Slashdot Mirror


FBI on the Windows Source Code Theft

Chris Gondek writes "There are various articles about the Stolen Windows Source Code, but today it is confirmed that an FBI task force hunted for a cyber-criminal who posted on the internet source code for Windows which says 'I can confirm that the Northwest Cybercrime Task Force was investigating, FBI spokeswoman Robbie Burroughs said. The posted program is part of the source codes, or blueprints, for Windows 2000 and Windows NT 4.0, according to the company.' "

17 of 504 comments (clear)

  1. Simple question by Anonymous Coward · · Score: 5, Interesting

    Can they track torrents? Not that I'm afraid of the Fumbling Bumbling Idiots or anything...

    1. Re:Simple question by Anonymous Coward · · Score: 5, Interesting

      They're more interested in finding the people who originally copied/published/distributed it. They're not stupid - they probably realize that it's out in the wild now, and chasing each individual downloader isn't going to stop these files being passed around.

      Although, they seemed to clamp down pretty hard on the DOS 6 distributors a few years ago - a few people still have the source to that, but you can't seem to find it out there any more!

  2. Scapegoat by DigiShaman · · Score: 4, Interesting

    There will be a scapegoat regardless if they find the real criminal or not. After all, Microsoft wants to ease the minds of consumers and investors.

    --
    Life is not for the lazy.
    1. Re:Scapegoat by AlaskanUnderachiever · · Score: 4, Interesting
      That's true, I've noticed an increasing trend in heavy media coverage of computer related crime as far as the chase, catching the "criminal" and the beginning of the trial. . . HOWEVER I've seen precious little followup on sentencing, etc. I've really begun to wonder if a goodly percentage of those publicized as caught end up innocent (at least of the charges brought against them) and walk away. Eeh, it's probably just my paranoid mind at work. . .

      --
      Find out about my new childrens book: SS Death Camp Criminal Batallion Go To Monte Carlo For The Massacre
    2. Re:Scapegoat by espo812 · · Score: 4, Interesting
      HOWEVER I've seen precious little followup on sentencing, etc.
      I don't think this applies only to computer crimes. I constantly read about all kinds of crazy crimes involving real world and number world (say fraud or idenity theft, etc). Strange thing is, I never hear if the murderer was sentenced (unless he's given the death penalty) or if the fraudster was convicted (even though the media claims he stole $8 Million worth of widgets), etc.

      In summary, the media reports the catch and the outlandish - without bothering to follow through with what actually happens. The problem is solved from their end (to paraphrase office space).
      --

      espo
  3. Not so much fuss about Debian or SF break ins by DrSkwid · · Score: 5, Interesting


    You'd think the FBI had some sort of pro-corporate bias!

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
    1. Re:Not so much fuss about Debian or SF break ins by lukewarmfusion · · Score: 5, Interesting

      As I posted earlier in this discussion, the MS security officer is Scott Charney, formerly of the FBI Cybercrime division. So yes, there certainly are connections.

  4. MSHTML was in the .tar and Winsock by Anonymous Coward · · Score: 5, Interesting


    MSHTML.dll for those that don't know is the heart of Internet Explorer , (iexplore.exe is just a wrapper for mshtml) prepare for some exciting browser exploits , Winsock should ensure there is plenty of fun to be had with windows networking sockets

    and don't forget MSPaint was in the source tree so Adobe had better watch out :))

  5. Pure Public Relations by rueger · · Score: 5, Interesting

    After reading the article, I can only say it's pure PR speak, factually error prone, and more than a bit slanted. Perhaps this paragraph explains the timing:

    "The announcement of the leak came on the same day Microsoft pushed in Washington for tougher anti-counterfeit legislation in the United States and worldwide, saying pervasive pirating of computer software was hurting the industry."

    Given that any number of companies and computer professionals have access to Windows source for various reasons, it's not unreasonable to think that occasionally chunks of it appear in the wild.

    And certainly a lack of source code hasn't slowed down the virus and worm industry.

    Consequently I have to assume that this story is just a way for Microsoft to build support for even more draconian anti-piracy and DRM laws.

    As a post-script - the original post and magazine link should be modded +5 funny at best. It's really quite pathetic.

  6. The article is complete crap by 1u3hr · · Score: 5, Interesting
    Counterfeiters have been trying to get their hands on Windows source code for years. So have computer activists who say that programs could be made to work better with Windows if the source code were public.

    Counterfeiters don't want the source code, they just copy the binaries and maybe a hack to circumvent registration.
    "Computer activists" even less so -- copying Windows code would poison any GPL project.

    In any case, Microsoft's code allows the company to keep its near-monopoly on computer operating systems, for the same reason Coca-Cola guards its secret formula.

    True; but the reason Coke and MS have near monopolies is because of marketing, not innate superiority of their products (Pepsi wins most blind taste tests; Macs win all usability tests).

    In parts of Asia and the former Soviet Union piracy rates approach 90 per cent, they said. As a result, the US software industry loses $US13 billion ($A16.52 billion) a year for counterfeiting and other forms of software piracy.

    Debatable; but irrelevant anyway.

    The US Congress is considering legislation designed to close a number of legal loopholes often allowing counterfeiters to get away with their activities, specifically prohibiting trafficking in genuine authentication components.

    Again, the idea that this will make piracy more prevalent -- it will have no affect at all on MS warez.

  7. Microsoft doesn't know how the source was released by hillct · · Score: 4, Interesting
    I love this:
    Microsoft said that its own security had not been breached by whomever did the posting, nor was it released by a series of companies and governments with whom it shares the source code for the purpose of building software to work with Windows.
    Aparently Microsoft has no idea how the source code was relased. This doesn't speak well for their security. If they can't protect their own code repositories - their single most valuable asset - how can we expect them to provide a secure or even non-trojaned product?

    --CTH
    --

    --Got Lists? | Top 95 Star Wars Line
  8. Piracy != lost profit by inf0mike · · Score: 5, Interesting
    As a result, the US software industry loses $US13 billion ($A16.52 billion) a year for counterfeiting and other forms of software piracy.

    It amazes me just how much emphasis is placed on financial losses due to piracy. Just because people are using pirated versions of software does not mean they would have bought it anyway! The figure qouted is a "best case scenario" projection of what could have been new sales, but the companies are not actually losing that amount from money they have already earned.

  9. Re:Not normally pro Microsoft by diersing · · Score: 4, Interesting
    I am a Windows Administrator, I'm not anti-MS.

    The leak of the code scares the shit out of me. We've had some rather nasty security bits on the net lately and this is not a reassuring development.

    will increase the time I have to spend securing my system. although true, my main target in such a suit would MS itself for (1) not securing the code properly (2) recent stories (and past ones) of them sitting on security patches for months on end.

    If someone broke into my house and I followed my handbook and best practice about securing my house and it was STILL penetrated I want to go after the security document, not the intruder (the intruder would be handled by the criminal courts, my case is civil and monetary in nature since everytime some BS exploit is released and MS hasn't a patch my company is spending money to monitor and sort things out.

    Vary rarely will you see a class-action suit against an individual (I can't recall one, just ones against companies when their neglegence is going to lead to a large cash settlement..... I wonder how the MS lobbyest have protected them from such action)

  10. Yep any p2p can track. by nurb432 · · Score: 5, Interesting

    Unless you use something like Freenet to download.

    But even there they can see your IP. There just is no way to prove it was you that did the request, or was just 'forwarding' the request thru your node....

    --
    ---- Booth was a patriot ----
  11. Re:I don't know if this is true by Daniel+Boisvert · · Score: 5, Interesting

    cough... cough... FUD...

    I spoke with a gent on the same network reporting the same experience (could be the same guy :) and read the email they sent him. The email was sent from Microsoft, not from the FBI or any law enforcement entity.

    It's not FUD. The gent in question also mentioned that his torrent download jumped from about 100K/s to 600K/s at some point through the download, which would lead me to believe that somebody with fat pipes *cough*Microsoft*cough* jumped into the swarm, likely in order to start tracing IP addresses.

    I do wonder a bit about that, however, because if Microsoft jumps into the torrent to start nabbing IP's, haven't they also contributed to the dissemination of the source code by participating in its distribution? I'd imagine that it's no more of a problem for them legally than it is to undercover police selling drugs in sting operations. I do wonder if it should be, however...especially considering that they're *not* a law enforcement agency.

    Dan

  12. DMCA in full effect by Anonymous Coward · · Score: 5, Interesting

    you may receive a letter like the one below if you pull the file off of edonkey (Windows.source.code.w2k...). this is kind of ironic, because the file downloadeed was a fake.

    > Hash: SHA1
    >
    > J.K. Weston
    > Microsoft Corporation
    > One Microsoft Way
    > Redmond, WA 98052
    > jkweston@microsoft.com
    > Tel: (425) 703-5529
    >
    >
    >
    > URGENT/IMMEDIATE ATTENTION REQUIRED
    > VIA ELECTRONIC MAIL
    >
    > Re: NOTICE OF POTENTIAL UNLAWFUL DISTRIBUTION OF MICROSOFT SOURCE CODE AT:
    > xx.xx.xx.xx
    > Date of Infringement: Detail below.
    >
    > Dear xxxxxxxxxx:
    >
    > We have received information that one of your users as identified above by
    > the SITE/URL xxxxxxxxx may have engaged in the unlawful distribution
    > of Microsoft's source code for Windows 2000, and/or Windows NT4, by
    > distributing and offering for download these source code files via a
    > peer-to-peer network.
    >
    > Since you own this IP address, we request that you take appropriate action
    > against the account holder under your Abuse Policy/Terms of Service
    > Agreement.
    >
    > We also kindly request that you forward this notice promptly to the user
    > of the IP address listed above at the time and date stated.
    >
    >
    >
    > To the user at xx.xx.xx.xx:
    >
    > The unauthorized copying and distribution of Microsoft's protected source
    > code is a violation of both civil and criminal copyright and trade secret
    > laws. If you have downloaded and are making the source code available for
    > downloading by others, you are violating Microsoft's rights, and could be
    > subject to severe civil and criminal penalties.
    >
    > Microsoft demands that you immediately (1) cease making Microsoft's source
    > code available or otherwise distributing it, (2) destroy any and all
    > copies you may have in your possession, and (3) provide us any and all
    > information about how you came into possession of this code.
    >
    > Microsoft takes these issues very seriously, and will pursue legal action
    > against individuals who take part in the proliferation of it source code.
    > We look forward to your prompt cooperation. Should you need to contact
    > me, I can be reached at the address above or at jkweston@microsoft.com.
    >
    > Very truly yours,
    > By
    > J.K. Weston

  13. Murray Gell-Mann Amnesia effect. by Threni · · Score: 4, Interesting

    Yeah, but you can over analyze the media. Usually it's less than worthless.

    Check this out:

    http://www.crichton-official.com/speeches/speech es _quote03.html

    Media carries with it a credibility that is totally undeserved. You have all experienced this, in what I call the Murray Gell-Mann Amnesia effect. (I refer to it by this name because I once discussed it with Murray Gell-Mann, and by dropping a famous name I imply greater importance to myself, and to the effect, than it would otherwise have.)

    Briefly stated, the Gell-Mann Amnesia effect is as follows. You open the newspaper to an article on some subject you know well. In Murray's case, physics. In mine, show business. You read the article and see the journalist has absolutely no understanding of either the facts or the issues. Often, the article is so wrong it actually presents the story backward--reversing cause and effect. I call these the "wet streets cause rain" stories. Paper's full of them.

    In any case, you read with exasperation or amusement the multiple errors in a story, and then turn the page to national or international affairs, and read as if the rest of the newspaper was somehow more accurate about Palestine than the baloney you just read. You turn the page, and forget what you know.

    That is the Gell-Mann Amnesia effect. I'd point out it does not operate in other arenas of life. In ordinary life, if somebody consistently exaggerates or lies to you, you soon discount everything they say. In court, there is the legal doctrine of falsus in uno, falsus in omnibus, which means untruthful in one part, untruthful in all. But when it comes to the media, we believe against evidence that it is probably worth our time to read other parts of the paper. When, in fact, it almost certainly isn't. The only possible explanation for our behavior is amnesia.