Slashdot Mirror


FBI on the Windows Source Code Theft

Chris Gondek writes "There are various articles about the Stolen Windows Source Code, but today it is confirmed that an FBI task force hunted for a cyber-criminal who posted on the internet source code for Windows which says 'I can confirm that the Northwest Cybercrime Task Force was investigating, FBI spokeswoman Robbie Burroughs said. The posted program is part of the source codes, or blueprints, for Windows 2000 and Windows NT 4.0, according to the company.' "

37 of 504 comments (clear)

  1. "In jeopardy is Microsoft's near-monopoly" by zegebbers · · Score: 5, Insightful

    In any case, Microsoft's code allows the company to keep its near-monopoly on computer operating systems, for the same reason Coca-Cola guards its secret formula.
    Yes, It's very lucky that there is absolutely no way to obtain any MS source code!

    1. Re:"In jeopardy is Microsoft's near-monopoly" by Epistax · · Score: 2, Insightful

      In any case, Microsoft's code allows the company to keep its near-monopoly on computer operating systems, for the same reason Coca-Cola guards its secret formula.

      Water, high fructose corn syrup and/or sucrose, caramel color, phosphoric acid, natural flavors, caffeine.

      Uh uh the fuzz is after me.

  2. Illegal to download? by Anonymous Coward · · Score: 5, Insightful

    The article says FBI spokesperson said 'It's illegal to download it.'. How can that be? Is it really so? What if your girlfriend downloads a file called 'cookingrecipes.zip' and it happens to contain stuff she did not know - such as Windows source code? Does that mean innocent downloaders can be put in jail?

    1. Re:Illegal to download? by WIAKywbfatw · · Score: 5, Insightful

      Ignorance rarely is a valid defence in the eyes of the law. If you're speeding at 70mph in an area where the speed limit is 50 mph then you not knowing that you were above the speed limit is not a valid defence.

      Similarly, if you hold a barbeque and your kids sneak off with some beers, get drunk and do something stupid then you're still liable for any laws that you may have unknowingly broken (providing alcohol to a minor, etc).

      Just because you didn't know you were breaking the law that doesn't excuse you from any possible punishment. Look at what happened to the grandfather who got hit with a hammer by RIAA because his grandkids used his PC to download copyrighted material over P2P networks without his knowledge. He had no clue what the kids were up to but he was still held liable for their actions.

      If your theoretical "cookingrecipes.zip" defence was held up in court I'd be surprised. It would be carte blanche for copyright infringers, paedophiles and anyone else intent on evading the law to disguise their activity by giving the files they were swapping innocent file names and then claiming that they "didn't know" what the files really contained.

      --

      "Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
    2. Re:Illegal to download? by martinX · · Score: 3, Insightful

      Look at what happened to the grandfather who got hit with a hammer by RIAA because his grandkids used his PC to download copyrighted material over P2P networks without his knowledge. He had no clue what the kids were up to but he was still held liable for their actions.

      And so you think it's right? Given the many many ways of disguising the true nature of files, images, URLs etc before they are downloaded, how can anyone in their right mind think that any computer user who had no intention to break the law could be held liable for grabbing something they didn't know was illegal to have.

      Your analogies are bad analogies. Find some new ones.

      --
      When they came for the communists, I said "He's next door. Take him away. Goddam commies."
    3. Re:Illegal to download? by Henry+V+.009 · · Score: 3, Insightful

      True. And if you redefine copyright infringement as "theft," I suppose a downloader would be liable for "misappropriation damages" under the Uniform Trade Secret Act. But damages could only appear if the downloader were to do something commercial with the code (or possibly put it up for upload). So I don't think that the trade secret angle matters that much here.

    4. Re:Illegal to download? by badriram · · Score: 2, Insightful

      In this scenario, it is not ignorance of the law we are dealing with. We are dealing with not knowing what you are downloading. If you sign official documents, you would notice a line that says, to the best of my knowledge and belief, they are true, correct
      So when you did download a file that was named as something else you cannot be held responsible. On the other hand if you hold on to the file after you realize that it is the windows source you will be in trouble.
      Think about it as a virus.... If you accidentally clicked on a virus, you are not going to get into any trouble. If it was intentional you will.

    5. Re:Illegal to download? by iceburglar · · Score: 2, Insightful

      Ignorance can be used as a defense in certain cases, such as the case the OP mentioned. You cannot claim ignorance of something that is considered common knowledge (like speed limits, where a "reasonable person" would be expected to check for signs before traveling at an excessive rate of speed). To go back to the OP's case, if his girlfriend downloaded a file from a cooking site named "cookingrecipes.zip" and it contained illegal data, her argument of ignorance would stand up in court (other things like her level of epertise with computers, which could be demonstrated by her education level, e.g. she has a culinary arts degree, rather than a CS degree). However, if she downloaded said file from Lotso-warez.ru, the ignorance thing probably would not work. This whole thing is MOOT however, since they don't care if your argument will stand up in court or not, they just care whether or not you can afford to defend yourself. See DirecTV and the RIAA extorting their customers to pay thousands or else be sued.

      --
      iceburglar "If it wasn't for date rape, I'd still be a virgin."
  3. MIcrosoft is ultradevious by John+Jorsett · · Score: 3, Insightful

    Aha. Microsoft gets one of its sock puppets to expose some obsolete source files of an old version of Windows, and has them do it on a Linux box in order to make it look like Linux is as shaky in the security department as Windows. My God those people are Machavellian. I'll bet some of the same people behind the fake Mars landers are behind this.

    1. Re:MIcrosoft is ultradevious by One+Louder · · Score: 2, Insightful

      If they were trying to make Linux look bad, then it probably would have been a good idea to remove all those bogus .eml files that indicate the server was infected by Nimda. Wherever these files came from, clearly security wasn't a very high priority.

  4. Re:Not normally pro Microsoft by bhima · · Score: 5, Insightful
    The source for Linux is available.

    I haven't had many problems with it.

    Maybe you are over reacting.

    Not that I condone this

    --
    Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
  5. Re:Blueprints? by Anonymous Coward · · Score: 3, Insightful

    Technically, you could call source code blueprints. The compiler follows the instructions you've requested, then translates it into assembly and then object code. Some compilers will do a good job (Intel's) and others will needlessly bloat the specifications (GCC). Just like building a house.

  6. Re:Blueprints? by lseltzer · · Score: 4, Insightful

    It's a perfect metaphor. Computers don't run C code, just as we don't live in drawings of houses. Both are human-readable representations that we can use to build the implementation.

  7. Re:Not normally pro Microsoft by smittyoneeach · · Score: 3, Insightful

    What good was gained from doing this? What benifit is there?
    This whole affair is going to have one effect similar to that of major virus upgrades: it will scare the recalcitrant to upgrade.
    Deliberately falling short of carrying that analysis any further...

    --
    Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  8. Re:Not normally pro Microsoft by calyptos · · Score: 2, Insightful

    I agree that it was wrong to release the source code without permission, but I disagree with you sueing the one who distributed it. If you have a problem with your computer's security and feel the need to sue someone, sue Microsoft. You'd lose though, you've already signed an agreement excusing them from practically everything. I have a feeling if the source code to my linux distribution was ilegally released (its not finished, and MY software isn't free until I say so) that the FBI wouldn't give a shit.

    --
    http://illhostit.com/ - Webhosting
  9. Re:Not normally pro Microsoft by BorgDrone · · Score: 2, Insightful
    I wonder, (...) if I can sue the person who let out the code because it will increase the time I have to spend securing my system.

    If you want to be secure, you shouldn't be using software whose security depends solely on the secrecy of the source. it's know as "security through obscurity" and almost everyone agrees it doesn't work.

    Even microsoft won't be so stupid as to rely on it.
  10. Law enforcment by panxerox · · Score: 2, Insightful

    the main functions of law enforcment are revenge and the instillment of fear rather than prevention. they seem to be performing thier function quite well.

    --
    "It's so convenient to have a system where everyone is a criminal" - A. Hitler
  11. Re:Not so much fuss about Debian or SF break ins by krumms · · Score: 3, Insightful

    Duh. Corporate America and the US Government are business partners.

    The more money you have, the more of an American you really are in the eyes of the government.

  12. Who'd want that old junk anyway? by no+longer+myself · · Score: 3, Insightful
    I'm pretty sure from the posting pattern here on Slashdot that Microsoft has moles posting and trolling (and you guys know who you are), but for the life of me, I can't recall any law (IANAL) that prohibits the downloading of a "leaked file". Oh sure, we all know that possession of certain kinds of pornography and other files can get you into nasty trouble, but really... If that were the case, then why didn't the FBI start investigating IBM when SCO started belly-aching?

    On the flip side, I've already given up on Microsoft, and want nothing further to do with them or their products, so somebody leaking their code is almost a bad joke to me at this point. The most likely conspiracy to come out of this is that the next version of the Linux kernal will have a cloud of accusations that it derived some of its functionality from Windows 2000 source. (Oh please...)

    I guess the ugly part is dealing with the feds out there who are intent on taking names and kicking ass... After all, it's a national emergency! Microsoft's code has been leaked!

    Feh.

    Many of us have woke up to the fact that you don't need Windows to accomplish your goals on a computer. While the rest of of us are trying to actually get something done with our computers (instead of updating them every 15 minutes), Microsoft is suddenly crying out "Thieves!". Just how does MS come up with these horribly written plot devices?

  13. The Immaculate Transmission by grouse · · Score: 4, Insightful
    Here's what Microsoft's press release on the inadvertent release says:
    [I]nvestigation has shown this was not the result of any breach of Microsoft's corporate network or internal security, nor is it related to Microsoft's Shared Source Initiative or its Government Security Program...

    Interesting. From this, one must conclude that either (a) Microsoft legitimately releases the code to others outside these two programs, but we don't know about it; (b) Microsoft has absolutely no idea how the source was released but is lying through its teeth claiming there was no security breach nor an unauthorized release from its shared source programs; (c) Microsoft leaked the code itself for nefarious purposes (e.g. destroying ReactOS).

    We report, you decide.

  14. Re:Not normally pro Microsoft by Baron_Yam · · Score: 4, Insightful

    You're quite right - but there is a difference...

    Let's use the home metaphor - you live in a house in a neighbourhood built by "MS Homes". They are nice, comfortable homes, but the security system involves closing your front door with a plastic latch. Because the latch doesn't LOOK like plastic, everyone feels secure. Burglars, however, suspect there is an easy way in to the homes.

    Now, if none of the good guys examine the security and say, "Hey, maybe these latches should be steel", then eventually a bad guy will figure it out and your home is open for business.

    In such an event, if a good guy opened *a* front door on a *single* MS home, then posted a note in the local newpaper that maybe latches should be upgraded, I'd sleep with a shotgun until my latch was replaced. In the end, I'd have a safer home and know it. Without the good guy, I don't have a safe home, AND I'm unaware until a break in.

  15. Tools alone dont assume guilt by nurb432 · · Score: 2, Insightful

    The same 'tools' can be used for legit purposes, like if you are the security admin of a company..

    Its your JOB to make sure that you arent vunerable..

    But, you have to convince the jury of that....

    --
    ---- Booth was a patriot ----
  16. Re:Not normally pro Microsoft by mgt · · Score: 2, Insightful

    True, but it was not developed as closed source and then made public over one night. Because that would not have been very smart, right...

  17. That particular case would hold up by nurb432 · · Score: 2, Insightful

    All you need is a jury, and explain you were doing something LEGAL, that turned out to be illegal due to the actions out of your control.

    ( this is assuming her recipes were not restricted from re-distribution of course ).

    It would be the same case if you went to a legit store ( like a pawn shop or antique store )..
    and bought an item in good faith that anyone would assume was legally theirs to sell...that later turned out to be stolen ..

    Sure, they take away the object, but you dont get arrested...

    This isnt a matter of 'ignorance' of the law, its a matter of intent beyond your control.

    That said, if you *kept* said mis-labeld file, then of course its minor to prove intent...

    --
    ---- Booth was a patriot ----
  18. Re:Piracy != lost profit by Anonymous Coward · · Score: 2, Insightful

    Shouldn't we adjust that "financial loss" number by subtracting out the $$$ made by selling people like me computers with Windows on them? Often without a choice? Only to have me reformat the drive and install Linux? Someone else gets Windows without paying, that should be balanced by me paying for Windows and not using it. It's like them rooting through my trash cans before the truck picks them up .

  19. Re:Not normally pro Microsoft by __past__ · · Score: 5, Insightful
    But the source for Linux is available both for attackers and for white hats to find and fix bugs. If anyone would find a security problem in the leaked Windows code, they cannot simply send a patch to Microsoft - they would admit to have illegally obtained the code doing so.

    Open Source code is available for everyone. Only criminals can use the Windows code.

  20. Re:Goto's goto's goto's by Anonymous Coward · · Score: 2, Insightful

    There's nothing wrong with goto. You're just too influenced by Dijkstra's flamebait. Use it sometime... it's quite refreshing.

  21. Re:Not normally pro Microsoft by Thomas+Shaddack · · Score: 2, Insightful
    The worse for Microsoft, the better for the world.

    The more problems MS installations have, the higher the pressure for migrating away. The more systems migrated away, the higher heterogenity of the Net ecosystem, the higher overall resistance to platform-specific threats - and the higher pressure for compatible, standardized data-exchange formats; proprietary ones could then become a disadvantage instead of a lock-in advantage.

    The computer world needs to be pushed into different dynamic-equilibrium mode. The sooner, the better.

  22. Re:Piracy != lost profit by thales · · Score: 4, Insightful

    The Piracy of Windows hurts Linux more than Microsoft because most of the piracy occurs in areas where the majority of the people can't afford the high cost of a Windows OS. If it were impossible to pirate a copy of MS Windows, then most of these people would be using more affordable Linux distros, rather than buying Windows and Windows software.

    --
    Quemadmodum gladius neminem occidit, occidentis telum est
  23. Re:Torrent for W2K and NT4 source by phritz · · Score: 3, Insightful

    As has been pointed out, you are not anonymous when you use bitTorrent. If you're stupid enough to download from the links in the parent, there's a very good chance that someone at microsoft or even the FBI will be logging your IP address. Don't be stupid - ignore the parent.

  24. Re:Blueprints? by timotten · · Score: 2, Insightful

    Nope. A blueprint is a plan. A house is an implementation of the plan. Likewise source code is an _implementation_ of a plan - not a plan.

    These things are relative:

    1) flow chart:source code :: blueprint:house
    2) source code:machine code :: blueprint:house
    3) machine code:execution :: blueprint:house

    4) building requirements spec:blueprint :: blueprint:house
    5) blueprint:house :: blueprint:house
    6) house:daily life :: blueprint:house /* a bit tenuous */

    What I find neat is that the relation is transitive, i.e.

    1+2) flow chart:machine code :: blueprint:house
    1+2+3) flow chart:execution :: blueprint:house
    2+3) source code:execution :: blueprint:house
    4+5) building requirements spec:house :: blueprint:house

  25. Re:Scapegoat by mattyp · · Score: 3, Insightful
    you guys have it all wrong: IMHO, microsoft posted the code themselves. they are planning ahead, so they can be like SCO, and accuse linux of incorporating their IP in the future... the problem is, they had to leak it first... notice they released only old versions.

    Why did they take the risk? Because it's not a risk. It turns out they've learned the lessons from opensource, and now they embrace it, though in a familiar embrace, extend and smother way.

  26. there is no half of globalization by axxackall · · Score: 5, Insightful
    Oh, that's easy: have your friend in Russia to give you stunnel address and enjoy how FBI is weak attempting to figure out anything about IP address in Russia. Or China. Well, actually in many countries.

    I said it before and I'll say it again: the globalization MUST be improved. If they want investigations across the borders - they have to remove the borders. That include the freedom to trade across the borders, the freedom to hire across the borders, the freedom to ELECT across the borders, the freedom to immigrate across the borders.

    You don't wanna give that freedom to people? Enjoy your useless attempts to sue DVD hackers in Norvey and find IP addresses in Russia.

    Remember: there is no such thing as "half of globalization". It either exists givig equal opportunities and freedoms to everyone, or it doesn't exist at all.

    --

    Less is more !
  27. Re:Simple question by CaptainAx · · Score: 2, Insightful

    It doesn't matter how much work it is. If they trace the source of the leak to someone using this type of service, they will expend a vast amount of energy and money to find it. It doesn't matter how many tunnels, BNCs, VPNs, proxies or PGP encrypted sessions they need to get through, the FBI with the backing of Microsoft *will* find the perp. They have 52.78 billion in cash.

  28. Don't even think about it. by nberardi · · Score: 2, Insightful

    Just a reminder to anybody out there that is doing any kind of development for anything, don't even look at the code because if you do and you are caught, any of your work from this point on can be considered property of Microsoft. If you don't think this would happen look at IBM and SCO. And I doubt any of you have enough money to take on Microsoft, even the DOJ failed, so what chance do you have.

  29. Speaks volumes about our society by Aslan72 · · Score: 4, Insightful
    I hope this doesn't sound too conspiracy-theory oriented, but I find it interesting the amount of pull MS has in our society now. We're talking about a product that, for all purposes, is still a product and yet the verbage that I've seen on it makes it sound like someone just gave out a key national secret.

    Granted, we have so much riding on Windows that it being compromised is akin to loosing a national secret, but who is to blame here? If we lean so much on MS's code being secure, why are people storing data on there that could be a probem if the system was hacked?

    --pete

  30. Would somebody please tell me by AnalogDiehard · · Score: 4, Insightful

    why it takes less than six days for M$ to be hot-n-heavy on the trail of the source of the leak while it takes M$ six months to patch a serious security vulnerability in their source code?

    --
    Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10