Why the man who tried to sell Windows recovery discs will go to prison

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Why the man who tried to sell Windows recovery discs will go to prison
Eric Lundgren paid a company in China to print thousands of Dell-branded recovery CDs.

3490801258_fa46603efc_o-800x600.jpg

A California man has been ordered to prison for 15 months after having been convicted of "counterfeiting" thousands of Windows Reinstallation Discs. Curiously, Microsoft routinely gives away this Windows download at no cost.

In short, Eric Lundgren, who runs a 100-employee Los Angeles-area e-waste company known as IT Asset Partners, was sentenced to prison for selling something that is otherwise generally free.

On Wednesday, a federal appeals court affirmed Lundgren’s sentence, as he had pleaded guilty in 2017 to criminal copyright infringement in connection to his unauthorized sale of the discs.

According to Lundgren’s attorneys, however, a district court in Florida—and by extension, the 11th US Circuit Court of Appeals—failed to appreciate the difference between selling counterfeit software and reselling bona fide software, albeit one without a license to activate it.

These discs come standard as part of the purchase of any new Windows machine. However, as computers are bought and sold and, in particular, are refurbished and sold again, sometimes those crucial discs get misplaced. Microsoft knows this and makes Windows available for download to those who need it. When someone downloads the software, the installer requires a license and product key in order to fully function.

In 2011, the electronics recycling guru obtained a Dell-authorized Windows recovery disc from a business colleague, Robert Wolff, for $5. Lundgren thought that he could simply have these CDs re-printed in China en masse—to the tune of spending $80,000 on those discs. Back then, the idea was that he would resell these Chinese-made discs to Dell refurbishers for cheap—saving them the trouble of making their own for their own customers. (If, for some reason, a Windows user with a refurbished computer can’t locate a recovery disc or a license and product key, Microsoft will sell them a new one.)

But, the discs were intercepted by US Customs and Border Protection in 2012 as they were being sent from China to Lundgren.

Wolff, however, eventually offered to buy at least some of the 28,000 discs that Lundgren hadn’t yet sold, and he paid $3,400. What Lundgren likely didn’t realize, though, was that Wolff was cooperating with federal authorities the whole time. (The government supplied that $3,400 payment.)


I am the keymaster

Lundgren and Wolff were not indicted until 2016. The two men faced numerous charges, including counterfeiting, criminal copyright infringement, and mail fraud. (Wolff, as part of his cooperation, pleaded guilty and last year was sentenced to six months of home arrest.)

However, in essence, what Lundgren eventually pleaded guilty to was making these Dell refurbishers’ customers believe that they were obtaining a genuine Dell-branded "Reinstallation Disc" with Dell’s blessing, when in actuality, they weren’t.

As Lundgren’s attorney, Randall Newman, wrote in his appeal to the 11th Circuit:

Mr. Lundgren was charged with, pled guilty to, and was sentenced for infringing Windows OS software on computer discs that were sold without a license or product key. The Windows software and the license and product key are separate things (the license being the means by which the product key is obtained and the key being the means by which the full features of the software can be utilized). Mr. Lundgren was not charged with, he did not plead guilty to, and he was not sentenced for trafficking in Microsoft licenses or product keys. The infringed item in this case was Windows OS software without a license or product key.​
…​
However, the Government utterly failed to meet its burden to prove the retail value of the infringed item. It offered no evidence of the value of Windows software without a license or product key. Rather, the Government only offered evidence of the value of computer discs sold with Windows OS software coupled together with a license and product key.​


I am the gatekeeper

But prosecutors, Microsoft, and ultimately the Florida district judge didn’t see it that way. They concluded that Lundgren’s operation was tantamount to circumventing Microsoft’s ability—even if it was rarely employed—to sell its own software.

"To put it in a nutshell, we believe in cases like this you just can't break the law, create an illegal black market with a retail price that is lower than the value of the harm Microsoft suffered and try to use that lower value, that harm against Microsoft in the calculation," Lathrop Morris, a West Palm Beach-based federal prosecutor, said during a June 2017 sentencing hearing.

Both sides in the case settled on the negotiated price of $25 for a newly issued license—that amount times 28,000 copies that Lundgren hoped to sell resulted in what the judge determined to be $700,000 worth of damages. "What has been infringed here is Microsoft's software, the disc is a second copy of it," Senior US District Court Judge Daniel J.K. Hurley said. "So, what we are looking at is what is the value of that Microsoft software."


On Wednesday, in a unanimous decision, the 11th Circuit sided with Judge Hurley, upholding the earlier sentence of 15 months. Lundgren could be released earlier than that for good behavior.

"To the contrary, as the district court noted, it is difficult to square the defense’s valuation [of zero for the Windows Reinstallation Discs] with the fact that Lundgren and his co-defendant spent about $80,000 to fund a copyright-infringement scheme that they expected to profit from," the three-judge panel on the 11th Circuit wrote.

Newman, Lundgren’s lawyer during the appellate phase, told the Washington Post that there likely would be no further appeal.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top