in simple terms. It is important for each cybercitizen to fully understand the extent of  personal information that can be collected either because they voluntarily subscribed to a service or from the use of a particular service. This information could be aggregated to provide a 360 degree view of a cybercitizens online activity.

I have summarised relevant parts of Google’s privacy policy which provide a generic view of information either in part or whole, which may be available to websites that we interact with online. This information can be used by the webfirm, its partners, by law enforcement and by courts.

Information can be collected in two ways. Firstly, when we sign up for an online account, we normally provide personal information such as our name, email address, telephone number, photo or credit card number, and secondly when we visit a website and interact with ads and content.
During our online interactions with website, various types of personal information as outlined below can be collected:
    • Device information such as your hardware model, operating system version, unique device identifiers and mobile network information, including phone number.
    • Log information when services are used or content viewed information may be automatically collected and stored. This may include:  
      • details of how you used our service, such as your search queries.
      • telephony log information, such as your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls.
      • Internet protocol address
      • device event information, such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
      • cookies that may uniquely identify your browser or your Account.
    • Location information Services which  may collect and process information about your actual location, such as GPS signals sent by a mobile device
    • Local storage  where personal information may be stored locally on user devices
    • Cookies and anonymous identifiers are used  to collect and store information when services are used or for services that websites offer partners such as advertising

Thursday, January 26, 2012

Google Scores A+ with new Privacy Policy

Google has set an example by being transparent in how it manages the privacy of personal information it collects from the use of its services. There is hue and cry over some aspects of its disclosures such as the need for an opt out option and the use of personal information for targeted advertisement, but we need to appreciate that GOOGLE with 70% market share did not have to write a simple policy which all its users could read and understand, but it did. It set an example which other firms do not. Let us commend and not condemn Google for this historic act.

Google says it intent is to use information shared with it to make its services even better – to show you more relevant search results and ads, to help you connect with people or to make sharing with others quicker and easier. They do not sell this information to third parties. Let us be fair, free services need to be paid for in some manner. Advertising is a great way to keep services free.
We should also appreciate steps taken in the right direction, so that other can follow suit without governments turning to regulation or censorship.

Wednesday, January 25, 2012

Password sharing a culture among teenage social media users

The effect culture has on security is extremely fascinating. Adoption of security policies on use or privacy are all governed in terms of adoption and effectiveness by the culture of the company or country. I have seen a restriction on the use of social networking in the workplace go from being fully restricted to completely open due to an acquisition. On a similar key the level of monitoring may vary based on how process abiding employees are. In some countries, employees may fully revolt even if one hinted that their emails may be read using a digital leak prevention system which protect against inadvertent leakage of sensitive information.

The recent article by the New York Times equated the power of password sharing to having sex among teenagers.  It’s a form of affection or the ultimate sign of trust that enables one to read the others private emails and posts. In a 2011 telephone survey, the Pew Internet and American Life Project found that 30 percent of teenagers who were regularly online had shared a password with a friend, boyfriend or girlfriend. The survey, of 770 teenagers aged 12 to 17; found that girls were almost twice as likely as boys to share.

The essence of the article is that there is so much social pressure to comply that despite the negative fallouts of violating the privacy of other people who send mail thinking only the recipient can read them, emotion impact of reading mails when the relationship sours, jealousy and ability to slander through a personal account the trend  continues.

I do hope that this trend reverses itself, as password sharing as we all know is not a good practice. What teenagers do today should not carry into the workplace as a habit in the future.

Monday, January 23, 2012

State of computer related Economic Fraud in India Dec 2011

PWC recently released its India report “Safeguarding organizations in India against Cyber crime as part of its Global Economic Crime Survey. Senior members from the executive management, finance, audit and compliance comprised 70% of the respondent’s from 106 companies. If we overlook the misleading title, which gives an impression of a report on cyber crime (which the report is partially about), the report actually provides an excellent insight into the state of economic frauds in Indian organizations, using computer (e.g. hacking, IP theft) or computer systems (fake/inflated expense reports, over invoicing/under invoicing) in India. Economic frauds as per the report are categorized as cyber crimes, accounting fraud, asset misappropriation and bribery and corruption.
The important observations, I made on reading the report were:
a)  There is heightened awareness among Indian Management about cyber crimes which involve reputational damage, IP theft, financial losses, regulator risks, and service disruption. We were 30% above the global average which is a sign on our economic environment becoming cyber aware. Positive news!
b)  Fraud Management seemed statistically to provide the most value in reducing economic crimes, but the demand for this services was low due to its perceived lack of value, cost or limited understanding of the service. Since fraud management requires cultural change and increase system or monitoring costs, companies may be reluctant to invest
c)   Cyber security training seems to have declined with 35% of the respondents having received no training at all. Not a good sign!
d)   12% of the respondents were victims of fairly large crimes of over 5 m$. An eye opener!
e)   The most common methods of dealing with cases of fraud against employees was dismissal and warnings and with outsiders, severance of business relationship and use of law enforcement
In the overall analysis, there is a rise in cyber crime risk awareness but little investment in fraud investment, fraud management and cyber security awareness. The report is a must read. It is well articulated and perhaps the only repetitive survey of economic crime in India.

Sunday, January 22, 2012

Fooling supporters to DDOS the US Govt made the Internet unsafe

I was quite upset when I read  that thousand of users who chose to listen to Anonymous's point of view were fooled into launching a DDOS protest against the FBI, Dept of Justice and other sites. Individuals participated unknowingly into a criminal act which made the Internet even more unsafe for cybercitizens.

I believe this trickery was uncalled for and will actually damage the credibility and popularity of Hacktivists. While thousands may have their reasons to believe that its legitmate to share pirated content, in law it is not so. In democracy we accept both the decision of the government and rule of law. We should honour both. We can protest in a non violent manner to make our view point heard to the government but no more. We should find alternate means of protest, DDOS is not the answer.

Site owners should also make an effort to curtail pirated content on their sites or links to such content. This includes search engines, torrent sites, cyber lockers and site which have linkages. These sites make money off ad revenue which indirectly is paid for by those very same netizens on the margins made on other products which they buy at the expense of money going to the business which worked hard to create online content.

Let us not degenerate into a cyber rabble.

Nice article to read

Saturday, January 21, 2012

Employee Surveillance: Does your company monitor your every move?

Companies monitor their employ activities for business purposes using multiple methods such as video surveillance, listening to telephone conversations and voice mail, location tracking using GPS, monitoring use of email, Internet, and computers, facility access and movement and review of blogs and posts on social media. Almost 80% of organization use one or more forms of monitoring through tools or manual reviews. This is done for one or more of the reasons listed below:
  • To avoid workplace law suits
  • To reduce asset thefts
  • To prevent intellectual property theft and accidental/deliberate data leakage
  • To reduce exposure to cybercriminals, sabotage or insider theft
  • To prevent corporate espionage
  • As part of regulatory or legal compliance
  • To reduce reputation damage or public embarrassment
  • To prevent lost productivity or wasted resources
  • Crisis Management
Some forms of monitoring for example timekeeping are well accepted but others like telephone monitoring may be considered invasive. Baring restrictions on under what conditions surveillance should be conducted which varies based on country/state regulations, courts do not consider on premise monitoring as an invasion of the individual’s right to privacy as long as a clear reasonable business purpose can be demonstrated. Both the Indian Constitution and Indian IT ACT provide Indian citizens the Right to Privacy but are non specific on the right of a company to monitor for legitimate business purposes.
As a best practice in employee care and to avoid law suits, most companies publish policies on the type, extent and rational behind the monitoring which is clearly communicated to employees. They also have signed employee agreements which waive an employee’s right to privacy for such monitoring. Companies have associated disciplinary policies which clearly lay down the protocol for dealing with policy violations, which vary from issuing warning letters to employment termination.
There are some extreme forms of monitoring such as trying to obtain personal records (e.g personal call records), and using detectives to trail employees and their family members. The legality of these activities is questionable, but such conditions exist when there is discord between partners in a firm with one trying to find evidence to nail the other and under conditions where a senior employee is thought to be stealing data or undertaking fraudulent/illegal activities.

Thursday, January 19, 2012

Email Scams may cost your life. There is no easy money !!!!

A Korean man and his daughter visited South Africa to collect a million dollar lottery win. At the airport they got into a hired taxi which drove them to house in Soweto. There the duo including the taxi driver was held hostage and a ransom of 10m$ to be deposited in Singapore was demanded from the Korean’s wife. Fortunately, the driver escaped, informed the police, and the pair was rescued. The Koreans were so traumatized from the incident that they left the country without giving evidence. They were lucky that they escaped death. Read the full news story South African police rescue Asian pair kidnapped in 419 scam
Email scams are a small percent of the overall spam mail sent. Normally they end up conning victims out of an advance fee, which is asked for, to complete the formalities needed to send lottery winnings to the winners (i.e. that victims). The danger increase exponentially when the victim either in an attempt to collect his winnings or recover his money actually visits another country, eventually to get held for ransom or killed.
Cybercitizens should understand that one cannot win a lottery which was never entered into. No money comes for free or by chance. Human psychology is such that even when advised that the email is a scam, many people fail to believe it to be true. I have seen this happen at close quarters because the lure of a potential winning that may change the victims entire life is so strong, and the victims understanding or comprehension of cyber risk is low. Much like the disbelief one has of the existence of a heart problem in asymptomatic situations.

Wednesday, January 18, 2012

Keep your ATM Pin Secret and use SMS transaction alerts

Many of us may share our ATM pin with a close family membe,r but when we expand the community to include drivers, close friends, strangers who we ask for assistance at ATM kiosks, and even write the pin on the card we are inviting trouble.
Keep your ATM pin secret, ensure that no one can read your pin while you key it in at the Kiosk, and  choose pin numbers which are hard to guess (not 1234 etc) are advice which banks have posted in ATM booths, screens and brochures. ICICI Bank has a security awareness screensaver with just this advice. I liked their preference for security awareness over advertisement.
So what can go wrong! Well recently in Mumbai, an ATM card was stolen and used by a trusted friend who knew the Pin number. Fortunately, the victim received an SMS informing her of the transactions and immediately complained to the Mumbai cops who with some old fashioned detective work cracked the case. Kudos to them too!  Midday Mirror Reports Woman, husband held for stealing Rs. 12,000 with friend’s ATM card
I would have expected the case to be cracked by a forensic review of CCTV data from the ATM from which the transaction was withdrawn, but for some reason this was not the way it was solved. It could be there was no CCTV surveillance which is not a best practice.
Related Reads:

Tuesday, January 17, 2012

Catch Crooks, using CCTV’s and Facial Recognition at Holy Places

Crooks also come to visit holy places to pray and ask for blessing, judging by the success a one million US$ CCTV camera network is having at a holy shrine in India. The system is equipped with facial recognition software which is fed with photographs of repeat offenders, bag lifters, chain snatchers and pickpockets. When the system zeroes in on a match a silent alarm goes off in the monitoring room and the culprit is apprehended. The system in the last 5 months has help nab 82 culprits.
CCTV surveillance is soon becoming more advanced with digital analytics and widespread availability using dedicated or mobile networks. Common uses vary from remote monitoring of property to child supervision by indviduals. Law enforcement uses vary from crime detection violation detection to antiterrorism.
Related Reads

CCTV’s ring down petty thefts in Mumbai

Monday, January 16, 2012

Clean up orders from Indian Courts may signal a new global era

The Indian judiciary has started hearing cases against leading international websites for not removing objectionable content as per Indian law.

Indian Court Issues Summons to Google, Facebook Headquarters for Objectionable Content

India has a significant chunk of the online users (100m), a user base which is set to grow dramatically (350-400m by 2015) and will eventually represent a significant portion of revenue and valuation for Internet firms.

 India wants these firms to self regulate, and remove content objectionable under Indian law rather than to block this sites. Site blocking is a last option, but the China example has not been ruled out.

The initial request was made by the Indian government which was politicised as government censorship, particularly as it coincided with a nationwide anticorruption campaign. This issue has now turned into a more serious legal case in a court of law.

I believe the outcome of this case will be a trendsetter for future Internet regulation in most countries. India was also at the forefront of regulation to montor encrypted email and messenger traffic from RIM (Blackberry) to assist law enforcement prevent criminal and terrorist activity. Ironically, six months after this move the very same method was used during the London riots which British law enforcement agencies found extremely difficult to control as they could not monitor or block such instant messages. London riots: how BlackBerry Messenger played a key role

Saturday, January 14, 2012

Information Government and Courts request from websites?

For long, telephone call records and more recently location details have been used in investigations conducted by law. In cases of defamation, online criminal activity, hacktivism and promotion of abusive and offensive content similar evidence on web activity is needed. Courts and Law enforcement agencies would like to gather forensic report on the suspects online activity for their investigations from ISPs, social networking sites and e-mail providers, such as Facebook and Google.
Very recently a US court requested information from Twitter which provides us a good description of what may be a boilerplate for future requests to websites and coming regulation. Records requested were:
  1. The customer’s full contact details (phone numbers and addresses)
  2. Account payment method if any (credit card and bank account number)
  3. IP addresses used to access the account, connection records (“records of session times and durations”) and data transfer information, such as the size of data file sent to someone else and the destination IP
 In the near future, we are sure to see regulation in this area which would mandate the storage of records by websites.

Thursday, January 12, 2012

2011 marks the Rise of Online Activism. Expect more in 2012 and beyond

When one looks back at 2011, the Rise of Online Activism has been spurred on by the use of social media by netizens and the more extreme form of Hacktivism by Hacktivist groups such as Anonymous and Lulzsec and professional paid political hackers.
Online activism has reached overwhelming proportions across the world. Regimes have been toppled in the Middle East, riots have been orchestrated in London and Indians launched a mammoth campaign for an anticorruption legislation. The power of using social media as a means of collective expression across an entire country without fear is making countries more “democratic”. Democracy in the past was the power to elect or unelect a politician to a seat in government once every five years, but now it’s about real-time and instantaneous feedback on how they are expected to serve the electorate.
Hacktivism made popular by overpowering hacks by Anonymous and Lulzsec have created an unusual amount of media attention. Hacks have targeted high profile government suppliers like Stratfor and against mega corporates like Sony which suffered 2011 largest breach with losses of over 200m$. Hacktivism was against action taken for copyright infringement, prosecution of whistleblowing (Wikileaks, Bradley Manning episode) and politics. A side effect of these campaigns exposed the weakness of Internet Security in big and small firms.
2012 will witness amplified online activism given the success that it has seen in 2011. Such protest have seen spontaneous uprising of people on common themes. Except for the Indian agitation almost all other were marred by some form of violence. Hacktivist campaigns violated cyber laws.
Netizens have begun to feel the power of the net and such campaigns will hopefully evolve into a meaningful of protest.  Hacktivism either ideological or paid will rise in the next few years. Hackers exploited by politicians to spur political agenda’s are a real danger in the future.
Related Reads

Sunday, January 8, 2012

1.5 m$ skimmed from US ATMs ! Neither bank nor customers notice?

Last month, I wrote in my post " Youngest Team attempts to Raid an ATM in Mumbai  " about two boys, one 12 and the other 15 who were caught trying to break open an ATM in Mumbai. These boys planned the break in and also covered their faces in front of the camera.

This episode stood in stark contrast with the current news report "Romanian Man Charged in $1.5 Million ATM Skimming Scam" in the Wired where a Romanian man was arrested for stealing 1.5 m$ over 7 months from 40 ATMs in the US, who did not bother to cover his face when he installed ATM skimmers. ATM skimmers are devices which sit over the card insertion slot and have a pinhole camera. As customers use the ATM, the device copies card magnetic data and records the pin through the pinhole camera.  This information is used to create a cloned card to withdraw cash

 If we read the facts in the report: 
  • 1.5 million  is not a sum to go unnoticed. It would have resulted in either a large number of customers being defrauded and several customer complaints or few complaints if most customers did not monitor their bank statements.
  • 40 ATM of the same bank were targeted in three main location of Manhattan, Long Island and Westchester
  • The skimming operation lasted 7 months, a fairly long exposure window
  • The skimmer did not bother to cover his face while installing skimmers on ATM's
The fraud could have been noticed earlier had customers monitored their bank statements and their transactions. Real time monitoring and use of video analytics at ATM's reduce ATM skimming frauds..

Most people in India use an SMS and email alerting service from banks and credit card companies post each transaction. This is the best way to detect such frauds as poring over monthly statements is a chore.

Related Reads:

12 Ways to Steal Money from an ATM? Just kidding

Saturday, January 7, 2012

Cybercrime: State of Online Piracy & Copyright Violations 2011

Online Piracy and Copyright violations in software, music, video, games and ebooks resulted in a 200 billion US$ loss worldwide. Such violations are perpetuated by file sharing P2P sites where individual’s trade and share online products, as well as pirates who make illegal CD’s and DVD’s of movies and software. A significant amount of the infringement is by net users copying and sharing content on the Internet between known and unknown individuals. Examples of these infringements are:

·         Sharing an MP3 copy of a song you bought on a online file sharing sites to enable other to download it without charge

·         Downloading free songs from a file share network or copying from or for friends

·         Assisting in the circulation of copyrighted content

·         Use of pirated content

·         Copying, downloading, sharing, selling, or installing multiple copies of software onto personal or work computer

This blog article provides a synopsis of available research on Internet Piracy,its  impact on gaming, software, music, film, and ebook industry, and a quick overview of the top ten pirated titles in each category. The reports from which these synopsis is extracted is referenced for further reading.

new 2011 study into Piracy on the Internet has been released by brand and trademark   monitoring firm, Envisional, found that almost one-quarter of global Internet traffic (23.8%) and more than 17% in the U.S. involves the theft of digital assets. Some of the key statistics released in the report are:
  • Bit Torrent traffic is estimated to account for 17.9% of all Internet traffic. Nearly two-thirds of this traffic is estimated to be non-pornographic copyrighted content shared illegitimately such as films, television episodes, music, and computer games and software. (63.7% of all bit torrent traffic or 11.4% of all Internet traffic.)
  • Cyberlocker traffic – downloads from sites such as MegaUpload, Rapidshare or HotFile – is estimated to be 7% of all Internet traffic. 73.2% of non-pornographic cyberlocker site traffic is copyrighted content being downloaded illegitimately (5.1% of all Internet traffic).
  • Video streaming traffic is the fastest growing area of the Internet and is currently believed to account for more than one quarter of all Internet traffic. Analysts estimates that while the vast majority of video streaming is legitimate, 5.3% is copyrighted content and streamed illegitimately. (1.4% of all Internet traffic).
  • Other peer-to-peer networks and file sharing arenas were also estimated to contain a significant proportion of infringing content. An examinatioon of eDonkey, Gnutella, Usenet and other similar venues for content distribution found that on average, 86.4% of content was infringing and non-pornographic, making up 5.8% of all Internet Traffic.
BIT TORRENT Statistics
  • BitTorrent is the most used file sharing protocol worldwide with over 8m simultaneous users and 100mregular users worldwide.
  • 63.7% of content managed by PublicBT was non-pornographic content that was copyrighted and
  • shared illegitimately
  • 35.2% was film content – all of which was copyrighted and shared illegitimately
  • 14.5% was television content – all of which was copyrighted and shared illegitimately. Of this, 1.5% of content was Japanese anime and 0.3% was sports content.
  • 6.7% was PC or console games – all of which was copyrighted and shared illegitimately
  • 2.9% was music content – all of which was copyrighted and shared illegitimately
  • 4.2% was software – all of which was copyrighted and shared illegitimately
  • 0.2% was book (text or audio) or comic content – all of which was copyrighted and shared
  • illegitimately
  • 35.8% was pornography, the largest single category. The copyright status of this was more difficult to discern but the majority is believed to be copyrighted and most likely shared illegitimately

Publicly Available Statistics
I researched and found several statistics, some as old as 2007 from research done or sponsored by Industry Associations on the extent of piracy and its economic impact. Many believe and the US governments has openly stated that these figures may be exaggerated due to the method used in estimation as  "the illicit nature of counterfeiting and piracy makes estimating the economic impact of IP infringements extremely difficult." However, the loss is quite significant to the Industry worldwide and revenue is affected due to piracy.

Impact on the Music Industry

Statistics derived from a 2007 Report from The institute for policy innovation titled the” True cost of sound recording Piracy to the US Economy” which highlighted the following analysis as a consequence of global and U.S.-based piracy of sound recordings:

1.    The U.S. economy loses $12.5 billion in total output annually.

2.    The U.S. economy loses 71,060 jobs.

3.    U.S. workers lose $2.7 billion in earnings annually.

4.    U.S. federal, state and local governments lose a minimum of $422 million in tax revenues annually.

Impact on the Movie and TV Industry
Statistic derived from a comprehensive worldwide consumer research study conducted by LEK Consulting and released in May 2006 by the Motion. Picture Association of America (MPAA).

1.    Motion picture piracy now results in total lost output among all U.S. industries of $20.5   Billion annually.
3.    Motion picture piracy costs U.S. workers $5.5 billion annually in lost earnings.
4.    Motion picture piracy costs 141,030 new jobs
5.    Motion picture piracy costs governments at all levels $837 million in lost tax revenue.

According to Torrent Freak, the online news site that covers file-sharing and related issues,

Impact on the Gaming Industry
Piracy results in major losses of revenue to the industry which (for business applications) the SIIA has estimated at around $12.2 billion worldwide (1999 Data). With respect to the game industry "up to 109,000 jobs, $4.5 billion in wages and $1 billion in tax revenues" were estimated to be lost during 1999.5

Impact on the Software Industry
Software piracy is the unauthorized copying or distribution of copyrighted software. This can be done by copying, downloading, sharing, selling, or installing multiple copies onto personal or work computers. The commercial value of PC software piracy in 2010 was $59 billion according to SIIA. Statistics from the BSA report titled "Eight Annual BSAand  IDC Study on Global Software Piracy", dated May 2011 show:
1.    The global piracy rate dropped by 1 point from 2009 to 42 percent — which remains the second-highest global rate in the study’s history.
2.    Half of the 116 economies studied in 2010 had piracy rates of 62 percent or higher, and two-thirds had atleast one software program pirated for every one installed legally.
3.    Emerging economies now account for more than half the global value of PC software theft, $31.9 billion

Economies with the highest value of unlicensed software were:

Software Titles Most Frequently Pirated By Companies
I was not able to find a referenced statistic for the most frequently downloaded software. Based on adhoc news articles, I concluded the most pirated software are Microsoft Windows and Office, Adobe Photoshop, Antivirus Products from Symantec and McAfee and AutoDesk Autocad
Impact on the ebook Industry

The Huffington Post published a list of the Top 10 Pirated eBooks at The Pirate Bay 0n 25th Feb 11
1.    1000 Photoshop Tips and Tricks
2.    Advanced Sex: Explicit Positions for Explosive Lovemaking
3.    What Did We Use Before Toilet Paper?: 200 Curious Questions
4.    Photoshop CS5 All-in-One For Dummies
5.    What Rich People Know & Desperately Want to Keep a Secret-
6.    101 Short Cuts in Maths Any One Can Do
7.    Touch Me There!: A Hands-On Guide to Your Orgasmic Hot Spots
8.    How to Blow Her Mind in Bed
9.    1001 Math Problems
10.  How To Make People Like You In 90 Seconds Or Less

Related Reading