FBI on the Windows Source Code Theft

Chris Gondek writes "There are various articles about the Stolen Windows Source Code, but today it is confirmed that an FBI task force hunted for a cyber-criminal who posted on the internet source code for Windows which says 'I can confirm that the Northwest Cybercrime Task Force was investigating, FBI spokeswoman Robbie Burroughs said. The posted program is part of the source codes, or blueprints, for Windows 2000 and Windows NT 4.0, according to the company.' "

Simple question

Can they track torrents? Not that I'm afraid of the Fumbling Bumbling Idiots or anything...

Re:Simple question

They're more interested in finding the people who originally copied/published/distributed it. They're not stupid - they probably realize that it's out in the wild now, and chasing each individual downloader isn't going to stop these files being passed around.

Although, they seemed to clamp down pretty hard on the DOS 6 distributors a few years ago - a few people still have the source to that, but you can't seem to find it out there any more!

Re:Simple question

File: windows_2000_source_code.zip
Key: CHK@JANQuMJMYGNWPVWyfwBwyXPsgBwPAwI,LeWue01uUKoEMG Kv54~o6A
Bytes: 213748207

CHK@JANQuMJMYGNWPVWyfwBwyXPsgBwPAwI,LeWue01uUKoE MG Kv54~o6A/windows_2000_source_code.zip

Of course if you don't have Freenet yet (wtf are you waiting for?) you'd do good to visit http://www.freenetproject.org.

Re:Simple question

[westlake]

Not that I'm afraid of the Fumbling Bumbling Idiots or anything...

so why do you post as an Anonymous Coward?

Good to hear it

The FBI really needs to crack down on this whole Internet thing before the terrorists get their hands on that source code. Good to see they're doing something about it.

"In jeopardy is Microsoft's near-monopoly"

[zegebbers]

In any case, Microsoft's code allows the company to keep its near-monopoly on computer operating systems, for the same reason Coca-Cola guards its secret formula.
Yes, It's very lucky that there is absolutely no way to obtain any MS source code!

well...

[G27+Radio]

Anyone that's a peer in the torrent has your IP address. All they have to do is connect to the torrent and start collecting IP addresses of any peer that sends a piece of the file.

Re:well...

Yeah there is, I was at some of the sites recommended by all those e-mails I get every day and a window appeared and told me that I was surfing insecurley ( and that Adult content had been spotted on my hard drive ) so I downloaded there utilities at once and so now I'm totally protected.

Illegal to download?

The article says FBI spokesperson said 'It's illegal to download it.'. How can that be? Is it really so? What if your girlfriend downloads a file called 'cookingrecipes.zip' and it happens to contain stuff she did not know - such as Windows source code? Does that mean innocent downloaders can be put in jail?

Re:Illegal to download?

[WIAKywbfatw]

Ignorance rarely is a valid defence in the eyes of the law. If you're speeding at 70mph in an area where the speed limit is 50 mph then you not knowing that you were above the speed limit is not a valid defence.

Similarly, if you hold a barbeque and your kids sneak off with some beers, get drunk and do something stupid then you're still liable for any laws that you may have unknowingly broken (providing alcohol to a minor, etc).

Just because you didn't know you were breaking the law that doesn't excuse you from any possible punishment. Look at what happened to the grandfather who got hit with a hammer by RIAA because his grandkids used his PC to download copyrighted material over P2P networks without his knowledge. He had no clue what the kids were up to but he was still held liable for their actions.

If your theoretical "cookingrecipes.zip" defence was held up in court I'd be surprised. It would be carte blanche for copyright infringers, paedophiles and anyone else intent on evading the law to disguise their activity by giving the files they were swapping innocent file names and then claiming that they "didn't know" what the files really contained.

Re:Illegal to download?

[Rostin]

For some reason every limiting, nonsensical case is modded insightful. There is such a thing as culpability under the law. I think it's pretty obvious that if she really did intend to download something else (legally) and instead got the source code, she isn't guilty of anything, and could show that she really was tricked - say if she is none too computer saavy, has a demonstrable interest in cooking, etc. Notice that this is different than knowingly downloading the Windows source code and claiming that "I didn't know it was against the law." That is the genuine "ignorance of the law" for which there is no excuse. In the first case, something is happening to you that is really beyond your control. In the second, you are willingly and knowingly doing something that happens to be illegal.

Not so much fuss about Debian or SF break ins

[DrSkwid]

You'd think the FBI had some sort of pro-corporate bias!

Re:Not so much fuss about Debian or SF break ins

[lukewarmfusion]

As I posted earlier in this discussion, the MS security officer is Scott Charney, formerly of the FBI Cybercrime division. So yes, there certainly are connections.

Re:maybe now...

[holizz]

It was only about 5% of the source that got released so we'll only see about 20 backdoors.

Help your local law enforcement team

[Linker3000]

REWARD

Have you seen this code:

MOV AH,09h

Believed to be part of a larger gang of code, this fragment is guilty of initialising a register for potentially illegal or disruptive purposes, notably the dissemination of disturbing messages or misinformation. Older intelligence indicates that the code was often seen accompanied by its partner:

INT 21h

But now believed to be part of a larger organisation.

Re:Not normally pro Microsoft

[bhima]

The source for Linux is available.

I haven't had many problems with it.

Maybe you are over reacting.

Not that I condone this

MSHTML was in the .tar and Winsock

MSHTML.dll for those that don't know is the heart of Internet Explorer , (iexplore.exe is just a wrapper for mshtml) prepare for some exciting browser exploits , Winsock should ensure there is plenty of fun to be had with windows networking sockets

and don't forget MSPaint was in the source tree so Adobe had better watch out :))

What is there to investigate?

[valentyn]

What went wrong with the US law system? Microsoft is finally in compliance with their anti-trust regulations, opening up API's and stuff, and now the FBI is investigating that? ;-)

Pure Public Relations

[rueger]

After reading the article, I can only say it's pure PR speak, factually error prone, and more than a bit slanted. Perhaps this paragraph explains the timing:

"The announcement of the leak came on the same day Microsoft pushed in Washington for tougher anti-counterfeit legislation in the United States and worldwide, saying pervasive pirating of computer software was hurting the industry."

Given that any number of companies and computer professionals have access to Windows source for various reasons, it's not unreasonable to think that occasionally chunks of it appear in the wild.

And certainly a lack of source code hasn't slowed down the virus and worm industry.

Consequently I have to assume that this story is just a way for Microsoft to build support for even more draconian anti-piracy and DRM laws.

As a post-script - the original post and magazine link should be modded +5 funny at best. It's really quite pathetic.

Re:Scapegoat

[Knight55]

I think they could catch you if sheffif taylor is outside and knows who you are, but if you're smart enough you wouldn't be so obvious.

Buy a laptop for cash at wal-mart

configure netstumbler

upload source code on random insecure wi-fi miles away from your house in a metropolotin area

Throw said laptop in fire

Drive home and watch a re-run of friends.

thats it.

Download it on Freenet...Anonymously!

Among other things, the zip contains the source code to Notepad (you always wanted that!) along with an intriguing bugcodes.txt file that explains a lot of bluescreen/stop errors in more detail than you'll find anywhere else.

File: windows_2000_source_code.zip
Key: CHK@JANQuMJMYGNWPVWyfwBwyXPsgBwPAwI,LeWue01uUKoEMG Kv54~o6A
Bytes: 213748207

CHK@JANQuMJMYGNWPVWyfwBwyXPsgBwPAwI,LeWue01uUKoE MG Kv54~o6A/windows_2000_source_code.zip

Of course if you don't have Freenet yet (what are you waiting for?) you'd do good to visit http://www.freenetproject.org.

Re:Blueprints?

Hmm, maybe I should have quoted more of the article.

What and ruin another pedantic rant with facts? Never.

The article is complete crap

[1u3hr]

Counterfeiters have been trying to get their hands on Windows source code for years. So have computer activists who say that programs could be made to work better with Windows if the source code were public.

Counterfeiters don't want the source code, they just copy the binaries and maybe a hack to circumvent registration.
"Computer activists" even less so -- copying Windows code would poison any GPL project.

In any case, Microsoft's code allows the company to keep its near-monopoly on computer operating systems, for the same reason Coca-Cola guards its secret formula.

True; but the reason Coke and MS have near monopolies is because of marketing, not innate superiority of their products (Pepsi wins most blind taste tests; Macs win all usability tests).

In parts of Asia and the former Soviet Union piracy rates approach 90 per cent, they said. As a result, the US software industry loses $US13 billion ($A16.52 billion) a year for counterfeiting and other forms of software piracy.

Debatable; but irrelevant anyway.

The US Congress is considering legislation designed to close a number of legal loopholes often allowing counterfeiters to get away with their activities, specifically prohibiting trafficking in genuine authentication components.

Again, the idea that this will make piracy more prevalent -- it will have no affect at all on MS warez.

Piracy != lost profit

[inf0mike]

As a result, the US software industry loses $US13 billion ($A16.52 billion) a year for counterfeiting and other forms of software piracy.

It amazes me just how much emphasis is placed on financial losses due to piracy. Just because people are using pirated versions of software does not mean they would have bought it anyway! The figure qouted is a "best case scenario" projection of what could have been new sales, but the companies are not actually losing that amount from money they have already earned.

Re:Interesting note...

[DustMagnet]

From http://discuss.washingtonpost.com/wp-srv/zforum/02 /sp_technews_charney091702.htm:

Los Angeles, Calif.: Did you ever work for the FBI?

Scott Charney: No, I worked for the Dept. of Justice as a prosecutor in the Criminal Division. The FBI is a different part of Justice.

Re:Blueprints?

[gnu-generation-one]

"Technically, you could call source code blueprints."

Technically, only if you printed it. In blue.

Yep any p2p can track.

[nurb432]

Unless you use something like Freenet to download.

But even there they can see your IP. There just is no way to prove it was you that did the request, or was just 'forwarding' the request thru your node....

Re:Not normally pro Microsoft

[__past__]

But the source for Linux is available both for attackers and for white hats to find and fix bugs. If anyone would find a security problem in the leaked Windows code, they cannot simply send a patch to Microsoft - they would admit to have illegally obtained the code doing so.

Open Source code is available for everyone. Only criminals can use the Windows code.

Re:I don't know if this is true

[Daniel+Boisvert]

cough... cough... FUD...

I spoke with a gent on the same network reporting the same experience (could be the same guy :) and read the email they sent him. The email was sent from Microsoft, not from the FBI or any law enforcement entity.

It's not FUD. The gent in question also mentioned that his torrent download jumped from about 100K/s to 600K/s at some point through the download, which would lead me to believe that somebody with fat pipes *cough*Microsoft*cough* jumped into the swarm, likely in order to start tracing IP addresses.

I do wonder a bit about that, however, because if Microsoft jumps into the torrent to start nabbing IP's, haven't they also contributed to the dissemination of the source code by participating in its distribution? I'd imagine that it's no more of a problem for them legally than it is to undercover police selling drugs in sting operations. I do wonder if it should be, however...especially considering that they're *not* a law enforcement agency.

Dan

there is no half of globalization

[axxackall]

Oh, that's easy: have your friend in Russia to give you stunnel address and enjoy how FBI is weak attempting to figure out anything about IP address in Russia. Or China. Well, actually in many countries.

I said it before and I'll say it again: the globalization MUST be improved. If they want investigations across the borders - they have to remove the borders. That include the freedom to trade across the borders, the freedom to hire across the borders, the freedom to ELECT across the borders, the freedom to immigrate across the borders.

You don't wanna give that freedom to people? Enjoy your useless attempts to sue DVD hackers in Norvey and find IP addresses in Russia.

Remember: there is no such thing as "half of globalization". It either exists givig equal opportunities and freedoms to everyone, or it doesn't exist at all.

DMCA in full effect

you may receive a letter like the one below if you pull the file off of edonkey (Windows.source.code.w2k...). this is kind of ironic, because the file downloadeed was a fake.

> Hash: SHA1
>
> J.K. Weston
> Microsoft Corporation
> One Microsoft Way
> Redmond, WA 98052
> jkweston@microsoft.com
> Tel: (425) 703-5529
>
>
>
> URGENT/IMMEDIATE ATTENTION REQUIRED
> VIA ELECTRONIC MAIL
>
> Re: NOTICE OF POTENTIAL UNLAWFUL DISTRIBUTION OF MICROSOFT SOURCE CODE AT:
> xx.xx.xx.xx
> Date of Infringement: Detail below.
>
> Dear xxxxxxxxxx:
>
> We have received information that one of your users as identified above by
> the SITE/URL xxxxxxxxx may have engaged in the unlawful distribution
> of Microsoft's source code for Windows 2000, and/or Windows NT4, by
> distributing and offering for download these source code files via a
> peer-to-peer network.
>
> Since you own this IP address, we request that you take appropriate action
> against the account holder under your Abuse Policy/Terms of Service
> Agreement.
>
> We also kindly request that you forward this notice promptly to the user
> of the IP address listed above at the time and date stated.
>
>
>
> To the user at xx.xx.xx.xx:
>
> The unauthorized copying and distribution of Microsoft's protected source
> code is a violation of both civil and criminal copyright and trade secret
> laws. If you have downloaded and are making the source code available for
> downloading by others, you are violating Microsoft's rights, and could be
> subject to severe civil and criminal penalties.
>
> Microsoft demands that you immediately (1) cease making Microsoft's source
> code available or otherwise distributing it, (2) destroy any and all
> copies you may have in your possession, and (3) provide us any and all
> information about how you came into possession of this code.
>
> Microsoft takes these issues very seriously, and will pursue legal action
> against individuals who take part in the proliferation of it source code.
> We look forward to your prompt cooperation. Should you need to contact
> me, I can be reached at the address above or at jkweston@microsoft.com.
>
> Very truly yours,
> By
> J.K. Weston