Anti-piracy Vigilantes Tracking P2P Users

brevard writes "From SecurityFocus comes news that a pair of coders with a deep hatred of software pirates have gone public with a months-old experiment to trick file sharers into running custom spyware they wrote that scolds users and phones home to a server. They circulated the program disguised as sought-after downloads like Unreal Tournament 2004 and Microsoft source code, and they have a website that updates in real time whever someone executes it. They've logged IP addresses for over 12,000 'pirates' since January. The EFF says the vigilantes may be committing a crime."

Trojans

[myownkidney]

That's what they are essentially spreading. There's asses should land in jail as soon as possible.

Re:Trojans

[s20451]

Yeah, that's rich. They have a log of everyone who received a copy of their cracked software. Guess who gets that information in a deal with the Feds?

Actually, I think this is pretty clever.

Re:Trojans

If they should be locked up, then so should all the b4st4rds who shove their spyware into innocent users computers and actually corrupt their operating system to steal extra viewers for their own pathetic adverts and websites.

I have been contacted many times by customers of mine complaining their website has been hacked, when in fact it's just their own computer that was hacked by supposedly legitimate US companies to alter the behaviour of IE!

Re:Trojans

[negacao]

Can anybody point me to the proper network [e.g. kazaa, gnutella, etc] and maybe one or two of the filenames?

I'd like to get it, and examine it. Wouldn't it be hilarious if their own trojan DDOS'd thier own site? ;)

[I'd look on thier site, but it's already smoking.]

Re:Trojans

[tomhudson]

Isn't it a crime to intentionally compromise a computer system?

This is soooo stupid on their part.

Re:Trojans

[plugger]

I'm not so sure. The file was freely downloaded from their machine by others, who then passed it on. Ok, the software they offered has different functionality than the victims expected, but that could apply to any program that 'phones home' without the user's knowledge. As soon as the downloader opens the file, it declares its function on the screen. If this is illegal, so are the likes of Bonzai Buddy.

Re:Trojans

They have a log of everyone who received a copy of their cracked software. Guess who gets that information in a deal with the Feds?

If they have to make a deal with the feds, it means they did something illegal. If the information was collected illegally, it is unusable in court. Unless the "patriot" (parrot) act changed this.

Re:Trojans

[TykeClone]

Then please (oh please!) let them be illegal!

Re:Trojans

[PhotoBoy]

Isn't this totally pointless for finding "real" pirates anyway? For starters what people downloaded wasn't even illegal. I mean if I write a "Hello World" program and call it UT2004.exe does that mean everyone who downloads it is likely to be an evil pirate?

Unless these guys have created fake files that match the size of the real thing (UT2004 is ~4Gb) and present it in the form of a CD image, surely the only people who would be fooled by this would be people who think a little 100k program could be a full game.

This is hardly going to get very far with the BitTorrent or EMule scene is it? A pointless exercise that does nothing but put a back door into people's computers.

Re:Trojans

[AndroidCat]

Since their site seems to be slashdotted, perhaps they did DDoS themselves in a round-about way?

Re:Trojans

[LiquidCoooled]

everyone downloaded this expecting it to be the Keygenerator program.

They already have the 4gb downloaded already...

Re:Trojans

[bcolflesh]

I wonder if his desktop software product also contains trojan code?

Re:Trojans

Your argument doesnt stand. If I offer a trojan named "happy shit-stains sing the blues" it still the same thing. Offering trojans to the world is illegal.

Re:Trojans

[tomhudson]

As you say, the software they offer has different functionality than the victim expects. Sounds like fraud to me.

Now, for those who say it isn't fraud because no money changed hands, I would make the same argument that we use against spammers:

the victim is defrauded out of the following

1. time (to download, to delete, etc.)
2. information (they've conned information out of him that the "victim" would never have given had he known the true nature of the software - in a way this is worse than spammers.
3. your disk space
4. your bandwidth
5. your time

... all under false pretenses/

Re:Trojans

[Short+Circuit]

Do a gnutella search fot "*.vbs" ... You'll find various .mpg.vbs and .mp3.vbs files, generally between 1K and 3K in length.

Yeah, there are plenty of people who are gullible by length.

Re:Trojans

[GreyPoopon]

I'm not so sure. The file was freely downloaded from their machine by others, who then passed it on.

OK, let's put this into perspective. Let's say that you write a trojan and send it out via email. The people who receive the email run the attachment and then forward the message on to their friends. After a while, you go public and let everybody know about the trojan. Don't you think you'll get a visit to Club Fed?

Re:Trojans

the 4gb file has the crack inside ;) \crack directory

Re:Trojans

[SatanicPuppy]

Amusing, as they seem to have been /.ed to hell and back. Updates in real time, eh?

Take that trojan writer!

Re:Trojans

[Tony+Hoyle]

If any of their victims were in the UK they have committed a crime - unauthorised modification of data on a computer - which carries a 5 year jail term.

So if the US don't want to prosecute them there are extradition treaties to fall back on...

Re:Trojans

[tomhudson]

Damn, you're right. Thanks for reminding me - the same law applies in Canada, with a fine of up to $1,000,000 and/or 5 years in jail.

Re:Trojans

[Rogerborg]

On what charge? Exactly? Please be specific in your answer, citing the laws to which you refer and the jurisdictions in which they apply.

Re:Trojans

There's asses should land in jail as soon as possible.

Yeah's, throw's they're's asses's in's jail's!

-Anonymous Grammar Nazi
Sieg! Heil!

Re:Trojans

[Rogerborg]

> I mean if I write a "Hello World" program and call it UT2004.exe does that mean everyone who downloads it is likely to be an evil pirate?

An evil stupid pirate. Cluelessness is not a defence.

Re:Trojans

[mahdi13]

It was the downloader's
1. time to begin with, they chose to make the download
2. Who really trusts downloaded illegal content anyway? Sue them for false advertising
3. The disk space was already planned out for using the illegal download, this "Trojan" probably saved them tons of space (since UT2004 is 6 CDs)
4. The bandwidth was already wasted in trying to get retail products for "free", it's the downloader's waste to begin with
5. time the downloader could of spent working for a paycheck to purchase the desired product...again, nothing wasted but the resources someone was using to distribute and use illegal products.

I don't stand up for it installing spyware, but if it just pops up a message with a black pirate flag and says you have been logged...the only thing that is harmed is the privacy of a criminal.
If they start using this information for blackmail...that is illegal!

Re:Trojans

[Entropius]

Extradition treaties are international law.

The US only pays attention to international law when it serves its own interests.

(and, yes, I am an American.)

Re:Trojans

[maximilln]

That's a short-sighted view.

The real criminal is the company that charges $100 for the latest game knowing that it will sell at that price for no other reason than a carefully socially engineered populance. I know it sounds like a conspiracy theory but at what point is taking advantage of the ignorant going to be a crime? If it all falls under the "life's not fair" category then someone needs to tell that to the major media companies and software producers that do nothing but whine about their lost profits. They can dish it out but they can't take it.

Re:Trojans

[emilng]

The only thing the program does is send a network message, it doesn't actually modify data on the computer other than itself.

Re:Trojans

mod parent up, very VERY interesting!

Re:Trojans

yup, they will get it regardless. they're going to seize their comps and find the info. they will more than likely act because a there is evidence of other crimes being committed.

Re:Trojans

So it doesn't use any RAM or virtual memory at all then?

Re:Trojans

[chivinou]

What, the law doesn't protect you if you buy something illegal??? Harsh, man! Does that mean I shouldnt pay my dealer by credit card?

Re:Trojans

[SillySlashdotName]

I don't understand your point. Are you saying it is ok for unknown software to modify SOME data on your computer? Who gets to define what data it is ok for a trojan program to modify and what is not?

Because the program exists as data on the computer, and because it modifies itself to track users (read the article), then the program modifies data on the computer.

Re:Trojans

I'm not so sure. The file was freely downloaded from their machine by others, who then passed it on.Ok, the software they offered has different functionality than the victims expected, but that could apply to any program that 'phones home' without the user's knowledge. As soon as the downloader opens the file, it declares its function on the screen.

well...technically, their computer UPLOADED it upon request from other P2P clients. So, THEY are responsible for spreading the trojan. And who said programs that phone home are NOT breaking any privacy laws? I think your generalizing programs that phone home but only send back what security experts found "acceptable." Now suppose I walk into your house while you are having dinner, announce that I am going to search it for illegal software, and report my findings back to the BSA. Does that make it legal? If you were watching TV and didn't hear my announcement, does that make it legal?

Re:Trojans

[thedillybar]

The real criminal is the company that charges $100 for the latest game knowing that it will sell at that price for no other reason than a carefully socially engineered populance.

I don't know where you live, but in most places I know this is definitely NOT a crime.

I can write a text game that's 100 lines of code and charge $10,000 for a license if I want. If you don't think it's worth it, code it yourself or buy it from someone else. Just because it cost me $10 to make it and I'm selling it for $10,000 does not give anyone the right to steal it from me.

Re:Trojans

[muffen]

If they should be locked up, then so should all the b4st4rds who shove their spyware into innocent users computers and actually corrupt their operating system to steal extra viewers for their own pathetic adverts and websites.

I can think of two reasons why this is worse than spyware:
Most spyware has EULA's (End-User License Agreement), this thing does not. Granted that most poeple will not read a 10-page agreement, but atleast it is there!
This thing uses your bandwidth illegally. I believe that David L Smith, the creator of the Melissa worm, was jailed with the main charge being the illegal usage of bandwidth.

Re:Trojans

[thedillybar]

Oh damn, you didn't want that cookie from my website?

My website must be responsible for unauthorized modification of data on a computer.

Get real.

Re:Trojans

[senatorpjt]

Honestly.. if this is the worst thing you run into trying to download warez off Gnutella, consider yourself extremely lucky. I wouldn't touch anything on there with a 100 foot VM.

Re:Trojans

[maximilln]

Of course it's not a crime but, as a human being, you have no right screwing someone for $10k for something that took you 10 minutes to produce. It's theft of energy. It took you 10 minutes worth of energy to exist and you're going to take what took them closer to 4 months worth of energy. That's hardly a fair trade. That's my point. If it all falls into the category of "life isn't fair" then...

Quit whining when I pirate your crappy 100 line code. Life isn't fair.

Just because you've got the legal Guidos on your side doesn't make you any better than a street pimp.

Re:Trojans

[tallman68]

I thought the headline said anti-privacy. Then when I read what was going on, it appears this is a case of anti-privacy=anti-piracy. So does piracy=privacy? (I know that it doesn't, but the xxAA's may have you believe this)

Re:Trojans

[|<amikaze]

Well, given that it's open source, why don't you have a look?

Re:Trojans

[Spiked_Three]

You are seriously going to defend a position of charging someone with fraud because he tricked someone into downloading something other than what they thought they were stealing? Get real.
I personally wish it was the FBI running this sting and that there was enough jails in the world to lock up every thief out there that fell for it. Thats the worst kind, a stupid theif. Escape from New York anyone?
I wonder how Slashdot's readership numbers would be affected?

Re:Trojans

[Vaakku]

"Just to be safe, we added a "kill switch" to the eye. If the server returned a special ID number, the eye would delete the rabbit." In their website they admit that it can modify data on computer by deleting it. Question is - Is there any other "special ID numbers" which can delete other stuff.

Re:Trojans

This would be more convincing if not for the fact that it is pretty much the line of thinking that lead the EU to pass a directive making it illegal to drop a cookie without the user's permission.

So the case you propose as an example of the fallacy of the arguement is in fact completely 'real'.

Re:Trojans

Actually the doctorine of "clean hands" says that you have no civil protection if you are defrauded while engaged in a criminal enterprise. While the actions of the "vigilantes" may be criminal and thus they could potentially be arrested, tried and jailed, the stupid mother fuckers who are attempting to get something for free have no fucking recourse. Too bad for them. Boo hoo. Stick with opensource software or pay for your commercial software and we might give a shit.

Food for thought: imagine how much worse it could be. It could actually be erasing peoples' hard drives or attempting to flash random garbage into their BIOSes. There are so many destructive things that could be happening, I don't see what the big deal is in this case.

Hell, if I was Epic I would be putting 0-day versions of the game onto the p2p networks myself. And then after about two weeks have it completely trash the users machine. If they were quiet and a little bit discrete they'd get away with it.

Re:Trojans

[theLOUDroom]

3. The disk space was already planned out for using the illegal download, this "Trojan" probably saved them tons of space (since UT2004 is 6 CDs)

This also goes for all those viruses and trojans that delete everything on your HDD. Just think of all the space they're saving you!

Sure they lied about what they were, which means they are effectively committing theft of serivces, but they are using less than 1800MB so it's suddenly legal!

You obviously have no concept of computer crime laws. I don't understand how your comment made it to +5.
All the arguments you make are silly.

1. time to begin with, they chose to make the download

So!!?? If you say "this box is full of money" so I take it, and it turns out to be a bomb, you're somehow not responsible since I willingly took it after you lied to me about what it is? That's stupid (and not how the law works).

2. Who really trusts downloaded illegal content anyway? Sue them for false advertising

Ok. A) This isn't even a complete thought.
B) Cracks aren't necessarily illegal.

3. The disk space was already planned out for using the illegal download, this "Trojan" probably saved them tons of space (since UT2004 is 6 CDs)

Stupid reasoning. Covered above.

4. The bandwidth was already wasted in trying to get retail products for "free", it's the downloader's waste to begin with

The theft of services occurs when the program is run. Any system resouces used by the program as essentailly "stolen."

5. time the downloader could of spent working for a paycheck to purchase the desired product...again, nothing wasted but the resources someone was using to distribute and use illegal products.

So it's ok to commit computer crime if you don't agree with the way someone is utilizing their time?


You: "Yes, your honor, I stole his car, but only after I found out he had a stolen bag of Cheetos in the trunk.."
Judge: "Case dismissed!"

Re:Trojans

[MayonakaHa]

I'm not trying to say everyone who downloaded this program had a legit purpose in mind, however, I've known several people in the past (and present) who've purchased software legitimately and the key will simply not work. I remember when purchasing Anarchy Online (I can't believe I wasted time on that game... ugh..) that I was warned by the register jockey at EnB that the keycode may not work.

Re:Trojans

[baldcamel]

Would it be fraud if software companies put up files of crap that mimic their own titles, in an attempt to put people off p2p?

Re:Trojans

[mahdi13]

I enjoy being "short-sighted", especially when it involves the "everything should be free" thinking.
Microsoft offers their crumby OS for $200+, people complain, whine and cry over this. but it still sells because people the product. If you don't want to pay for it, don't buy it. Just because it is overpriced, that does not justify the action of taking something without paying for it
I think the whole "I'm not taking anything, I'm making a copy" falls into the "This is copyrighted, copies are not allowed" rule. As with artists that do not wish to have their work reproduced (or copied) the same applies for software.
If you can not respect the work of an artists drawing/picture, I expect you'd feel the same about software.

Re:Trojans

[ostiguy]

Everything downloaded from P2P is unknown, unless you have a hash to compare it with. I don't think you can go after people based on the name of the file - *&$^&##unreal2004(*$*($*($.exe

could be anything - an exe, a self extracting archive that contains anything, etc.

ostiguy

Re:Trojans

[tomhudson]

I buy the retail versions of SimCity because I love the game and I want to support Maxis. However, I hate having to put the stupid CD in the drive every time I want to play the game. It's bad enough I have to devote a box to Windows just for 1 game. I shouldn't have to prove ownership every time I want to play (guess that's why I play SimCity2000 more often than the later versions).

People WILL pay retail for the stuff they like and respect. They shouldn't have to prove they're not crooks.

So if I download a cracked version of a game I legally own that purports to let me play without the CD, I'm being treated like a crook, and someone's logging my activity. Screw them!

It's still illegal (misleading, and spyware to boot).

Re:Trojans

[maximilln]

Your art analogy is flawed. Most artists whose paintings and works are selling for mutlimillions died after a life of poverty and persecution. Many of them were commissioned against their will. A precedent has been set in society--it is okay to steal other peoples' work for personal profit.

I'm not in the "everything should be free" thinking but piracy is part of the regulation of the industry. If you want to sell your product to suckers who will pay $10k for it, then don't whine and cry when pirates make you out to be the sucker.

Someone needs to feed Microsoft and all the major software/media/pharamceutical companies a tall glass of "STFU and practice what you preach". They're taking advantage of the consumers so why should they whine and cry to the government when a small segment of consumers takes advantage of them?

Re:Trojans

[tomhudson]

I personally wish it was the FBI running this sting and that there was enough jails in the world to lock up every thief out there that fell for it. Thats the worst kind, a stupid theif. Escape from New York anyone?

Sounds like everyone would have a defense of entrapment to me. After all:

1. if the download hadn't been made available, they wouldn't have downloaded it
2. the person "offering" the download knew that such download are illegal, and is thus aiding and abetting
3. Since the actual download wasn't a copyright violation (repeat after me - it is not theft, it's a copyright violation) there was no crime on the part of the downloader.

It's like Canadians downloading musit - perfectly legal under Canadian Copyright law, and a situation the copyright holders agreed to when they accepted the levy on recordable media.

Re:Trojans

> That's what they are essentially spreading. There's asses should land in jail as
> soon as possible.

I'll bet you anything you like that there's at least one piece of unlicensed software on their current development machine or a recent backup. I don't know any developers who don't, just like I don't know any musicians who haven't got lots of copied tapes and CDs.

Re:Trojans

[st0ner1]

" As you say, the software they offer has different functionality than the victim expects. Sounds like fraud to me." If this were the criteria for Fraud I would have had a case against Microsoft a long time ago

Re:Trojans

[slycer]

yah because the $10 hit (after rebates) for UT2k4 is completely unreasonable..

Re:Trojans

I hope no-one creates a virus with these guys names (or their project's name) on it, perhaps DDOSing the servers which are distributing the software these clowns say is pirated. That'd sure get them into a lot of trouble...

Re:Trojans

[NemesisEnforcer]

Your statement is wrong on so many different levels. First of all, at least in the US, people are supposed to be considered innocent until proven guilty. That means they are violating the privacy of an innocent person.

Secondly, there are moral wars being waged over things like the privacy of a criminal. You can't blindly say it's ok to violate a person's rights just because they're a criminal.

Re:Trojans

[tomhudson]

In Canada and other jurisdictions where downloading music is legal, it could very well be.

Re:Trojans

[Anonymous+Cow+herd]

B) Cracks aren't necessarily illegal.

If EULA's are legally binding, then yes, most cracks are, since they perform "unauthorized" modifications of the application binary.

Re:Trojans

> the victim is defrauded out of the following

No they weren't. Not if you use any sensible country's legal defintion of Fraud. You might just as well argue that your own post was fraudulent, in that reading it and posting this reply has defrauded me of 2 minutes of my life and some wear and tear on my fingers and eyes!

Re:Trojans

"Psst, buddy- Wanna buy a Rolex?"

Only you know it's not a Rolex... but later find out it's not even a watch. It's an incendiary device designed to hack your wrist off to prevent you from violating the copyright of the Rolex logo in the future.

That's the vision I get when I hear about these antics. Heck, in many countries, the actions of P2P users are perfectly legitimate (or at the very least, in a legal grey-area). However, the actions of these vigilantes are flat-out illegal. And it's not like they're going to expose themselves in order to issue an apology if their malicious attacks mistakenly target an innocent computer user.

Re:Trojans

[mahdi13]

Whoohoo! Quoting responses time!
If you say "this box is full of money" so I take it, and it turns out to be a bomb, you're somehow not responsible since I willingly took it after you lied to me about what it is?
Click here for up to date, unbiased news and the final authority on internet/computer law!
if you expected to get something you didn't from that link, sue me. You took something for granted and did not get what you thought it was
Ignorance is no excuse

Cracks aren't necessarily illegal.
True, but why get them from an unknown source when Game Copy World has more trustworthy content?

The theft of services occurs when the program is run. Any system resources used by the program as essentially "stolen."
Then stop pinging me, thief!! Those are MY packets your using!

So it's ok to commit computer crime if you don't agree with the way someone is utilizing their time?
It's not ok at all, finish the original post. I disagree with installing programs/applications on people, period. But a simple pop-up and a quick message to a server saying "This guy just ran this" is not illegal. If it is, then we all can sue the pants off of Microsoft, Valve, Yahoo, Google, phpBB, vBulletin, Mozilla, Red Hat, Gnome.org or whatever else you can think of that uses a form of tracking in their programs.

You: "Yes, your honor, I stole his car, but only after I found out he had a stolen bag of Cheetos in the trunk.."
Judge: "Case dismissed!"
I'm not taking anything, THEY are taking IP Addresses. Downloader's are taking complete software packages. Again, when did collection IP Addresses become immoral and unethical? As I stated before, if these are collected to blackmail someone, then THAT is illegal. But just have someone's IP Address is not illegal.

Re:Trojans

"I don't stand up for it installing spyware, but if it just pops up a message with a black pirate flag and says you have been logged...the only thing that is harmed is the privacy of a criminal."

Precisely the problem. These downloaders have not consented to havng their information published on the world wide web, which might be a bigger criminal issue than the spread of a trojan.

IANAL applies here, but let me paint a scenario:
1. Downloader spoofs IP
2. Spoofed IP is your real static IP, let's say
3. Chris and Justin.X cop a deal
4. Your IP gets published to the public record in legal proceedings.
5. Your college fund gets wiped out trying to defend yourself in court, until you prove your innocence (and assuming you do).

Get the picture?

Re:Trojans

[tomhudson]

You probably do. After all, they have always lied about their products. Look at the BS for Windows 95:

1. a true 32-bit operating system (it was really win32s with a new gui, in other words a combination of a 16-bit dos core and a 32-bit gui originally designed for 8-bit computers running cpus that were originally 4 bits, all by a two-bit company)
2. virus-proof (what a joke)
3. the fastest windows ever (wfw31 was quicker)

Re:Trojans

[D'Sphitz]

Yes, very insightful. And I suppose you agree the downloaders should be in jail as soon as possible also? Oh you're probably one of those people who think it's your right to steal...

Re:Trojans

[kenthorvath]

don't stand up for it installing spyware, but if it just pops up a message with a black pirate flag and says you have been logged...the only thing that is harmed is the privacy of a criminal.

Of course it is always assumed that EVERYBODY knows that getting certain software from P2P is illegal. What is not reasonable to expect someone to know is that the program that they are downloading is not a freeware demo or some code that was released by the company. Just because the name of a file is "Unreal Tournament 2004 Full.exe" does not imply "Totally Illegal for you to download from me - Unreal Tournament 2004 Full.exe".

Is the burden of legitimacy placed on me, the downloader, or on the person who is uploading and distributing the copyrighted work? If the burden is on me, then I am at risk every single time I visit any website because anybody may be serving copyrighted images that they don't own the rights to. I don't think there is much legal recourse for those that downloaded, unless they were told in advance that the said file was being illegally distributed and they knowlingly contributed to the act of copyright infringment. But the fact is it is much much harder to prove willing intent to break the law than an ignorance of the facts about the copyright status of the file in question.

Re:Trojans

[tomhudson]

I never represented my post as anything but a post by me (the only potential fraud involved might be in association with the name I post under - is it really me? Who knows? Maybe I'm really the original anonymous coward, posting under a pseudonym. Maybe I'm some chick posting as a guy to avoid harrassment? Maybe it's one of my dogs - after all, on the internet nobody knows yu're a dog. :-).

Fraud, on the other hand, involves depriving someone of something through misrepresentation.

Re:Trojans

[idiosync_inc]

Use Alcohol 120% It will allow you to make backup images of your games and mount them to virtual drives. I have been able to use to allow me to play most of my games now without a CD. See http://www.techtv.com/screensavers/darktips/story/ 0,24330,3611348,00.html

Re:Trojans

Just because I want to name a file "Unreal Tournament 2004 Full.exe" and keep it available on a publically accessable box doesn't mean someone seeing it should assume it's the same file they're looking for. If the makers of Unreal Tournament want to sue for trademark violation, fine.

Re:Trojans

[tomhudson]

Use Alcohol 120% It will allow you to make backup images of your games and mount them to virtual drives.

I'll give it a whirl. I just hate futzing around with virtual drives when I have a legit copy of the game.

Re:Trojans

[rjelks]

At least in the US, it can only legally be considered entrapment if law enforcement is involved.

Re:Trojans

[jratcliffe]

"The real criminal is the company that charges $100 for the latest game knowing that it will sell at that price for no other reason than a carefully socially engineered populance."

First off, the sheer arrogance of this comment is mind-boggling. So, because you don't think game X is worth $100, but someone else does, means that they're "ignorant?" Wow, I must have missed the email where you were appointed arbiter of the value of all things.

Secondly, the company that creates the game, owns the game. They don't HAVE to sell it to you, they don't HAVE to sell it at all. They're free to stick it in a vault somewhere and let it rot (which might explain Duke Nukem...). By the same token, you don't HAVE to buy the game. They offer the game for $X. You're COMPLETELY free to walk away, buy another game, turn on the TV, go outside, read a book, whatever. The transaction is completely voluntary for both parties. It sounds like you're saying that the authors of the game should be FORCED to sell it for less (after all, they're "criminals," and we force people to stop engaging in criminal behavior). By the same token, shouldn't we then FORCE you to buy the game? It'd be only fair. So, it seems like we have a deal - game publishers can only charge $30 per game (rather than $100), but you MUST buy everything they publish. Somehow, I don't see you signing up.

Re:Trojans

[IndigoDarkwolf]

You would be a special case, then. Do you really think that you're in the majority of people who download cracked software after they've purchased a legal copy? How many games alone are cracked and "released" on the underside of the web before they're even officially released? I can name dozens of titles, including Jedi Knight II, Jedi Academy, and Freelancer.

Sure, people will pay for what they respect. But I don't think many pay for these games at all. And what would you think if you were, say, Volition, or Interplay, or Retro Studios, and your latest, hottest product was being pirated by the thousands of copies? And I'm just hamming on the games end of it--- let's not even begin to get into lost income from other types of software.

I have no sympathy for pirates. What they're doing is illegal. Plain and simple.

As for these two guys, I admire what they're trying to do. It may be unethical, and they may not be the proper people to be doing it, but I think they have a case. You see, the vice divisions of police departments use similar tactics: Pretend to be a willing participant, then arrest the person once they've incriminated themselves. There are a lot of rules they need to follow to avoid "entrapment" scenarios, but lots of arrests are made every day by these folks.

Certainly, what these guys are doing should be a heckuva lot less illegal than piracy.

Re:Trojans

[theLOUDroom]

If EULA's are legally binding, then yes, most cracks are, since they perform "unauthorized" modifications of the application binary.

Which in most cases they aren't since you have already been give all the rights you need to run the software thanks to the doctrine of "first sale".

A EULA that says "you can no do this to my software" after you've already bought the box and taken it home is like me selling you a house and then when you show up to move in there's a big piece of tape on the door that says "By breaking this seal you agree to the following terms...."


Even IF the EULA was valid, it would be the modification of the software that was violating the EULA, not downloading and posessing the crack program.

Re:Trojans

[kbielefe]

You seriously need to take econ 101. He isn't screwing anyone by licensing his 100 LOC program for $10,000 because no one is going to buy it at that price. The great thing about a free market is that trades only happen if they are fair as agreed upon by both buyer and seller.

If $100 wasn't a reasonable price for a game, no one would buy it and they would eventually lower the price until people did buy it. Just because something costs more than you are willing to pay doesn't make it an unfair cost.

You want to talk about theft of energy. What do you think paying nothing for a game that cost millions of dollars to develop and that millions of people think $100 is a fair value for is?

Re:Trojans

[IndigoDarkwolf]

Let's say that you write a trojan and send it out via email.

That's quite the analogy. In that case, you're trying to forcibly get the software onto the victim's machine, then fool them into opening the malicious software.

What these guys are doing is quite different: The "victim" volunteers to download what they already know to be illegal software.

Suppose I want to go buy drugs. I approach someone who looks like a dealer. I ask for some coke. Oops, they're the fuzz, and I'm busted. I have no case against them, I approached them.

I don't think your analogy works at all.

Re:Trojans

[Jaysyn]

Good Point. If I had never "pirated" UT back in the day, I more than likely would have never bought Unreal, UT2003, Unreal 2, or UT2004. Yes, that's right, I bought Unreal *after* UT was out, because I wanted to see what it was all about.

Jaysyn

Re:Trojans

[pla]

Oh damn, you didn't want that cookie from my website?

No, I don't. I'll just skip your site if I can't use it without cookies.

If I really want something, I'll enable cookies for the session, but then, delete them and back to none.


Get real.

I suspect you meant that as a troll. If you don't see the difference between a cookie (which some people do dislike enough to block) and tricking someone into running a trojan, well, remind me not to download anything from your website...

Re:Trojans

[Jayfar]

If any of their victims were in the UK they have committed a crime - unauthorised modification of data on a computer - which carries a 5 year jail term.

Excuse me for pointing out the sheer idiocy of your infantile assertion (mommy, mommy, he modified my data), but the mere act of visiting a website causes data to be modified on your computer. Well, you say you authorize those modifications by virtue of voluntarily visiting a webpage - just as you do by downloading a file to your system.

Re:Trojans

[nodata2]

Actually, I would say it it perfectly legal to price your product anyway you see fit. And it's perfectly legal for you to shop around for the best deal.

If I grossly overpriced 100 lines of code, how long before someone else comes up with something just as good, if not better, for a lower price? How long can you stay in business with such a pricing strategy?

Before you say Microsoft, they are getting sued for illegally creating a monopoly (i.e.: refusing to sell Windows licenses to Pc manufacturers that offer "naked" PCs is an issue that comes to mind), not for the way they price their products.

I don't quite understand your comment about energy theft. If you clarify that, I might see your point.

Re:Trojans

I'd say it's quite false to consider this a trojan or a virus. It does no harm, and it only runs when you click on it. The only thing one might argue that this does is invade privacy, but since it probably doesn't get much more info than you can get when they connect to you I doubt that should really hold up.
Personally I don't think they did anything wrong. I find it quite funny. They should be featured on comedy central and then forgotten about.

Once again, it doesn't hurt anybody it only runs when you run it.

Re:Trojans

[Jaysyn]

How much is Alcohol 120% again? I'd rather get a crack.

Jaysyn

Re:Trojans

[maximilln]

If everyone were paying nothing for the game then the company selling it wouldn't be selling it. That's ECON101.

There are always going to be people who can afford it and those who can't. Of the people who can't afford it there are always going to be some of them who will obtain it. If the company would lower the price they would increase the % of people who could afford it and, by proportion, diminish the % of people obtaining it. That's ECON101.

Attempting to recoup losses from a class of people who can't afford the product up front is going to create a cycle of crime. That's SOCIO101.

Attempting to pass laws to regulate the behaviors of the people who obtain the product is going to result in the laws being enforced on people who meet the technical letter of the violation but are outside of the spirit of the violation (eg. people using cracks for convenience even after buying the product). Laws are selectively enforced and abused in the interest of generating revenue and advancing popular causes. That's POLI101.

Your education came from a very sheltered environment. I'm giving you an education based on the real world as a whole.

Re:Trojans

[maximilln]

If it's perfectly legal to shop around for the best deal then it's perfectly legal to obtain the software from a P2P platform.

Of course, then it's also perfectly legal to accept the risk of obtaining software from a P2P service.

But that's the point. I don't agree with what the vigilantes are doing but I also don't feel that the media industry has the right to play distributor policeman. They make their money they should sit down and shut up.

Re:Trojans

[canadian_right]

What a bunch of hypocrites! What they are doing is not "unathorised modification" of data. They are getting people to install spyware. While I don't like spyware any more than you guys, this is NOT the same as rooting a server and deleting or otherwise messing things up. When some "white-hat" hacker gets caught everyone here boo-hoos's about how draconian the sentances are for hacking, and whine about people getting more time for viewing a bit of data than a convicted thief.

I think many sentances are too severe for computer crimes that are much like "trespass" in the real world. And these guys didn't even do that. They tricked morons into installing a harmless program that likely does less to infringe on the users privacy than kaazaa and other spyware.

What they are doing is wrong because they are tricking people into downloading and installing their trojan, but I DON'T think they deserve jail time. A good " cut it out", and a fine maybe. Get some perspective people!

Re:Trojans

[tomhudson]

Thats what the parent poster wanted - the FBI to entrap downloaders. Breaking the law to uphold the law is kind of like parents going "Don't (smack) hit (whack) your (thump) little (punch) sister (wham)!" You (bang) know (thwack) it (pinch) hurts (strap) her (smash)!"

Re:Trojans

Actually the doctorine of "clean hands" says that you have no civil protection if you are defrauded while engaged in a criminal enterprise.

The problem with this assumption is that copyright law limits DISTRIBUTION, not the receipt of copyrighted material. There are some questions about how things like the DMCA might have changed that (as well as the constitutionality of the DMCA itself), but those are still gray areas.

It may in fact be LEGAL to download copyrighted material. It don't believe it's illegal to LISTEN to pirate radio broadcasts.

OTOH, P2P networks might change the recipients level of participation, because the way they are configured by default you serve the 'chunks' that you have downloaded and help with distribution. That could be deemed distribution.

Re:Trojans

[tomhudson]

I admire what they're trying to do. It may be unethical, and they may not be the proper people to be doing it

There's got to be a better way. This is a social problem. Can you really admire unethical tactics? Does the end in this case justify the means?

Besides, how many of the downloaders download a game, play it for 10 minutes, then go on to the next?

As I said, it's a people problem. It's like Weinberg's (Gerry Weinberg) 3 rules of consulting:

1. No matter what they say, there's always a problem
2. No matter what they say, it's always a people problem
3. They will tell you the solution to their problem within the first 5 minutes

He goes on to say that the real trick is to extract consulting fees from them by helping them justify implementing the solution they've already told you, without making it too obvious.

Re:Trojans

Are you saying it is ok for unknown software to modify SOME data on your computer? Who gets to define what data it is ok for a trojan program to modify and what is not? Because the program exists as data on the computer, and because it modifies itself to track users (read the article), then the program modifies data on the computer.

Programs are in general not allowed to modify data on your computer without your knowledge or consent.

If you run a program, however, it's known that in general, data related to that program will be modified on your computer. When you visit a website, data is modified on your computer, for example. You give implicit consent when you run a program that data related to it can be modified, and so the act of a program modifying itself is not a criminal offence.

Re:Trojans

unauthorised modification of data on a computer

What data did they modify? Did the person willingly install the program? You're blowing a lot of smoke here.

Re:Trojans

[tomhudson]

Yep, and I bought SimCity 2000, 3000 Unlimited, etc., after playing a copy of the DOS version.

And dBase after trying an earlier, supposedly copy-proof version

And PC Tools, after seeing a friend using a pirated earlier version

And Wordperfect, after seeing the same friend using an earlier pirated version

And ... well, let's just say that I have 4 bookcases stuffed full of bought and paid-for software. This is after throwing out a lot of the obsolete stuff a couple of weekends ago.

Re:Trojans

[tomhudson]

There are other, free virtual drive tools out there

Deamon tools is free and works well. No need for a crack.

Re:Trojans

[rjelks]

Somedays I wish there was an 'edit' feature on our posts. Oops. :(

-

Re:Trojans

It also sends data about the owner of the computer. Which might be in violation of US wiretap laws. Committing a felony to take vigilante action against someone who might be violating a civil law (DMCA not withstanding) doesn't seem real intelligent.

The fact that they didn't grab your credit card numbers isn't relevant.

Re:Trojans

[monkeyman_67156]

This is very illigal. You don't have the right to compromise someone else's security with a trojan. Possilby you have good intentions, however, the ends do not justify the means.

Re:Trojans

[tomhudson]

Somedays I wish there was an 'edit' feature on our posts. Oops. :

What would be cool is if we could post (maybe in a different colour, or with a seperate time-stamp, so people know we've added material to the original message) additional lines, sort of like an , instead of an edit.

This way, people can see what we wrote, and any changes we made, so they don't think we're trying to hide what was originally written.

Might be a good feature to suggest to the editors. After all, we've all seen stories that have: Update: Yep, it's a dupe!

Re:Trojans

[tomhudson]

... And this way I could see that I forgot to close my bold tag ... and apologise for it in the original post instead of here :-)

Re:Trojans

[Jaysyn]

True. But, why should I have to jump thru hoops to play something I bought? Would you buy a car that you had to run around 3 times counter-clockwise & then kick the front driver's side tire before you could crank it?

Jaysyn

Re:Trojans

[liquidsin]

Quite the analogy indeed. See, in *your* example, the one committing "fraud" is an officer of the law. Are the guys sending out malware to infect my computer affiliated with law enforcement? And yeah, maybe the email analogy is flawed, but we're still talking about a trojan here. If I wanted to run their trojan, I'd find it and download it on my own. By some of the logic I'm seeing in this thread, I guess some of you would have no problem with these guys adding a keystroke logger, nabbing your CC# and billing you for the software you downloaded. A trojan is a trojan, no matter why it's installed. What they're doing is illegal.

Re:Trojans

[incom]

Untill they stop punishing the "bad"(not helping corporations) hackers with jail time, then these guys should be treated the same.

Re:Trojans

> If any of their victims were in the UK they
> have committed a crime - unauthorised
> modification of data on a computer - which
> carries a 5 year jail term.

You are obviously an individual who quests after
justice. :)

Re:Trojans

[roche]

"The real criminal is the company that charges $100 for the latest game knowing that it will sell at that price"

Yeah, I can see how making a product and selling it for a price that you do not agree with is considered a crime. That makes absolutely no sense at all whatsoever. If it IS a crime, than every business in the country is subject to a criminal investigation and our economy will fall apart.

You cannot say capitalism is a crime. That is the most ridiculous thing I have heard all week.

Re:Trojans

You missed the entire point of his post. Oh, well.

Re:Trojans

[halr9000]

1) Where do you buy your computer games? Lord & Taylor?

2) Unreal Tournament 2004 cost me $30.

3) Troll, and I feel for it.

4) umm...Profit!

Re:Trojans

[maximilln]

Capitalism is not a crime. In a truly capitalist system the demand feedback is moderated by the price of the supply.

We do not live in a capitalist society. Get the politic-speak out of your heads, people. A capitalist system which is subject to the tens of thousands of rules, regulations, and controls that we have in the US is... anyone...?

Communism.

Communism is an economic system controlled by the government. Capitalism is an economic system controlled by the flow of capital. In the United States we have an economic system that's controlled by... anyone...? The government.

This very simple concept is proof that our government run schools are working perfectly to obscure the dominant role that our government plays in the economic conditions of our time. To most educated people this is indicative of... anyone...? Socialism. To the cynical educated people this is indicative of... anyone...? Fascism.

Just because you want to live in a capitalist republic, and just because your politicians feed your dementia to garner your votes, doesn't make it real.

Re:Trojans

[tomhudson]

Funny, but people reading this message thread out of context would think we were bashing Microsoft products, and not gameing companies that treat their honest customers like crooks, whithout really stopping the dishonest piratees :-)

Re:Trojans

[iminplaya]

Christ! Here we go again. Let's just lock up everybody and throw away the key? That'll clear it up real fast. Man, the best thing to do is make people aware of it. Build a wall around it. Isolate it. And be done with it, until the next one comes along. This is just another consequence of the desire for money.

Re:Trojans

I was kinda expecting a corny photograph of "The Pair" with arms crossed, trying to look badass. With 0s and 1s floating around in the background.

Oh well.

Re:Trojans

[maximilln]

I'm not saying anything of the sort like what you're insinuating here.

I'm saying that any company is free to sell any product for any price that they like but they should quit running to the Guido government when people pirate their overpriced software or circumvent their inconvenient registration circus hoops. At the same time the people who are pirating need to quit whining about their privacy when they get hijacked by a shady distributorship (P2P file-sharing). At the same time someone needs to be held accountable when some psychotic packet sniffing script kiddie identifies easy identity theft targets based upon the existence of a backdoor that is enabled by some vigilante's trojan or some advertiser's spyware.

All I'm preaching is for consistency. If we want consistency in accountability then vigilantes, pirates, spyware producers, media companies and legislators all share equal parts of the blame. If we want consistency in "life isn't fair" then we need to tell the media companies to take a flying leap next time they want the government to legislate about file-sharing.

Re:Trojans

[thedillybar]

you have no right screwing someone for $10k for something that took you 10 minutes to produce

Actually...you do. If it takes me 10 minutes and I charge $10k, you can bet your ass someone else will do it and charge $9k. This will continue to happen until the price reaches the cost of production (actually, not quite, because it's not exactly a 100% competitive market).

If no one else chooses to produce it and sell it for cheaper, then I have every right to sell it for $10k.

If you don't think it's "fair trade", then don't buy it.

Re:Trojans

[thedillybar]

I don't mean that as a troll.

I mean to say that the law cited has many, many, many interpretations. Sure, it wasn't intended to stop websites from giving out cookies, but someone could interpret that way.

Until there's a case to make a precedent, it's hard to tell what the law means, and how it will be used.

Re:Trojans

Not merely that; in fact, this is nothing less than a live botnet, and not just that, compiled in exactly the same script kiddy way as some of the other kiddy botnets.

Does the description of the trojan look at all familiar? Kinda like... say... AthBot or PhatBot?

Re:Trojans

[maximilln]

Unless you get to be friends with everyone who's charging $9k, $8k, $7k, etc. until you all agree that, for the same ten minutes of work, you can charge $5k, get everyone hooked, and then charge them $6k for the next 5 minutes of work, and $7k for the next 2 minutes of work, and, using all of the extra money that you're making, go out, hunt down, and harass to death anyone willing to charge only a fair and reasonable amount...

Then you begin to involve politicians.

How is a collaborative monopoly indicative of fair trade?

Re:Trojans

[El]

I'm also completely free to borrow that game from a friend who has paid the $100... that isn't substantiallly different from downloading a cracked version (I know, presumably if I borrow a CD, the person I borrowed it from can't run the game while I have his copy of the CD). The point is, there are grey areas in the principle of fair use -- which is all the more reason why we shouldn't tolerate vigilantes.

Re:Trojans

[katarac]

UT2004 was 29.99 at Best Buy the other day. That's pretty cheap for a game as good as it is.

Re:Trojans

...Offering trojans to the world is illegal.

Ancient Greek : And where was this sentiment when we were given a Trojan ?

Re:Trojans

as always, the answer the criminals here do not want to hear - stop stealing bitches.

If someone was coming in your house every night stealing your crap, you'd be doing lots of things to stop them. Spare me your lame ass excuses about how the software is overpriced or you wouldn't have bought it for the selling price so you didn't really steal it. If you choose to steal someone elses software and it has a trojan, then as Mr. Carmack would say - suck it down!

Re:Trojans

[Spiked_Three]

"(repeat after me - it is not theft, it's a copyright violation)"
Yeah, right "I didnt kill you I just fired the gun". It is stealing you moron - what other reason would there be for laws against it?
And you need to learn about laws - entrapment requires that the crime would not have been commited unless the trap was set. You would be on the losing side of an argument if you think the crook wouldnt have tried to download from somewhere else.
Your argument is that if there are groceries on the shelf at the supermarket, it's ok to take them.
I get moderated down, you get moderated up. Thanks for helping make my point about the bias of this site. If your against stealing you're a troll, if you're for it you are insightful. Let me know where you live, i want to be insightful with some of your personal property.
I like your domain name, tomhudson@fuckmicrosoft.com , no bias there. Highly insightful.

Re:Trojans

hear hear... the anti-piracy measures in some games have become so obtrusive (& poorly programmed) that its not uncommon to buy a game that WILL NOT WORK PROPERLY UNTIL YOU CRACK IT.

when i go to buy a game i look on the web first for 2 things

1. is there a patch out yet? (everybody knows that games never work out of the package & must be patched before you can play them)

2. is there a crack out yet? (again, i want to play the game, not try to explain to it why my cdrom is drive E: instead of D: like it thinks it should be.)

if it doesnt match these 2 criteria, i dont buy it.

face it game programmers, the crackers are doing you a FAVOR by helping us remove this shit.

Re:Trojans

[thegameiam]

One of the typical filenames was:

2_2_Unreal Tournament 2004 ALL VERSIONS KeyGen Crack.exe

I find it hard to believe that someone would download a file from a free service which includes the word "crack" in the filename, and believe that said behavior is legal. The keys are OBVIOUSLY a protection mechanism, and a "cracked key generator" is OBVIOUSLY a mechanism for getting around the copy protection.

YMMV

Re:Trojans

[Spiked_Three]

BTW, fuckslashdot.com is available! And fucktomhudson.com was till just now.

Re:Trojans

Dumb fuck. In the real world, lowering the prices does not carry an automatic increase in the amount of sold products.

Re:Trojans

[STrinity]

Are you saying it is ok for unknown software to modify SOME data on your computer?

Installing software automatically alters data on your computer.

If these guys had downloaded from a website that promised X but did Y, that'd be reason to get upset, but when they get a program off a peer-to-peer network and it doesn't do what they thought it would, that's their own damned fault.

Re:Trojans

[tomhudson]

Dude, it's not theft.

1. Stealing requires the PHYSICAL depriving of the object in question.
2. In the case of certain files, legislation in certain countries allows sharing, so it is neither a copyright violation nor theft. cf. Canada and downloading music, which is legal.

"(repeat after me - it is not theft, it's a copyright violation)"
Yeah, right "I didnt kill you I just fired the gun". It is stealing you moron - what other reason would there be for laws against it?

There is no law against copyig, say, music files, in Canada. It is specifically permitted in our copyright act, in return for the music industry being given the procedes from levies on recordable tape and cds.

And you need to learn about laws - entrapment requires that the crime would not have been commited unless the trap was set. You would be on the losing side of an argument if you think the crook wouldnt have tried to download from somewhere else.

You would be on the losing side, unless you could show that the "crook" was aware that the file was elsewhere, as easily obtainable, etc. Otherwise, you have presented them with a trap they would not have fallen into if you had not presented the opportunity.

Your argument is that if there are groceries on the shelf at the supermarket, it's ok to take them.

Nice try. Groceries are different, in that they are a physical product. If you steal those groceries, the store no longer has physical possession of them - you do. So, even by your analogy, copying a file cannot be stealing, because the original owner still has the original file.

Let me know where you live, i want to be insightful with some of your personal property.

As I said before, the laws are different regarding physical property and, say, music files. A good example is this post - you can copy it all you like, as long as you copy ALL of it, and attribute it to me. The original still sits on /.'s server. Even if you don't give proper attribution, all you've done is a copyright violation, not theft.

Re:Trojans

[Dave2+Wickham]

IHBT, IHL, IWTTHAND

I'm against copyright violation, but it is not theft. Using your own example:

Yeah, right "I didnt kill you I just fired the gun". It is stealing you moron - what other reason would there be for laws against it?

I guess killing people is theft as well then? What other reason would there be for laws against it?

Re:Trojans

then the program modifies data on the computer

Going to any website that has any content "modifies data on your computer"

Re:Trojans

No, you open source fucktards should. what, you think cause you give away your work, everyone should too, and if they won't you'll make them through file sharing? screw you, gimmie my money.

Re:Trojans

[abertoll]

Fraud? I don't want to live in a world where sharing files counts as advertising. I don't want to live in world where I have to make sure my file names never ever give someone the impression that they're something else! Come on, that's ridiculous. I should be able to call my files anything I want.

Re:Trojans

[abertoll]

The solution to this isn't to crack or share software. Sorry. Either there needs to be a legal requirement that software companies do not hinder the users, or people should boycott software makers who do this. I know this probably will never happen, or have an effect, but cracking software is a non-solution because guess what? Even though you're a pretty good indivdual for buying it, most people aren't.

Re:Trojans

[emilng]

I read the article and I know what the program does. My point is that they did not commit a crime by creating a trojan that just modifies itself, according to UK law.

IANAL, but according to the Computer Misuse Act of 1990 a person is only guilty if they had the intention of modifying and knowledge to modify the contents of any computer

(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any computer; or
(c) to impair the operation of any such program or the reliability of any such data.

Re:Trojans

[ebyrob]

No matter how many times you say otherwise, think otherwise, or pretend otherwise. Stealing and copyright infringement are not the same thing. Obviously, high prices are no excuse for breaking the law, but neither is "stopping pirates" an excuse for abusing the law and treading on your own customers.

Re:Trojans

[tomhudson]

The solution to this isn't to crack or share software. Sorry. Either there needs to be a legal requirement that software companies do not hinder the users, or people should boycott software makers who do this. I know this probably will never happen, or have an effect, but cracking software is a non-solution because guess what? Even though you're a pretty good indivdual for buying it, most people aren't.

But don't forget that MY responsability ends with ME. I'm not responsible for other peoples' actions. If someone wants the game, they'll get a cracked version that actually plays better than my legal version.

This was the reasoning, for example, behind Borland not having copy-protection from their software way back when (the "Borland no-nonsense license"). A simple, easily understood, easily-complied-with license helps sell products. Not just the original product, but other products from the same company (what marketers call the "halo" effect).

Re:Trojans

[tomhudson]

Dumb fuck. In the real world, lowering the prices does not carry an automatic increase in the amount of sold products.

Really? Tell that to Henry Ford. He made cars that were affordable enough so that even his employees could buy them, and Ford became the #1 car manufacturer world-wide afterwards.

He was so successful that almost everyone else now uses his techniques. Why? Because you'll sell more cars at $10,000 than you will at $350,000 (or in the case of the Model T, less than $300 as opposed to several thousand the competition was charging).

Re:Trojans

[abertoll]

I don't know if we're on the same page or not, but I wouldn't feel guilty either from just downloading a cracked copy if I had bought the real thing. I guess I was thinking more along the lines of "you shouldn't share or crack software" because then you're allowing anyone who hasn't bought it to have it.

Re:Trojans

Has there been any evidence at all that the publishers of Unreal Tournament have formed a cartel industry, and are threatening independent publishers? You might get away with that argument against Microsoft, but I haven't heard a whisper about the game industry. Their business is much simpler; they realize there's a large population of upper-middle class teenagers that can beg their moms for $100 to buy the hip game of the week, and they set their price. If anyone else wants to create a better game, or a cheaper game, I don't think thugs with baseball bats are going to break their legs.

Re:Trojans

[gnu-generation-one]

"if I write a "Hello World" program and call it UT2004.exe"

then it'd run really fast on nVidia graphics cards, but only display "hel____rld"...

Re:Trojans

[BlueCup]

I agree with you, but I don't think Borland does anymore. There new BuilderX license requires people who buy the product to register at their website, and log in every 30 days to renew it. This review states the process, unfourtanetly I can't find a link to the actual license =(

Re:Trojans

[maximilln]

This AC is 100% perfectly correct. I cannot now nor could I ever prove beyond a reasonable doubt that media companies collaborate to inflate the cost of their products in the interest of funnelling the money to the top executives.

In fact, as long as no one within the collaborative monopoly ever admits to it, it could all just be coincidence that the automobile industry, the beer industry, the media industry, the pharmaceutical industry, the steel industry, the chemical industry, and the distributorship industry, the banking industry, and the insurance industry (among others) have all conveniently coalesced into three-to-five major organizations each which own controlling shares in even the tiniest local shops. Additionally, many of the biggest players in each of these industries have significant controlling personal shares in other major players in the other industries. It'd be nothing short of conspiracy paranoia to think that these people are leveraging their position for personal gain at the expense of the working class citizens.

Maybe it's the natural order of things, maybe it's greed, maybe it's the dominance of paper printed money, or maybe I'm just spot on when I say "This world sucks my left butt-cheek."

Re:Trojans

It depends on where you live, but in first world societies, we have laws regulating this sort of thing. The law is the foundation of society, and whether or not any given citizen agrees with any given law has no bearing on the validity of that law. Fairness doesn't even come into it, except to the extent that notions of fairness may shape the law. If you you think otherwise, you've been misled.

Besides which, it takes a lot of work by a lot of people (designers, programmers, artists, musicians) to produce a game, and most games only sell well for a relatively short period. A lot of games, in fact, lose money, and it's only the hits that even things out.

If the profits in the games industry were obscene, you might have a moral (but not legal) argument. However, this isn't so. EA's net profit, for example, is less than 20% of the value of the goods it sells, so there isn't a huge degree of elasticity to the price of its games.

Re:Trojans

[tomhudson]

Agreed. I no longer use Borland products, after a decade of thinking they were the GREATEST, having made the switch to Linux sometime after Delphi 3 (ooo - am I dating myself)

Re:Trojans

If you copy a game you would otherwise have bought, you are effectively stealing money (the price you would have paid for the game, had you not copied it) from the owners of that intellectual property (those who produced and distributed the game). The only significant difference is that the cost of producing intellectual property is almost entirely in the development phase, whilst most costs of producing physical property are typically in the production phase.

The notion of intellectual property is based on the notion of of copyright, which assumes such property can be owned. This is an artificial construct created by society, of course, but then again, so is the notion of physical property. In the absence of such artificial constructs, you would have no more 'right' to your physical property (against those able to take it by force) than to your intellectial property (against those able to copy it).

In countries where limited copying of some intellectual property is allowed by law, and funded via taxation of media (with proceeds going to the copyright holders), such copying is fine, and is certainly not theft: it's simply a redistribution technique, similar in many ways to, say, the use of tax proceeds from VAT on physical goods to improve the living standard of the poor. That, however, has no bearing on the fact that illegal acquisition of property owned by someone else (whether intellectual or physical) is theft.

The nature of property, intellectual or physical, isn't really significant, since both are essentially the result of investment of resources (land, labour, capital, management, etc.). Understanding this only requires the ability to see that what is being stolen is the value of the resources required to create the intellectual or physical property.

Re:Trojans

[Nakarti]

Illiterate Fool!

You: "Yes, your honor, I stole his car, but only after I found out he had a stolen bag of Cheetos in the trunk.."
Judge: "Case dismissed!"

Realistically:
"Well yes I slashed the tires, but only to keep him from getting any further with his stolen car!"

Re:Trojans

>>Just because it cost me $10 to make it and I'm >>selling it for $10,000 does not give anyone >>the right to steal it from me.

Oh but it does, it does give me the right to steal it. And that's exactly what I'm going to do :)

Re:Trojans

It's not lost income; there's no particular reason to believe any of the downloaders would have bought the game. It's simply a different set of people for that particular game. Indeed, those who want to buy games usually do. Excepting that set of people who download a game (frequently before it or a demo is commercially available) to check it out and then end up buying (often to get a multiplayer CD-key).

The "lost income" argument doesn't and never will fly. However, if you're arguing that it feels bad to the developer, you're right in many cases. Some I've talked to are much more interested in cracking down on pirates out of a sort of revenge or spite motive. Which is fine IMO, but still a misunderstanding. Though I noted that different people will buy a particular game than copy it, the overall group of gamers is roughly the same - some buy some games, some buy others, everyone downloads the majority of what they play. Most games aren't really much good, and people don't want to feel compelled to finish it if it's crap. Downloading is one way to feel ok about tossing it.

You'd be surprised how many people buy games after first downloading them. I know I frequently am.

As for the reverse case of downloading a crack after buying something (what you were actually talking about ;), people definitely do this. They also get me to crack things they've bought for them, since I have a knack for that. Copy-protection does no good whatsoever.

On a somewhat related note, the other day my sister rented a DVD to show at a party (Finding Nemo). She wanted to play it through her TV via the composite video out on her iBook, and in order to do this she needed to run it through her VCR (because that's where the only composite video input was). Naturally the Macrovision "protection" ruined the experience. My suggestion? Next time you want to show a movie to friends, download it instead of renting it. No protection, works better for everyone.

Same applies to software. Copy-protection doesn't help sales, it kills them. If you want to continue selling digital media in this day and age, the #1 concern is to make it easy and convenient for people. And that means you shouldn't view piracy as something to be stamped out, but as what it really is - the competition (in terms of distribution methods). It's free and reasonably convenient. If you want to compete with that and make a profit, you have to make things even easier for people. The thing they don't like parting with is time and stress, not money.

Regardless of what IP laws might make you believe, once something is published in this brave new world, you no longer effectively own it. What you can still control is distribution, and there are certainly ways to do that and make money. Get behind that and you can do very well. Cling to a dead model and you may not notice the figurative dino-killer asteroid hovering over your head until it's too late.

Re:Trojans

[plugger]

It should be called a Greek horse. The Greeks gave it to the Trojans, then utterly destroyed the whole city once they'd infiltrated. Civilised my arse!

Re:Trojans

[plugger]

Hmm, I'm not gonna get involved in the unauthorised copying debate, but according to amazon.co.uk, the UK Amazon price in pounds is:

RRP: 34.99
Our Price: 25.99
You Save: 9.00 (25%)

With an exchange rate of $1.82 to the pound, the US price would be just under 16.50UKP. So the consumer is being ripped, at least on this side of the pond (I assume it doesn't cost $10 per CD to ship them by the boxload).

Re:Trojans

Just mount it using Alcohol 120%. Er, hang on...

Re:Trojans

[plugger]

It's not a new problem either. Read back through this whole thread, most of these arguments have been bouncing back and forth since 8-bit tape copying.

Re:Trojans

before i got the freeweb site shut down i seen files such as notepad.exe and a few dll.exe files there as well. Heres a true story for you one time not to long ago i went to view a nda for a ebta i was in inside a zip file. I already had note pad open so i just browsed to the dir where i unzipped the zip to. There was 3 files a 2KB read me a nda of about the same size and the 500+ meg exe. This was on win2k pro (100% legit) i missclicked and tried opening the 500+meg exe in note pad notepad then crashed and got trashed totaly. I searched the net for about 10 minutes couldnt find a site that had notepad so said hell with this and fired up dc++ joined the windows files hub that was there at the time ran by me and some of my friends every file there was 100% legal files dlls exes and the like for windows sort of a dumping ground for replacement files. I knew it would be there so searched for notepad.exe and downloaded a new copy. Could i have got this file of my cd sure i could have but it would have taken me more than the 30 secounds it took for me to grab it from my dc ++ hub. Now i just got to wonder why it is that notepad.exe and those 3 dll.exes were on that list could it be people getting replacements for files that got corupted some how or updated dlls for what ever reason?

Ill tell you what these guys were about and thats one thing and one thing only and that was to compile a list of easly exploitable ip addys why search through 1000 ips to find 10 systems easy to take over when you can search through a 1000 and get 100 new zombies to launch a dos attack against some one who pissed you off in your fav irc warez dump....
PS at least to anti virus programs are now detecting this trojan as Trojan.Win32.DusBunn f secure and kapersky probly others as well.

Re:Trojans

If you copy a game you would otherwise have bought, you are effectively stealing money

But this is difficult or impossible to prove - whether one would otherwise have bought it. And regardless of whether you think it's "effectively stealing", it isn't stealing, because it's copyright infringement. The reason it's not stealing is simply that the owner can still sell the product. If I built a matter duplication device that could perfectly copy a bicycle from raw materials I provide, should it be illegal to take it into the store?

Sure, it sucks to see one's hard work not being paid for when you expected it would be. But what's not being satisfied is simply that expectation, not some pre-existing contract. I'm not obligated to fund your development effort just because you spent time and money on it. And if I make a free copy at no cost to you, without any real proof that I would ever have paid for if I couldn't copy it, financial harm is very difficult to demonstrate.

The expectation that a musician, filmmaker, or software developer ought to be supported in their efforts whether or not the business model makes sense is what's awry. People want to be treated like artists, but they don't want to starve - which is what artists have perennially done. Come up with some service you can offer - convenience, live support, whatever - and you can make a buck doing just about anything. Just developing a game and vainly trying to control the distribution won't do it any more, so come up with something that works.

If you can't make money doing something, it's because it's not really of value in the world, at least not the way you're offering it. It's as simple as that. The creativity and drive to produce content is endless in human beings. The organisation to provide really good service is what's rare, and worth paying for.

Re:Trojans

[SmittyTheBold]

Just the same, you'll find many many copies of cracks online that are NOT the full game. There's almost always a couple-meg file that's just the .NFO file and the cracked game .exe. I make it a habit to download the crack as soon as I install any purchased game - I *hate* having to put in a CD just to play. Hence places like GameCopyWorld and the like.

Re:Trojans

[SageMusings]

Actually, I think this is clever

I think it's nothing more than a crime. Let's say I want to gather data about where people go for pr0n and how often they do it. To effect my research, I too, develop a trojan that reports your behavior back to me. How is this different from spyware? How would you feel if this software made it on to your system?

Who am I to make such decisions about your system and privacy?

Re:Trojans

[f0rt0r]

And you know this how? Answer: You don't. It's entirely possible to download a keygen/serial/etc. without having the associated program in your possession. If you doubt this, just give me access to your hard drive, tell me a program that you do not have, then tell me where to download a keygen for that program from, and I will transfer it to your hard drive. La voila, keygen but no program!

Re:Trojans

[Spiked_Three]

"Stealing requires the PHYSICAL depriving of the object in question"
So, if you came up with a brillant idea, that eventually made a billion dollars, but i heard about and did it first, and it was I who made the millions, ou would agree I didn't steal the idea, since its not physical?

Re:Trojans

[Mia'cova]

Don't download cracked games, download cracks for your games. Sites like game copy world exist for this purpose. Obviously the name is questionable but there's nothing clearly illegal about what they do. Or perhaps the DMCA in the states makes it illegal for circumventing copyright protection? I don't know US law very well at all; I live in Canada :).

But in this particular case with Epic, I know they're not big fans of annoying copy protection. Like any group of normal people, they understand that annoyances suck.

They've historically been forced into copy-protection schemes by publishers. Before Unreal 1, Tim Sweeney said there would be no copy protection because they trust their customers. GT quickly had a talk and reversed that statement. I also distinctly remember Tim saying that using cracks for UT were not illegal in a discussion about the annoyances of cdkey checks. Also keep in mind Epic has removed the cd check in patches after a while in both UT and UT2003.

I'd imagine they support cd-key protection these days though. Keys aren't very intrusive and make for a very strong anti-piracy feature.

I also like how these keys can be used to perma-ban users. It makes me feel all warm and fuzzy every time I hear about a cheater being banned from online play. It's great!

Re:Trojans

Right, you can't steal what isn't there - legally at least. In fact if the idea creator didn't patent it, you'd be in the clear - especially if you patented it instead (worked for Edison).

If they did patent it then you'd presumably be infringing on their patent and so liable, but you still wouldn't be "stealing" or "a thief". You'd just be guilty of patent infringement. Same applies to copyright, or trademarks - all of so-called "intellectual property".

Copyright infringement might be immoral and is often legal, but it's never stealing. Otherwise you wouldn't be able to distinguish between someone downloading a CD and five-fingering it from a store. Obviously that's a useful distinction, and one worth preserving.

Re:Trojans

[kenthorvath]

Not every meaning of the word "crack" implies something nefarious. And again, perhaps the company released the key generator or a patch to remove copy protection ala Bioware as per Neverwinter Nights in responce to customer dissatisfaction with the copy protection.

Re:Trojans

[Lord+Kano]

The only thing the program does is send a network message, it doesn't actually modify data on the computer other than itself.

To send that information without permission of the user does in fact modify information. Ram, Registers, the TCI/IP stack.

I have mixed feelings about this. I support it when people use civil disobedience to advance a cause but this is something else entirely.

They're installing malicious code on people's machines without their permission. That isn't cool.

I think that child molestors are the lowest form of life on the planet, but I can't agree with vigilantes breaking into people's houses and spying just because THEY THINK that those people are molesting their children.

LK

Re:Trojans

[Spiked_Three]

well again, thats like saying cause of death was his heart stopped and not the bullet that went through it. It may not be stealing by a legal definition, but it certainly is by any moral definition. I suspect that even if you look at the legal definition you will come across a phrase such as 'preventing intellectual/artistic theft'. So theft may be a presumed clause.
reminds me of the 'right to live' v 'pro-choice' labels - you are just picking words that sound beter.
In the words of a previous post, repeat after me 'taking anything physical or not, that was intended to be bought, without paying for it is THEFT'.

Re:Trojans

You guys are a bunch of hypocrites.

Illegally duplicating and distributing copyrighted software is ok, but someone chastising thieves for their illicit behavior are "criminals"?

Talk about Orwellian double-speak. Jesus.

Re:Trojans

[SeaFox]

Would it be fraud if software companies put up files of crap that mimic their own titles, in an attempt to put people off p2p? No, the RIAA already does this with p2p networks. They flood the services with songs that are nothing more than the chorus or first verse looped a half dozen times. There was an issue of Wired last year talking about the end of the Music Industry (as we know it) and this was mentioned as one way they fight piracy.

Re:Trojans

[thegameiam]

What meanings of the word "crack" are legitimate? I suspect that any company removing copy protection itself would label it a "fix" or "upgrade," rather than a "crack." Again, the plain meaning here is that people were attempting to download something which they knew was not legit. That reduces my sympathy for them a great deal.

Re:Trojans

I don't understand how your comment made it to +5. All the arguments you make are silly.

Please refrain from commenting on a persons MOD level.
As I post this your post is Mod +5 and his is Mod +3... and most likely dropping.
You knew something... quite a bit of something.. The mods don't. Now they do thanks to your enlightenment.

See how that works?

Re:Trojans

[tomhudson]

Legally speaking (and that's all we can speak of in cases of law), copyright infringement is not theft. Even the RIAA and MPAA agree to this when they file their lawsuits. They don't file theft charges. Ask yourself why.

Re:Trojans

B) Cracks aren't necessarily illegal.

Funny, I thought the point of cracks was running software you didn't pay for.

Re:Trojans

damn. I should have had that kid arrested when he sold me oregano and told me it was chronic!

Re:Trojans

[Spoing]

The previous AC is right; sometimes a decrease in price reduces sales, other times it does nothing to sales, while I agree that most of the time it does increase sales...though not necessarily leading to more overall profit ("Sure we loose $10 per Widget, but we'll make it up in volume!").

Re:Trojans

[tomhudson]

Actually, the "Sure we lose $10 per widget, but we'll make it up in volume", if done right, is the only viable business model (not the dot-com-con style model - hear me out).

No business can be profitable right out of the box.

In a free economy, the "low-hinging fruit", the easily made, high-profit money, is quickly snapped up and then commoditized, which turns it into a low-profit item. You have to make it up in volume, or die.

A simple example is writing code. If you charge $10,000.00 per hour to write code, you won't get any work, and you'll be losing money. Lower your price and make it up in volume is the only business model that will work.

Unfortunately, the dot-cons took this to the extreme, thinking only of exit strategies, not building a viable business :-)

Re:Trojans

[falsified]

Compromise? Huh? It doesn't do anything to the computer. It phones home but so do most other programs these days, to check for a new version.

Re:Trojans

[falsified]

What does all the shit mean at the beginning of your post? I see quite a few people prefacing their posts with what looks like a series of acronyms for manufacturing companies with no apparent reference to said acronyms in the human language part of their post; this list usually has these three in it. Thanks.

Re:Trojans

[Dave2+Wickham]

I Have Been Trolled, I Have Lost, I Will Try To Have A Nice Day

(As opposed to the typical troll response of "YHBT, YHL, HAND")

Well, their server *did* update in realtime...

[purduephotog]

... until about 30 seconds ago. Now it just sorta smokes.

I guess what they say about examining the hex code for any file you download to look for suspicious strings seems really valid now.

And if you don't see any, run an unpacker and see if there is anything embeded.

Of course, you could just avoid running software someone else gives you....

Re:Well, their server *did* update in realtime...

And if you don't see any, run an unpacker and see if there is anything embeded.

Or simply use a firewall.

Re:Well, their server *did* update in realtime...

[flimnap]

Their results page simply lists the following info--

Average time wasted: 12.888078236572 Seconds
Total time: 1383.75 Minutes
Hours: 23.0625 Hours
Operating for: 928.40555555556 Hours

Then there's a big table full of entries like this (reformatted to make it easier to view here)--

ID: 6442
PID: 3578
FPID: 1
Date: Mar 19 2004 07:42:53AM
IP: xxx.xxx.xxx.xxx (Well really, let's not pick on one person ;)
Location: Germany
Run time: 17
Filename: Unreal Tournament 2004 ALL VERSIONS KeyGen Crack (1).exe

The site continues in that vein for some time... fascinating stuff.

My thoughts: Software piracy is bad, m'kay, but two wrongs don't make a right!

Re:Well, their server *did* update in realtime...

[r00zky]

Actually some of their logs are truly inspiring:

Mar 18 2004 10:01:42PM
192.168.1.1
DustBunny.exe

All that 192.168.x.x are a bunch of pirates! All to jail!!

This one is better:

Mar 18 2004 02:17:01PM
xxx.xxx.xxx.xxx
United States
malware.exe

Only in the US can someone run a file called malware.exe downloaded from a p2p network *sigh*

Re:Well, their server *did* update in realtime...

Sometimes I download cracks for software I own because I lost the CD case. I'm sure I'm not the only one.

Re:Well, their server *did* update in realtime...

[LilMikey]

While not 'cracks' per-se I download no-cd patches quite often. It's the only way you can get some games to play under Wine.

Re:Well, their server *did* update in realtime...

[AndroidCat]

I bet if they described it as "HARD DRIVE ERASER", people would still download it, run it, and click through every warning that said "Holy Shit. This will wipe your drive!". Would they sue when it only logged their IP address?

Since some of the current "viruses" involve opening a passworded zip attachment, typing in the password, running the executable, there are obviously no limits to human stupidity.

Re:Well, their server *did* update in realtime...

[Pyrosz]

Filename: Unreal Tournament 2004 ALL VERSIONS KeyGen Crack (1).exe

Interesting as this is and that it is a KeyGen (heh, or not:), I use many CD Cracks so I don't have to keep the damn CD's in the drive as I play many games. I don't pirate anything and yet something like this could make you look like a pirate. Thankfully I firewall everything off and look at anything outgoing. I hope these guys get whats coming to them as what they did is no better than the pirates in my eyes.

Re:Well, their server *did* update in realtime...

Wait a second. If I see a file named DustBunny.exe, how am I supposed to know whether it's legal to run it or not? I don't even know what the heck it is. Of course that means I would be stupid to use it, but how am I supposed to know whether it's legal to run it or not? After all, P2P is not inherently illegal. I could distribute my own programs on it if I wanted.

There's no question in my mind now. These people are malicious, not benevolent. Take them to court, and demonstrate how justice really works.

Re:Well, their server *did* update in realtime...

[Slappy00]

Software piracy is bad, m'kay, but two wrongs don't make a right! But two lefts do! Bada-bing, thank you thank you, try the steak and dont forget to tip your waitress.

Re:Well, their server *did* update in realtime...

That's "three lefts". Duh.

Re:Well, their server *did* update in realtime...

You do know that was their test program don't you? Probably downloaded from a tester.

Obligatory /. effect comment

[tweakt]

"...and they have a website that updates in real time whever someone executes it."

Yeah, not for long...

Re:Obligatory /. effect comment

[frs_rbl]

A mirror here

Re:Obligatory /. effect comment

You mean here: Greedy Bastards!

Re:Obligatory /. effect comment

[stevenp]

The mirror also seems to smoke slowly in peace ...

which crime?

[slavemowgli]

Out of curiosity, which crime would they be committing?

Re:which crime?

Out of curiosity, which crime would they be committing?

The same crime we commit every night, Pinky...

TRYING TO TAKE OVER THE WORLD!

Re:which crime?

For the same crimes virus creators are jailed.

Re:which crime?

[slavemowgli]

Namely? Sorry, I'm genuinely ignorant. :)

Re:which crime?

which crime would they be committing?

Electronic trespassing. Making use of system resources that are not theirs. Stealing electricity, hard drive, memory space and performing unauthorised network communications. Crackers have been put in jail for much, much less than the above.

If they were disguised as codes for games like Unreal Tournament 2004 - I also imagine Epic games would have something to say about them:

(1) Distributing what is effectively a virus using the Unreal name.
(2) Taking the law into their own hands without the permission of the copyright holders.

Only the copyright holder can determine 100% if distributing such codes are illegal. There are circumstances where wanting a new code is legitimate (loss of the manual, living in a country where the game is not available at retail). However, I'm fairly sure that Epic has the ability to remotely de-activate codes that were being illegally distributed (with the game validating your code with a central server before you're allowed to play online) - they already have a system in place for dealing with people spreading codes.

Doubtless Epic wouldn't want to piss off potential customers by having a virus associated with them. And you bet your bottom dollar that the cracking groups are going to attempt to fight back and double their efforts to produce working codes now (if they've not done so already).

Re: which crime?

[Black+Parrot]

> > Out of curiosity, which crime would they be committing?

> The same crime we commit every night, Pinky...

I worry about a guy who talks to his pinkie.

Re:which crime?

[mattgreen]

So because people executed a program that was mislabeled, it is now electronic trespassing?

Give me a break.

Re:which crime?

[4of12]

Electronic trespassing. Making use of system resources that are not theirs. Stealing electricity, hard drive, memory space and performing unauthorised network communications. Crackers have been put in jail for much, much less than the above.

Fair enough.

Now if only adware/spyware were vigorously prosecuted for similar masquerading, consuming computer resources.

It's weird that unauthorized use of a microdollar of electricity would be the basis of prosecution, while the privacy invasion of phoning home to the mother ship - which I would consider a much more serious offense - is not.

It's kind of like getting Al Capone for income tax evasion instead of the real crimes.

Perhaps more such software with "auto-update" features will come under closer scrutiny as an unauthorized wiretap, click-through "user consent" notwithstanding. There is certainly the potential for widespread compromise of private information.

Re:which crime?

[ebuck]

When citizens are simply passing info along to authorities, then they are probably doing a civic duty.

However, when groups band together to promote their particula agenda, they'll often do their best to defame, embarrass, harass, and punish their transgressors. This is done without any due process because they don't have guidlines imposed upon them. If you try to defend yourself against this kind of defamation, it cements the group's belief that they got it right (or why would you be so upset?)

To borrow from a passage at http://web.mit.edu/gtmarx/www/candcomentary.html

"Let me next turn to five areas that I hope future research can address. These are
1) a possible increase in individually aggressive and passive anticrime actions;
(2) the privatization of government services;
(3) t he spread of access and location control strategies and the changing nature of public-private space;
(4) racial and ethnic conflict; and
(5) a society of informers."

None of which are terribly appealing, but likely should groups of people take this "vigilante policing" too far.

Re: which crime?

How Spielbergian.

Re:which crime?

[micromoog]

So because people executed a program that was mislabeled, it is now electronic trespassing?

"Mislabeled" is not the same as "intentionally falsely labeled".

Re:which crime?

[LiquidCoooled]

I'm still waiting to see Anna Kournikovas boobies you insensitive clod!

Anyone know why my computer is running really slowly?

Re:which crime?

[gr8_phk]

"The EFF says the vigilantes may be committing a crime."

They should have formed a corporation for this activity, then there would be no danger of imprisonment. As it stands they may be alright because they are doing it in the name of copyright protection. No one (in power) would want to prosecute someone for such practices.

Re:which crime?

If the filename is simply "unreal-foo-bar-...", and the binary itself has nothing to do with the game, Epic will have a problem claiming much. The filename "unreal-tournament-2004-..." might be easier for them, but not by much.

The illegalities mentioned in the rest of your (good) post could be bypassed by using a sufficiently vague click-through license, right? Just how spyware does it... And, the article aside, I certainly don't know that there are strong laws in existence about what rights-to-execute one maintains against code which they download. No one seems to mention them.

Re:which crime?

Electronic trespassing. Making use of system resources that are not theirs.

What if you go to a website that's 500k in size for the front page? Isn't that the same sort of thing?

Stealing electricity,

Maybe, but see previous point.

Stealing hard drive space

People choose to copy it to their hard drive, and can delete it. This cannot count as theft.

Stealing memory space

Stealing memory space??? When it stops running, the memory is returned. Borrowing isn't the same as stealing.

...and performing unauthorised network communications.

Maybe. But if you go onto a site with a tracking cookie, that's the same thing as is happening here. You can block cookies, and could have probably blocked the network access in this program with a firewall. This has to be the responsibility of the user here.

Re:which crime?

[Cthefuture]

Besides the "compromising other systems" thing there is another issue.

You can't distribute or appear to be distributing copyrighted works (like Unreal Tournament). Even if what they give you is not the real thing they might still be punished under law (at least in the US).

It's the same thing as selling sugar as "cocain" in little baggies on the street. You'll still get arrested for selling drugs.

Re:which crime?

[Tony+Hoyle]

Writing a trojan, hacking, illegal modification of data, illegal retention/use of personal data, fraud ...

The US doesn't seem to have any legislation about the first 4 (presumably to protect the corporations who like to write spyware & crapware) but it definately has for the last one.

The offer's on the table - if your laws aren't up to it we'll extradite them and nail their asses to the wall over here...

Re:which crime?

[dheltzel]

However, I'm fairly sure that Epic has the ability to remotely de-activate codes that were being illegally distributed (with the game validating your code with a central server before you're allowed to play online) - they already have a system in place for dealing with people spreading codes.

Interesting.
Combine that with the recent report of a trojan that harvests codes from infected machines and you have a recipe for creating a new sort of havoc. If the trojan harvested codes are published in such a way that they get disabled, you'd have a sort of DDOS against a game company. It could overhelm their ability to sort out which users were legit, and piss off a lot of legit users at the same time. If you get enough personal info, you might even attack specific people to get them banned from the game for "sharing" their code if they do something you don't like.

Re:which crime?

[Naffer]

Copyright infrindgment? By they way, I've got another IP address to add to that list, Here goes:

Naffer
127.0.0.1

Re:which crime?

[Have+Blue]

Doubtless Epic wouldn't want to piss off potential customers by having a virus associated with them.

I don't think anyone downloading this program is a potential paying customer. Unless you mean the 5 or 6 people who honestly do use warez to evaluate programs and buy them if they like them.

Re:which crime?

[JDevers]

I use CD cracks all the time for playing games I OWN. Specifically I do this so I can play games under Wine (looks like I won't have to do this for much longer though!!!yipppeee).

Re:which crime?

[j-turkey]

So because people executed a program that was mislabeled, it is now electronic trespassing?

Is this a troll? If so, I guess that I'm biting hook, line, and sinker.

It's electronic tresspassing because the authors are intentionally misrepresenting the downloaded application. This is absolutely no different from a trojan horse. It is a case of fraudulently conveying a malicous application as something benign. The application accesses system resources (hard disk, cpu, memory) as well as network resources without any authorization. It's different from typical spyware, since spyware has an EULA, which informs you of the application's intentions -- which the user must explicitly agree to.

This couldn't be a clearer case of electronic tresspassing -- there are dozens of kids spending hard time in jail for far less malicous actions than these (which have been considered "electronic trespassing". I fail to understand why you can't differentiate between this and any other trojan.

Are you suggesting that this type of vigilantism is acceptable? Do you believe that in this case, the coders' ends justify their means? IMO, it's as just as irresponsible as any other malware...in some cases, moreso.

Re:which crime?

[krgallagher]

"(1) Distributing what is effectively a virus using the Unreal name. "

Can't call it a Virus. It does not self replicate. Someone has to make a copy of it manually.

Re:which crime?

[hol]

Uh, two wrongs don't make a right, but here's the way the court will likely deal with you:

1. You intended to break the law.
2. You received harm in the process.
3. Court declines judgement in your favor.

In any civilized society it stems to reason that once you decide to violate the laws of that society the people who protect the lawful citizens will protect you less. After all, harm came to you because you chose to break the law in the first place. This is called the 'social contract.' It's just unfortunate most of us are asleep in high school when this is taught.

Case in point: Drunk driving

You get in the car drunk, you drive, and have an accident. How mad are you that your insurance is not valid? I for one would object to you claiming the insurance company is violating the terms of their contract with you. I would rather that you assume the cost of violating the law and not make my insurance rates go up.

In some countries there is zero tolerance - you may drive up to a certain limit (read: the police have no right to stop you from driving unless there is evidence to the contrary), but take the risk that if you're involved in an accident you will be guilty of drunk driving (it's evidence to the contrary).

OK, ok, in Canada some burglar sued a homeowner because the guy fell through an improperly marked (from the roof, that is) skylight, and won. So sad, I guess we cannot protect everyone from themselves.

Even worse, you assume that:

• they are doing something bad to your computer.
  They in fact, do exactly the same that MSIM, a number of DLL's delivered with your P2P client, and other software does. Better than the spyware programs, they do not collect stuff about your indiviual habits. No trojan, no spyware, just studying the network seeing how this propagates.
  
• They indend to enforce copyright holders' rights or something
  
• That there is no 'will' involved by the end user executing the program when they double-click on what they have downloaded, twice (once to open the zip, once to execute).
  
• That Epic would actually care about the feelings of people stealing from them.
  

Re:which crime?

[j-turkey]

They should have formed a corporation for this activity, then there would be no danger of imprisonment.

This is untrue, and is seems to me like it's a loaded statement. Otherwise, Elliott Spitzer has just been blowing smoke for the past few years. It also means that the FTC and SEC have no power. People are in jail right now for their part in the illegal actions of their company. While certain folks have gotten away with certain shenanigans in the past, this is simply untrue today. Haven't you been keeping up with the news? It's been creported on pretty widely ever since the Enron bankrupcy. Elliott Spitzer has been all over it since before then (since the fall of the dot-com's) for shady practices in the investment banking industry.

As it stands they may be alright because they are doing it in the name of copyright protection. No one (in power) would want to prosecute someone for such practices.

Yeah, this is indicative of the "I'm powerless against the megacorporation" mentality. Fortunately, individuals still have certain protections in the US. Illegal is still illegal -- no matter who you are...regardless of how powerless you may feel.

Re:which crime?

Electronic trespassing.

What, exactly, do you mean by that? How, exactly, are they trespassing?

Re:which crime?

[gr8_phk]

"Fortunately, individuals still have certain protections in the US. Illegal is still illegal -- no matter who you are...regardless of how powerless you may feel."

Ya, Spybot search and destroy. That's how the people protect themselves from spyware which in many many cases is illegal. Slip one of those data gathering goodies onto a corporate PC and sneak a few packets to your home. You'll go to jail for something corporations do to individuals on a daily basis.

Re:which crime?

[j-turkey]

You'll go to jail for something corporations do to individuals on a daily basis.

Interestingly enough, I deal with this somewhat regularly. First, remember that all legal spyware comes with an EULA. I agree 100% that these are totally shady, however, the EULA's will always state what the application will do. It's there, and if you have an attourney or are way smarter than I am, you might be able to understand what they declare. Slipping something like this that you cook up on your own onto a corporate network (without an EULA) is different -- it becomes a trojan. If you're an employee, it violates company policy and are subject to termination and prosecution. If you are not an employee and break into the network (physically or otherwise), you've committed another crime altogether, and this is on top of stealing company resources.

If you did the same thing in someone's home, you're guilty of the same crime. However, here's where the enforcement paths tend to diverge (between personal and business). In the case of breaking into a company -- if they can show the FBI that you've caused a certain amount of damage, the FBI will get involved. It's much more difficult to prove that this is going on if you've cracked someone's home computer, since it's hard to prove that you've lost $5000 in human-hours, cash, assets, or whatever -- generally, the ISP will have to contact the authorities to prove this on a systemic network level (if you want the feds involved). It's the same crime, however...but again, spyware is different from a trojan only in that it includes an EULA.

I personally do not believe that Spyware should be treated any differently just because of an EULA (that nobody ever reads). It's just the way it is, but not the way it should be. To compare the two -- companies always report how much money was lost due to a virus/worm. Those numbers are typically bullshit, becuase they count every hour employees spent with their thumbs up their butts because they couldn't find an alternative way to get their work done, as well as IT troubleshooting hours. Where I work, my group spends more time dealing with spyware/adware removal than we ever have with viruses/worms -- even the worst outbreaks, including any mail server downtime associated with it. It's a huge problem, and I'm not discounting it -- but in the above, I'm only talking about the law as it is today.

Re:which crime?

i'd say they are illegally collecting information from people to use for personal gain, just as spammers collect and use information for personal gain but in a different way.

if it was truely a research experiment, i don't think they would have gone public in such a manner, nor would they taint their future results in such a way. they have effectively ruined their "research".

perhaps they are trying to gain employment by companies with anti-piracy interests, or personal temporary fame, which they have already received.

under us law, isn't it legal for companies to break into the computers suspected of containing pirated software, to forcefully remove it, now?

recently i have heard the same type of thing happening in europe; with companies given the right to legally physically raid owners suspected of having pirated media.

how handy to have a list of ip address of unconfirmed suspects. it doesn't matter if the results were obtained through deception, they will be trusted.

imho, these "vigilantes" are idiots. they should and could go to jail under the vague us computer crime laws. it'll be interesting to see what happens, and see how us law works in the interests of large corporations rather then the privacy of the individual citizens the laws are put in place to protect.

perhaps someone will post their personal information to a website, so they will have a better understanding of the importance of personal privacy.

Re:which crime?

[mattgreen]

I asked a question. I didn't imply anything whatsoever. It just doesn't seem like a trojan to me - why do people think anything they download on P2P has to be the legitimate, real thing? That comes with the territory.

Re:which crime?

[j-turkey]

Yah, it was the "Give me a break." that made it seem like you were implying something. However, I'm fairly certain that there is some illegality to intentionally spreading trojans (and, believe it or not, this is a trojan) via any medium.

Re:which crime?

Ok, someone gives you a non-alcohol beverage but tells you it has alcohol. After drinking you get in your car and they run up and take your keys. Then they post your name, license number and home address in the newspaper stating that you are a drunk driver. The people that downloaded this program are not pirates, the code they downloaded did not have a copywrite. Just because they thought they were downloading unreal 2004 does not make them pirates, they would have to download the actual code that has a copywrite to do that.

Re:which crime?

[thegameiam]

I'm not sure about that -

If I sell a white powder labeled "cocain", and when people open it, the powder disintegrates, and they're left with a note which says "don't do drugs" I think that the local authorities would be pretty thrilled, no?

Re:which crime?

No. Give it a try and let us know.

Get a good lawyer beforehand.

Re:which crime?

Worms self-replicate. Crawl back into your hole now.

Re:which crime?

[Reziac]

Serious question: would Epic have a case against them for "making our name look bad", whatever that would be called in court... ?? After all, Epic's name got used without their permission, with intent to deceive users into thinking that's what they were running.

Re:which crime?

[PsiPsiStar]

If you have something that can be used to hurt people, you're required to go so far as to take reasonable steps to prevent it's unauthorized use. The legal term is an 'attractive nusiance.' (Think of putting a fence around the pool in your back yard). Otherwise, you're liable for damage done. The question is whether this applies to software and whether there was 'harm' done. A litigant would have to prove each. IANAL.

What do you mean maybe?

[AltGrendel]

They are committing a crime.

Heresay and Slander

[PeeAitchPee]

Who's to say these guys aren't mixing in IPs of people, who, for example, might have flamed them on message boards? I'm sure their end game is to get a job offer from the RIAA and MPAA . . .

Re:Heresay and Slander

[Leffe]

Who's to say that their information is worth anything at all... It's completely useless.

Where's the Mac version???

[Mononoke]

Once again, Mac users are left out of all the fun.

Dang it!

Re:Where's the Mac version???

[byolinux]

Okay, don't tell anyone, but you can download the source code to a large part of OS X, over here

Re:Where's the Mac version???

Well gee, since nobody uses those pieces of crap, why would anyone bother. What, they'll infect 10 people?

Re:Where's the Mac version???

[thestarz]

Don't feel too bad, Linux users are left out to. Maybe it'll run under wine?

Re:Where's the Mac version???

this is what happens to all insignificant persons/groups

Re:Where's the Mac version???

I'll write a version - it'll let you input any set of software that you want to be "caught" with, so that you too can be listed on their server as running a pirated version of Windows XP and UT2004 for XP on your Mac. Thankfully, their protocol is dirt simple, and it's easy to stock their server with all sorts of interesting stuff.

Re:Where's the Mac version???

[npsimons]

Once again, Mac users are left out of all the fun.

Not to mention the Linux version. Hmm, maybe now's the time to make a sympathetic version, like the sympathetic UNIX virus?

Re:Where's the Mac version???

[f0rt0r]

I am still setting up the spyware port project on sourceforge, I'll email you when it is up!

Of course it's a crime!

[graveyardduckx]

Isn't that fraud or false advertising? And aren't they encouraging piracy in a way by making more hits come up everytime someone searches for a particular app? On a related note, isn't it illegal to sell grass to someone while saying it's marijuana? Aren't the penalties the same? Why should this be any different. Charge them with piracy, slander for posting your IP, and being sleazy bastards for beating MS/SCO to this idea.

Re:Of course it's a crime!

[DrSkwid]

On a related note, isn't it illegal to sell grass to someone while saying it's marijuana?

yeah, it's intent to supply, no controlled susbtances required.

Re:Of course it's a crime!

[hesiod]

> yeah, it's intent to supply

While you may be legally correct, that's pretty stupid. If I know it's not pot, I'm not intending to sell pot. I'm intending to fuck this guy over. If some kid asked me for alcohol & I gave him orange juice, telling him it's a screwdriver, can I be arrested for "Contributing to the Delinquency of a Minor?" Of course not, but since MJ is "evil," it is given completely different rules. Stupid.

Re:Of course it's a crime!

[plugger]

Would that only apply if the seller thought that it actually was marijuana? If they knew it wasn't, then they didn't intend to supply. Since an illegal contract is not enforcable, would they be guilty of fraud?

Re:Of course it's a crime!

[Tsu+Dho+Nimh]

On a related note, isn't it illegal to sell grass to someone while saying it's marijuana?

Yes, in AZ it is illegal to sell not only illegal substances, but things you claim are illegal. Much to the chagrin of some "drug dealers" who thought they were safely ripping off some teenagers (who could hardly complain they were defrauded in a drug deal), they got hit with the same penalties as if the stuff had been real.

Re:Of course it's a crime!

False advertising? Then everyone who spreads it is guilty of the same thing.

And posting your IP? Where do the do that? The site's gone tits up at the moment so I can't see that. The report just says a unique ID is sent back for tracking. If they don't post personally identifiable information then I can't see it could be classed as slander.

...and piracy? When did they do that? Maybe they're guilty of encouraging people to commit a crime (copyright infringement), but that's about all. Apart from being guilty of hacking that is.

Re:Of course it's a crime!

>Isn't that fraud or false advertising?

Not unless there's money involved. If these folks had been selling CDs claiming they were copies of UT2004, then yes, it would have been fraud.

Re:Of course it's a crime!

[flewp]

Okay, sort of off topic, but what if you asked if they wanted to buy some grass (as in slang for weed), and then you sold them real grass? Is that still illegal? Technically you offered to sell them grass, and you did.

Re:Of course it's a crime!

"On a related note, isn't it illegal to sell grass to someone while saying it's marijuana?"

Every bit as illegal as actually selling it.
Selling a dropper bottle of pure water is just as illegal as a vial of acid, if you represent the water to be acid.

Re:Of course it's a crime!

[Tony+Hoyle]

Hmm that's not illegal here... it's well known that when the new students arrive every year some jokers sell them 'grass' and make a nice income from it.

They're not actually claiming it's illegal, though... Saying 'Wanna buy some grass?' when the stuff you're selling really *is* grass isn't even fraud...

Re:Of course it's a crime!

[Civil_Disobedient]

If some kid asked me for alcohol & I gave him orange juice, telling him it's a screwdriver, can I be arrested for "Contributing to the Delinquency of a Minor?

Your analogy is flawed, and is perhaps the reason you don't see anything wrong with what they did. Let's rephrase that statement and see what you think:

"If some kid asked me for alocohol & I have him antifreeze, telling him it's really hard vodka, can I be arrested for "Contributing to the Delinquency of a Minor?" Of course not. But you can be arrested for Endangering a Minor.

Re:Of course it's a crime!

[DrSkwid]

hmm, tricky

These things (in the UK) are ususally decided by the 'reasonable person' test : i.e. what would a reasonable person think was happening.

Re:Of course it's a crime!

[hesiod]

> If some kid asked me for alocohol & I have him antifreeze

Then I was putting his life at risk. Smoking blades of grass, while not healthy or even slightly enjoyable (I assume), does not put him at risk of becoming dead.

Re:Of course it's a crime!

[Civil_Disobedient]

Then I was putting his life at risk

The point is that you equate someone being hacked, which is a manevolent activity, with a kid being tricked for his own good, which is benevolent or at the very least indifferent.

Re:Of course it's a crime!

[hesiod]

> The point is that you equate someone being hacked,

What the hell are you talking about? Go back and read through the thread. Nothing I said has any relation to the software in question. This was a completely offtopic thread about marijuana.

Even if it WERE on-topic, this software doesn't "hack" anything at all. It's a information-gathering trojan.

Just wait.

[Moryath]

It'll be about two more days now till someone alters the code and delivers a REAL malicious payload through the damn program.

Re:Just wait.

[clifgriffin]

If the program is altered, it deltes itself.

Re:Just wait.

[platipusrc]

but what if the program is altered to not delete itself?

Re:Just wait.

[malraid]

and we can call that .... a VIRUS !!!
Ohh the novelty....

Re:Just wait.

[mpe]

It'll be about two more days now till someone alters the code and delivers a REAL malicious payload through the damn program.

It could happen a lot quicker. Or some other "black hats" will hack their program and change who it "phones home" to and what data it sends.

Re:Just wait.

[flewp]

You know, I'm starting to notice that he isn't answering some of the more important questions that have been asked, and he seems to be reitirating a lot of the same stuff. I hope he's either away from his computer, busy with work, or has some good excuse not to be answering all these questions that he so far seems to be avoiding.

Me thinks he's in over his head.

Re:Just wait.

[MarkGriz]

And BFD. This isn't some revolutionary new technology. Any halfwit could write a program to perform "Format c:" and name it "UT2004 keygen.exe"

While I don't necessarily agree with what these guys have done, don't pretend their work is some kind of helping hand for the "real hackers"

Re:Just wait.

[strike2867]

He's not away. He is here look at his post times. He only answers obvious questions. After a bit of argument it is found that he is a complete dumb ass when it comes to laws and privacy. Just like most geeks, he can write a program, but when it comes to other issues he just doesnt understand he just ignores them.

Re:Just wait.

[gnu-generation-one]

"It'll be about two more days now till someone alters the code and delivers a REAL malicious payload through the damn program."

Labelling the malicious payload as "a program to automate sending trojans to P2P users" might help it reach the right target...

To me this seems basic...

[mobiux]

They say they are tracking software pirates.
But realy pirates don't use p2p apps for warez.
That's kiddie crap.
More like they are tracking 14 year old's with a cable modem.

try IRC, now if they could track that, it'd probably blow their minds.

Re:To me this seems basic...

[Leffe]

Um... with a clientside virus, what would stop them from tracking it? (and probably irc client independant as they can just read the IRC(and whatever else you use) protocol data directly)

Evil crackers like these criminals are no less clever than the rest of us, they just put their cleverness into more questionable things ;)

Oh, and a question about IRC to anyone: The '/me' command, aka special CTCP action thingy... why does it use CTCP!?!?!?

Re:To me this seems basic...

[DrSkwid]

they just put their cleverness into more questionable things ;)

like this : independent

The '/me' command, aka special CTCP action thingy... why does it use CTCP!?!?!?

because CTCP uses in band signalling that something special is happening /me is not part of the irc protocol and therefore is considered 'something special'

CTCP uses ^A or chr(1)
You'll see from this table that ^A is defined in ASCII as :

A transmission control character used as the first character of a heading of an information message.

Curiously the authors chose to end the text with another ^A rather than ^C. In their defence there is no End of Heading marker defined. /me is a client dependent implemtation of how to send : ^AACTION : $emote^A

You can see the other CTCP messages here

Re:To me this seems basic...

Yeah, I know all that. But what I really wonder is... why does CTC mean Client To Client :)? Is it because you hide information in the IRC protocol, or does it really send the data directly to everyone?... I don't think it does... when I wrote my IRC client I got those 'windows boxes' when I received a 0x01... I think I implemented it though. ... I think this should be integrated into the IRC protocol, along with all the other services and protocols. A standardized protocol is a nice thing to have... and not having to look up 10 sources to implement one thing is not very fun...(I must admit that it's a little fun at least ;))

(you should have posted anon btw, the ot mod trolls are really horny nowadays)

Re:To me this seems basic...

[Clovert+Agent]

Oh, and a question about IRC to anyone: The '/me' command, aka special CTCP action thingy... why does it use CTCP!?!?!?

Because it's not a plain message being sent to a nick/channel, is the simple answer.

CTCP is nice and flexible, allowing new communications to be added to the spec at any time because it's up to the client to figure out what to do with it. ACTION is just one example - I remember a time when only Unix clients handled CTCP ACTIONs - DOS clients (or at least the one I saw used) didn't.

Re:To me this seems basic...

[DrSkwid]

>why does CTC mean Client To Client :)?

because it's fucked up

>I got those 'windows boxes'

> I think this should be integrated into the IRC protocol, along with all the other services and protocols.

IRC is a botch job, it should be totally re-implemented (no, not as XML)

stick to rfc 1459 and you'll be fine, dcc & ctcp are just cruft, who's business is it what client software I'm running or how long a ping takes and ugh %C02 colour rubbish

The only thing I would advocate is a switch to utf8

I don't care about being modded OT.

Re:To me this seems basic...

[f0rt0r]

IRC is more protected from fraud by a trust network than a technical protection. You see, the way it works is the channel operators limit who can serve files to users who are voiced, and the only way a user can get voiced is to earn the trust of the highly untrusting operators.

Now, say the vigilante behaves well in the channel for a few months, and the operators meet and vote that the vigilante is trustworthy and therefore can be voiced. The channel protection bots are given the vigilante's IP/Host/Nick combo to identify the vigilante and give him voice when he enters the channel.

Ok, it's been several months and now finally the vigilante and run the channel approve fserve software and is still watched by the operators since he/she is still new. Once someone downloads the keygen from the vigi. and discovers it is fake, they msg the channel ops and report it. The vigi loses voice rights and the whole matter is investigated and a decision is made to permanently ban the vigi since the trojan was discovered.

Now, the vigi can try to get voiced in several channels at once, but most channels won't voice you if you serve in more than 2 other channels, and some won't give you voice if you serve even in one other channel. The vigi still has the option of changing IP/Host/Nick and starting the process all over, but it will again be months before they will be considered for voice again. And if someone figures out that this is the same guy they banned before, his new identify will also get banned from the channel.

However, there are some computer illiterate people on IRC, so if the vigi spams people randomly with private messages ( spamming a channel can be easily blocked ) with the connection info to their server with the fake keygen, saying 'go here here to get UT2004 keygen;, I am sure some will fall for it. But if the vigi is reported to the IRCOPS and they can track home down, its kline time for him. Kline means he cannot connect to the IRC network at all, which is different than banning, which only excludes him from one IRC channel.

So you can see how the IRC system presents unique challenges to the vigilante that P2P applications current do not have. That said, I use the eMule client on the Overture network, and it autoblocks clients for various reasons, and it does have a system for both rating and commenting on shared files. Something very useful that is does is track files by md5 checksum, so you can actually see a file that is shared under several names. Its funny to see "Hardware Wars.mpg" was renamed to "Star Wars Episode 2:Attack of the Clones" and other names, flagging it as a fake.

Well, I feel like just wrote a term paper on IRC and P2P networks, so I am calling it a night(11PM here ) .

Until next post....

How about?....

A virus that wipes off Windows, and says on boot up.......

Jajaja j00 Philphy W1nd0z3 1u5e|', W0|_|70 j00 lykkke 2 1n5477 03814|/| 700|\|1)(???!??!! OMG WTF LOL!

Re:How about?....

you know what's sad?

I could read that just fine :(

Yes, but watch out for hypocrisy...

[BenSpinSpace]

I believe most of us feel angry when reading about these vigilantes. I know I do. However, I would encourage all of us to remember that if these vigilantes were, say... tracking down spammers... then we would be extatic.

Yes, I'm aware that there's a difference between pirates and spammers. But keep in mind that the RIAA probably sees P2P users the same way that we see spammers. Annoying, a growing threat, and obsessed with large penises.

Re:Yes, but watch out for hypocrisy...

Yes, I'm aware that there's a difference between pirates and spammers.

Yeah, one steals from software/media owners, the other steals fom consumers. Big difference. Stick it to the man, y'all!

Re:Yes, but watch out for hypocrisy...

[AviLazar]

The real question is, these passionate vigilantes - have they ever gotten warez? My money says yes; and if I am right, we know what that makes them.

Re:Yes, but watch out for hypocrisy...

[theLOUDroom]

I believe most of us feel angry when reading about these vigilantes. I know I do. However, I would encourage all of us to remember that if these vigilantes were, say... tracking down spammers... then we would be extatic.

Speak for yourself. Maybe you're a hypocrite, but I'd be just as pissed if the program was targeted at spammers by calling it "1millionemails.exe".

Computer crime is computer crime, and this is definately it. We need reasonable, legal, long-lasting solutions to the problems of the net, not some jackass breaking into system in a vain attempt to combat what he sees as a big problem.

Re:Yes, but watch out for hypocrisy...

[Rogerborg]

Why do you feel angry? When you're trying to steal someone else's copyrighted product via a P2P network, do you have some expectation that you have a right to receive the application that you searched for?

What exactly is your beef with this?

Re:Yes, but watch out for hypocrisy...

There is a difference here BTW. With SPAM, the people doing the deed are a good distance away from the common person. In simple terms, it's not so easy to be wrongly classified as a spammer. Yes it happens, but the big spammers are putting so much distance between them and us it's easier to work out when someone gets on the wrong list. This one has a smaller gap. It's pretty easy to get put on the "bad" list when you don't belong there. So, yes, people get upset at this more than the spam equivalent. It's more of a danger to everyone, not just the "pirates"

Re:Yes, but watch out for hypocrisy...

It is not hypocrisy!

It's judging a case by it merits, and in this case this has none.

Apples and Oranges.

Re:Yes, but watch out for hypocrisy...

[ChuyMatt]

Personally, and i think i am voicing this for everyone, we would feel a LOT better (tho, not good) if this was a govt. operation. But as it is not, people's private info is going to people who have nothing stopping them from selling said information.

this is just a bad idea and should be carried out only by the correct authorities.

Re:Yes, but watch out for hypocrisy...

[Peaker]

Please don't describe copyright infringement as theft or piracy.

It is petty name-calling attempting to shove your moral view upon others.

Copyright infringement is a non-serious crime [look "infringement" up in the dictionary].

Distributing malicious software is a felony, a serious crime.

Re:Yes, but watch out for hypocrisy...

[StillAnonymous]

Actually, I would not be extatic if they were tracking down spammers for the same reason I hate spews, orbs, etc..

Too many false positives and virtually no accountability for their actions. Innocent folks and entire ISPs have been blacklisted by these people and I'm sure they just shrug and give an uncaring look when it happens.

Re:Yes, but watch out for hypocrisy...

[gnu-generation-one]

"When you're trying to steal someone else's copyrighted product via a P2P network... What exactly is your beef with this?"

The same beef that you'd have if someone shot you when you were speeding.

Re:Yes, but watch out for hypocrisy...

The worst of these types are always born-again. Nothing new there.

Re:Yes, but watch out for hypocrisy...

[Rogerborg]

So, no real answer then?

Re:Yes, but watch out for hypocrisy...

[Rogerborg]

Take it up with dictionary.com.

Also, see Title 17 Chapter 12 Section 1204.

Keep on thinking that Dowling and LaMacchia keep you and your kind safe, but remember who's in the Supremes now, and that "private financial gain" could easily be interpreted by a partisan court as "absense of loss".

Re:Yes, but watch out for hypocrisy...

[Rogerborg]

So, no real answer? That's about what I figured.

Sharing Trojans

[ravydavygravy]

What I can't understand is why people would continue to share these programs once they realised they contained a trojan... The authors stopped sharing them because they found users were propogating them well enough anyway.

Surely any sane person would delete corrupted/malicous downloads from their shared directory?

Re:Sharing Trojans

[PeeAitchPee]

I heard it's not too healthy to share a Trojan after it's already been opened.

Re:Sharing Trojans

[polaris878]

Well it's obvious it would be affecting people who don't know what it is. Peopole that have no idea what they are doing would share it with others. It doesn't really make sense to me either...

Re:Sharing Trojans

[Gabrill]

The same users that are too lazy to look up free alternative software are going to go through their file sharing archives looking for virii and trojans?

Re:Sharing Trojans

Not true, most people that use P2P software are total morons, or at least there are enough to keep it spreading

you would also think a 2mb file size would tip people off that its not UT2k4 or Win2k Source Code

Re:Sharing Trojans

"The same users that are too lazy to look up free alternative software are going to go through their file sharing archives looking for virii and trojans?"

Yeah. Lazy bastards. All they had to do was type
http://sourceforge.net/projects/freealternat iveUnr ealtournament2004/
in thier browser. I admit it is quite lenghty link tho.

Re:Sharing Trojans

[SmackCrackandPot]

why people would continue to share these programs once they realised they contained a trojan

When P2P file-sharing programs are in use, the users are usually downloading bucket-fulls of stuff. So between the time the download of the file has been completed, and the time that the file is unzipped and run, there is a window of opportunity for re-distribution to take place. Given the small size of the file, it would probably be ignored until the download of larger files such as movies and warez has been completed, if not forgotten entirely.
(Like your looters or panic-buyers during a power cut - they're grabbing everything they can get their hands on, because it's there for the taking, not because it's of any practical use to them).

Re:Sharing Trojans

[bockman]

They probalbly do not realize the file is a trojan (I don't think this troyan is opening pop-up or such, just opening a TCP/IP connection and send a few bytes through it).
They download it, try to open it, see that nothing (apparently) starts and decide to share it nevertheless, maybe looking for someone more knowledgeable that can tell them what they did wrong.

Re:Sharing Trojans

[Gumph]

Have you SEEN the amount of dodgy files on p2p?!?!! Some people are either clueless or too damn lazy to clean corrupt crap out!

Re:Sharing Trojans

[AndroidCat]

Or it might be forgotten about completely. If someone pulls down a lot of stuff, they might forget to try that one out, or forget to delete it if they do. And if their download directory is also what they share (perhaps with multiple p2p programs), then it'll keep spreading.

Re:Sharing Trojans

[plugger]

I think it masquerades as a keygen or cracking program.

Re:Sharing Trojans

What I can't understand is why people would continue to share these programs once they realised they contained a trojan...

There's a copy of the movie "Lost In Translation" on the Gnutella network which is actually a copy of "Debbie Does Dallas," renamed. When..I^H..uhh..my friend downloaded it, there were more than 100 people sharing it.

Yes, you'd think that after taking the time to download a freakin' 700 meg file, only to find it's bogus, people would bother to delete it.

A lot of 'em don't.

Re:Sharing Trojans

[Rick+and+Roll]

Yeah, this is one of the things I hated about file sharing, that eventually got me to the point of not even bothering anymore. The download directory was shared by default, so there were all kinds of crap files.

I took the time to create a shared directory that was separate from the download directory, and setting sharing only for the shared directory, and not for the download directory. But my network connection was crap so I only gave maybe a hundred or so whole files all the time I was sharing anyway.

Re:Sharing Trojans

Wrong. The site clearly states a window pops up scolding them.

why?

[NuTTyGuY]

Microsoft source code why would anyone download that anywayz? microsoft is a virus, one of the most dangerous

Re:why?

microsoft is a virus, one of the most dangerous

No it isn't. Viruses usually do something.

Re:Software is just INFORMATION

[Nova1313]

I write software for a living. There are places when it should be free. And there are times when it shouldn't (like when It goes to keep my lights on and my car running) I dont think it's wrong to download something even if it is say a copy of a game or music. There is nothign wrong with downloading it to me. It's when you actually use it without the license that it's wrong. Now I know poeple are going to say who downloads something and doens't use it. But honestly what if that happened? If someone had say 6000 mp3's they have never listened to but just had the data on disc? What makes that illegal exactly? It's not like it's owning stolen items. It's 0's and 1's in it's basic form. Just because it plays on an mp3 player doesnt' mean it's an mp3. You could run it through another piece of software and get today's weather data. Trojaning something like this is so disrespectful to others privacy. They definatly should be punished.

They taught us in Health Education-

[purduephotog]

- to never share someone elses trojan. That could lead to a disease somewhere where you usually don't want any irritation. ...

missing word

The EFF says the vigilantes may * be committing a crime.

*also

Re:missing word

[hesiod]

> The EFF says the vigilantes may [also] be committing a crime.

Missing disclaimer: Poster is an idiot. What a worthless post.

That is why you need a trusted source

There are a variety of Warez websites on Freenet which, while operated anonymously, have established a trustworthy reputation (which is cryptographically enforced by Freenet's "subspaces" mechanism). The operators of those sites value the reputations they have established, which provides a strong disincentive for them to distribute trustworthy software.

Re:That is why you need a trusted source

The operators of those sites value the reputations they have established, which provides a strong disincentive for them to distribute trustworthy software. Did you mean "disincentive to distribute untrustworthy software?" If so, um, they can just as likely be trying to earn your trust for the sole reason of facilitating some future attack. Or all the files could already be infected and they're just good at making everything seem legit.

Re:Software is just INFORMATION

[PeeAitchPee]

You may not like it or agree with it (I sure don't) but right now it's the law. If we don't like a particular law (such as copyright) then we need to get our elected officials to change it.

and suddenly

[fabio]

they have this great hatred for slashdot

and the need for a new server

Vigilante

[clifgriffin]

As clifgriffin, I speak for myself when I say that "vigilante" is not a word we ever claimed. We aren't raging against internet piracy or p2p. We're just doing a social experiment...to see how a program spreads, who downloads it, etc... Kapersky has flagged it as a Trojan, though I still stand firm in my belief that this is in no way a trojan as it does nothing even slightly malicious. I don't think we'd have the "Trojan Horse" analogy to fall back on if all the soldiers in the horse had done was send back a message saying they'd arrived. :D

Re:Vigilante

[68K]

It is a Trojan - it doesn't have to do anything malicious, just something that is blatently NOT what its description (filename in this case) suggests. And you're capturing data from the users that run it, so it could be argued that it is in fact malicious.

Re:Vigilante

[slavemowgli]

You're right that the analogy probably wouldn't exist now if there hadn't been an actual attack by the soldiers in the horse, but it is nevertheless a valid analogy: a trojan is, after all, merely something that tries conceal what it actually is, no matter what the intent.

Re:Vigilante

[WARM3CH]

This can certainly be classified as a torjan. Being malicious or not has nothing to do with classifying a program as torjan. The simple fact that you have a way to spread it, implemented some form of call-home functionality in it is sufficient to classify it as a torjan. About being malicious or not, some may say that sending private information (like IP address) back home can be considered as a malicious act.

Re:Vigilante

[clifgriffin]

We had the IP when they downloaded the software.

Next.

Re:Vigilante

the absolute funny part is that is it OBVIOUS when a file is your guy's trojan horse... it only works because many p2p downloaders dont pay attention to file sizes and number of sharers... your junk is too small to be correct.

you are only catching really stupid kiddies that scream "ohhh shiny!" and click...

maybe next time you guys should first off research your prank more before deploying it as it only fools the morons into downloading.

Re:Vigilante

The best way to detect crap like this is to use one of the websites that list CRC's of known safe/good files on kazaa.. simply match up after download and voila... you got a good, not virused to hell copy of LOTR MRTG early Beta Keygen + server..

but yeah, I also catch these lame attempts at trojans on the p2p networks... their file sizes are always way wrong, and if you notice, the same group of fools sharing it and the other incorrect files...

Re:Vigilante

[clifgriffin]

We knew exactly who would download it.

Which is why we did not shy away from obvious flags such as the Company Name "C.R.A.P: Citizens Raging Against Pirates".

Morons, yes.

Re:Vigilante

[sprouty76]

It doesn't have to do anything malicious to be considered a trojan. It just has to be an executable masquerading as something it isn't.

And some of us consider phoning home fairly malicious.

Re:Vigilante

I'd agree with you, except you aren't just watching those messages. You are publishing them. The only reason I can see for publishing them is that you are a vigilante.

What's more, I think what you are doing should be a violation of criminal law, not civil law like the people you are illegally tracking down.

Re:Vigilante

[PhxBlue]

We had the IP when they downloaded the software.

It's one thing to have someone's IP address. It's another thing altogether to post it as public information. Just because someone else may be in violation of copyright doesn't give you the right to violate their privacy.

And you're making the assumption, which isn't necessarily valid, that your victims intend to violate copyright in the first place. If I lose my CD-Key to a game but still own the media, why should I not be allowed to use an alternate key? Surely ownership of the physical media is proof that I have license to operate the software in question.

Re:Vigilante

[slavemowgli]

You only had it if they downloaded it from you, though - which certainly can't be guaranteed in a p2p environment.

Re:Vigilante

[biobogonics]

As clifgriffin, I speak for myself when I say that "vigilante" is not a word we ever claimed. We aren't raging against internet piracy or p2p. We're just doing a social experiment...to see how a program spreads, who downloads it, etc...

Just like Robert Morris did in 1988?

Re:Vigilante

[flewp]

Okay, I'm next. Why didn't you just log the IP at the time of download instead of having it sent when the program is run? Yeah, yeah, you're going to say you wanted to see how it propogated through other users...... Still, my point still stands when put along the others who have said transmitting info without permission is basically wrong.

Re:Vigilante

Wow you're smart.

What about those IP addresses that were coming from the people who downloaded your illegal trogan from morons that weren't you.

Next.

Re:Vigilante

[geschild]

I ought to mod you down for being a troll, and to kill your karma to boot, but it'd go against my principles. Unlike you, I like to have principles and stick to them. So I'll do something I've not done in a long time: an ad hominem attack...

You, Sir, are not just an idiot, you are a disgrace to the /. community, more so than even the worst troll.

I hope that a slashdot editor, unlike me, will not refrain from doing the wrong thing and simply pull your account altogether.

The next time you try your 'social experiments' in the wild, better think about how they reflect on you.

For now, I'll take solace from the fact that your social experiment has just been reduced to a smoking hole in the ground where your webserver used to be and that you'll hopefully be presented with the bill for the traffic.

Damned idiot.

Re:Vigilante

[agslashdot]

We're just doing a social experiment...

Not too long ago, Soviet Russia embarked on a long hard social experiment, called communism...:)
See, the problem with social experiments is, you have to get the buy-in from society. Can I go to the local girl's school and start looking under people's skirts and claim I'm just doing a social experiment...I'd be arrested in an instant.

Here's what you are really doing -

Malone: You said you wanted to get Capone. Do you really wanna get him? You see what I'm saying is, what are you prepared to do?
Eliot Ness: Anything and everything in my power.
Malone: You wanna know how you do it? Here's how, they pull a knife, you pull a gun. He sends one of yours to the hospital, you send on of his to the morgue! That's the Chicago way, and that's how you get Capone! Now do you want to do that? Are you ready to do that?

You are using the same means software pirates use to get back at them, Mr. Malone. Now, unless you are Sean Connery in The Untouchables, that ain't legal.

Re:Vigilante

[flewp]

3. We dissagree with the notion that this is a "Trojan". A trojan horse gains access to a system through deviant methods. Not through user initiated downloads on a P2P network. Secondly, a trojan horse by definition has a payload or attempts to give the author access by working from the inside. Our program is aboslutely dormant unless specifically and purposefully executed by the downloader. And the program is riddled with cues to what the contents might be. For instance, the company name is "C.R.A.P. Citizens Raging Against Pirates". Not what you'd expect from a "legitimate" crack or keygen.

So, claiming to be something other than what it is isn't a deviant way to get inside? Get a fucking clue man.

Re:Vigilante

We're just doing a social experiment...to see how a program spreads, who downloads it, etc...

Kinda like some 'curious' virus writers?

Re:Vigilante

[robslimo]

Well, Clif, you obviously knew or expected this to become highly public, so do you have your legal defense plan in place already? Indications are the EFF won't be on your side.

DO you also have a backup plan for internet connectivity? I suspect RoadRunner will pull your plug pretty soon after the first few hundred LARTs regarding your 'experiment'.

Re:Vigilante

[flewp]

Exactly. His whole "what if they left a note saying they arrived" is just trying to deflect some heat if you ask me. The analogy might not exist, but the principle would be the same. It would just take on a different name or analogy.

Re:Vigilante

[krumms]

Kapersky has flagged it as a Trojan, though I still stand firm in my belief that this is in no way a trojan as it does nothing even slightly malicious.

Uh, so posting IP & date/time information on a public web site for all to see isn't malicious?

Well, if it helps you sleep ...

What are you trying to do exactly? TRYING to fuck up people's lives?

Re:Vigilante

[theLOUDroom]

As clifgriffin, I speak for myself when I say that "vigilante" is not a word we ever claimed.

Maybe you never claimed to be vigilantes, but it's obviously what you're doing.
Would you mind posting your full name, number, and street address so we can report you to the proper autorities for your "social experiment"?

(Calling something an "experiment" has no effect on its legality ya know.)

Re:Vigilante

[Nicholas+Q+Name]

Harvesting IP addrs to present to RIAA? Nothing malicious there?

What gets me though is that people continue to dl exe files via p2p despite being warned constantly that the networks are a vipers-nest of viruses.
Why can't they stick to using p2p the way god and nature intended - for mp3s?

Re:Vigilante

[Rogerborg]

Hey buddy, fuck you! As a private citizen, if you choose to connect to my machine and choose to ask me if I have a given file and then choose to ask me to send that file to you, then I'll do whatever the fuck I want with your IP address and the information that you sent me.

Where exactly are you getting this bizarre notion of "right to violate [your] privacy" from? I don't need to ask your permission for jack. What's your right to privacy here, legal or ethical? You want to remain private, don't choose to hammer my machine with your requests.

Re:Vigilante

[Jeff+DeMaagd]

Let's see, a huge cargo container of US Soldiers that look potentially ready to pounce is being passed off as contraband relief supplies lands in Iran or Cuba, but all it really does (for now) is phone home to GW Bush and say "I'm here". Would you expect the Cubans or Iranians to be happy about it?

Re:Vigilante

[danila]

Nicely put, clifgriffin. After reading 12 replies to your comment, let me voice a different opinion. First, your program was not a malicious troyan, but AVP is correct classifying your program as a troyan. For anti-virus users your program is a troyan.

As for your motives, I am glad to hear that you "aren't raging against internet piracy or p2p". If that is true, your actions are vindicated, as far as I am concerned. Let's not try turning the Internet (or the world as a whole) into a sandpit. Some actions may be irresponsible, but that doesn't make them "evil", "unpatriotic" or "terrorist".

Remember, the tools are neutral, it's the application that matters. For example, a program based on open source file-sharing application WASTE is now used to create armies of zombie PCs and launch DDOS attacks (according to one of the recent Slashdot stories). These two programs really are a cool social experiment, nothing more, nothing less. If it had happened that RIAA/BSA used the database to sue everyone on the list, I would be the first to call you an irresponsible moron and ask for a lynching. :) But no harm, no foul.

So keep experimenting and eventually you might stumble upon something cool and useful. :) We will all praise you then.

Re:Vigilante

The Trojan horse was a social engineering attack. It was brutal, aggressive, and unthinkable not because a town was destroyed, but because layer upon layer of social conventions were abused for the sole purpose of victory, not to mention an unearned victory. The fact that you do not have the means to kill the thousands of users that downloaded your Trojan does not make the program any less of a Trojan, nor does it mean that you do not have the intent, or that you will not acquire the means in the future. Furthermore, information is king. We no longer have to kill people individually. Now all we have to do is send in a Trojan, get the coordinates of the pesky children's hospital that is being used as a military store house, and then send an ICBM to do the job.

So, your assumption that you have not done something malicious is self serving. If I post the personal information of the doctors from Planned Parenthood on a website frequented by right wing religious wackos, I can claim innocence, and intent would be difficult to prove in law, but a reasonable person would generally agree that the intent is clear.

Therefore there are two key points. First, you use social conventions and the assumptions of you victims to gain entry to their property. You do not, in fact, knock at the front door, state you true intent, and gain there express written approval. You do in fact use deceit and, admittedly, the users greed, to gain entry. Second, you do collect data without authorization, and, apparently, pass judgment on those you trick. In a way it is no different from the religious wackos taking pictures of cars at a porno shop and then sending letters passing judgment on the owners. Which, of course, is one of the key points of vigilantism. The passing of judgment without due process. Even the red handed person may not be the murderer. We generally like to bring that person to court to prove beyond a shadow of a doubt that he or she is in fact guilty.

When I first read the story it sounded a bit of hoot, and I thought the writers were a some rather clever people, probably misguided and improperly educated, who wanted to raise awareness of an issue. Though you probably broke laws, it was a level of activism that, though I would disagree with the cause, was merely a nuisance. However, now it seems like you guys are just delusional with visions of grandeur. I am very afraid. You are hiding behind objectivity, and there is little more dangerous than a person that feels they have leave to ignore the moral compass. As such I am posting anonymously.

I urge you to read some real books. Learn about philosophy and ethics and the damage caused by those that valued beliefs and personal posesions more than the physical and social realities of the world.

Re:Vigilante

[Rogerborg]

I think you mean "clifgriffin, you are worse than Hitler"

Re:Vigilante

[YrWrstNtmr]

I speak for myself when I say that "vigilante" is not a word we ever claimed. We aren't raging against internet piracy or p2p.

Oh really? Your statements on website would seem to disagree with that
"At the start of this year, we (Justin and Clif, Clif and Justin) decided to start a new project. We declared war on illegal file sharing and pirates. The goal was to waste their time and bandwidth while tracking them and how the file moves around.

Other 'interesting statements:
3. We dissagree with the notion that this is a "Trojan".
Our program is aboslutely dormant unless specifically and purposefully executed by the downloader.

Exactly the same as the Beagle and other email trojan variants.

We aren't reporting these people to anyone in the law enforment field, even though we should be.

Yes you are. By posting it online, in real time.


We could go on...

Re:Vigilante

[InsaneGeek]

Umm... let me get this straight. You are saying that if someone comes into my computer I shouldn't be allowed to what I want with that information? This is the PUBLIC internet we are talking about.

Re:Vigilante

[beernuts]

Interesting? Depends on what was in that message, doesn't it? Giving the location of soldiers and guard rotation times, while not as exciting a story, is valuable information to an invader.

Let's not pretend you're just experimenting here. It's insulting and innacurate. Some of the tenets of social experimentation, REAL social experimentation, are voluntary participation and informed consent. Further, ethical standards require that you not place your subjects at risk of harm. So, let's see:

1. voluntary participation? Maybe, they did download it.
2. informed consent? Not a chance.
3. risk of harm? Definitely.

You're at best 1 for 3, and that's not a complete list.

Kapersky flagged your software correctly.

Re:Vigilante

[ynohoo]

Well you're certainly getting alot of flak - I applaud you for:

a) an interesting experiment
b) a sense of humor
c) non-malicious intentions
d) the ability to cause a bunch of hypocrits to run around squawking in self-righteous indignation

I therefor commend to you the title of Honorary Troll 1st Class, and recommend you to the ranks of the world-wide Kibology conspiracy ; )

Re:Vigilante

Perhaps you ought to put a disclaimer on your site then: "I will publish your IP address"

Re:Vigilante

[AndroidCat]

Lots of web sites either have direct web access to their logs, or a stats pages showing (among other things) the IP address or range of the biggest hitters.

Your computer is broadcasting an IP address!

Re:Vigilante

[mrjackson2000]

most software companies will send you a new key if you can prove that you own the software, usualy by providing an image of the manual and/or cd

Re:Vigilante

[Cthefuture]

I consider a trojan to be any piece of software that does something different than what it is described as doing (ie. a trick).

So yes, it's a trojan.

Re:Vigilante

[PhxBlue]

Where exactly are you getting this bizarre notion of "right to violate [your] privacy" from? I don't need to ask your permission for jack. What's your right to privacy here, legal or ethical? You want to remain private, don't choose to hammer my machine with your requests.

These guys aren't publishing the IP addresses they've collected from people downloading the software. They're publishing the IP addresses they've collected from people running the software - whether the victims ever actually connected to these guys' server or not. That is what makes it a violation of privacy.

Re:Vigilante

Because two wrongs make a right don't they. How wonderfully mature of you.

Yes pirating software is illegal but running software on another persons computer without permission is also illegal. Breaking the law to point out someone is breaking the law is also rank hypocrisy.

Now if people were getting a file of rubbish that did nothing at all that would be completely different and then I would agree with your sentiment.

Re:Vigilante

If reporting IP addresses of 12 year old internet noobs puts a smile on your face, it's quite clear you have serious issues.

Re:Vigilante

[Sklivvz]

this is in no way a trojan as it does nothing even slightly malicious

You are tricking users in sending their personal information to you. This is a serious offense in Italy (where I live) and most of Europe. We take our privacy most seriously.
Furthermore, cracks are legal in Italy (if you own a registered copy), because it is considered wrong for companies who sell you the software to try and restrict your access to it. For example, Playstation mod-chips are perfectly legal (tested in a court of law).
So, you are actually defamating and violating the privacy people who are in fact not pirates or doing anything illegal.

Thank you.

Re:Vigilante

[nukem1999]

I'd hate to borrow a cup of sugar from you, or "hammer" on your door with my "requests" to say hi and tell you I just moved in next door. Your neighbors' addresses must be plastered all over newspapers nationwide with inappropriate personal ads.

Re:Vigilante

[Aceticon]

Hey buddy, fuck you! As a private citizen, if you choose to connect to my machine and choose to ask me if I have a given file and then choose to ask me to send that file to you, then I'll do whatever the fuck I want with your IP address and the information that you sent me.

You are correct (and also quite rude).
This however only applies to information obtained when another users intentionaly connects to you machine (for example, using a P2P app).

The issue here is that it was the (downloaded) program that, unknown to the user (and thus without the user's permission), connected to a central machine. Furthermore, the program was developed specifically with that purpose and was being misrepresented (via a misleading name) as something else than what it really was (ie it was a Trojan). Information obtained in that way should not have been divulged, it shouldn't even have been gathered in the first place

Re:Vigilante

[Suidae]

I'm not sure how someone who is OK with violating copyrights this way can condem distribution of code like this.

Freedom is not just about getting to do what you want to do, its also about letting others do what they want to do.

If you download and run programs from untrusted sources without protecting your environment, don't complain when you don't get what was advertised.

Re:Vigilante

[Suidae]

You may be splitting hairs about the source of the program. P2P users typically view the resources as nothing more than a common pool, and they shout their requests for everyone to hear. Users don't choose a specific machine from which to retrieve files (frequently they try to get it from as many as possible), they take it from whomever has the file.

Mostly I just don't think that people who are obtaining illegal copies of things should expect too much legal protection when they don't 'steal' what they thought they were 'stealing'.

(No, I don't think of copyright violation as theft, but I don't have a good verb for 'engaging in copyright infringment').

Re:Vigilante

Viruses, worms, trojans.... are all different things.

A trojan horse is a program disguised as something that people want (like a keygen), so that they will intentionally download it and run it. When it does something that they don't want, or don't intend (like contact its home site, and not making a key), it is a Trojan Horse. So your program certainly meets the definition of a Trojan. I'll leave the discussion of whether it's malicious or illegal to others.

I will happily certify that your program is neither a virus nor a worm.

Re:Vigilante

[goatan]

What's your right to privacy here, legal or ethical?

Umm both at least here in the UK that's the case, i know the US Gov dosen't care about individual people so wouldn't know about that.

Re:Vigilante

[goatan]

You are using the same means software pirates use to get back at them, Mr. Malone. Now, unless you are Sean Connery in The Untouchables, that ain't legal.

and malone got tricked by a guy with a knife into getting shot he went to the morgue and sent no one to the hospital

Re:Vigilante

It is a trojan.

And may I ask how confident you are in the reliability of said code? What will you do when your little "experiment" damages someones data?(even if it isnt intentional). Are you ready to fork out your hard earned cash to help fix it?

Because you may just have to.

"Hell is paved with good intentions, not with bad ones. All men mean well."
-- George Bernard Shaw

Re:Vigilante

[goatan]

Kapersky has flagged it as a Trojan, though I still stand firm in my belief that this is in no way a Trojan as it does nothing even slightly malicious

since when has virus or Trojan have to be malicious? Years ago there was a virus call Venezuela that was far less malicious than what your Trojan does (it raised a little Venezuelan flag played there national anthem and that was it you were never bothered by it again). Your programme acts like a Trojan thus it is a Trojan payload is irrelevant

Re:Vigilante

We had the IP when they downloaded the software.

No, sir. You had AN IP Address. If that address is that of a proxy, you just accused N number of innocent people of executing a file they did NOT.

Speaking as one who does security auditing for a living and is quite familiar with the legalities involved here, were I you, I'd be anticipating a knock on my door from some guys wearing black suits and sporting no sense of humor. Good Samaritan laws do not apply to copyright or electronic device use laws.

Re:Vigilante

[JaxGator75]

Yes, I see. Come to think of it, there aren't and "keys" on this input device, so it's not REALLY a keyboard... right???

Re:Vigilante

[strike2867]

As has already been stated previously, people can download these files for ligitimate purposes(highlighting the fact that they could already own the game). And by using the Copyrighted game name to distribute a trojan, you have placed yourself open to legal action from the copyright holders.

Re:Vigilante

[JaxGator75]

And you are pleased with yourself for fooling morons. And for publicly chastising them.

Reminds me of the guys in high school that would beat up the retarded kid and then tell the story in gym class...

(nobody liked him much either...)

Re:Vigilante

Trojan - something that is blatently NOT what its description

So Windows Operating System is a trojan, right?

Re:Vigilante

If nothing else you're in breach of the Data Protection Act in the UK, as you're storing data that can be traced to an individual in a computer readable format. As I severely doubt you registered with the Data Protection Registrar, you are liable to be prosecuted under British law. I don't know what other countries have similar laws, but I suspect you've broken a lot of laws with this trojan.

Re:Vigilante

[Sklivvz]

So that's how the company that produces the pop ups "Your Computer is Publizing a Public IP Address!" makes money, by selling to people in Italy.

It's a different situation, don't you see? They are publishing IPs of people who do not know they are connecting to their server (their trojan does not ask explicit permission to call home).

The list they publish is a list of IPs without a firewall and run by poor administrators. So if you get on their list, you do not know that you are, maybe hackers will start hammering you down. It's NOT nice.

If it was an experiment, why didn't they say so in the popup and ask for permission to track the usage? Why didn't they put up any form of contact? Why don't they assume responsibility for their actions? Because they know perfectly well that what they are doing is illegal, that's why.

Re:Vigilante

[Sklivvz]

No they're not - an IP is not personal information. It's in the public domain and is sent with every packet you send out.

Of course it is, and one should have all the rights of choosing who sees it and who doesn't. You normally choose to send packets, thereby disclosing this info by yourself, in this case you don't.
See my other reply for a fuller explanation of this point.

Re:Vigilante

Hear, hear. It's a spyware trojan, it's malware, and it's illegal.

Re:Vigilante

But I'll bet a good portion of these people didn't get it from the original source. They got it from somebody else who was sharing it unknowingly.

And what if I get ahold of this program, rename it to "WinFixer-PublicDomain" and share it out. People will run it, be told they're a pirate, and be added to the "big list". Nice.

If these folks were just keeping a log of people who downloaded it FROM THEM and not running some trojan on the user's computer, AND not publishing the results as some sort of confirmed-pirates list, then fine, go right ahead. But their current methods are infantile and no better than what they're fighting against.

I'm disappointed with you, Roger. Your posts used to be insightful, well written, and calm. What happened?

Re:Vigilante

2004-03-19 19:25:14 peppi: added Trojan.Dustbunny

Re:Vigilante

[STrinity]

It's one thing to have someone's IP address. It's another thing altogether to post it as public information.

Whatever you do, do not click this link or I will publish your IP address and system information.

Your IP address is not private information.

Re:Vigilante

[dcam]

I think there are a couple of things to say.

1. This isn't tracking pirates this is tracking someone who downloads a key cracker from p2p. They could be downloading the application to see how it works or to be able to run a copy of UT2004 they have legitmately purchased. I'll admit that this is not going to be the intention of most people who download it, but you are tarring all those who download it with the same brush.

2. Your application is no better than any other piece of spyware or adware that phones home.

For the reasons above, you sir are a tool. Your intentions may be good, but your actions aren't. I don't agree with software piracy, however this is not the way forward.

You say that this isn't mailicious. How about this, you have posted details about a bunch of IP addresses that may be used for targetted advertising.

Re:Vigilante

Linux distributions masquerade as usable operating systems when in fact Linux is a steaming pile of crap. Does that make Linux a trojan? I think so.

Re:Vigilante

Maybe not, but software that 'calls home' without notifying the user of such action is illegal.

Re:Vigilante

BTW, cliff, why don't you answer some of the questions being asked, you stupid motherfucking piece of shit waste of space who has no fucking clue you fucking faggot queer pounding, ass loving, cokc craving, faggot?

Re:Vigilante

IP Addresses are *public* information, at least in the U.S., as they are distributed to a third partyv willingly. Therefore, it is completely legit to post them on a public website.

It is legal

[TenPin22]

If I download some random file from kazaa and run it, I'm the only one to blame for what it does.

Its just irony that some of the filenames they used would contain illegal content if they were what they claimed to be.

Re:It is legal

If I download some random file from kazaa and run it, I'm the only one to blame for what it does.

Sure, if it's a random file. We're talking about clearly labeled files here. If you upload a program that's with a false title to trick people into running it, you are to blame for that. If the program harms the person, you could face civil suit or criminal charges.

Its just irony that some of the filenames they used would contain illegal content if they were what they claimed to be.

It's just irony, not a legal excuse for commiting a crime.

Re:It is legal

[sir+lox+elroy]

And if I download the Lovebug or other toys from my e-mail that I get from friends that happen to be pifs, exes, dlls, or others, who is to blame? According to your logic only me. No they are bestributing a form of a Trojan, which is illegal in the US.

Re:It is legal

[TenPin22]

So you think people should be held responsible for simply making files available over P2P ? Whoever said that a filename had to be descriptive of the contents.

P2P is completely unregulated and probably makes you fully responsible for what you do with what you download in the disclaimer anyway.

I agree if someone makes something with a nasty payload then they have a degree of responsibility but you can't just obviate all responsibilty from the person who downloaded the thing just because they were ignorant.

It serves people right if they get burnt while trying to do illegal stuff.

An assumption rears it's ugly head again

[TheDigitalRaven]

Piracy = copyright violation Piracy != theft

Re:An assumption rears it's ugly head again

Piracy = Stealing other people's hard work. Everything else is just a technicality.

Re:An assumption rears it's ugly head again

[jamesangel]

Piracy = theft and murder on the high seas

Piracy != copyright violation

Re:An assumption rears it's ugly head again

[xoran99]

copyright violation (is a member of) crime

theft (is a member of) crime

abs(copyright violation)==abs(theft)

Re:An assumption rears it's ugly head again

I thought piracy = pillaging and murdering on the high seas...

Re:An assumption rears it's ugly head again

[PhxBlue]

So? By that logic, abs(jaywalking) == abs(murder). That doesn't mean jaywalking and murder are anywhere near equivalent.

Re:An assumption rears it's ugly head again

>Piracy = Stealing other people's hard work

Thank God we don't all think that way or every person studying science would be forced to start from square one rather than steal the work of others.

Re:An assumption rears it's ugly head again

[AndroidCat]

It's hard to steal something when it's given away. Did you write your copy of Linux from scratch?

Re:An assumption rears it's ugly head again

[goatan]

Did you write your copy of Linux from scratch?

Yes i did...... Hmmm now i remember that was when i had the dream that i was Linus..... Damn Damn Damn

Re:An assumption rears it's ugly head again

Piracy == operating a broadcast radio station without a licence

Vigilante: Good or Bad?

[handy_vandal]

The EFF says the vigilantes may be committing a crime.

Vigilantes are, by definition, committing crimes.

A vigilante is a private citizen who acts outside the law, taking the law into their own hands.

Some people (e.g. the vigilantes themselves) see this as a Good Thing -- enforcing Justice, where Justice would otherwise go unenforced.

Others (such as myself) see vigilantism as the roots of rebellion and chaos -- acting as a private government, in defiance of duly constituted authority.

Not that I have a hell of a lot of respect for duly constituted authority. Most of the cops I've met have been decent people, however, there's a long, sad history of cops acting as vigilantes, outside the law. Not to mention police states, governments run by mobsters, etc. etc.

-kgj

Re:Vigilante: Good or Bad?

[Seahawk]

Ahh - So vagilantes are people sharing css decoding code...

And people circumventing DRM in Xbox'es.

The thing is - these guys did what just about any regular slashdotter would do if the subject was something else.

I am not trying to defend them - but I have a problem with people accusing them "just because they probably broke the law".

I "probably brake the law" every time I give a rats ass about EULAS if they doesnt seem fair to me.

Re:Vigilante: Good or Bad?

A vigilante is a private citizen who acts outside the law, taking the law into their own hands.

Like Batman?

SUperman?

And most other 'superheroes'?

Why are they HEROS when they break the law???

Re:Vigilante: Good or Bad?

[sadomikeyism]

They are heroes to those who perceive the guys they nail or turn in are bad. As another poster said, if these fellows were vigilantizing on spammers, we'd all be cheering them on.

If these fellows were vigilantizing on al-Qaeda, some of us would be cheering them on, while others would be condeming them, each based upon their own prejudices.

If they were vigilantizing against the heavy handed anti-property tactics of the EU, then most people here would consider them to be the worste rat bastards alive.

If their application was used to expose radical leftists giving aid and comfort to terrorists, too many here would automatically assume they are bad guys.

If, instead, they were using their tactics to report every time the FBI filed a Secret Search Warrant, they'd be heroes.

The fact is that these fellows are simply using the same irregular tactics that those they oppose use. This is to be expected, and is the only possible tactic to use in effectively opposing an entity which uses guerilla tactics against you.

Re:Vigilante: Good or Bad?

Most of the cops I've met have been decent people

I'm gonna go out on a limb and guess that you're white.

Re:Vigilante: Good or Bad?

[El]

Let me remind you that calling up Darl McBride and reminding him that he is an asshole is also considered vigilantism. So is subscribing known spammers to mailing lists. Morality isn't as black and white as you appear to beleive.

Re:Vigilante: Good or Bad?

fuck the nanny state

s/disincentive/incentive

Oops, guess its a bit early in the morning for /.

The real problem is...

I don't much care one way or another about the issue of going after software pirates, as there are some major assholes on both sides of the issue. But the problem with this approach is that if there are bugs in the antipiracy software it could end up screwing up a lot of people's systems and causing major expense and loss of time and effort. Moreover, it looks like people could convert this into intentional malware by renaming it, so that someone looking to download freeware documents on, say, the history of microprocessors, could end up with this crap on his machine. So I object strongly to the means, though I am ambivalent about the intent.

Re:The real problem is...

[Ziviyr]

Then all that'll happen is a bunch of log entries saying people are trying to pirate "history_of_the_internet.pdf.exe". The horror!!!

Re:The real problem is...

No, what'll happen is that the Dustbunny executable will notice it's been renamed, try to delete itself, and end up wiping out someone's hard drive with their master's thesis on it. Because Dustbunny was written by a trio of 17 year olds with extremely limited programming skills, collaborating via VNC over flaky network connections.

I thought we figured all this out in 1988. Morris was a goodsight smarter than this lot, and he still fucked it up.

From the looks of their page

[IshanCaspian]

the software's not disguised as actual pirated software, but the keygens and cracks. AFAIK, those are in much more of a legal gray area than actual pirated software. Theoretically, if someone legitimately owns a piece of software, and they're on another computer, and they have the original installation media and they forgot their cd key at home, it wouldn't be terribly illegal to load up a keygen so they could play a round or two.

Or hell, even take the Baldur's gate series. I bought every single game in the series, and I still crack all of those games since I don't want to have to put the cd in when I play. What about somone who has their GUID banned by punkbuster? I don't believe they have any right to stop me permanently from playing a game I bought online...what if I just use a keygen and get another key?

Anyways, there's really not much of a case for what these people are doing. Besides, if they like vigilantes so much, what do you say we show them what a DDOS looks like?

Re:From the looks of their page

[clifgriffin]

Not terribly illegal but still illegal.

It would either fall under the category of circumventing technical measures to protect a copyright.

Or reverse engineering a program against it's license.

Or if it is a keygen, using software without a valid license.

If that is in the gray area, my software is pretty legally safe.

Re:From the looks of their page

That entirely depends on the laws of each country. Reverse engineering is legal in the U.S. Circumvention isn't under the DMCA, but I'm not sure how long it will hold up in court. All these are civil crimes.

You can't commint a crime to catch a criminal. It's called vigilantism. It makes no difference if you put this software online as a keygen or as an open source image viewer.

You keep talking about how the people you tricked are criminals, so that makes your actions ok. It doesn't. It just makes you a vigilante.

Re:From the looks of their page

[Lumpy]

you forget one more thing...

I own a 100% legal copy of Cakewalk home studio 2002

my install CD is broken so I have a choice of buying another copy or making my LEGAL copy work.

so I download off Kazaa the iso file of the CD burn a new one and voila...

now the frothing at the mouth Software people here would want me hanged for stealing money out of their mouths by not buying a new copy of their software every 30 seconds but who cares... I am doing NOTHING illegal and simply circumventing a disdain for customer service fr omthe company that makes the software.. I'm still using MY legal serial number and codes... I STILL have the legal license (AKA the box and other paper drivel that says so.)

Re:From the looks of their page

Besides, if they like vigilantes so much, what do you say we show them what a DDOS looks like?

As if that's avoidable.

Re:From the looks of their page

[Rogerborg]

So, what's your problem? If the rights owners come calling, you simply show them the box and it's the end of story.

What exactly are you whining about?

Re:From the looks of their page

[gerbick]

Then what do you classify what you're doing? Only problem I see is that you not only harvested the information, but you made it public. That would still fall under entrapment via the DMCA, if I'm not mistaken. I'm against piracy; but I think your approach has left the social experiment zone and entered into the possibly illegal zone all too quickly.

Re:From the looks of their page

people like you that call anything P2P illegal or "grey"

At least that is what it sounds like to me... there are HUGE legitimate p2p uses... yet those without the brain cells to walk and chew gum at the same time scream otherwise....

Whining? wow you are a pissy ass.. that was more of a statement than a whine...

whining is like... I'm poor, because people are not buying my updates to my software... wahhhh... they use kazaa wahhhh... I cant feed my 3 rare albianian cats or put premium gass in my Ferarri because of these thieves stealing from me.... wahhh wahhh wahhhhh..... i'm lars.... wahhh... I'm a pissy software developer who thinks my shit dont stink.... wahhhh

Re:From the looks of their page

[Brad+Mace]

If you're getting kicked by punkbuster, they're doing the rest of us a big favor by banning your smacktard ass. I think they're completely entitled to ban cheaters, in order to preserve the game for the other 90% of their customers who want to play the game.

Otherwise, you idiots would completely ruin the game for everyone else, people would stop buying it, the company makes no money, so no more online games.

Re:From the looks of their page

[88NoSoup4U88]

What about somone who has their GUID banned by punkbuster? I don't believe they have any right to stop me permanently from playing a game.

Punkbuster only bans you from -all- servers when you are using cheats that _alter_ punkbuster itself. Whereas they do give a warning / specific server ban automatically once a cheat is detected, people only get banned from the whole network if this cheat interferes in how PB works.
If you ask me, if you are banned by PB, you have been banned with a reason, and you don't deserve to play on -any- other server.
Hell, it's their network : they have the right to filter out asshats that like to cheat, to make -my- game more fun and enjoyable. Btw, using keygens for those games is kinda useless, with the authentication of 'em at the master server.

Re:From the looks of their page

[Sigma+7]

my install CD is broken so I have a choice of buying another copy or making my LEGAL copy work.

so I download off Kazaa the iso file of the CD burn a new one and voila...

Two things:

1. What makes you sure that the downloaded version is identical to the original CD? Although rare, ISOs can be modified to include viruses or trojan horses by experienced vigilantes. In fact, there was reports of a software collection CD containing an actual virus in one of the compressed files.

2. If you intend to use a critical product for long-term use, why not backup the original directly? (This, of course, is fairly expensive but is worth it compared to the time and risk spent hunting down another legal or illegitimate copy.) Even if you don't want to hose a CD, you can download specialised software that images the CD and mounts the image as a readable virtual disk, and burn those images at a later date should the unthinkable happen.

Re:From the looks of their page

[runderwo]

That's nice wishful thinking, but it doesn't change the fact that whoever is distributing the file to you, if they do not have the permission of the copyright holder to do so, is committing copyright infringement. Furthermore, if you know that they are doing so without the permission of the copyright holder and engage in the download anyway, you are probably guilty of conspiracy or contributory infringement.

Don't get me wrong, I think the user should have every right to replace his legally obtained copy if the media fails and the company refuses to do so. But nothing in current copyright law supports such behavior. Only activism will change that; wishful thinking only propagates myths.

Re:From the looks of their page

If you intend to use a critical product for long-term use, why not backup the original directly?

Interesting anecdote: I used to buy games on floppy for the Apple ][ (yes, that long ago). Floppies were never all that reliable, so I'd crack them if necessary and back them up immediately. But sometimes the backups went south too, so I'd give copies to all of my friends so I'd know there was always another copy around if I needed it. And one day my computer and entire floppy collection were stolen. Insurance covered the hardware, but not the purchase price of the software (insurance adjustors are horrible people btw). So I got back all the games I'd bought from the various people who'd copied them from me.

(I also got back most of the originals eventually when the thieves were caught, but there was certainly no reason to believe that was ever going to happen)

It became impractical to do this as software got bigger (plus I lost interest in games), but it's becoming easy once again to pass CD images around. I can see the same motivation affecting people today. A lot of people copy games because they want them to remain around, and accessible - both those they buy and those they don't.

Anyway that's my anecdote. Back to lurking...

Re:From the looks of their page

You can block connections to the master server and still be able to connect to the specific punkbuster server you want.

You'll still have to be using a unique ID on that server, of course.

Anyway, if you have a real keygen then the master server won't care either. That sort of check is for blocking circulated serial numbers, not generated valid ones.

Immunity from these...

[baryon351]

And again, mac users don't have to worry about their malware.

Re:Immunity from these...

And again, mac users don't have to worry about playing UT2004 in the first place, troll. :)

Re:Immunity from these...

Yet.

Re:Software is just INFORMATION

"We are not doing anything wrong. We're allowed to share with our friends."

That's right! A guy with 17 million friends can't be wrong.

Care to define how it's illegal?

[NinjaPablo]

The article is pretty light on that point. I think anyone who downloads "UT2K4 Keygen.exe" or "Photoshop Full.exe" knows exactly what they are trying to get, and they know the risks of what they are doing. And therefore, if someone wants to write an app that phones home and tells the companies that someone is trying to use a crack, what's the harm?

Re:Care to define how it's illegal?

[theLOUDroom]

Care to define how it's illegal?

It's illegal for the same reasons that selling you something that I call a "stolen car amlifier" that is really a tracking device or bomb is illegal. It's fraud, misrepresentation, and in this case, theft of services. It's also illegal under various state computer crime laws.

What they're doing is just as illegal as distributing a program called "Spywareremover.exe" that reformats your hard disk as soon as you run it.

They're lying about what the program is and using it to take control of someone's computer without their permission.

Re:Care to define how it's illegal?

[sir+lox+elroy]

First off lets look at this example, I get a file with Supposedly nacked images of Anna Kornikova (Who was underage at the time that the virus was going around, thus it is illegal to look at here naked) in my e-mail, now me beliving that it is nacked images of here I run it and get a program installed that I did not want installed (In this case a Virus). Now then how is that different than me downloading an illegal file from KaZaa or other site that contains a Trojan/Malware/Whatever you want to call it today. It isn't, both times my intentions were illegal, and both times I received something that was Misrepresented (Falls under Fraud), illegally obtains access to my computer (Falls under most computer crimes act). Last time I checked the people that wrote The Anna Kornikova Virus were considered by the US Government as Criminals, and so should these people. Don't get me wrong I don't support Pirates, but there is better ways to do this.

Re:Care to define how it's illegal?

[Bigbutt]

distributing a program called "Spywareremover.exe" that reformats your hard disk

Hmm. I think that's doing what it advertises. Maybe a little heavy handed but you can bet the spyware is gone.

Self regulation is the way to go!

[jarich]

If we don't regulate ourselves, the government will.

I make no call either way, but they are allegedly committing a crime by tricking people who are without a doubt attempting to commit a crime. Hmmm....

I know a lot of Slashdotters won't but a jury will have trouble with this one. :)

Re:Self regulation is the way to go!

[hesiod]

> If we don't regulate ourselves, the government will.

I'm not supporting the flamebait AC, but yeah, "This is about the stupidest argument I've ever heard..."

Assuming your post was on topic, you are saying these guys should not have done this because of "self-regulation." How the heck do you know that these guys DON'T "self-regulate," but didn't think this would fall under the category of things not to do? Your version of "self-regulation" only applies to those whose opinions mirror yours.

In essence, everyone "self-regulates," but their opinions on the limits of that regulation vary VERY widely from one person to the next.

Here's another question...

[clifgriffin]

For those of you attempting to probe the moral questions of this project.

What if my software, downloaded with no warranty from Gnutella, displayed the weather conditions in Kenya?

I'd have their IP, and I could even safely retrieve the ID with legitimate pretenses.

However, since my software rebukes the downloader for downloading a file that appeared to be a crack, it is a Trojan and a danger to the peoples of the free world.

Just a thought.

Re:Here's another question...

maybe you should of thought of that before taking the action you did

Re:Here's another question...

[DarkMagician07]

If your program gave me a pop-up stating that the information was going to be sent... then there is no problem. If your software grabs that information and sends it to you without my knowledge, then that *IS* a problem to me.

Whether or not it is misconceived as a crack for the latest warez, or a weather program that will tell me what the conditions are in Alaska, doesn't matter. It's the fact that you are taking this data without my permission and posting it in a public place where I may not want it advertised.

Re:Here's another question...

[flewp]

We believe so. People spread it willingly, not covertly like mass-mailing viruses. Other then rewriting itself, it doesn't add, delete, or modify any files. It doesn't remain active or start on boot. It's not destructive or malicious in anyway.

It is malicious. It' using bandwidth that people didn't agree to use. Also, it is being spread covertly, because you are tricking people.

Re:Here's another question...

[flewp]

2. The software acts with the confines of its own entity. The program does not compromise their system in any way, shape, or form. Every action it performs it performs soley for the purposes of logging an event. We are not in this to compromise downloader's systems, only to learn a little bit about who they are. It's a social experiment.

Let me ask you something, if you went to install something, say what you thought was the google search bar for your browser, and instead found out it was giving out information, wouldn't you be a bit pissed? It's doing something other than what was intended. Sure, the software you're replacing might be illegal, but nonetheless, my point still stands.

Re:Here's another question...

However, since my software rebukes the downloader for downloading a file that appeared to be a crack, it is a Trojan and a danger to the peoples of the free world.

but your software doesn't do that, if that's all it did there wouldn't be a problem , the second you added network connectivity to it specifically designed to send to a 3rd party information that the user will not be aware of and then displayed that information to the general public is a gross violation of someones privacy, imagine if your program malfunctioned and transmitted some confidential information ?

you will be lucky you are not sued by the users on top of a law enforcement punishment

why do did it is just "mitigating circumstances" so iam sure the judge will take that into consideration when passing sentence.

A>S

Re:Here's another question...

[hesiod]

> However, since my software rebukes the downloader for downloading a file that appeared to be a crack, it is a Trojan and a danger to the peoples of the free world.

In my opinion, you are free to record what IP addresses download from you, and even post statistics and all records about the downloads. The ONLY thing I object to is putting the IP addresses up an the Web for everyone to see. If you took that one line out of each entry, almost all valid arguments against you would disappear immediately. Although, the point is rather moot since the site is down anyway.

The Location & maybe date/time, OTOH could be very useful data.

Re:Here's another question...

[theLOUDroom]

For those of you attempting to probe the moral questions of this project. What if my software, downloaded with no warranty from Gnutella, displayed the weather conditions in Kenya? I'd have their IP, and I could even safely retrieve the ID with legitimate pretenses. However, since my software rebukes the downloader for downloading a file that appeared to be a crack, it is a Trojan and a danger to the peoples of the free world. Just a thought.

This isn't about warranties, it's about fraud, misrepresentation, and theft of services.

You're deliberately deceiving people about the nature of the program, and making their computer do things they don't want it to do.

This is just as illegal as distributing a file called "spywareremover.exe" that reformats your hard drive as soon as you run it.

You're clearly misrepresentaing what the program is and do things the user doesnt' want. Someone could have a case against you for fraud and theft of services, but they would most likely have a REALLY good case against you under their state's computer crime laws.

This program 100% meets the criteria for being a trojan. This makes it 100 illegal in many states.

Re:Here's another question...

[micromoog]

What if my software, downloaded with no warranty from Gnutella, displayed the weather conditions in Kenya?

If the file was being distributed as Kenya_Weather_Displayer.exe, I'm sure no one would have a problem with that.

Of course, no one would have downloaded your file if it were called "Bad_Bad_Software_Pirate_Rebuker.exe", hence you had to use the filename to lie about its function. You're attempting the "two wrongs make a right" ethical argument, which is pretty juvenile.

Re:Here's another question...

[Jarnis]

Pssst... Its called application-level firewalling. If a 'keygen' would start calling home, ZoneAlarm, among other similar applications would ask me if I wish this to happen. Legimate keygens have no reason to call home. So only retards got 'caught' with the thingy in the first place.

Not to mention anyone with half a brain would not download an exe called 'keygen crack'. Either it's a keygen or a crack. It can't be both.

These 'vigilantes' were not very convincing in other ways either. Their 'keygen' has none of the signs of a valid release - not zipped/rarred, no .nfo inside, not listed on reputable release sites as a valid release...

So basically they coded a 'moron trapper', and they scored thousands of IPs of morons. Could someone track people based on those IPs and remove them from the gene pool & improve humanity? Thank you.

Re:Here's another question...

[Oddly_Drac]

"For those of you attempting to probe the moral questions of this project."

There isn't much point looking at the moral points when you've acted illegally and unethically. Social 'experiments' are generally required to have full disclosure, and you haven't even got a control experiment, which makes your back pedalling just look desparate.

The worst aspect of this is that your malware is now out in the wild. You can't recall it, you can't kill it, and now you've identified yourself.

Well done. You are a Vx'er for life. Doesn't matter what your intentions are, and I wouldn't bank on the MPAA/RIAA offering you a job because what you did was trivial and foolish.

Next time you have a bright idea *Think* about what you're doing. If there's any grey areas, or interpretation that can be done, don't do it.

History is littered with people who thought it wouldn't matter...

Re:Here's another question...

[asr_man]

Since when did you get appointed the Internet Piracy Rebuker? What grandiloquent fit of self-righteousness justified your creating a worm that hijacks the screens of 12,000 (and counting) presumptively innocent computer users?

If the injustice of software piracy is such a buring issue for you, face up to your desire: move to Afganistan, hang out in Taliban internet cafes, and amuptate the hands of illegal downloaders. You will find it far more gratifying, and they will be truly edified by your service to mankind.

Re:Here's another question...

[JaxGator75]

Don't forget that they are PROUD of tricking the morons. So proud that they are bragging about it to the Whole World...

Re:Here's another question...

No matter how you spin it, you are STILL a spyware author. Eat shit and die.

Re:Here's another question...

Perhaps next time, before you "declare war" on anyone and thus piss off a large group of internet geeks.... you should remove your address from the domain registrars.

Clifton Griffin
503 Piedmont St.
Reidsville, North Carolina 27320

This information is publicly available, so you don't mind it being posted for Slashdot readers, right?

Or your company?

http://www.jsventures.com
ProxyShield is a JS Ventures company.

1415 Freeway Drive
Ashcroft Executive Office Suite
Reidsville, NC 27320

Re:Here's another question...

[dcam]

If it just displayed a message, you might have a point. I'd consider it rather funny. However as it stands you and your friends are probably well intentioned spyware distributors.

Logging the IP address or any information from their machine is crossing the line.

Re:Here's another question...

[Archon-X]

Let me ask you something, if you went to install something, say what you thought was the google search bar for your browser, and instead found out it was giving out information

Er, that's exactly what is *does*

Hey, speaking of which?

[His+name+cannot+be+s]

Does anyone have the keygen for the latest Mozilla (Linux Version)?

Oh, and OpenOffice. I need the keygen for OpenOffice. I think mine is about to expire.

Oh. Wait. I'm using Open Source.

Feh. Whatever.

Re:Hey, speaking of which?

[i.r.id10t]

The good serials for both of those:

1

There ya go. Let me know if it doesn't work for you.

That's why...

[Infernon]

real pirates use Usenet!!!

Re:That's why...

[slavemowgli]

Don't real pirates use irc or similar means? I'd think it's far too easy to determine where a particular usenet post comes from for it to be useful to pirates. Of course, correct me if I'm wrong.

Re:That's why...

[tuffy]

Usenet is about as traceable as email. With forged "From" and "Message-ID" headers, finding the exact poster requires a lot of log checking on the originating NNTP server. And so far, the *IAAs of the world have yet to take notice.

downloading cracks or keygens...

isn't illegal, now is it?
Downloading and using software X while you don't have a license for software X is illegal.
(I mean, they pretend their 'morally good troyan' is a keygen/crack for UT2004, and claiming that anyone who downloads that, or is searching for a keygen/crack is a 'software pirate')

Re:Software is just INFORMATION

That is the dumbest thing I've ever heared... what the hell is wrong with you. I'm not Pro-Copyright guy or anything stupid but ... what the hell?! You just live in your own little world... :-/

Kind of a clever idea to post it here

If you see a webite you don't approve of, get it slashdotted. Legal DDoS at it's silliest :)

Reverse-engineered, huh?

Good. Glad it is. Even though that's probably against the DMCA or the UCITA. Both of which should die too anyway.

But, that's not the point. It would be nice to reverse-engineer it to go and inject php, start prodding the little bugger for cracks in the display.php engine, and let the server take itself down, by deleting whatever it has access to.

That'll teach them to propagate viruses along P2P. Or piss them off. They're a couple of kids my age (around 19), they'd be so pissed if their software DoSed itself.

Or we could just slashdot them.

Legal precedent ?

[agslashdot]

From the article - programs have circulated disguised as activation key generators and cracks for Unreal Tournament 2004, Pinnacle Studio 9, Norton Antivirus, TurboTax

IANAL, but this is certainly illegal. It is akin to a sting operation, like when you open your car door for the hooker on the street and it turns out she's really a cop and you are arrested for soliciting & prostitution.

You can't drop dollar bills on the road & then arrest citizens for stealing when they pick them up.

Using temptation to get at potential thieves does not constitute law enforcement, unless I guess you are the FBI or somesuch.

Re:Legal precedent ?

[filekutter]

Downloading cracks or keygens can't be illegal since IMHO they are NOT copyrighted. Although I'm sure a M$ lawyer with oodles of cash to back him up could eventually appeal till it found a court that would see it as attempted theft due to the sole reason for obtaining such software/info. I'm not as worried about the moral issue as much as the picture I'm getting of geeks who've abandoned Hacker Manifesto and joined the ranks of the unclean Beast.

Re:Legal precedent ?

[JBMcB]

-It is akin to a sting operation...

To get caught in a sting, the "stingee" needs to solicit something illegal from the "stinger." Just opening your car door for a prostitue doesn't necessarily constitute an illegal act, unless you solicited sex for money beforehand.

- You can't drop dollar bills on the road & then arrest citizens for stealing when they pick them up.

True, but you also can't sell baking soda to people in dime baggies telling them it's cocaine. Although, technically, p2p isn't really selling anything.

I guess my advice would be caveat clepta.

Re:Legal precedent ?

[gowen]

You can't drop dollar bills on the road & then arrest citizens for stealing when they pick them up.

No, but I can drop dollars in the street and then hang around to see who picks them up. Depending on local bylaws, I'd probably be allowed to photograph the doing it as well.

Re:Legal precedent ?

[jorenko]

This practice of prostitution sting is perfectly legal. The catch is, if the buyer asks whether she's a cop, she has to tell the truth. Only if she lies does it become illegal. (It's called "entrapment")

(IANAL)

Re:Legal precedent ?

[hesiod]

> It is akin to a sting operation

Akin, but not the same, and not illegal in the way you describe. The missing thing in this is the cops. These guys are taking no legal action, and AFAIK not handing this over to Law Enforcement Junkies.

Re:Legal precedent ?

[Rogerborg]

Dipshit. You can mount sting operations. For a concrete example, you can leave an unlocked car parked and wait for some thieving scum to choose to jump in it, at which point you lock the doors remotely and pick them up at your leisure. Good luck arguing that as entrapment.

Re:Legal precedent ?

[Paradigma11]

good luck getting the insurance to pay for your window :)

Re:Legal precedent ?

the belief that undercover cops have to tell alleged criminals that they are police officers is not true. Strangely it is often repeated, but a cop does not have to tell you the truth, otherwise there would not be undercover police officers.

Re:Legal precedent ?

[mlk]

Big ass spike from Robocop.

Yar!

Re:Legal precedent ?

STINGS like you described are perfectly legal and are NOT entrapment. It happens ALL the time and is held up in court.

Now of course your dropping the dollar bill example is something else entirely. For one IT'S NOT EVEN A CRIME to pick up a dollar bill that has been dropped on the road. How can that be a crime? Only if you saw the person drop it and attempted to hide the bill from him, etc. But just seeing a dollar bill lying on the road you would have no clue who it belongs to. It would be considered lost and abandoned property. That differs from the pallet of goods example. You might not know who owns it but it would be pretty obvious that it has not been abandoned and the owner could easily be determined.

PsiSilverthorn

Re:Legal precedent ?

[Dr.+Smeegee]

Actually that depends on the state. A guy I went to college with who had a "non-traditional herbal incense" business (sold joints out of his apartment) reportedly asked everyone who came in if they were police. The arresting officers assured him that they were not. :-) Sorry Fat Dan, away to jail with you.

One should look around and see what is fact and what is stoner urban legand before embarking on a life of dipshittery... of course, one tends to preclude the other.

Re:Legal precedent ?

You can sell baking soda to people telling them it is cocaine. They could of course go to the police and complain but that really isn't too smart as they are declaring they had intent to purchase a controlled substance. Only stupid people are going to go to the police and admit to comitting a crime in order to complain that a crime was comitted against them. So if you want to sell baking soda to people in lieu of cocaine just make sure you don't sell it to really stupid people.

Now if you sell baking soda to the police and have represented that it is cocaine you may as well have sold them cocaine.

Re:Legal precedent ?

[elflord]

Just opening your car door for a prostitue doesn't necessarily constitute an illegal act, unless you solicited sex for money beforehand.

Good luck wexplaining to the police what the hell you were doing opening your car door for the prostitute.

Re:Legal precedent ?

[El]

I disagree. I beleive there are legal precedents that have found it is perfectly legal for cops to lie. What isn't legal is use of coercion to force people to incriminate themselves. The cops can lie all they want -- if you offer money for something considered unlawful in your jurisdiction, you're busted!

Re:Legal precedent ?

Offering to give her a ride maybe? Honest Officer...I thought she was just stranded there without money for a cab.

If they don't get you to actually offer to pay money in exchange for sex then they can't charge you with a crime. (unless they have some curfew ordinances they might slap you with)

Re:Legal precedent ?

[El]

Even if that were true, it is perfectly legal for law enforcement to hire third party consultants who aren't bound by the same rules. In this case, the "decoy" can truthfully answer that they are not a cop - they are just someone hired by the cops to help them make vice arrests!

Re:Legal precedent ?

I don't know why this is moderated flamebait, but it is correct.

The police most certainly DO use bait cars like this that lock the theif inside.

The principle behind "entrapment" is that you cannot induce them to commit a crime they otherwise would not have. So they cannot, for example, ask you to steal a car for them (because they're actively inducing you to commit a crime), whereas they can leave out bait and if you take it, you're SOL.

That said, someone else pointed out that it's also illegal to sell people fake drugs (e.g. oregano as weed). Even if it were harmless, I understand that they still bust you for it. Now then, I do not know if that principle applies here, though it seems somewhat like it ought to.

The real problem is that we don't have very good bright line standards for what constitutes intrusion into one's computer (or rather, we have incredibly restrictive ones to which prosecutorial discretion is generally applied, meaning that by the time you're actually charged, you're probably SOL if you actually did so much as a portscan). The fact that they are doing this under false pretenses certainly does not work in their favor.

This is not, however, the first time such things have happened. I understand that there is at least one case of a fellow in the netherlands or somewhere similar (?) distributing trojans to catch child pornographers, then turning them in, one by one, to the police. The case was almost dissmissed due to the fact that the police there replied to him, saying that they appreciated his help, and they couldn't really bust him for anything (the act apparently not being illegal in his jurisdiction*), but that he had to know that while they were investigating this, they could not have him do it as an agent of the police. Since all they did was effectively fill him in on US law there, the court narrowly decided that he was not acting as an agent of the law, but if he had continued as such, they might well have had to throw out the cases against the pedophiles.

In short, nothing is all that clear-cut. Even all the folks here talking about downloading cracks or replacements for their broken CDs are probably actually breaking the law. That's not to say their actions would definately not be considered fair use, but that's not to say either that they couldn't be prosecuted for their actions. For example, the no-CD cracks when used in a more-or-less legitimate manner (by someone who owns a copy of the software) may still be in violation of the DMCA. The courts have NOT always been as kind as I wish they were in deciding what constitutes what, and we cannot assume that everything which we believe is morally right in some way is necessarily legal, that what is legal is necessarily morally right (think of SCO...), nor that what is illegal is necessarily morally wrong (many abused provisions of the DMCA, such as using it to attempt to extend one's monopoly on say, printer cartridges).

(* This star is here because courts have been known to excercise personal jurisdiction (e.g. make you answer for the laws of the jurisdiction of that court) for all sorts of reasons. Pretty much everywhere has a 'long arm of the law' statute, so it's pretty much a matter how much trouble someone wants to go to. There was a nice tutorial on this online somewhere, but I cannot remember the URL. I think that if you Google 'personal jurisdiction' you should find it at cyberlaw.com or somewhere with a URL akin to that...)

Weeeellll....

[Stopmotioncleaverman]

Technically - if you reduce it down to its basic components - you have a point. But apply this to other ares of life and you start getting problems.

A car is, by your rationale, just a collection of iron, rubber, various textiles, and some other metals. These are in turn just collections of random molecules. You can collect molecules just by digging in the ground! What makes a car special?

The point is that a car is special because it requires input - design, construction, imagination and engineering. You can't just throw a bunch of molecules together and come out with ca r, any more than you can just hammer on a keyboard's 1 and 0 keys and come out with a full dvd copy of the latest movie. It's not that it's just basic components that causes the problems, it's the fact that it has been created.

Hence the thing called intellectual property. Yes, it may just be a collection of 1s and 0s to you, or to anyone else, in all its bare glory - but the point is that it's somebody's collection of 1s and 0s. You can't contend that it's as much yours as the person's who created it just because it consists of basic components, any more than you can contend that the latest car on the street is as much yours as the company's who created it.

And... the Poll of the Day...

[LBArrettAnderson]

Spyware?

Good
Whack

Re:Software is just INFORMATION

[mobiux]

I understand your arguement, but in most eyes, mine included, if you conciously spend the time looking for and downloading something, you are for the most part interested in running that.

Unless you are privately archiving random applications, just in case someone with a legal license may need them.

This same arguement could be used on anything.
"No officer, those 5 bails of pot are there simply to get them off the street, nothing illegal will be done with them."

Yes, its probably illegal...

[breakinbearx]

but is it wrong? It doesn't spread itself, others spread it. When you download a piece of code off of a p2p network, you take a risk that it isn't what you think it is. Obviously, these people are rather intelligent, and it appears that they aren't evil, and just want to teach certain lawbreakers a lesson. And although it is vigilante in the sense that they are stepping outside of the law, they're not doing anything harmful. Now, if they were formating someone's hard drive when the executable was launched, it would be different, but this is just a small rebuke.

Props to these guys for sticking up for whats right.

Re:Yes, its probably illegal...

[hesiod]

> Props to these guys for sticking up for whats right.

It depends on your definition of "right," but that's not my point.

I think it's similar to the ideas that started around the time of code red -- rewrite the virus to uninstall the real one & put in patches to fix the problem. It's using questionable techniques to make an impact on a problem that exists (in their opinion).

Re:Yes, its probably illegal...

These guys aren't law enforcement and they're not arresting anyone.

A better analogy would be someone dressing up as a hooker and when someone solicits them for sex they take their picture and run. They later post that picture to the Internet. That would be perfectly legal. It's not a sting operation because they are not law enforcfemnet. It's not an invasion of privacy because they were solicited and their picture was taken in a public setting.

You might not like it, but it's reality. The Internet is the public world just like the outside world. I can post your IP address just as easily and lawfully as I can post your car's tag number.

/.ed already :P

[Stopmotioncleaverman]

Their public web display of current tracking information has already been /.ed. Wonder if it took out their database as well? :P

Stupid

" If we don't regulate ourselves, the government will."

This is about the stupidest argument I've ever heard...

"Yes, we have free speech, but we should limit it or the government well".

Well junior, then you don't have free speech. You either have it or you don't. You're one of those who is glad we don't.

As to self-policing warez, the government doesn't give a shit about warez. Only Adobe and Microsoft do. Oh and you. Now you're all scary important.

I'll bet you think porn is evil, DJ's talking about "anal" should be banned, and if we all just prayed to jesus, our problems would be solved.

I'd call you a moron, but the moron union just called and they're laughing at you.

Good for them

[Cereal+Box]

I've said many times on Slashdot that if you want P2P to be taken seriously and not be labeled as a haven for pirates, you need to actively engage in discouraging the use of P2P for illegal file trading. These guys are actually doing that. Good for them. At least they're not acting like some hand-waving Slashbots ranting about how no one takes P2P seriously, all the while refusing to acknowledge that the majority of data transfered on P2P networks is copyrighted, and furthermore refusing to do anything about it.

My favorite comeback line: "Maybe we should outlaw knives because someone might do something illegal with them!" -- completely off-target. Right now, the situation with P2P isn't that a minority of people are using P2P networks to trade copyrighted materials, but that a minority of people are using P2P networks for trading non-copyrighted materials. Until P2P fans actively pursue and discourage the use of P2P for illegitimate uses, P2P will continue to have a bad rap and be pursued by copyright holders.

Re:Good for them

"These guys are actually doing that. Good for them. At least they're not acting like some hand-waving Slashbots ranting about how no one takes P2P seriously, all the while refusing to acknowledge that the majority of data transfered on P2P networks is copyrighted, and furthermore refusing to do anything about it."

Maybe so, but they are just enforcing the thought that p2p is just a big virus/trojan distrobution center...

Re:Good for them

It isn't piracy if the downloaded file does not have a copyright. You are assuming guilt simply because someone downloaded a FILE NAME!

In the U.S. we have certain standards before we declare guilt. What these jerk-offs are doing is not police work and has nothing whatsoever to do with the guilt or innocence of the people downloading these files. Therefore you can't call the people who downloaded these files "pirates". I call them victims, but that is just IMHO.

It is not the job of citizens to police each other. The "Slashbots" you refer to have no right or need to "discourage" others from engaging in whatever behavior they want. Why should I care what someone else is downloading if it does not trample on my rights? It is called freedom. I let the police and RIAA worry about copyright infringement.

Finally, unless you actually have some statistics on who downloads what on P2P, you should stay away from statements about minorities/majorities and their rights to download copyright/non-copyright material.

Re:Good for them

I'm not entirely sure I've ever met anyone who deals only in legitimate files over P2P. :)

Re:Good for them

[telstar]

"I'm not entirely sure I've ever met anyone who deals only in legitimate files over P2P. :)"

• These guys have.

Re:Good for them

[elflord]

In the U.S. we have certain standards before we declare guilt.

The standard is proof beyond reasonable doubt for criminal cases, and merely prepdonderance of evidence for civil cases. Even if you could argue that there is "reasonable doubt" (and I'd just call "bullshit" on that), the evidence is rather compelling. Someone who downloads a crack probably intends to use it, and even if they're a legitimate owner of the package, they're probably breaching the license. In other words, the possible scenarios in which the downloader is not a pirate barely even pass a plausibility test (and certainly don't pass the "smell test")

It is not the job of citizens to police each other.

That's funny, the slashbots think that it's not the government's job to police the downloaders, because that's a waste of government resources, nor is it the right of the RIAA to act as police. The way the slashbots tell it, no-one should police the pirates, and they should be just left alone to continue on their merry way.

The "Slashbots" you refer to have no right or need to "discourage" others from engaging in whatever behavior they want. Why should I care what someone else is downloading if it does not trample on my rights?

You should care that you're using a product that is almost exclusively used for illegal purposes, because it reflects poorly on you that you're using it -- even if you happen to be in the 0.0001% of people who are using it to download Debian ISOs, or share your family photographs, or distribute your own music (yeah, right .... ), then when you're in court, the argument that you're in the 0.0001% and not the 99.9999% is not enough to contest a preponderance of evidence.

I let the police and RIAA worry about copyright infringement.

You can let the police get involved, but if that's really what you want, I hope that you're prepared to accept, even endorse criminalisation of software piracy, and jail time for offenders. Because this is what the implications of involving law enforcement are.

Finally, unless you actually have some statistics on who downloads what on P2P, you should stay away from statements about minorities/majorities and their rights to download copyright/non-copyright material.

You don't care about whether pirates are in the minority or majority anyway, remember ? So why are you even attempting to contest this claim ?

Re:Good for them

At least they're not acting like some hand-waving Slashbots ranting about how no one takes P2P seriously, all the while refusing to acknowledge that the majority of data transfered on P2P networks is copyrighted, and furthermore refusing to do anything about it.

My entire Linux distribution is copyrighted by someone or other but I can still distribute it because I have a licence that allows me to do so.

Furthermore, downloading copyrighted material from someone who doesn't have a licence to distribute isn't illegal under copyright law. How am I supposed to know the distributer has no licence? The only people infringing on people's copyright are the uploaders.

Re:Good for them

I just renamed their program RH-Fedora-Core-Install-Disc-1.iso.

So far I got 4 people.

Mod parent up, and grandparent down!

[Prune]

NP

Yeah but

[ParadoxicalPostulate]

Most of the people I know who do this stuff have specific contacts - i.e. they are maybe 2-3 hops away from the initial distributor.

Additionally, even if they are a few more hops away, they know and trust who they download from. Its not like they go and do a filesearch...most people know who they download from. And so when these l33t people get a trojan, they let their "clients" know.

Self regulation and internet vigilantes

[rm007]

It's interesting that this story should break at the same time that Wired News is running a story (or rather another story, they ran the first yesterday) about Perverted Justice an organisation that takes it upon itself to expose perverts hunting for children in chatrooms. The techniques and tactics of the two sets of vigilantes are completely different, but both are examples of what are in effect user regulation of the online environment.

Illegally distributed software

[WIAKywbfatw]

That's what they (the "victims") are essentially spreading. There's asses should land in jail as soon as possible.

Sorry, that's not my personal view (I don't believe in locking people up for small-scale copyright infringment) but it is the view of some, such as the content creators whose property is being infringed on.

I just find it ironic that just changing the subject line of your message from "Trojans" to "Illegally distributed software" gives us a whole new look at this issue: after all, most of the people engaging in P2P distribution of copyrighted material live in countries where it's illegal and probably punishable by a jail sentence.

The majority of people here seem to be engaging in double think: messaging people who engage in P2P copyright infringement that what they're doing is wrong and publishing their IP addresses is a Bad Thing, yet tracking down the online behaviour of spammers and then publishing their real world addresses (without any consideration for what might happen as a consequence) is a Good Thing.

Can someone please explain to me how one is so wrong yet the other is so right? (Preferably without resorting to the kind of language that you wouldn't use in front of your mother?)

Re:Illegally distributed software

[Walkiry]

Can someone please explain to me how one is so wrong yet the other is so right?

It's quite simple, with P2P sharing networks person A is passively letting their computer open so that any person B that comes and asks can grab a file if they like what they see.

A spammer, on the other hand, will make everything possible to get past the locks I put in my computer to try and give me a file I didn't ask for in the first place.

Re:Illegally distributed software

[como-genic]

I think its the standard double standards.

But its the tricky question, at what point and under what circumstances do you say it is acceptable to breach someones pseudo-anonimity online?

I think the obvious, Spam, Kidy Porn and For Profit Content Crackers. This does though get into technical problems, how? What happens to those who abuse such a system?

I am though not in favour of this kind a vigilantism. Even if it is for spammers as how do you know the information is accurate? Your only going on their word.

Re:Illegally distributed software

[Short+Circuit]

Everyone is a hyppocrite, in some form or another. All you need to do is twist logic to justify what you want.

I run into it all the time when I'm explaining my views to other people. Especially my parents.

Re:Illegally distributed software

[David+McBride]

You've missed the point of the argument. The argument is that intentionally distributing trojan code for installation on machines you don't own or control is a crime; in the UK it would fall under the Computer Misuse Act. That's bad, and you can be charged by the state and put in jail for commiting that crime.

Whether or not the end-user is doing something legally / morally wrong by downloading what they believe to be material under copyright to which they have no permission to use is a completely independent discussion.

Re:Illegally distributed software

[Famatra]

People are hung up too much on 'illegal' which seems a different thing then 'immoral'.

A solution: the people make the laws, and I suggest we reduce copyright length to something half reasonable so we can trade files and then 'illegally distributing software and music' becomes 'distributing software and music' and then the people are happy.

Re:Illegally distributed software

[noselasd]

Why ? What did they do wrong ?
Is there a law against sending away the IP address ?

Re:Illegally distributed software

[R.Caley]

You've missed the point of the argument. The argument is that intentionally distributing trojan code for installation on machines you don't own or control is a crime;

Interesting question. If you clearly label it as something no one should touch (even if the label is false), but leave it where it can be taken, are you distributing it.

Imagine someone who packaged up some illegal-to-distribute physical substance in boxes labeled `private, personal and mine, do not touch', then left them around. Can they be done for distributing the substance if someone comes along and steals it?

Re:Illegally distributed software

How 'bout this:

Fuck off you corporate fuck. Fuck you and all you stand for. The French Revolution MK II is coming to a neck near you soon.

Re:Illegally distributed software

[maximilln]

This brings back memories of The Twilight Zone and the box that says "Do not open until Doomsday".

I think it's long past time for Doomsday.

Re:Illegally distributed software

[David+McBride]

Imagine someone who packaged up some illegal-to-distribute physical substance in boxes labeled `private, personal and mine, do not touch', then left them around. Can they be done for distributing the substance if someone comes along and steals it?

Your analogy is flawed; there are legitimate non-infringing uses of keygen programs and no-cd patches. It is also legal to distribute these tools.

Re:Illegally distributed software

[C10H14N2]

You are making the assumption that because people think these guys are criminals that they think pirates are not. You're wrong. What these guys are doing IS criminal, no matter their intentions or the [il]legality of the actions of their victims--whose to say their victims were correctly targeted, some random programmer with a chip on his shoulder? Vigilantism in its other forms is generally frowned upon, in many cases it is explicitly criminal, so why do you seem to support it now that it involves a computer?

Re:Illegally distributed software

Easy..

Its because everyone on slashdot has some time in their lives, or does regulary, downloaded "warez". Noone believe in copyright really, unless when it comes to GPL:ed software.

So:

warez-traders/leechers: goood (even if some say they are wrongdoers on slashdot, noone really think so). Spammers on the other hand, they are bad..

Re:Illegally distributed software

Let the punishment fit the crime. Spammers inconvenience millions of people with unwanted advertisements, expose children to raunchy porno ads, and lead some naive people to buy bogus or even harmful products that they would never have otherwise heard about. (Some) file sharers just steal copyrighted material that they probably wouldn't have bought anyway.

To turn your question around on you, why do we (in the US) publish the names and addresses of child molesters, but not jay walkers?

Re:Illegally distributed software

[R.Caley]

Your analogy is flawed; there are legitimate non-infringing uses of keygen programs and no-cd patches. It is also legal to distribute these tools.

It's legal to oen boxes which say `private, personal and mine, do not touch'.

The point is that anyoen with a legitimate use for a legitimate tool would get it from a legitimate, trusted source. Someone who grabs something they have no clue about from a place they know nothing about, and runs it on their PC without checking what it is:

• Is clearly thick as pigshit.
• Is up to something they consider illicit.

In any case, if something is legitimate, why would anyone object to the world knowing they tried to obtain it? We aren't talking about something embarassing.

Re:Illegally distributed software

[David+McBride]

The point is that anyoen(sic) with a legitimate use for a legitimate tool would get it from a legitimate, trusted source.

Tools are not imbued with some intrinsic legitimacy. That is determined by how they are used -- and who is judging them.

Someone who grabs something they have no clue about from a place they know nothing about, and runs it on their PC without checking what it is:
Is clearly thick as pigshit
Is up to something they consider illicit.

Your conclusions are wrong and your logic is faulty.

The person who ran that code didn't intend to compromise their machine. Ergo, they trusted the source.

As with tools, legitimacy is determined by the person making the judgement -- one person's legitimate source may be another's evil monopoly-abusing nemesis.

They probably also had some idea of the stated purpose of the tool and thought that it would be useful to them. That implies a basic level of understanding.

It is difficult to know what code to trust and what not. Running binaries downloaded from an unknown user is clearly unwise, but that's not a crime.

Finally, wishing to perform an action in private does not imply that the action is illicit, or believed to be illicit by the person performing that action. Your contention to the contrary is equivilent to saying "If they are commiting no crime, you have nothing to hide/fear."

Which is not always true, in fact it is rarely true.

Re:Illegally distributed software

If you clearly label it as something no one should touch (even if the label is false), but leave it where it can be taken, are you distributing it.

...which is not what happened in this specific case. You're generalising. In this specific case, the software was intentially distributed to deliberately do something the recipients would not have wanted. The authors wanted it distributed, and actively participated in distributing it themselves.

Re:Illegally distributed software

[plover]

What these guys are doing IS criminal

Really? Exactly which law did they break? Please, cite it. And once you have the citation, please describe the actions that they took that you believe violates that law.

You may not like what they're doing, (or if you're like me you're probably amused as hell,) but your rant isn't valid until you have specifics. Right now, as far as I can tell they've approached the level of "practical joke." Any legal claim, such as "invasion of privacy" or "bait and switch", has specific legal tests that have to be met. You really need a lot more information to make this kind of claim.

Until then, I'd avoid downloading any UT-Keygen programs from the p2p networks if I were you. Or, at least install Zone Alarm to keep them from tracking you if you download the wrong warez.

Re:Illegally distributed software

[jasonisgodzilla]

If we have to explain this to you then your sense of morality has obviously not developed to an adult level. There is no point in wasting time trying to illustrate to you what should be an obvious dichotomy.

Re:Illegally distributed software

You do realize that those who download these fake packages haven't actually committed copyright infringement by doing so? They tried to, but I'm pretty sure that isn't a crime. They probably also downloaded other stuff as well, but that's an entirely different issue.

Additionally, in many countries, downloading is not copyright infringement (uploading is).

Re:Illegally distributed software

The majority of people here seem to be engaging in double think: messaging people who engage in P2P copyright infringement that what they're doing is wrong and publishing their IP addresses is a Bad Thing, yet tracking down the online behaviour of spammers and then publishing their real world addresses (without any consideration for what might happen as a consequence) is a Good Thing.

think about how the police does (phone) wiretapping...you can make the following analogies :

theCriminal = the spammer

theInnocent = the P2P user

thePolice = RIAA, antispam organizations, etc

is it clear now why one is TheGoodThing and the other is TheBadThing?

Re:Illegally distributed software

[CmdrGravy]

Indeed, the point here I think is that have not actually downloaded which was illegal - they may have thought they did but in fact didn't.

So is thinking that you have committed a crime actually a crime if you didn't actually commit a crime ?

Re:Illegally distributed software

[jedidiah]

Your rant is fundementally flawed.

Software piracy has not always been illegal for the class of pirates that constitute the "victim" in this situation. That's only been a recent change in copyright law.

Even now, such piracy has to pass certain tests (albeit abused ones) before such activity can be considered criminal.

OTOH, it has always been a crime to perpetrate viruses and trojans for as long as there has been computing laws of any sort.

Certainly criminal vs. possibly criminal.

Tort != crime.

Re:Illegally distributed software

[fred_sanford]

The legality of the Trojan unknowingly installed on downloaders' computers is independent of the legal of the download. A worm that attempts to update security flaws in your system is still a worm.

The network admin (and friend) at my first job out of school was in a similar situation recently. He (and I agree though it doesn't matter) thought he was doing the "morally right" thing. It was still illeagal though.

Re:Illegally distributed software

[R.Caley]

Tools are not imbued with some intrinsic legitimacy. That is determined by how they are used -- and who is judging them.

Well, yes exactly. And if the person trying to get a tool judges that their use for it will be illegitimate, who are we to argue with them.

I have a set of (notional:-)) security screwdrivers, I bought them in a shop. If someone tried to buy some secretly down a back alley, I think it would be reasonable to assume they wanted to do omething naughty with them, and didn't want them to be traceable.

The person who ran that code didn't intend to compromise their machine. Ergo, they trusted the source.

See under thick as pigshit.

Finally, wishing to perform an action in private does not imply that the action is illicit, or believed to be illicit by the person performing that action. Your contention to the contrary is equivilent to saying "If they are commiting no crime, you have nothing to hide/fear."

If there was even the slightest reason to believe that someone might feel the need to be private about any of these things, then the issue would be different. But the breach of privacy of the world finding out that someone plays Half Life (or whatever it was) is really quite trivial. They presumably stood in a shop where anyone could see them and bought it. (if we are assuming they actually lost the CD and so need the crack legitimately).

Re:Illegally distributed software

[C10H14N2]

Sure this is a tricky case, but they're going to have a hard time getting out of an interpretation of USC title 18, pt. 1, ch. 119, sect. 2511, aka the Wiretap Act and 18 U.S.C. 1030, aka the Computer Fraud and Abuse Act. Yes there are legal tests to this, particularly in the latter case, but the former does not require "damage" and the latter allows for even unintentional damage with a very low threshold. US Law is often interpreted VERY punitively. Take the _ONE_ exception in 18USC1030: "unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any one-year period." A piece of spyware like this over an entire year sucking up $5k of computing resources? Not very difficult. Note the necessary "AND" -- that is to say the mere use IS sufficient if the predicate value is true--and that value is AGGREGATE.

Get one modestly adept lawyer and these guys are in trouble. They've got 12,000 people now. If they hit fifty, a class action suit claiming each person lost a DIME would be sufficient. I wouldn't be so aloof about this. The United States is too litigious a place to skirt the law like this.

Re:Illegally distributed software

[R.Caley]

In this specific case, the software was intentially distributed to deliberately do something the recipients would not have wanted.

But that's the point, it wasn't distributed. It was just left lying around.

Re:Illegally distributed software

I didn't see that episode. What was in the box?

Re:Illegally distributed software

"Someone who grabs something they have no clue about from a place they know nothing about..."

Oh, please.. Everyone does this all the time on the internet. Downloading the latest linux distro from some foreign mirror? Do you know anything about the source you're getting it from? No. You just generally trust that the code has not been pre-trojaned.

So you're saying everyone is as thick as pigshit and up to something they consider illicit.. Ok, whatever.

And yes, I did get a trojaned copy of XFree86 off a well known linux distributor (at the time), so it DOES happen even when you're not up to something illicit.

Re:Illegally distributed software

[incom]

Spam hurts society. P2P copyright infringement doesn't hurt society(arguably). I, and many others care about the health of society more than about the selfish $$$ driven interests of spammers and copyright holding corporations.

Re:Illegally distributed software

[iburrell]

Except this isn't spyware. It doesn't install itself when run. All it does is pop up a dialog box and call the website. A hyperlink to their web page would do the same thing.

Re:Illegally distributed software

It's not necessarily accurate to make the assumption that someone downloading a keygen/crack obtained the software illegally.

Speaking personally, I have no-CD cracks for all the titles I have legitimately purchased, simply because my machine (with CD drive) is in another room from my monitors/keyboard/mouse setup as to be a serious inconvenience when I want to use title x, y, or z.

Re:Illegally distributed software

[foobsr]

Imagine someone who packaged up some illegal-to-distribute physical substance in boxes labeled `private, personal and mine, do not touch', then left them around. Can they be done for distributing the substance if someone comes along and steals it?

Scale this from a box with Plutonium to one with THC. Well.

CC.

Re:Illegally distributed software

[TikiTDO]

Question is, where are you leaving this box. If you put such a box in the center of a public mall then it's a real possibility. Putting a file on a p2p network is much like leaving your box in a mall, you are not doing anything to insure that the content will not be released.

Re:Illegally distributed software

[f0rt0r]

Good question, on one hand, no one will get a copy of the file you are sharing unless your computer sends it to them ( in the form of data packets ), on the other hand, you have named the file in such a way as to imply that others should not ask you for it. By ask, I mean "request", because if the file is shared, your computer will send it upon request.

Assume I did a lot of hand waving to handle things like IP blocking, request queues, etc, that would interfere with what I said above.

I need more coffee before I tackle this one...

Re:Illegally distributed software

"right" and "wrong" are just a front.

Re:Illegally distributed software

[R.Caley]

Putting a file on a p2p network is much like leaving your box in a mall, you are not doing anything to insure that the content will not be released.

But why should you? These people had not signed non-disclosure agreements, the things in the package belonged to them -- they can surely be as sloppy about the security of their property as they like.

And the third important point...

[clifgriffin]

We only collect this information if they click the button.

If they use any other means of exiting the program (ie, Alt+F4) it simply exits.

Yet again, it all depends on what they do....we don't collect anything without them making defined, deliberate actions.

It is not my belief that we are required to tell them that we logged the fact that they clicked "I'm Sorry. I Promise Never to Do it Again."

I would also stress that this information is harmless to them as we proved only that they downloaded a file with the same name as a crack...nothing that poses any kind of threat at all to them.

Re:And the third important point...

[bcolflesh]

Word to the wise - you've made some incredibly naive publically archived statements here, if you are indeed one of the perpetrators.

You may want to lawyer up at this point and let them do the talking for you.

Re:And the third important point...

Yet again, it all depends on what they do....we don't collect anything without them making defined, deliberate actions.

This makes no sense. If they don't know that the button is going to log their IP address to a public website before they click it then you can hardly call it a deliberate action.

Re:And the third important point...

[clifgriffin]

The point would be, genius, that I don't log anything simply because they open up an executable from an unknown source from a P2P network while they were trying to find a crack.

The logging happens when they click a button.

Re:And the third important point...

[YrWrstNtmr]

The logging happens when they click a button.

Do you tell them of that fact before they click?

It appears you don't. There is no other escape button on the popup window. No other mechanism, other than alt-F4, to dismiss your box.

You give the user little opportunity to not have it phone home.

Re:And the third important point...

Yet again, it all depends on what they do....we don't collect anything without them making defined, deliberate actions.

defined, deliberate actions?

like when they connect to theirbank.com and do some online banking?

Re:And the third important point...

Am I to assume that you do not have the permission of the copyright holders to use their copyrighted names in your little project?

Re:And the third important point...

[flewp]

Yet again, it all depends on what they do....we don't collect anything without them making defined, deliberate actions.

Seems a defined, deliberate action would be if they clicked a button saying "Click here to send your IP to our database"

You really didn't think this, or any of your arguements for it through, did you?

Re:And the third important point...

[AndroidCat]

You should have also told them to get software/hardware that traps any port access by unidentified programs. (Of course, if they were interested in security, they probably wouldn't be running most p2p software. ;)

Re:And the third important point...

Boy (and I do mean boy), I can't wait till my lawyers get a hold of you.

Re:And the third important point...

[goatan]

It is not my belief that we are required to tell them that we logged the fact that they clicked "I'm Sorry. I Promise Never to Do it Again."

To take someone's information (you don't even have to post it) and keep it is ilegal IANAL but it is my job to make sure my employer is compliant with this. If I were you I would stay away from the UK and Europe you could end up in jail for up to 5 years.

I would also stress that this information is harmless to them as we proved only that they downloaded a file with the same name as a crack...nothing that poses any kind of threat at all to them.

Irrelevant you did it without there permission.

Re:And the third important point...

Names aren't copyrighted. They may be trademarked - arguable in this case, but perhaps some of the ones they used are. But yes, offering something up in the guise of someone else's product using their own trademarked name is specifically what trademark law is designed to protect against.

(OT) Re:Software is just INFORMATION

[plugger]

Interesting analogy you have there. I'm not sure about the law elsewhere, but in the UK it is not illegal to smoke weed. It is illegal to possess it, and in order to smoke you have to be in possession, but smoking a joint is not illegal in itself.

Re:(OT) Re:Software is just INFORMATION

[mobiux]

Actually i think in the US it's the same, you can be high, you just can't have any drugs on you, or be doing something that the drug would impair you, i.e. driving.

Isn't just advertising these a problem?

[bmf033069]

I can't tell yet since the site seems to be down or crawling, but wouldn't the software companies get involved if your blatently advertising code / keys for download?

Whether they are the files that they say they are is another story (let the downloader beware, I guess). But you would think that companies would go after them (even if they claim to be good guys) with the same rigor that they are going after others?

Re:Isn't just advertising these a problem?

Yes, it is odd they are distributing cracks and keygens, and the vendors and BSA hasn't come down on them with C&D threats. Also odd their bandwidth provider hasn't said Boo. Are they all in the know about this entrapment scheme?

Re:its a dropper as well as a trojan

Yes, vewwyy intwastink.

At www.jsventures.com they're peddling something called "ProxyShield" which I've not heard of before. Certainly they're not ticked off that their product isn't selling well, eh? Not that anyone would give enough of a shit to share it on P2P nets.

Name: gso31-106-207.triad.rr.com
Address: 24.31.106.207

Anyway, LARTs to abuse@rr.com will prolly get 'walktheplank' axed real quick like.

Trying to orchestrate a DDoS on themselves?

[Uninvited+Guest]

This is pretty funny. The more successful the program gets, the more this pair is creating a potential distributed denial of service attack on their own web servers.

Re:Trying to orchestrate a DDoS on themselves?

Indeed. Modify the files to implement a huge collective packet magnification / smurf type attack and release it back into the wild. That will shut these fucks up real quick.

Re:Trying to orchestrate a DDoS on themselves?

[2MuchC0ffeeMan]

i wonder if their isp will appreciate that, go go gadget bandwidth meter.

on a side note, it's usually against most isp's ToS that you can't 'hack' and can't 'run a server'

the dns goes to rr.com ... this is gonna get messy.

Re:Trying to orchestrate a DDoS on themselves?

rr.com is the most liberal isp out there. A spammers haven. They won't do much about this.

Server hosed

[yknott]

Behold: Walk the Plank and Operation Dust Bunny
Note: Due to responses by certain detractors, we've updated our legal section (again) to further clarify our stance.

Apparently, this is becoming more and more newsworthy. Security Focus called today and interviewed me. Here is the resulting article: http://securityfocus.com/news/8279

At the start of this year, we (Justin and Clif, Clif and Justin) decided to start a new project. We declared war on illegal file sharing and pirates. The goal was to waste their time and bandwidth while tracking them and how the file moves around.

Results Pages for the Impatient: Walk the Plank Status Page | Dust Bunny Status Page

Walk the Plank, You Pirates!

The first version of this was more-or-less a test to see if it would work. We created a program in C# that would pop-up a message scolding the user. When the program closes, it would "phone home" to our servers, giving us the filename, how long the program ran (run time), and their IP address. We entered the information we collected into a database.

We copied the binary then renamed it to a bunch of warez-like filenames that we found via Jigle.com and searching different P2P networks. We put it up on the Gnutella file sharing network and waited. Within minutes, we had downloads. However, we didn't have entries in the database. The next day we came to the conclusion that people didn't have .NET installed and thus couldn't run the C# binary.

So we rewrote it in C++. Once finished, we replaced all of the C# binaries with the C++ binary. Again within moments, we had downloads and this time we have entries in the database. Goes to show the penetration of .NET.

After about two weeks, we noticed something: The file was spreading without our help. We stopped sharing after we realized this and the file kept propagating, and propagating, and propagating. In no time flat, we wasted over 16 hours of pirate time.

Screenshot: (Top: WTP, Bottom, ODB)

The Next Step: Operation Dust Bunny

The original idea we had went beyond simply logging filename and run time. We wanted to track who got what file from who. So a month after WTP, we wrote Dust Bunny. It was a two-binary system that would read the Pirate ID (PID) encoded in itself, send it to a server, then grab a unique PID returned from the server, and rewrite the ID that is encoded in the binary. Using this information, we could see who got what binary from who.

Written with one person using Visual Studio 2003, another using Dev-C++; one binary in C++, the other in C; and only one person knowing how to code in either language. It was a challenge since the "rabbit" (the GUI program) had to include the "eye" (the program that contacted the server and rewrote the rabbit) for execution. Plus the eye needed an offset that could only be gathered once the rabbit was compiled with eye included. Thanks to TightVNC and a lot of trading of information, we got through it.

Just to be safe, we added a "kill switch" to the eye. If the server returned a special ID number, the eye would delete the rabbit. This way, in case it got out of control as WTP did, we could stop it. Also, if someone renamed it to a filename we didn't like, we could add that filename to the "evil filename list" on the server.

After it was completed, we replaced all the binaries with the new version. Once again, they started to be downloaded instantly. The next day, we already had redistributions -- someone downloaded a copy from someone other then us. We could tell since we were logging the PIDs. It didn't take long until we had multi-branch trees of pirates.

We decided after one month time of sharing Dust Bunny, we'd stop and let it propagate on it's own. That marker was around March 9th, 2004.

Current Status

By now, WTP has racked up over 62 hours in wasted pirate time. Dust Bunny is well on its way with 20 hours. Dust Bunny has around 3,500 unique pirates and over 6,200 ex

Re:Server hosed

The goal was to waste their time and bandwidth while tracking them and how the file moves around.

wasting bandwidth? tracking them?

sounds like a trojan to me

Re:Server hosed

[CPlusPlusOwnsYou]

Written with one person using Visual Studio 2003

I'd like to know if they actually purchased that piece of software or they downloaded it, since it is expensive and all.

Re:Server hosed

Not if you got the $20 Enterprise upgrade before the start of the year and downloaded a 50 MB bootstrap disc from VS.NET 2002. You got their entire server line including Windows 2003 and a bunch of other software like SQL all for $20.

Re:Server hosed

The program does not compromise their system in any way, shape, or form. Every action it performs it performs soley for the purposes of logging an event. We are not in this to compromise downloader's systems, only to learn a little bit about who they are. It's a social experiment.


Can i see the source code? Or should i simply trust you ?

They received comments : "You're down"

[da5idnetlimit.com]

And now someone posted their web adress on slashdot...

Maybe we can link the threat in the article and the name of the Article Poster for them 8)

Perhaps I'm a muppet but...

it might be worth pointing out that clicking on one of those links registers that as your vote.
(I clicked on 'Good', 'cos it's the first link and I wanted to see where it goes, and now I can't click on 'Whack' to undo my unintentional vote. Oh well).

Let me take the following example

[Kjella]

Say an idiot employee downloads & runs this crack/warez/whatever at work. Unauthorized and all that, but that's his ass. Now, this software is reporting home to somewhere. Let's assume the idiot's sysadmin finds out. The employee might get sacked, but who do you think will get charged with hacking (cracking) the corporation's network?

You got it. Just the costs of verifying that it DIDN'T do anything else, didn't alter or delete any of the data on the computer, didn't transmit any of the potentially sensitive data and (if paranoid enough) rebuild the system is going to rack up to quite a bit.

If they give them one count of hacking for each machine on their incredibly self-incriminating list, I imagine even the minimum penalties would add up to life. So I would be very worried if I was them...

Kjella

Re:Let me take the following example

[pclminion]

I imagine even the minimum penalties would add up to life. So I would be very worried if I was them...

There's no way in hell what they did is deserving of life in prison, and no way in hell any judge is going to sentence them to that. Get a grip, man. Haven't you heard of the 8th Amendment? Proportionality?

Re:Let me take the following example

The could also just get "$50 and time served", Night Court.

Hell Ashcroft could allways just say the Govt. doesn't really have a case the rollover like he did for Microsoft.

Re:Let me take the following example

[Hans+und+Franz]

Would a company that makes hard drive partitioning software be responsible if some employee pirated their software and destroyed the partitions on an important hard drive? Would a company that makes telnet server software (simple, I know) be responsible if that same employee pirated it, ran it on a computer, and someone potentially had access to their network?

Of course not. The employee's responsible. And you're an idiot.

Re:its a dropper as well as a trojan

[robslimo]

Wow!

As the AC said (why's he modded troll?)

walktheplank.ath.cx resolves to 24.31.106.207 AKA gso31-106-207.triad.rr.com. The domain is reg'd to Clifton Griffin. www.clifgriffin.com also resolves to the same IP.

Cliffy baby, hope your lawyer is good, cause I bet the EFF won't take your case.

Bah.

[PhxBlue]

Was that an intentional part of the design? Or did you guys just overlook the ALT-F4 shortcut when you designed the program?

Re:Bah.

[clifgriffin]

By design.

Re:Bah.

[PhxBlue]

In that case, you had to know that a sizable number of people would not think to use the ALT-F4 shortcut and would instead press the "I'll never do it again" / go-away button to try and make the program go away. So, at this point, you've deceived users not once but twice.

Re:Bah.

[gatkinso]

Sure.

Hint: WM_CLOSE.

Grrr!

[troon]

This makes me really angry!

No, not the guys or their program, it's you lot. Yes, you complaining about "infiltration", "trojans", "illegal use of the 'victims'' computers" and so forth.

What's the matter - someone doing something to break up your cosy little gang of illegal copyright infringement?

So what if it's just cable-connected kids they're tracking - it's still infringement and should be punished, or at least discouraged. I'm all for this.

there goes my karma...

Re:Grrr!

No, not the guys or their program, it's you lot. Yes, you complaining about "infiltration", "trojans"

Hey! I don't like what you're doing!

So I'm going to go around to your house, mess up your lawn, tear up your flowers, break a couple of windows and eat the contents of your 'fridge.

What? You mean I'm not allowed to do whatever I want just because I don't like you - even if there's a possibility that you might be doing something wrong?

Due process and the correct legal channels, you say? What's that?

Also known as: Two wrongs don't make a right.

Re:which crime? Probably Entrapment

[SmackCrackandPot]

Probably "entrapment". An equivalent situation would be if the local law enforcement decided to leave a palette of boxed electrical goods on the street (let's say laptops or toasters), but which had wireless surveillance cameras built in. Once turned on, the machine would then broadcast images of the users back to headquarters. The authorities would then claim they had captured photographs of known thieves. Is that fair?

Interesting read

Here is a link to a dslreports thread where the authors of this software chime in:
http://www.dslreports.com/forum/remark,9707744

What about Manuel Miranda and Bill Frist?

They seem to have dropped out of the public eye. Aren't those two ever going to be charged under the DMCA for circumventing protective measures, or under the NET act for unauthorized access of others' data? Why is the USG publicizing cases against grey hats when there are already high-profile black hats known to be working in official capacity?

Just say no to this kind of rubbish.

[psycho_tinman]

These are just the type of guys who think it's grand fun to fake an alert box saying "your internet connection needs to be optimized". In that sense, not much to see, we should move on. More of their kind inhabit companies that try to install spyware on your machine too.

I disagree with their definition of "trojan". If a user inititated a download, they argue, then it's not a trojan. To take a random example, the makers of Winzip would love to replace "7zip.exe" with a "smart" application like theirs, which says .. Oh, don't go for this rotten free unarchiver, try out our wonderful product.

Finally, it's an act of utter irresponsibility on their part to post these IP addresses out on the world wide web. Yes, I agree. What they did was very very clever. They may have valid reasons for grandiosely "declaring war on file sharing". But I think that posting IP addresses, locations and filenames onto the public eye transformed what they did from a "clever social experiment" to an exercise in maliciousness.

Now, by the same token, if I should disagree with what they did, should I post their names, email and contact numbers for anyone to see, right here on Slashdot ? Nope. I would not stoop so low.

Vigilantes

[CFBMoo1]

Wired has one on a vigilante group that goes after perverts in chat rooms that prey apon children. As much as I admire the intent of every day people to keep things clean, decent, and honest. I also have to agree with points in this other article where law enforcement is being hampered by scaring off the bad people to go deeper underground and the problem just gets burried and not delt with completely. Next thing you know you have a problem thats 10x's worse then before since it wasn't handled properly to begin with.

In the case of the software vigilantes. They're in for a world of legal hurt I think even though their basic intentions are good.

Re:Vigilantes

[tiny69]

There was a time when if you posted the address of a web site that hosted child porn on alt.hackers.malicious, the hand full of regular posters would trip of each other trying to be the first to deface the site. Since child porn is considered the greater of the two evils, many felt the defacing was justified and would be over looked by law enforcement personel.

nope, they don't

[vida]

and they have a website that updates in real time whever someone executes it

not anymore...

These guys should be put in jail

Software piracy is wrong. At the same time, invading someone's privacy is also wrong. Put 'em behind the bars along with the pirates.

Illegal?

[rjelks]

I'm not sure what they're doing is breaking any laws (US at least). How is this different from a web bug or other spyware? If it opens up a particular tracking page on their site (ip logged), then I don't see this as being a back door or trojan. Privacy is a concern I share with a lot of other slashdotters, but I'm not sure what laws are being broken. If people are really bothered by it, maybe we should start a campain to get a bunch of people to use the program. What are they going to do with millions of ip addies?

Re:Illegal?

It masquerades as something it is not, therefore it is a trojan, you are tricking users to run something they didnt want to run, its a trojan, and trojans are illegal

Re:Illegal?

[rjelks]

I think a program that doesn't hijack your machine isn't a trojan. If all it does is send a request to a webserver then it doesn't sound worse than any webpage - except for the fact that it's not what the user intended. I think in order for it to be illegal it would have to do more than ping a server. Don't get me wrong, I don't like the idea at all. I'm just not sure under what law something like this would fall under. Lots of programs do things that the end user isn't aware of. This seems more like spyware (not illegal) than a trojan.

Re:its a dropper as well as a trojan

[bcolflesh]

And his site is exposing code including SQL queries.

Nice to see

Microsoft making Visual Studio affordable to students though. I would hate to think they coded all this on a hooky copy of .net2003...

Re:Nice to see

[gatkinso]

VC++.NET 2003 is $99 - and I recently found a copy for $79.

Not that I think they would have paid (assuming they used that tool) - but it is pretty cheap.

firewall

[real_smiff]

Yet another reason to have a firewall running folks ('keygen wants to phone home, let it?'), especially if you're up to sommat. (of course, someone stupid enough to run a dodgily named executable with only few sources from Kazaa network, probably isn't going to have a properly set up firewall either..).

Although having said all that, i'm not running a firewall atm, but then i'm behind NAT and not doing anything dodgy (and feeling lucky, punk!)

Sygate Personal Firewall and Kerio (sp?) seem to be favourites last time i checked.

Re:which crime? Probably Entrapment

[troc]

AFAIK, it's only entrapment if the LAW tries it.....

They are distributing some software they wrote, so they are free to distribute it as they like. They are disclosing publicly available info. on their site - all they are doing wrong is (possibly) some copyright infringement as they called their application UT2004.img (or something)

Troc

You are daft...

[cnelzie]

...Google for "Pinky and the Brain", it was as series of shorts in the 'Animaniacs' cartoon show.

It's a story about some laboratory mice, that weren't very nice...

One of my favorites was the "Billy-Bo-Bub-Brain" episode... Very funny stuff.

Animaniacs was 'for kids' but had so many strong adult references that most of the jokes would have completely missed by anyone younger then around 20 when the show originally aired.

Re:You are daft...

[mahdi13]

They even got their own 30 minute show...I wonder if these have made it to DVD yet...*googles*

They're setting themselves up for a fall.

The only thing corporations hate more than software pirates is virus writers.

Vigilante

[AviLazar]

Don't vigilante's get their butts slammed in jail? (no pun intended, though, hmm I am sure their potential fellow inmates probably don't like them either). :) This is not too far from some of the people who wanted to test airport security by sneaking on knives, guns, etc. Those people got slammed by the law, hopefully these two will also. -A

Re:Get what you deserve

[Sentosus]

Stand up for your beliefs.

Piracy != Theft.

Remember, by some's interpretation of law, the linux distro that you speak of has SCO's illegal code in it.

It may make you feel warm and fuzzy inside to post things like the parent, but a lot of IP and Copyright reform is desired by the public.

Now on to a bigger issue. The files with the attached trojans are misleading. You are assuming that a Keygen is understood to generate a key for unlocking the program. How are you to assume that this is not the evaluation copy of MS Office that can not save files that Microsoft hands out at presentations? How do you know that this is not the 64 bit version of Windows XP that is free to use right now?

It is an assumption that really you can not make. Now the biggest question is whether or not my cellular bill is going to go up when I am charged by the Kbit for Internet Access on my laptop that is constantly spamming my IP?

Yawn...

Don't you need like, uh, a life?

Seriously, you care a little too much about this? Who cares if people pay for Microsoft Office, other than Microsoft. I can't find a good reason to give Microsoft any money for any reason.

Thank heavens the world has you around to keep things straight.

Re:Really, who cares?

[hesiod]

> Sounds like a couple of guys who wrote a crappy shareware program,

Wow, most people don't read the article, fine, but you didn't even read the summary! Wow, what amazing ignorance. You give atheists a bad name.

Note that EFF may want to "phone home" too

[turnstyle]

No doubt trojans are bad. BUT, it is worth noting that the EFF themselves are also considering systems that would "phone home" to a central server to track P2P use -- it's just that in their case, they want to do so to track P2P use so that authors can get paid.

That doesn't appeal to me either (the "getting paid" part is, of course, reasonable, but the "tracking what I do" part isn't)

Re:which crime? Probably Entrapment

[Rogerborg]

Bollocks. The equivelant situation is the one that actually happens, where law enforcement leave an unlocked car in a car park. Along comes a car thief, actively looking for one car out of many to jack. He picks that car as being the most attractive, jumps in, the doors lock, and he's collared. Good luck arguing that the unlocked door turned him into a thief.

Same here. You have to go looking for these files. You don't just stumble across them, and you don't just accidentally download them, any more than you, as a non car owner, can accidentally search through a car park and then accidentally fall into a car that isn't yours.

The EFF do a lot of good, but on this issue, they can suck my dick. They need to pick the right fights. This isn't one of them.

Social Experiment?

[PhxBlue]

If this was in fact a "social experiment," I have a few questions:

• What was the thesis for the experiment? What were these guys setting out to prove?
• How does the data they collected actually bear upon the experiment itself?
• What is their conclusion based upon the data they've received?

If this was a genuine social experiment, these questions have already been answered, somewhere. Otherwise, I think we can chalk this up as a prank designed to embarass people.

Not just keygens and cracks... LOTR file download

[SomethingOrOther]

I think you might be incorect

Mar 18 2004 05:11:22PM XX.XXX.XX.XX Netherlands 6 Lord Of The Rings The Fellowship Of The Ring (2001).CD2.DVD SCREENER.DVL.ShareReactor.avi.exe

Although admitedly most of hte downloads do look like keygens.

HA! HA!

[gatkinso]

A bunch of software pirates complaining about illegal online activity!

Oh the irony! It is great! Way to go guys!

Ah well - I am a software developer - I pay for the software I use and expect people to pay for mine (well, my company's anyway) in return so that I can put food in my son's mouth.

From their webpage

[ottffssent]

<head>
<title>Operation Dust Bunny: Deployment Status Page</title>
</head>
<body style="margin:0">
[1]

Offhand, I'd say today we're not tracking *anybody*...

Whoa, we just Slashdotted a cablemodem!!

[reality-bytes]

That link http://walktheplank.ath.cx is a dynamic DNS re-router for people on Cablemodems / DSL etc.

Ouch, I almost feel sorry for them :D

Re:Whoa, we just Slashdotted a cablemodem!!

[Jaysyn]

The only way it would be better is if they had monthly limits....

Jaysyn

Re:Whoa, we just Slashdotted a cablemodem!!

[presmike]

think roadrunner might be pissed at all the port 80 traffic to 24.31.106.207... now i don't have roadrunner but, if they are anything like comcast... these guys are breaking the AUP by running an illegal websever. But remember folks... they are the "good guys"

Re:Whoa, we just Slashdotted a cablemodem!!

[KaSkA101]

Yeah it is, its a road runner connect, I just used ARIN to look up who the IP address is owned by. Their modem must be smoking now.

Behold the iron bars of your jail cell

[janolder]

No matter which way you turn it, this is a slam dunk for a prosectutor should one decide to go after you. You intentionally waste bandwidth of innocents (the ISPs), you break into a computer system without invitation, steal computing time and perform an illegal search.

IANAL, but I would recommend to shut the thing down right now and hope for the best. Not sure if contacting a lawyer is much help this very moment - the time to do that was before unleashing this code on the world. As it is, you might want to spend time on finding a good lawyer, I wouldn't put it past the FBI to break down your door in a few days. Your mileage will vary.

Re:Behold the iron bars of your jail cell

[elflord]

Sounds like wishful thinking on your part. What I find positively hilarious is that the best that the slashherd can do on this one is angrily yell "It's AGAINST THE LAW!!!!". I'm glad that the slashherd have recently discovered a newfound respect for the law. However,

You intentionally waste bandwidth of innocents (the ISPs),

The bandwidth usage is minimal, so this is a really weak argument. Moreover, the bandwidth "wasted" in contacting the server is only a fraction of the bandwidth that the user voluntarily consumes in the download process. Bandwidth voluntarily consumed by an ISPs customer is an issue between the ISP and the customer. If the customer exceeds his cap by searching the web for warez, the ISP are within their rights to deal with the extra usage in whatever way the terms of service allow.

you break into a computer system without invitation,

They don't "break into" a system at all. The user installs the program.

steal computing time

Not sure what you mean by this. But I find it awfully amusing to hear this. The fact of the matter is that the user again volunteers their "computing time" by executing the program. The program does not consume a significant number of CPU cycles.

and perform an illegal search.

Again, this is utter nonsense. It doesn't "search" at all.

IANAL, but I would recommend to shut the thing down right now and hope for the best.

I think your comments are more motivated by wishful thinking than they are by any sound legal premise. Indeed, since you're not qualified to give legal advice, I don't see how you could offer legal counsel based on anything besides your opinion about the way the world "should" work.

Re:Behold the iron bars of your jail cell

[janolder]

Ok, I'll bite.

First off, I don't use P2P (for legal or illegal activity) and I could care less whether it lives or dies. So much for the wishful thinking part. However...

Bandwidth: By tricking the P2P user into downloading, bandwidth is wasted that I would prefer to see put to other use. Whether that can be pinned on the authors is a different issue, but since the effect was intended I do suspect so.

Breaking into a computer system: Tricking a user into downloading code that does something unexpected by whatever method is breaking into a computer system in my book. And yes, it fits the wider interpretation of Trojan: "is a piece of unauthorized code hidden within a program" (from Google).

Computing time: I will concede this point. At first glance it looked like the trojan also intentionally wasted CPU cycles.

Illegal search: The definition of illegal search is all about expectation of privacy. You could argue that somebody intending to commit a copyright infringement has no expectation of privacy. On the other hand, since the user did not actually commit a copyright violation it can be argued that he did have an expectation of privacy which the trojan violated by phoning home.

Judging from the maturity level of the authors, I suspect the case would end up in juvenile court anyway.

Re:Behold the iron bars of your jail cell

[elflord]

By tricking the P2P user into downloading, bandwidth is wasted that I would prefer to see put to other use. Whether that can be pinned on the authors is a different issue, but since the effect was intended I do suspect so

I would argue that the author of the program is free to name the program in any way he wishes to, so long as it doesn't infringe on someone else's trademark. The fact that the program doesn't perform the function that the name suggests is moot, because there is no implied warranty for products distributed through P2P.

And yes, it fits the wider interpretation of Trojan: "is a piece of unauthorized code hidden within a program"

It's not "hidden within a program", the primary function of the application is to do what it does. The reason I don't consider it to be "breaking into a system" is that it runs with full permission of the user. The program does not gain special access priveliges like a rootkit or similar. The word "breaking" implies some use of force (root kit, etc). I don't see how something initiated by the user could be called a "break in" with the possible exception of a program that attempts to gain escalated priveliges (a trojan rootkit or similar)

The definition of illegal search is all about expectation of privacy. You could argue that somebody intending to commit a copyright infringement has no expectation of privacy.

Depends on what information was obtained and how it was obtained. Do you have a reasonable expectation that your IP address will be kept a secret when you download software from the internet ? How is this worse than logging transactions on an FTP server ? It's not as if the package searched the users hard drive for credit card numbers.

Re:Get what you deserve

Can't afford winxp? Get a linux distro.

Cheers, will do!

Can't afford video games? Get a job. blah blah blah...

Oh wait, I thought games and Linux were mutually exclusive?

Oh well, back to pirating Windows.

Don't get me wrong, I agree with what you're saying, but if it was so simple to just run Linux for everything, people would do so.

Fact: most games don't run on Linux. The good games that do are First Person Shooters (Enemy Territory, Quake x, UT). All other games that come to mind, suck.

Thus, people will continue to pirate Windows.

Cracked cracker

[Phisbut]

How many cracker can a cracker who cracks crackers crack?

Worm

[g0bshiTe]

So what they have done is written more a program, which installs something unbeknownst to the user ( isnt this illegal?) and it phones home to a server ( isnt this harvesting and also illegal? ). I say throw the book at the PRATS!

Re:Worm

Doesn't install.

Doesn't harvest.

Re:Software is just INFORMATION

I dont think it's wrong to download something even if it is say a copy of a game or music. There is nothign wrong with downloading it to me. It's when you actually use it without the license that it's wrong.

I'm sorry, but you're a spastic :P

wtf?

Isn't this equivalent to selling rat poison but telling people that it's cocaine?

I'm pretty respectful of most copyrights, but this just seems wrong.

But can it tell me...

[BitwizeGHC]

the approximate number of lions and tigers in Kenya, or the trajectory that might be followed if Kenya were to urinate on Norway?

Thinking of booking with "Holy Crap. Lions!" Tours.

Rule of law

[sita]

Can someone please explain to me how one is so wrong yet the other is so right?

Vigilantilism is wrong. Period. Rule of law is characterized by a state monopoly on justice. If you don't like rule of law, there are plenty of countries where it doesn't apply.

Or, in a language your mother would use: Two wrongs don't make one right.

Re:Rule of law

[R.Caley]

Vigilantilism is wrong. Period. Rule of law is characterized by a state monopoly on justice.

But they aren't vigilanties, they are just moralists and gossips. So far as I can see they are not punishing anyone, just stating their opinion of (wannabe) pirates and telling the world that whoeveritis is one.

Re:Rule of law

[mahdi13]

Vigilantilism is wrong. Period.

Does that mean Batman is really the bad guy?
Batman goes out and takes the law into his own hands, instead of letting the cops know where/what is going on...he does it himself. Because he knows he can do a better and more effective job then the police.

We now return you to the real world

Re:Rule of law

[MayonakaHa]

No, they're not punishing anyone. They're just collecting a huge database of who downloaded the program and what purpose (depending on filename), plus assigning each computer a unique ID that ran the file.

Re:Rule of law

[JaxGator75]

Yes. Batman is a bad guy... Read "The Dark Knight Returns".

/so is The Punisher

Re:Rule of law

> Or, in a language your mother would use: Two wrongs don't make one right.

That isn't always true. If someone kills your brother, you kill them. Sure, it doens't bring your brother back, but they won't kill anyone else, and you'll feel better about it, because someone doing that and then being free to get on with their life isn't fair.

Re:Rule of law

[jedidiah]

In various versions of Batman, his actions were at odds with the law and legitimate law enforcement did try and apprehend him as a "lawless vigilante".

Such themes are quite common in superhero comics.

Spidey had such a confrontation with NYPD in the recent Spiderman movie.

Re:Rule of law

[R.Caley]

No, they're not punishing anyone. They're just collecting a huge database of who downloaded the program and what purpose (depending on filename), plus assigning each computer a unique ID that ran the file.

As I said they are gossips. If I were to keep notes of which of my neighbours park illegally or may be cheating the benefit system, that would not make me a vigilante, just nosey. If I told others about it, that would make me a gossip and a bore, but not a vigilante.

Actually, even if they were doing something negative to the wannabe pirates, it's not clear to me that would be vigilaneism, not just a rather robust likeing for practical jokes.

``Here's a big, mysterious parcel, it contains a baloon, honest. Please hit yourself on the head hard... oh, was it a hammer?''

Re:Rule of law

[cableshaft]

If someone kills your brother, you kill them.

Only in the movies.

Sure, it doens't bring your brother back, but they won't kill anyone else,

The point is, that's not for you to decide, but the laws. For all you know, your brother attacked this person and he killed him in self defense. You have to trust the law to apprehend him and determine whether or not he is guilty of the crime and needs to be removed from society to prevent him from killing again. You can't take the law in your own hands. You may not be as well informed in the law to the proper course of action, or know the whole story (or even want to know the whole story, so you can justify it according to your morals). There are ways of coping with a loss without resorting in eye for an eye.

because someone doing that and then being free to get on with their life isn't fair.

Ah, so we should go back to the days of eye for an eye as well as become a socialist country eh? I run over your cat accidentally, you are therefore entitled to run over mine? I get hired for a job we both applied for, so I must therefore find you an equal paying job? Your friend attacks me and I kill your friend in self defense so therefore one of my friends is forced to attack you so you can kill him in self defense? Life isn't fair, and previous attempts to force it that way have been major disasters. Trust the law to do its job, and if its not, speak out and vote for change. But don't decide you're better qualified and "do their jobs" for them.

Re:Rule of law

[canadian_right]

Actually, government is characterized by "a monoply on using FORCE to enforce its decisions over a defined geographical area". Good government uses force in a an attempt to be good and just, bad governments do not care about justice, but both are governments.

I'm not sure this is "vigilantism". It is my belive that ALL citizens, not just the police, should help legally enforce laws when safe to do so. I hold doors open for people, I help out kids who are being bullied, I pick up trash that isn't mine. Am I being a vigilante when I do these things? These guys are NOT harming anyones computers or stopping them from downloading anything. they are gathering data and trying to shame people - much like a "shame the John's" campaign.

I don't think they should be distributing spyware, but they are not vigilantes.

Re:Rule of law

"The point is, that's not for you to decide, but the laws"

Why not? Why can't I make that decision? Because law made by man says I can't, that's the only reason, and sometimes it's just not a good enough reason.

You can't always trust the law either. I've seen murder cases where the obviously guilty is let free (or basically free due to an idiotically low sentence) due to some stupid technicality. Sure, by killing the other guy, you face the wrath of the law, but that just means it's illegal, not necessarily "wrong".

Law and justice are NOT THE SAME. I wish people could get this through their thick skulls.

Re:Rule of law

"Vigilantilism is wrong."

It's not wrong. It's illegal. Right and wrong are ethereal concepts as viewed by an individual and depend upon many factors such as motive, time, outcome, those involved, etc..

Re:Rule of law

[cableshaft]

"Law and justice are NOT THE SAME. I wish people could get this through their thick skulls." I know and understand that. In fact, I'm against Capital Punishment for precisely that reason (i.e. sometimes the court fails and a man is convicted and executed, only to find out later that new evidence reveals his innocence). However, can someone who was close to the victim, who has a personal hatred against the killer, who has a vested interest in only paying attention to the facts that convince himself that the antagonist was guilty while conveniently ignoring the rest so he can justify the only action he feels will bring his mind piece, shortly after the event occured, a better arbiter of justice than a disconnected, objective, impartial judge and a group of random people who get to hear both sides of the case, all the facts, and decide after mutual discussion whether the antagonist is guilty of the crime, and what his fate should be? I'd have to say I'd vote with the latter. I've seen too many people react too often in a irrational matter because they let their emotions cloud their decisions, and a judge and jury, while still not perfect, at least helps to insure that justice is more often served than not.

Re:Rule of law

> Ah, so we should go back to the days of eye for an eye as well as become a
> socialist country eh?

Nothing wrong with socialism. But I'm not an old skool christian.

Re:Rule of law

Sounds like you have all the answers! Ok, wise one - perhaps you can knock off a quick one-liner on each of the following issues:

1) Abortion - right or wrong?
2) Should adults be prevented from growing, buying and consuming cannabis.
3) "War on terror" - payback for america, or unjustified acts of uncivilized criminals?
4) P2P swapping - major threat to the music/movie industry, or actually encourages people to buy more products after sampling them?
5) Capital punishment.

Re:Rule of law

[cableshaft]

I never claimed to have all the answers, or that I'm the final word on worldy concerns, but I do have an opinion on each of these.

1) Abortion - right or wrong? Right. It's basically forcing a miscarriage, and those happen all the time. If it reaches the third trimester, though, it'd be better if the woman just had the child and gave him up for adoption. In fact, donate those aborted fetuses to stem cell research while you're at it.
2) Should adults be prevented from growing, buying and consuming cannabis. No. And I speak out against the laws regarding it, as per my previous post.
3) "War on terror" - payback for america, or unjustified acts of uncivilized criminals? Payback for the American government's actions, easily. They're also uncivilized criminals, but it wasn't unjustified.
4) P2P swapping - major threat to the music/movie industry, or actually encourages people to buy more products after sampling them? Encourages people to buy more products after sampling them. Also a major threat to the music/movie industry, but just like all us displaced IT folk, they'll just have to evolve or die.
5) Capital punishment. Unneeded. More economical to society and detrimental to the prisoner to keep him in a cell the rest of his life, plus it allows for future evidence that might prove his innocence.
6) Should someone be allowed to punish anyone who he feels/senses has committed a crime? No fucking way. Call the authorities, help them apprehend the percepted criminal, testify in court in front of an objective jury, sure, sure, but he shouldn't cast judgement and punish said criminal himself. Even that Jesus fella everyones always talking about didn't do that.

RIAA Death Squads forming

would this not be the next logical step?

Possibly accusing the wrong person...

So basically they are advertising that someone is downloading what people might term as copyrighted material. They are defining who these people are by there IP address. The legal owner or user of that IP address may not be the person download/uploading that material i.e. they could be using a proxy, using a place of work, public connection (airport wifi,'net cafe,etc).
I dont know if Id like to be falsely accused of being a software pirate.

The Irony of it

[goatan]

These 2 are annoyed at Piracy so they do something illegal themselves I hope they get punished hard for being hypocrites

Vigilantes vs pirates vs spammers

[Anders+Andersson]

I believe most of us feel angry when reading about these vigilantes. I know I do. However, I would encourage all of us to remember that if these vigilantes were, say... tracking down spammers... then we would be extatic.

I don't feel angry about those vigilantes, but that's not to say I'd approve of what they are doing. I'm simply not affected by it, much in the same way I'm not affected by someone setting up tripwires in a semi-restriced area where I have no business going anyway. Do they risk hurting innocent people? Maybe; I don't know because I won't go anywhere near their code, and I still don't consider myself "innocent". I'd invite them to try hitting me. They can post my IP address all they like; I simply don't care.

I'm aware that there's a difference between pirates and spammers.

We are in agreement here, but I find another question more interesting, namely is there a difference between vigilantes and spammers?

My line of thought being, if these people (the vigilantes) make excessive use of the resources and gullibility of others just to make their point with respect to piracy and P2P software known, aren't they (rather than the pirates) the ones to be likened with spammers in the first place?

Spamming isn't primarily about stealing, it's about being seen, often by means of stealing. Piracy is about stealing without being seen. Vigilantism is (in this case) about being seen by those accused of stealing. Now I have to rest my case, before I bring in my friend Chewbacca...

Re:which crime? Probably Entrapment

[Lemmeoutada+Collecti]

While we're on the analogy kick, this is like Joe Nobody modding his car to look like a Ferrari, leaving his car deliberately parked and unlocked in a highly visible car park, hiding in the backseat with a camera, and waiting. When the unsuspecting 'thief' comes along, he snaps a picture and turns that over to LEO as proof of the thief's guilt. In US courts, this is a) Entrapment and b) Vigalantism, and is not admissible in court.

On the other hand, an LEO who tapped a PC like that would himself be guilty of wiretap without a warrant, or illegal entrapment.

And you don't have to go looking for these files. Just try to find a Mandrake ISO without getting at least one misnamed .ISO of some cracked game. It's not very easy to avoid.

Trojans of trojans

[maximilln]

Even if we assume that these vigilantes are doing nothing morally wrong themselves at what point should they be responsible for opening a security hole in a system which can be exploited by other more malicious stalkers? Can these vigilantes show that their code is 100% secure such that only they can make use of the resources that it provides?

Spyware and malware and P2P programs and instant messaging programs may not be malicious in and of themselves but they're all coded by half-hacks who aren't very interested in security. Do they properly check their buffer overflows, input validation, or ensure perfect alignment with a proper handshake protocol?

I think not...

Let's say that the law would tolerate the vigilante retrieval of stolen property. At what point is the vigilante liable for leaving the backdoor open?

Let's say that malware and spyware and spammers really are nothing more than advertising methods used to boost the economy (which can be argued as "good"). At what point are the authors of those progams liable for the malicious attacker or stalker who relies on them to identify easy targets?

Let's say that posting signs for your candidate on someone else's front lawn would be legal. Are you liable if a serial killer decides to pick his targets based upon lawn signs?

Implications are more than just one step removed from the source.

THERE ARE NO GUARANTEES WITH WAREZ

[LiquidCoooled]

Yeah so, yet another program calls home, and the tin foil hat brigade come out - it does nothing dodgy, and serves them right for wanting a dodgy serial number.

People whinging and complaining about this piece of software should perhaps go out and buy the game.

Your all lucky it DIDN'T format your drives ;)

I downloaded the demo, and cant wait till payday :D

Re:THERE ARE NO GUARANTEES WITH WAREZ

Besides, the programs activity is more comparable to spyware then a trojan. It isn't that malicious, it dosen't break security, and people could get your IP address anyway.

Maybe it should have reformated the disk to teach these thiefs a lession. But since it doesn't do that like a virus, people have the nerve to start whinning about being caught instead of counting themselves lucky.

shareware coder whiners indeed

yeah i bet noone sent them the shareware fee for their crappy software.. so they decided to do a fake crack.
THIS ISNT A NEW IDEA someone who made a fucking GAMEBOY EMULATOR made a fake crack for it, which WIPED PEOPLES PALM DATA.. he later claimed it was 'a joke that got released by mistake'
ive had to use 'warez codes and cracks/keymakers' no-cd cracks for games I BOUGHT but lost the cd case for .. or even a game i dont want to keep the cd in the drive for to play it.
having a crack isnt illegal.. its only illegal if you use it to warez something - these guys and their stupid trojan dont prove that at all... and if the crack theyre trojaning isnt even a real crack.. then theyre just 'outing' people who downloaded a FAKE crack. wow!

Do you believe in private health care too?

[Fantastic+Lad]

When I was a kid, I 'stole' all my software.

I had no money, but I wanted to learn, and to be a part of the whole digital revolution.

Now I am older, making money based on those skills, and I own legit copies of the programs I liked. Is the world a darker place because of this? No. In fact, I'd say that the world is a more literate place because of software 'theft'. Everybody now has the tools they need to communicate more fully.

And guess what?

The software companies aren't suffering. They lose no physical material when a piece of software is 'stolen'. It's not like cars or widgets.

Further, individuals who 'steal' software usually don't have real pressing needs for it; they just want it out of curiosity or for some minimal use which does not justify a multi-hundred dollar ticket price. --Such users probably wouldn't buy copies if it was not easily 'stolen', so the whole idea of 'lost' sales is, I suspect, largely a myth.

And when it comes to games, (which are certainly different from application software), the fact that millions of copies are sold more than makes up for 'lost' revenue. The cost of piracy is worked into the ticket price of a game. And games are no a vital or useful commodity to begin with, so gamers deserve to pay top dollar for their fix. I have no sympathy there.

In any case, if software companies sold their programs for lower amounts of money, or made them affordable to kids at the outset, they wouldn't be griping about theft at all. This has been demonstrated in the Chinese DVD and CD market where piracy is common place and large 'legit' producers have had to lower their over-inflated prices to compete, which having done so is keeping them very firmly in business.

The only people complaining are those who are greedy and those who are caught up in arm chair moralism.

-FL

Re:Do you believe in private health care too?

[senatorpjt]

I think your argument does work, but only for serious applications. I've paid for the applications I use frequently. There are some extremely expensive applications that I'd be interested in exploring out of personal curiosity (specifically, Gaussian and Fortran95), that I would pirate if I could even find. However, if I found a serious application for it, I'd pay for them - since their software would be directly benefiting me in my work. As it stands, if I pirate the software, it only benefits them: They get market mindshare, and they haven't lost a sale - I'm not buying it either way at this point.

The problem with the argument comes from games. There is really no serious use for games, and no business use either. Personally, I will pirate games but either delete them or buy them if I find that I've continued to play it. However, there is no reason that this should be so for anyone else. Back in the old days, if you were under working age, getting a game involved hours of parent-begging to buy NES carts. Now it involves piracy, and I don't really have a good answer for that. I don't think that kids appreciate having an actual boxed copy of their game, or the complexities of IP ethics. They just want it, and they want it now, consequences and fairness be damned.

However, related to the topic at hand. These people are reporting me as a pirate for using cracks. I think that anyone who has ever purchased a game, and hunted around for the install CD so they could play the game that they already installed on their HD would prefer to not have to do that. So, even if I have purchased a game legitimately, I'll generally run the cracked version.

Re:Do you believe in private health care too?

[NtroP]

I, too have downloaded (stolen) software. I've done it out of curiosity and to learn their use. I'm not going to pay thousands of dollars to see if I'm going to like a piece of software or if it will really fit my needs. I freely admit I taught myself Photoshop and FinalCut Pro in this manner. I even used this software in completing a "comercial" project.

When I got paid for the project, I bought the software. I now legally own both Photoshop and FinalCut Pro. I learned them and found them to be useful to me. When the return on investment (i.e. I made enough money off using them that I could afford to buy them) was there, I bought them. I am teaching myself Maya and Cinema 4D. When/if they become usefull enough to me to warrant investing a HUGE amount of money (plus upgrade costs), I'll certainly purchase them.

I played Starcraft and Diablo with "stolen" copies until I found myself really enjoying them. I now OWN 3 copies so my kids can play too.

I'm not even going to try to claim what I'm doing is leagal or even ethical. But I can say that the ability for me to FULLY learn and USE a product before forking over a huge amount of money had DIRECTLY lead to my spending the money on purchasing the product.

On the other hand, I've taken the time to DL and learn other software that I've found to not do what I'd orriginally hoped it would. It is either sitting unused on my computer or has been deleted.

I recently sent my brother a "copy" of some expensive software I OWN. He needed to be able to install it at his work to prove to his supervisor that it would solve their problem. If it works, they will be switching company-wide to that software. If it doesn't, they won't and wouldn't have bought the software anyway.

I've been known to not even consider using software that is so paranoid as to require a dongle or phoning home regardless how great it's supposed to be. If the software is that good they shouldn't have to treat me like a criminal before-hand. I know it's a stupid knee-jerk reaction, but it's the way I feel. When I become your customer, treat me right. If you want me to be your customer, treat me right. Even my car dealership allowed me to take my mercedes home over the weekend to test it for free. And they made a sale.

UT2k4 crack

[nukem1999]

In just the past two days, Unreal Tournament 2004 keygen and cracks have become popular filenames.

I pre-ordered the special DVD edition of UT 2k4 about 2 weeks ago. $42 and change. I get it home, pop it in a DVD drive on a different machine in the network, mount the drive on mine, and install. Try to run it? *BZZT* "Wrong disc inserted." Many people on the official forums had the same error with the game in a drive on their local machines. Crack -> piracy? No. It's been rather long established that at least a few paying customers will have problems with the cd check. I can't say about UT2k3, but in the original UT, they removed the cd check in an official patch since so many had problems.

Although I was smart enough to get it from somewhere reputable. They could have gotten something a LOT worse than an IP tracker.

I could have been holding the legally purchased, pressed media, wearing the free headset and finding a place for my free Atari shameless-self-promotion stickers while these people posted my IP address (or even more information, I didn't actually go to the list to see) with a pirate label. (note: On their site, the images of the popup say "don't worry your secret is safe with me", and now the list has even been /.ed. Cute.)

Yarr indeed.

Re:UT2k4 crack

[WormholeFiend]

From what I read on the Atari forum threads, Epic (the game makers) is pretty much against CD checks, but Atari (the game publishers) forces them to put it in.
-

Re:UT2k4 crack

[MImeKillEr]

I pre-ordered the special DVD edition of UT 2k4 about 2 weeks ago. $42 and change.

I pre-ordered mine from BestBuy for $29.99. Unfortunately its on back-order, but I can wait - I need to reinstall the whole box to make space if UT2K4 and clean up the drives anyway..

I can't say about UT2k3, but in the original UT, they removed the cd check in an official patch since so many had problems.

They removed it in UT2K3 via a patch as well. I'll be applying any legit patch I can find to remove the DVD check as well (I'd rather not waste the hours on my DVD+RW if I can spare it).

Re:UT2k4 crack

[Jaysyn]

They did the same for UT 2003. I'm not sure if the original Unreal had copy-protection on it, but I don't need my CD to play it either.

Jaysyn

Re:UT2k4 crack

[nukem1999]

I pre-ordered mine from BestBuy for $29.99. Unfortunately its on back-order, but I can wait
I heard that once the special edition is gone, it's gone. That's why I didn't go to Best Buy, they're not known for living up to promotions with their supply (well, that and GameStop gave me a chrome painted plastic U logo as a preorder gift :D ). They may very well get more in though, good luck.

Re:UT2k4 crack

[MImeKillEr]

Allegedly, it's expected to be shipped on 3/24. I can wait. If they fall through and don't honor the SE price, they've lost a customer (and hopefully quite a few more). Since this is a limited edition version, I'm not sure I have any recourse with looking elsewhere.

Re:UT2k4 crack

Score: -10 stupid AC troll.

"forces them to put it in."

Fropane language! Fropane language! Jesus Christ my marriage is so being undermined it's not funny anymore!

I've seen this file on Kazaa and eMule...

[Ayaress]

and you have to be a Grade-A USDA Prime cut DUMBASS to download it. Most of the times I've seen it, the file size is under a megabyte, and titled something like "DIABLO 2 ISO.exe" or "FREE STOLEN XXX BRITTANY SPEARS FUCKS PARIS HILTON OMG IT PWNZ0R.exe" or the like.

Unless they've gotten suddenly smarter, and started imbedding it in an ISO image along with dummy files to look like the actual game download, they're not going to catch the majority of pirates, who are smart enough to know that UT2k4 isn't going to download in five minutes.

Re:I've seen this file on Kazaa and eMule...

[Operating+Thetan]

That's a different one-and yes, only idiots or those completely ignorant of file sizes would believe that, but a quick look at any emu site will show you that(OMG, plz emial me Final Fantasy 8 ISOs etc)those people exist in multitudes. This one hides itself as a crack or keygen, which could reasonably be expected to be that size

Re:I've seen this file on Kazaa and eMule...

"Grade-A USDA Prime cut DUMBASS"

I believe the line was "Top notch Du Mass material".

Or am I watching too many TV commercials?

What's next?

[shepd]

Finding a way to list anyone who has ever been accused of stealing a chocolate bar as a child(*)?

(*) - Mentioned since CASST believes all satellite pirates begin by stealing chocolate bars as children. THey then grow to be lonely single adults who steal cable to watch movies (not porno for some odd reason) [Can someone tell me where all the cable they steal goes? I mean, it only costs $49 a box, I can't imagine there's really much of a black market for RG-6/U -- how much does one need to sell to afford cable TV?]. They then continue on to be wealthy fathers with a good relationship with their kids that steal satellite signals. [You'd think the uplink stations would have learned to stop people hacking the satellites somehow by now, eh?]

Now, of course, the big question here is: Are you prepared for the backlash that could happen if you have ever been discovered pirating, even by a way as innocent as using a trialware for 1 extra day past "expiry"? Judge not lest ye be judged isn't just a boring phrase from an old book: They're words to live by.

Trojan Borders

[AndroidCat]

If that program was a trojan, then there's a very shaded border leading up to the "this be trojan!" mark. Here's a few samples: If I have a web page that displays "You r h053d! LOL!", and another one that shows a log of people that accessed the first one, showing their IP address, time/date, browser program, etc, is that a trojan?

If I post links to the page labelled "Celebrities as you've never seen them!" or "Hot game cracks!", is that a trojan?

If I add client-side script that logs the time you spent on the page and passes it as part of a URL request when leaving the page, is that a trojan? If yes, what client-side script wouldn't be?

To me, if something is a trojan or not seems to be a matter of the author's intent, and the end-user's expectations--both of which are tricky to measure. What I would be curious to know is: how many people ran the program, saw the message, then relabelled it and stuck it back in the p2p stream for the next guy?

Re:which crime? Probably Entrapment

[SmackCrackandPot]

Bollocks.

I agree. The same thing happens in our city. There was a wave of delivery truck lootings for technology companies, so a sting operation was set up. Regular trucks were filled with cops hiding behind empty boxes. The truck would be parked outside the company, with the driver getting out and walking to the reception. On occasions the looters would go by, try to see if the truck was unlocked, and then try and lift the goods.

After being caught, the defence lawyers tried to argue that this was entrapment.

Committing a crime

[Glamdrlng]

The EFF says the vigilantes may be committing a crime.

Screw that, according to Ashcroft, Rumsfeld, & crew they're committing acts of cyberterrorism.

In real life...

[siphoncolder]

... it's called a sting.

Can I get a Hurts Donut anyone?

Re:In real life...

[Jaysyn]

But these guys aren't cops. So what is it called now?

Jaysyn

Re:In real life...

[siphoncolder]

A "Hurts Donut" ;)

Re:In real life...

[Jaysyn]

Oh I get it, duh....

Jaysyn

re: site that updates in realtime

[tomhudson]

The site no longer updates - we've slashdotted it :-)

Like the vietcong used to boobytrap babies

"Actually, I think this is pretty clever. "

Renaming a malicious file as something attractive and leaving it to entrap people has to be the lowest form of cracking.

Fallacy of composition

[shepd]

Here.

ie: x is of y.
z is of y.

Therefore, x must be of z.

Mathematically:

3 is a factor of 12
4 is also a factor of 12.

Therefore, 3 must be a factor of 4.

Although I do think you're just trying to make a point through absurdity. :-)

Re:Fallacy of composition

[maximilln]

The average human being enjoys being able to classify people in categories that they can persecute. Insurance companies, governments, and social cliques all revolve around ignoring this in order to justify themselves.

While the fallacy of composition and comparison may indeed be a true fallacy and one of the greatest downfalls of modern society... I hate to break it to you... the world feeds off this stuff. Life never has been and never will be fair. At some point all of us are going to get charged more, taken advantage of, or targeted for no other reason than unjustified (but very eloquently expressed) guilt by association.

Photoshop does phone home...

[sita]

The article is pretty light on that point. I think anyone who downloads "UT2K4 Keygen.exe" or "Photoshop Full.exe" knows exactly what they are trying to get, and they know the risks of what they are doing. And therefore, if someone wants to write an app that phones home and tells the companies that someone is trying to use a crack, what's the harm?

Especially since Photoshop does phone home (doing online registration)...

Whatever label, it'd be a vile precedent

[ianscot]

because people executed a program that was mislabeled, it is now electronic trespassing?

Current electronic trespassing rules do forbid "exploratory" hacking into someone's system. This basically was a set of honeypots on P2P systems to disseminate a trojan horse piece of software. The "phone home" part of the trojan gave our vigilantes access to system information they didn't ask for access to -- the seconds count of how long the dialog was open for, for example -- and displayed the victims' IP addresses and countries of origin on a public Web site. They're deliberately misleading people into giving them access to system info. "Exploratory" seems to fit the "phone home" function. Where's your beef with that characterization?

The excuse that "We only made minor changes, to see if we could" doesn't wash against the exploratory hacking standard, either -- and these people went past that and created a deliberate nuisance, so they can't even try it.

Whatever their motives are, they did commit that crime. If they'd used a different delivery method -- posted their trojan on a code library -- you'd see that.

These are some really screwed-up, screwed-over kids. Imagine they'd tucked a mild vomit-inducing medicine inside packages labeled "Jello Pudding" and then gave the stuff away -- on the grounds that supposed black marketeers were giving away the real thing, undercutting Jello's legit profits. "Hey, all it did was waste the user's time and annoy them a little" isn't going to cut it. How do you think Jello's going to feel about that? The letter from Microsoft's legal department should be nasty.

Not to mention the moral aspect. They think they're fighting evil with evil. Welcome to ends justifying means.

Not "Vigilantes", just some script kiddies...

Come on guys...

First, they wrote that little software in C#, but they found out that people didn't have the .NET runtime... and then they go in great lenths to explain their software... that is probably just a couple lines long...

No news here, move along...

here you go...

dont forget to remove the spaces the lame filter adds, i would paste a link but as usual the paranoid slashdot filter breaks the urls (strips characters) if they are href's

magnet:?xt=urn:bitprint:EUAVH3PCNLYMZXKN5BCV6TYL F4 DHKYQ5.AP5E4GZYSXZFVNKP7OHOMWTAIIRODTQNZWEJPSQ&dn= malware.exe
ed2k://|file|malware.exe|208896|5996f 110689ce0ad7a 747d41ca9e14ea|

Me neither

"I don't need to ask your permission for jack"

I agree. Reminds of last night...I had to take a dump, and this guy left his car door open, so I went in and took a dump on the seat.

I didn't need to ask his permission for Jack. Or even a duke.

FYI

[Prince+Vegeta+SSJ4]

A sting operation is legal, I think you may mean entrapment

Are they....

[Creepy+Crawler]

Pakistanies?

and what's this brain.exe ?

How ironic...

[telstar]

They purport to have a list of pirates...
What they have is a list of people that downloaded something that most likely isn't a copyrighted work written by them (and admittedly made available freely online by themselves).

Not only that, they're infringing on the trademarks of the software they purport to be in order to run this little experiment, and a case could also be made that they're doing damage to the name of that software by associating it with their invasive software without consent from the actual publisher of the original work.

I'm all for protecting a product with the laws that are in place, but the laws shouldn't be taken into people's own hands with invasive and untested software.

Re:How ironic...

AFAIK it is not illegal to download any copyrighted stuff - but it IS to upload it.

Re:How ironic...

[elflord]

Not only that, they're infringing on the trademarks of the software they purport to be in order to run this little experiment,

I thought they were naming their software after wellknown cracks. Are you saying that these cracks have legitimate, registered and legally defensible trademarks ?

autobahn

[haukex]

An interesting analogy may be chasing speeders on the highway. If someone tailgates you and it pisses you off then trying to "chase them down" or doing other similar things is illigal because it endangers everyone there. Yes, the police have to exceed the speed limit to chase down bad guys, but they are trained and licensed to do so. These guys are trying to take law into their own hands, but that's not how it works.

This is not the only program

[caveman902]

These guys are being nice. There are programs that install SPAM servers and DDOS programs along with all kinds spyware. The only thing I download are ogg, pdf and txt files on a linux machine. Anyone with a Windows box has to be insane to use P2P to download software from g-d knows where and from whom.

Re:Software is just INFORMATION

[Entropius]

Tried that. Didn't work. Balked when we realized how expensive senators were.

Will it be used against real criminals ...

[fygment]

... e.g. kiddie porn? If it were there would be a very tangible benefit. Unfortunately, there would also be very tangible lawsuits and the criminal lawyers would have a field day.

Outlaws versus Vigilantes

[handy_vandal]

Ahh - So vagilantes are people sharing css decoding code...
And people circumventing DRM in Xbox'es.

No, I believe the analogy does not apply.

Sharing css decoding code, circumventing DRM -- these actions are not private justice. They are (in the eyes of those who disapprove) criminal activities -- the actions of an outlaw.

A vigilante is a citizen who takes action against a criminal. ("Criminal" in the eyes of the vigilante.)

Outlaws commit "crimes". Vigilantes punish outlaws.

-kgj

A little late ...

[DJayC]

A little late on this comment, but couldn't a defense be: "Well I WANTED to download the fake UT2K4 that's a trojan and phones home.. I heard it's a neat program" It seems like anyone "caught" this way could say that.

And Neither do Linux users, and we can play UT2004

[sir+lox+elroy]

And Neither do Linux users, and we can play UT2004. :-)

AOL don't like them,

it would seem AOL blocks anything on the *.cx domain by default
so no users on AOL can access it

Re:which crime? Probably Entrapment

[Hobophile]

In US courts, this is a) Entrapment and b) Vigalantism, and is not admissible in court.

Entrapment only applies to law enforcement officials, and only means that the police officer cannot pressure you to commit a crime, and then turn around and arrest you for it.

Here's the legal definition of entrapment.

And "vigilantism" is, so far as I know, not a crime, as long as you don't do anything illegal in your vigilante efforts. However, the "evidence" you produce would probably be mostly worthless from a prosecutor's point of view.

Re:Software is just INFORMATION

You may not like it or agree with it (I sure don't) but right now it's the law. If we don't like a particular law (regarding the unauthorised use of a computers resources) then we need to get our elected officials to change it.

Thank G0D...

[WormholeFiend]

they re not using pr0n to spread their trojans...
-

Re:Thank G0D...

[hacker]

" they re not using pr0n to spread their trojans..."

Heh, you said 'pr0n' and 'trojans' in the same sentence. -Beavis

(..for those who grok the condom reference)

You can't take the law into your own hands

[Gary+Destruction]

And it doesn't matter how screwed up the system is. You're not going to be praised. You're going to be punished.

Re:which crime? Probably Entrapment

How the heck do you think this is entrapment? For that matter how is the pallet example entrapment? I'm a law grad and I will tell you NEITHER is entrapment.

#1 For it to be entrapment you have to be talking about government agents or a real close relationship to those government agents so as to be virtually indisinquishable from them.

#2 For an entrapment defense to work you have to show the authorites enticed you to do something that you would not have done absent the police enticement. IE just leaving a pallet of goods unattended is not enticement. The guy who steals it is going to lose if he tries an entrapment defense under those facts.

PS...I signed up for an account but my password hasn't been mailed yet...I will be PsiSilverthorn when ever it gets to me :)

Heh, we are such Hypocrites here

[DesScorp]

Let's be honest. If these guys were, say, DOSing the RIAA or SCO websites, they'd be hailed as heroes. But harrassing Warez users on the sacred P2P networks? Oh, THOSE ASSHOLES.

Lots of self-righteous anger about the evil of this being a Trojan, and abusing MY PROPERTY and such, and.....hey, these complaints sound familiar. Where have I heard them before, hmmm?

For the people outraged about this, isn't getting hosed downloading warez comparible to, oh say, getting robbed in a crack house?

Re:its a dropper as well as a trojan

[rbb]

His site's index page is kind of funny though:

Member #0000002 of the "Anything But Linux" foundation.
Welcome to the world of tomorrow!!!
10:18AM up 3 mins, 0 users, load averages: 20.39, 8.24, 3.31

w3 0wN u dU$7bUnNy$!

[PetoskeyGuy]

Wrong or Right, Cracking requires a pretty skilled person. Now that this is out in the open I don't think they can trust any data that gets sent back to their Real Time List. It should be pretty easy to figure out the call back server and protocol and fill the list with whatever they feel like.

Re:which crime? Probably Entrapment

[maximilln]

-----
only means that the police officer cannot pressure you to commit a crime
-----
Hypothetical situation: A police officer stops you in the street and demands that you stop to answer some questions. You are in a hurry and ask if he's conducting an investigation. His response is negative, he's just lonely and wants to chat. You ignore his pleas and continue on your way.

The police officer arrests you for obstruction of justice. Additionally he uses the obstruction of justice as reason to search your person and finds a pack of cigarettes without the wrapper in your coat. He writes up an additional ticket for possession of contraband goods (cigarettes without the appropriate tax stamp).

Note: This isn't a hypothetical situation but REALLY DID HAPPEN.

So please, quit talking about legality. We live in a subjective police state and no lawyer really cares unless there's a potential to get rich quick.

Re:which crime? Probably Entrapment

As I stated below your example is NOT entrapment. For entrapment defense to work you have to show you would not have committed the crime absent the police enticement. An unattended pallet of goods is NOT enticement even if it was placed there by the police. Nobody talked you into stealing it. You would lose BIG TIME if you tried that defense in court!

PsiSilverthorn

The people who ran these cracks - already owned?

It strikes me that somebody who downloads something from an 'untrusted' computer, and then runs the component. Obviously accepts all the warnings of their firewalls, that the component is trying to open a connection to the internet, then wonders why it didn't 'generate a license key to UT2004'.

These people really need to be taken offline as they probably consitute the biggest threat to the Internet with regards to click happy crazies who believe that installing trojans, virus et al... is something they were born into this world to do.

I think this is a VERY interesting social experiement. Sure it may be illegal, but still - its very interesting.

Considering legality though, did you know when you installed MS Oulook, that if I sent you an email that you read in HTML format, I could log your IP address? Does that mean MS have written some software that they know can be used to 'phone home' that they are doing something illegal?

Discuss...

hehe

"and they have a website that updates in real time"

Not anymore!

Re: site that updates in realtime

[kyoko21]

I was going to say the same thing. I guess it updates in slashdot time: lagging like good old EFNet. :-)

Its still illegal

[nurb432]

However, you may loose your ability to countersue in civil court for damaages due to the intent on your part to commit a criminal transaction.

Just like the drug dealer, he's still commiting a crime by selling, regardless of the crime you committed by purchasing..

The Feds could also demand their logs..

Re:Its still illegal

"lose"

Re:Its still illegal

You know, depending on just what was downloaded, it is not necessarily true that the person who downloaded was (or believed they were) participating in a 'criminal transaction'.

These are the kind of assumptions we just can't make, however often that might be true.

Re:Its still illegal

[tkwolf]

What makes you think the Feds would ever want their logs?

1. If the feds need to know who is spreading illegal copies of software X, I doubt they need to use logs from a highly publicized and possibly illegal Trojan. Read: They would use their own tools; unfortunately; for them, using this info on mere file-sharing violations would tip their hand. Bigger fish to fry and all...

2. Using illegally obtained data (logs generated by the Trojan) against the downloaders is itself not legal, or at least that was my understanding... not being a lawyer I can't say for sure. But my studies at Law and Order U seem to indicate that a defense attorney would move to have the logs thrown out. After much arguing and tension building bong bongs, the judge would agree. The logs would then be no more then bird cage liner and could never be used against the downloaders of the Trojan. If however, the feds were going after the dustbunny guys. Then I could see them using the logs. (Actually, I could see them reconstructing all ip traffic to the recording server and building a log of their own.)

First you must have a FireWall

[stecoop]

Zone Alarm (http://www.zonelabs.com/) or Norton Internet Security (http://www.symantec.com/) prompts you if any program wants to access the internet (add more as you see fit but these I have used). Trojan attacks like this hammer the requirement of these products along with a good firewall. And yes Unix and Mac owners are left out. Another Question would be: How would you configure your firewall to prevent leaks like this?

Re:Get what you deserve

[Walkiry]

Can't afford winxp? Get a linux distro. Can't afford Office? Get OpenOffice. Can't afford video games? Get a job. blah blah blah...

Can't get your copy of Unreal Tournament 2004 to recognize your CD-ROM drive because of the reterded CD-Protection crapware it has?

...

If your answer to that is "get a new drive" or "get a new computer" I say screw it, I'll crack my legally purchased copy of the game, like I did with UT2003.

Which sucks, it's still in pre-order, why did the americans get it before us europeans? :-(

Re:Get what you deserve

[tomstdenis]

Piracy is just a means to theft. Just like having your buddy steal something for you then you steal it. You're still party to theft.

There are ways of "stealing" things that don't involve shoplifting.

As for SCO's claims they are just that. Anyone can claim shit. I have yet to see any proof that SCO's rights have been violated [recall they did release linux under GPL themselves...].

As for the "legit uses" claim [e.g. keygen, demo copy of winxp].... well too f'ing bad. Who are you to say I can't "test out" my latest virus?

You want a demo copy of windows? Contact microsoft. Want a keygen? Buy the software [or in the case of disabled key protected games do without! Don't support them, keep the key in a safe place, etc...]. Seriously, this is like getting advil from "that guy on the corner".

Let's not forget the rights of the producer. Suppose I wrote a game then I distributed a "copy" on Kazaa with a virus in it. I'm trying to protect my interests by hampering pirates of my software.

Who are you to say I can't do that? I mean I'm not forcing my virus on people. They're actively trying to violate my rights!!!

Self-defense all the way.

Ok how about this, mr. liberal, I'll go visit you and try to pick-pocket ya. But don't try to resist because that would be "wrong".

Tom

Re:Get what you deserve

[tomstdenis]

Return it, don't sponsor it, call support, etc...

That's like saying "my car's v8 is a little out of tune so I'll just steal another off the lot". Um no, you raise the issue with the person who sold you the defective product.

As for the inability for it to read it... um yeah annoying [so far only my laptop cd-rom has caused any sort of trouble]. A 50$ desktop dvd-cdrw drive should be able to read just about anything though so really this is a minor issue anyways. Certainly not an excuse for the 99.9% of the other pirates out there.

Besides as per the license terms of the producer you're not entitled to it that way anyways. Make your own game and put that on P2P if you're so into "sharing".

Tom

Re:which crime? Probably Entrapment

[Stray7Xi]

Neither is entrapment. Entrapment can only be performed by someone with authority. These guys have none. Secondly, your example is a common bust. (although they don't do it like you said)

Entrapment for example is when a cop asks you to break a crime and then busts you for it. They're allowed to bait you (look at when they bust johns going after hookers) but they can't be the ones to suggest the criminal activity. The key difference is whether the person was predisposed to doing the crime.

Entrapment

Re: site that updates in realtime

[tomhudson]

Well, let's help them along :-)

Keep clicking here .

I've got it open in one tab, and every so often give their server a few more kicks in the nuts^H^H^H^H^H^H^H^H^H^H^H^H^H^H my support.

Re:Get what you deserve

[maximilln]

Automobiles should be rigged with self-destruct explosives in the event of theft?

It really all comes back to this: Once you have accepted money in exchange for something you have NO RIGHTS WHATSOEVER to think that you still control the something that you sold. Any laws, regulations, or rules which try to negate this very basic natural fact are going to cause problems.

If only the majority of the population/government would understand this and quit pandering to rich brats who whine about their intellectual property.

Re:Get what you deserve

[Walkiry]

That's like saying "my car's v8 is a little out of tune so I'll just steal another off the lot". Um no, you raise the issue with the person who sold you the defective product.

No, it's like saying "my V8 is out of tune so I'll buy some tools and alter it myself".

Re:Get what you deserve

[tomstdenis]

I agree with what you said about lack of games for Linux.

That's more reason [not less] to adopt Linux. Quite frankly most windows games suck anyways. My friend just bought Battlefield: Vietnam, he has 512MB of ram, 5600FX [GeForce from MSI], 2Ghz Athlon running WinXP. Let me tell you what "lag" is like..... arrg...

When I get a chance I'm going to buy UT2k4 because of the Linux support. I won't buy these Windows "enabled" cpu hog games [cuz they suck]. If I really want a game not on Linux I'll buy the PS2/Xbox version anyways...

If people just stopped for a second, realized that "the newest hip game" is just a remake of last years "newest hip game" and waited for developers to start making Linux ports you wouldn't have to pirate windows. With the money you save on MSFT hassles you can buy a few games a year ;-)

Tom

Re:Get what you deserve

[tomstdenis]

"Automobiles should be rigged with self-destruct explosives in the event of theft?"

Last I checked a virus on a home PC won't kill people. Note that some cars do have LoJack which allows cops to track you... is that violating the thiefs rights?

Um your views on "rights" are also troublesome. You're saying if I buy a 12$ paperback I now have publishing rights?

The only people who whine about IP like you do are minor little pathetic non-producers. If I spend time to produce something like a program, book, etc I should expect to have some rights over the distribution. I mean how else do you make money?

Tom

Who's done the crime ?

[CmdrGravy]

There's a lot of people saying that because the people downloading these files have been breaking the law they deserve everything they get.

So far as I can see though they haven't actually broken the law themselves. They have downloaded a file with a particular name, this file is not illegal to download or use on your computers so I don't see any crime being commited there.

On the other hands the program writers are almost certainly breaking the law by running spyware etc on your computer without your permission.

I'm not saying I agree with stealing stuff of P2P because I don't but I am saying that in the case the downloader has done nothing wrong.

Re:Get what you deserve

[tomstdenis]

"No, it's like saying "my V8 is out of tune so I'll buy some tools and alter it myself"."

Um no it isn't. You don't download keygens and full copies of programs off P2P to "tune up" your software. You do that to pirate it, to violate the rights of the producer and to be a little prick.

Seriously it comes down to spending power. If you think cd-keys are too much hassle, do without the program. Put the money you would spend on that into a high interest bond or something [well gather enough to buy a bond first...] and cash it in later.

You really don't need the "latest hip re-make of last years latest hip re-make of the year before latest hip re-make of ..." game.

Tom

Hah, this is funny.

[Ketnar]

Can you spot the shoot-self-in-foot-notes?

1. No data is collected by our software that isn't already collected when our software is downloaded. The only personally identifiable information that we have would be the executer's IP address. However this information is freely available at time of download and is completly public information.

Uhm, wait, but collecting IP addys is data. And you also collect what file they were trying to download, and where/who they got it from? I'd say building a track list of a 'social' network of where a file goes and by how/whom is plenty of data.

I'm sorry,but thats a load. Get a better legal advisor, next!

3. We dissagree with the notion that this is a "Trojan".
A trojan horse gains access to a system through deviant methods. Not through user initiated downloads on a P2P network. Secondly, a trojan horse by definition has a payload or attempts to give the author access by working from the inside. Our program is aboslutely dormant unless specifically and purposefully executed by the downloader. And the program is riddled with cues to what the contents might be. For instance, the company name is "C.R.A.P. Citizens Raging Against Pirates". Not what you'd expect from a "legitimate" crack or keygen.

Okay, lets see, its not a trojan, yet its a trojan. It's not a trojan because it comes from a p2p network, and not ..what, outlook? Got it! Thanks for clearing that up!

Okay, great idea, really, very funny! But WTF are these guys going to do with all this when, say, MS steps in with a great big legal order of doom saying 'we want to know everybody who thought they were downloading the windows source code'? Are these people even thinking that far ahead?

And I love the broad thinking that anybody downloading a keygen is a pirate, What, these guys never lost a Cd key before? Yesh. Get a grip kids.

Points for some very crative programing, but they lost points for not finding something better to do and not thinking ahead a few more feet of them.

Re:Hah, this is funny.

[the+pickle]

Uhm, wait, but collecting IP addys is data. And you also collect what file they were trying to download, and where/who they got it from? I'd say building a track list of a 'social' network of where a file goes and by how/whom is plenty of data.

This argument would make sense...if you hadn't completely ignored the latter half of the original sentence. Let's look at that one more time:

1. No data is collected by our software that isn't already collected when our software is downloaded.

When someone downloads something from my computer, THEY are accessing MY machine. I have EVERY RIGHT to log, publish, or do whatever else I want with ANY data THEY WILLINGLY GIVE ME when THEY connect to MY computer.

This includes you, buddy, so if YOU connect to MY machine(s), YOUR activities on MY PROPERTY will be logged.

Is that clear?

p

Re:Hah, this is funny.

[ComradeX13]

Yes, but what about when someone else downloads it secondhand? These networks are supposed to *spread* files.

This *is* a trojan: it masks malicious (whatever the ends) intent with a friendly face, and it probably is illegal.

Remember what your mommies told you, kids: two wrongs don't make a right. Piracy is bad, but the RIAA/etc's tactics are just as bad or worse... and so is this.

Re:which crime? Probably Entrapment

[Pantheraleo2k3]

I call bullshit. If the police officer is not conducting an investigation, it is not obstruction of justice. Thus, he would in reality have no reason to search your person. Thus, the 'evidence' would not stand up in court.

Of course, it would be hellish, being arrested, going to jail for a while, waiting for a trial, the whole criminal justice[sic] experience. Still, once the main evidence is thrown out on basis of an illegal search of your person, it should be easy to prove your innocence, even if you were guilty of possession of contraband.

Gotta love the US legal system

(I live in Canada)

Typo

[imbaczek]

they have a website that updates in real time

should read:

they had a website that updates in real time.

Re:Get what you deserve

[maximilln]

Sure you have publishing rights. Good luck with distributorship and marketing. You may be able to buy Stephen King's latest novel for $12 but I highly doubt that you'll have any luck in copying, producing, and selling it to any extent that the original publisher would even notice.

Quit hassling the public with your ghost-chasing FUD.

You're wrong about people that whine about IP. Everyone whines about IP. The only people who can afford to hire government Guido enforcers (ie. buy politicians, influence laws, afford lawyers) are those that stole their golden goose from someone else.

Re:Get what you deserve

[tomstdenis]

Um, what if you OCR King's latest novel and put it on your website? You can reach a huge audience, it can be transformed into Ebooks for virtually anything, etc...

I'm certain King's publishers wouldn't appreciate that even though you can do it with patience and a 49$ scanner.

As for "enforcing IP" what do you think lawsuits are about? If I catch you violating my rights you'll find yourself in court. I don't have to be a rich sob to sue you. I just have to be able to prove it. I think you're just spreading random rants in the hopes of looking intelligent.

You fail it.

Tom

ooooooooh my!

[LifesABeach]

The EFF says the vigilantes may be committing a crime

guess what fans, its called 'wire tapping', its going to be interesting when some 'g-men' get wind of this. so get your popcorn and drink ready, there's go'na be more on this one, most likely on c-span. what would make this even funnier is if some relious zealots, and g-men wanna-bees are in the mix.

on a more business related note...

ol' papa bear was once asked by a telemarketer type to create a program that snoops the network for various types of user information. being out of a job for over 6 months can cause you to lower a lot of things. not being a lawfully, and a knowledgable person; i called the fbi about this request. some sweet sounding gal answered the phone at the county seat fbi office, ( she giggled when i refered to her as ,'agent sue'; strange ), i told her my question, she gives me a phone number of some other agent. i leave a message; yatta, yatta. a day later, i get a phone call back. yup, its not allowable; the g-men have a monopoly on it. funny thing, no one at the fbi gets phone calls on what the law is. so it took some listening, and talking before anyone could state what the law was. now for the punch line of this rabbling story. i go back to this 'client' and tell them what i've done. low and behold, that project is scrapped. but i get another project that will take a year, with bonuses! i love being bribed to be friendly, it pays!

Re:Get what you deserve

[Walkiry]

Um no it isn't. You don't download keygens and full copies of programs off P2P to "tune up" your software. You do that to pirate it, to violate the rights of the producer and to be a little prick.

Woah, way to go Mr. Assumptions. Why exactly can't I just rip out the CD protection code off the program I paid for? It's far more convenient for me to just install the whole thing in my 120 Gb hard drive, stash the box with the CDs safely and be on my merry way. I don't have to throw a tantrum, call the software company 100 times and make a revolution to change the system so that programs come without CD protection. I can simply spend 5 minutes downloading a tool and getting rid of it. Or I can put the keygen with the game in the hard drive so that I don't even have to worry where the manual or the box will end up.

What you're presenting here is a fallacy known as the False Dichotomy. The world is not "either you get the crack to pirate the program or you return it if you don't like the CD protection". After I paid for that software I'll modify it as I see fit to make it more convenient for me to use it, be it cracking the CD protection, installing 100 zillion mods or even cheating the crap out of it so that I can headshot the bots every time I want to. And I'll be damned if I let anyone tell me what I can or cannot do in my computer with the software I paid for.

Re:which crime? Probably Entrapment

The police do this all the time. They have cars with GPS systems in them that they drop off somewhere and wait for somebody to steal. They dress up female officers in short skirts and have them go stand on street corners. They put on a raiders jersey, pull their pants down to their knees, cornrow their hair and go hang out in dark alleys. In each of these cases when some stupid ass comes up and, steals the car, propositions the "hooker", or attempts to buy "drugs", the person in question is arrested, convicted and sentenced.

Re:which crime? Probably Entrapment

ANY lawyer worth his salt would not have a problem defending this case. The officer in question did not have any sort of probable cause for the stop. This would be a TERRY type of situation. IE the officer can do what's referred to as a 'Terry Stop' if they have some articulable suspicion that a crime is being committed or about to be...IE the officer sees a guy standing around outside the window of a closed store and he keeps looking over his shoulder. The officer then may approach him and ask for identification, etc. He may even be able to get away with a brief patdown of the subject.

But in your example the officer has nothing and just asked questions of the subject randomly. The subject was free to go at anytime. He did not have to say anything to the cop nor did the cop have probable cause to arrest or to do a search. The case would be thrown out.

PsiSilverthorn

Poses no threat?

[crawdaddy]

I would also stress that this information is harmless to them as we proved only that they downloaded a file with the same name as a crack...nothing that poses any kind of threat at all to them.

With the latest laws passed in the EU allowing companies to raid pirates, this IS a threat. You've gathered intelligence illegally, but since you put it in the public domain, you've done software companies in Europe a giant favor! They can now go to the ISPs of any European IPs on your publicly available list and demand user information. Mind you, this is REGARDLESS of whether or not they were downloading the crack with intent of any kind of fair use. Arguing that "cracking is cracking" is not valid because you have no idea what is legal and illegal in all countries.

Also, considering the fact that companies in the US have been suing the pants off of anyone that they have any proof of violating their copyrights (a legal approach, though heavy-handed), you've probably given them enough publicly available probable cause to allow them to seek subpoenas.

Remember: claiming you've done nothing wrong and actually doing nothing wrong are two different things. You've gathered private information (illegally) and spread it about publicly. Even if the former was legal, the latter is unethical.

Re:Get what you deserve

[tomstdenis]

Then contact the developer of the game for the cd-key removal tool. Oh wait....It really is that simple though, if the game doesn't work you complain to the person who wrote the game [or you bought it from]. If there is no resolution that's when I'd say a hack is called for.

The point is that 99.9% of P2P is pirated content that the downloaders don't have the right to access. The producers should have a right to fight back by poisoning P2P apps [or at least their own apps on P2P].

If you've been wronged write a keygen and stand behind it [e.g. host it on your site]. When/if you get called on it just tell the opposing council "how about a counter-suit of fraud to go with your lawsuit?".

Tom

Re:Get what you deserve

[maximilln]

"What if" "what if" "what if". What if the world was fair? You could OCR it but you're not going to get that many people to sit in front of their monitors to read it. People that read books and novels read books and novels for a reason. If there was a market for novels on-line you'd see it already.

And yes, you do have to be a rich SOB to sue me. The time that it costs you to track me down, file the paperwork, and keep up-to-date with all of the proceedings is far outside the ability of even the above average citizen. Unless you're a rich SOB you're too busy working hard and paying taxes to know that I'm stealing your IP from halfway across the nation. Additionally, unless you were a rich enough SOB to take the time and money out to file for the copyrights/trademarks/patents then you'll never be able to prove that you owned the property before I started producing it.

Re:which crime? Probably Entrapment

[maximilln]

----
ANY lawyer worth his salt
----
Any lawyer worth his salt is working on bigger cases than this. Public defenders don't give a sh*t. In all reality public defenders are looking to side with the police in the interest of advancing their social status within legal circles. They could give a rat's crap about some guy who got harassed.

Everyone talks in terms of the ideal world. Does anyone ever consider the _real_ world?

Re:Get what you deserve

[tomstdenis]

So your conclusions is people shouldn't have IP rights because assholes like you could just violate them easily?

Hmm... seems american to me.

It might be cold here, we might have a french province but at least.... oh fuck it I'm ordering pizza...

Tom

Reporting to the police

[_pi-away]

They say they aren't reporting your information to the police, "even though [they] should be." Should be for what? Downloading your dustbunny program? Is that illegal now because you seem to be purposefully giving it away.

What would these tools be telling the cops?

"These people downloaded our program."

"Is your program copyrighted?"

"Umm, no, but it is mislabeled!"

Morons.

Conspiracy Theory

[crawdaddy]

I, for one, know that I will NEVER purchase UT2004 now because of this. I get the feeling that these guys' arguments are simply too stupid to be real. They MUST be getting payoffs from the copyright holders to be getting this information and posting it publicly. Now the actual copyright holders just have to check out the list, see if it was the download was for one of their programs, and BOOM, they now have publicly available probable cause for suspecting someone of infringement.

Don't buy anything from the makers of UT2004 or any Microsoft products! They're behind all of this!

Wall of Shame

This reminds of Zeropaid.com attempt to stop childpornographers by host fake child porn images (the images have misleading names and contain text message instead of child porn) posting the IP of anyone attempting to download the images.
To my knowledge downloading the fake files (software or otherwise) isn't prosecutable offense, however I think distributing what is basicly a trojan is.

Re:Get what you deserve

[maximilln]

My conclusion is that IP rights are meaningless unless you're already wealthy. I've had my intellectual property stolen over, and over, and over again simply because I can't do everything. I can't spend the time developing the idea AND spend the time registering the idea with the proper authorities AND spend the time keeping track of who else might be using the idea AND afford the legal backup to ensure that it's protected. It doesn't take much thought to see that our democratically elected Communist system is weighted in favor of the wealthy.

Don't play the patriot card. No one else is reading this and, until this great nation of the USA returns to some semblance of a republic, I personally don't care.

Re:which crime? Probably Entrapment

That is such BS! There is nothing wrong with Public Defenders. In fact in some situations they may be preferable. IE they will have money to do investigations, etc that might not be available if you use a private attorney and can't afford to pay for the investigations yourself. In any case the situation defined above is NOTHING! A lawyer straight out of law school and taking his first case would be able to defend that situation. That's basic Bar material. If the lawyer can't defend that situation then there is no way he should have been able to pass the Bar.

PsiSilverthorn

Third camp

[genner]

It's interesting to see a third party pop up in a war between lawmakers and the internet underground. I don't see them getting a lot of sympathy seeing, as the've ticked off both groups.

Re:Get what you deserve

[tomstdenis]

So wouldn't you argue that poisoning P2P is a good self-defence for poorer developers?

Tom

Re:Get what you deserve

[Walkiry]

Then contact the developer of the game for the cd-key removal tool. Oh wait....It really is that simple though

Sure is. 10 logged calls to tech support with UT2003, I could have cracked it right away but wanted to make a point (since the number was free, I've seen others that give a 0.80/min tech support number, heh). The tech support came down to this "it seems like you have all your cables plugged in correctly, there's nothing we can do to help". One of them suggested I should wait for a patch.

The point is that 99.9% of P2P is pirated content that the downloaders don't have the right to access. The producers should have a right to fight back by poisoning P2P apps [or at least their own apps on P2P].

The point is that the producers (or the "vigilantes" in this case) don't have the right to attack P2P users, much less under the assumption that everyone uses everything for illegal purposes. That's what the law is for, not their own "justice system". And that 99.9% really looks like something you pulled out of thin air.

Re:which crime? Probably Entrapment

[maximilln]

Apparently you've never been involved or else your Mommy was blowing the public defender's best friend.

Of course the situation should be defendable but there's no initiative for it. If the public defender pushes the court to find in favor of the citizen then there's going to be an investigation within the police department. Once it's legally validated that a citizen's rights have been violated then there's all sorts of room for a damages suit against the department. No public defender wants to stick his foot in that.

Public defenders don't do any investigation. Their possibility of promotion or moving to a more respectable position is based upon number of cases handled and the outcomes. When they handle more cases with fewer problems and no snubbed noses or bruised egos around the courthouse they have a better chance of moving up in their field.

It's office politics. Nothing against the poor Joe on the street that spent the night waiting for someone to throw bail.

EVERYONE knows how things are supposed to work. Start thinking about the way they do work.

Re:which crime? Probably Entrapment

OMG!! You have been watching toooo much TV dude! and you talk about me not living in the real world!. BTW..I'm a lawyer...I HAVE seen this stuff.

PsiSilverthorn

MD5 sum is your friend...

[Spoing]

This is not quantum science folks. If the checksum (typically MD5) does not match what you expect, delete the file. If no checksum exists, ask for one!

Re:Get what you deserve

[maximilln]

Just because IP functions as a meaningless pyramid scheme doesn't validate an armed revolution. I'm anti-aggressive. Poorer developers should sit back, fold their arms, and wait until someone compensates them properly up front.

Which is what I'll probably be doing in about 2 months if I keep posting politically oriented /. articles from work. :-)

I don't care anymore...

Re:which crime? Probably Entrapment

[maximilln]

If you're really a lawyer worth his salt perhaps you'd like to contact me [/.ID]@hotmail.com.

Maybe you'd like to make some cash because I have a number of incidents like this that are supposedly easy to defend.

hmmm....doesn't this...

[MoFoQ]

doesn't this sort of thing violate the new cyberterrorism clause of everyone's favorite love to hate Patriot Act? Especially since it IS like a trojan.

and by the looks of it, they got hosed...well...their server did. Good ol' /.-effect. Works every time.

Re:Get what you deserve

[tomstdenis]

Yes, sit back and get ripped off...

OR mess around with stupid kids computers and teach them a lesson...

Hmm...

Tom

Felonies vs. civil offenses

[FreeUser]

I don't stand up for it installing spyware, but if it just pops up a message with a black pirate flag and says you have been logged...the only thing that is harmed is the privacy of a criminal.
If they start using this information for blackmail...that is illegal!

No, unauthorized modification of a computer is a crime, in both the UK and the US (and probably most other developed nations' jurisdictions).

What we have here are felons (system crackers planting trojans on people's PCs) who are compromising the privacy of individuals who have committed civil offenses (copyright violations). The seriousness of the former crime is much greater than the seriousness of the crimes of their victims.

That having been said, the FBI has protected murderers who were on their payroll (including sending an innocent man to jail for the murder committed by one of their informants), who turned evidence against people guilty of far less. So the alluded to by others remains: given the current political climate the feds are likely to overlook the felonies being committed in the interest of persuing the civil offenses being committed against their primary constituency, namely the copyright cartels.

Re:Felonies vs. civil offenses

[abertoll]

How is there ANY unauthorized modification of the software? All modification in this case has been authorized by the user. The closest this comes to is spyware--unauthorized sending of information.

Re:Felonies vs. civil offenses

[f0rt0r]

And actually, since the downloaders never got an illegal copy of the software, they didn't even get to violate copyright law. Now, the plaintiff may try to prove the downloaders had the intent of violating copyright, but there is no way you can violate copyright law without copying. At least, I don't see how it could be done.

Re:Felonies vs. civil offenses

[flewp]

Actually, the haven't committed any crime. They downloaded what they thought to be a crack (okay, that *might* be a crime) and ran it, and all it did was post their IP. I think the only criminals here are the people who made this software.

Re:Get what you deserve

[maximilln]

12.5% social security, +federal tax, +state tax bringing it closer to 33%, then 6% sales tax, and alcohol tax, and gas tax, and electricity tax, and registration fees for the vehicle, and water tax... add it all up and you lose about 55% or better every month to taxes and government surcharges. All of that on top of a job which requires a Master's of Science in chemistry and three years of experiences but only pays just enough to keep me eating rye bread, spinach dip, and drinking water.

That's a rip-off. What's the difference?

Great Job, But not for the intended purpose

I think that's a great virus (some code that propagate himself and does unwanted things on people computers) since it does something constructive: it fills a database.
Personaly i'd prefer a virus that automaticaly shares *.avi and *.rar on p2p, but that's just like, my opinion...
Anyway the drawback is that it does NOT do the job authors wants it to do: it can't bring any piracy evidence, as the only evidence here is that you TRIED to download some illegal file on p2p, which obviously didn't work.
So this can only matter if it's considered illegal to share file NAMES and someone could be sued for offering/downloading a file called, for instance, 'Windows How-To.txt' because it contains the name of a copyrighted material.

In fact this virus can only do one thing: evaluate how fake files spread on p2p networks, how fast, how it goes around the world and around the nets.
And this is, i think, a great project. Fake file sharing is a pretty amusing subject, (perhaps one day internet will be done due to billions of kazaa'ers transmitting portions of fake files to each other, with the use of their faster and faster broadband connexions), that's why i kinda like this virus ...

But sadly, as always with i-dont-know-how-stuff-works guys that try do more than they can, the only ones that suffer are the lil ones on the far bottom of the pyramid that can't even manage to get their hands on a legit copy of a popular game keygen without getting a fake file and having their computer trojaned...

How much you wanna bet...

that his mystery partner is Fritz Hollings? He's from South Carolina, after all.

Thank God for ignorant, arrogant little shitheads like this one. Isn't it great to see someone with their head so far up their asses that they actually take the monopolist's side of the argument?

Let's trojan this asshole's computer, and plant Britney Spears MP3's, put him on P2P and let him feel the wrath of the RIAA.

Well, this mutherfscker should be on all of our shitlists. Let's make sure he NEVER WORKS IN OUR INDUSTRY EVER! Let him flip burgers for $5.50 an hour, the pompous asshole. Of course, I know that he'll probably get a job at Big Champagne, or one of the other hypocritical companies that prove that P2P is really a huge marketing machine for the RIAA, that helps them track their audience and helps them increase revenue.

Proxied Addresses

To the fucking morons who designed this dumb fucking application in their attempt to gain 15 minutes of fame:

HEY, FUCKTARDS, CONGRATS. YOU'RE LOGGING A TON OF PROXY ADDRESSES.

Yes, I'm quite sure that all 5000 users behind an AOL proxy are just thrilled you're calling them a priate.

Something tells me the only pirates you're going to meet are going to be saying something like ... "Arrrrrrr.. Avast ye, matee! Bend over and prepare to be boarded!" In Federal Pound-Me-In-The-Ass Prison.

Grah. Asshats, both of ya.

The right to defend your rights is a right

[argoff]

I disagree, they're both wrong.

First, the right to protect your rights is a right. All to often law enforcement has this attitude that the common people "shouldn't worry their prety little heads off" and that only they should have any power or authority, only they should defend rights by force, and only they will have good solutions. Bull, when they act like this - they really need to be put in their place.

Second, I would be hard pressed to believe that copying a file violates anybody's rights. I'm not saying it can't happen, but the fact is that the Internet has got to be one of the least coercive social forums ever created since the birth of human kind. Now that all these vigilantes are choosing to hang out there smells alot more like problemed people who are looking for rational sounding excuses to act violent, than a true buring desire to secure the safety of information and children.

Before going gung ho, maybe these people should renember that old saying "those who live by the sword, die by the sword"

Trojans-Pirate Protection.

"So if I download a cracked version of a game I legally own that purports to let me play without the CD, I'm being treated like a crook, and someone's logging my activity. Screw them!"

You do realize that you don't have to download the executable to get a crack. I downloaded a no-cd patch for one of my games, and that's ALL it was. So a "piracy" argument wouldn't have a leg to stand on, unlike a full executable.

Re:Trojans-Pirate Protection.

[tomhudson]

You do realize that you don't have to download the executable to get a crack. I downloaded a no-cd patch for one of my games, and that's ALL it was. So a "piracy" argument wouldn't have a leg to stand on, unlike a full executable.

Sure, but there aren't patch or diffs available for all games.

This is precisely.....

[activesynapsis]

... why the only cracks/keygens I download are signed from groups I know. (DEViANCE in this case.) "You pirate!" you say, well...

I bought the 6 CD set. I have 2 computers that play games, one is for when people wanna come over and LAN. I have to disconnect the internet from all the computers on the lan because UT2004 contacts Atari and checks the keys in multiplayer, but that's fine. Kudos to Atari for having the hosting game proxy key checks... I actually had to alter my firewall rules.

We aren't angry at them because they're assholes

[Azureflare]

They are assholes, but that isn't way we are angry and think they deserve to be fined or spend time in jail.

The reason is, they are treating people like criminals for downloading cracks. As many previous posters have said, merely downloading a crack does not mean you are guilty of pirating (i.e. Innocent until proven Guilty). These vigilantes are bypassing due process of law and acting like the Eye in the Sky of the software world. Well, last time I checked we hadn't entered some surreal alternate universe, and we still have protections under the law. Notice I'm only speaking of cracks. I do not see a legit purpose for keygens.

Also they are distributing something that looks like a crack that is really a trojan. AFAIK, trojans are illegal, no matter what their purpose is. It would still be illegal to give someone a trojan if they didn't know what it was, that would allow you to remove all the spyware/viruses/adware from their machine. If they aren't illegal, they should be. Someone upthread said that it was illegal in the U.K.; I'm not aware of a similar law in the U.S., but there should be one.

Trojans are bad, mmmkayyy?

My friend

[Rick+and+Roll]

My friend uses P2P only to download episodes of classic or cancelled TV shows, such as MST3K and Clone High. Now this is what I call legitimate use of it. But the MPAA/RIAA would rather this doesn't happen - and try to stop it. The fact that old works of art could be utterly destroyed and unviewable by future generations doesn't bother them one bit.

He buys his CD's, DVD's, and Video Games from the store just like every one else. Except for CD's. He's boycotting the RIAA. For the one CD he's absolutely had to have, he had his brother burn him a copy, which is fair use. (He isn't an indie music fan)

I personally don't use P2P. All of the stuff I need I can get off the web. And I buy my CD's used, and rip them.

crash their website! Genius /.!

[iamhassi]

"...they have a website that updates in real time whever someone executes it."

You mean they had a website ;) and we probably just cost them a 10x increase on their hosting bill this month!

They are wrong!

[muffen]

From their page: So, to the pirates out there who think this is in some way illegal, it's not. However, what you do is illegal.

Actually, downloading a filed called UT2K4keygen.exe is completly legal. If you have the game, you can also have a keygen (AFAIK this is legal both in Europe and the states).
Secondly, you could never get a person convicted for piracy because he DLed a file you created and allowed him to DL from you, regardless of the name of the file... atleast not in europe...

Tempting

I am almost tempted to download their program, figure out the site it contacts and what format it sends the information in and write my own just to fill their database with crap.

solutions...

[br00tus]

mp3's, movies and the like are safe to grab on p2p, warez of course always carry the possible threat of virus or something like this. But it's always like that with warez.

I don't care about warez too much one way or the other, but I would like people to feel safe downloading software that no so-called authority has unauthorized download of.

One solution of sorts is all of the major p2p programs have hashes for different files (the best being tigertree hashes). So all you need then is have a group with a good reputation give a list of hashes and then PGP sign it or whatnot. There are web sites like Bitzi that list hashes for a file in the different hash formats (Gnutella, Kazaa, EDonkey), along with user comments and the like. So there are definitely mechanisms where you can easily get a hash to compare the files against the OK of a trusted person or group, be the software "authorized" or "unauthorized".

You're a fag

[Rick+and+Roll]

Die in hell.

Well, now that we've got the insult out of the way, how are software pirates supposed to be responsible for you not making any money? Have you ever made anything worth selling?

And no amount of lying is going to change the facts. Your software is spyware. It sends the IP address in such a way that explicitly or by reference it contains the fact that the user downloaded a file - information that the user did not authorize to be sent to you or to be posted to the network.

If this were done within the confines of the browser it would be one thing - but it is a reasonable expectation that these files don't phone home.

Kill youselves. Do society a favor.

Last night on Slashdot IRC

[bonch]

<CmdrTaco> CD sales went up in Australia
<Hemos> cool lets get an article up
<Hemos> we'll call it "File-Sharing Increases CD Sales"
<CmdrTaco> lol
<Hemos> seriously. file-sharing is good. distributing someone's intellectual property is good
<CmdrTaco> hey, did we ever get dailyslash shut down?
<Hemos> not yet. you know some people actually think we have a double-standard for declaring them illegal?
<CmdrTaco> rofl
<CowboyNeal> hey guys
<CmdrTaco> hey
<Hemos> hi
<CowboyNeal> some guys ar posting information on pirates
<CmdrTaco> fuckers
<Hemos> yeah, nobody should post information on people breaking the law
<CmdrTaco> dude nobody's breaking the law
<CmdrTaco> they're INCREASING CD SALES
<Hemos> oh yeah
<CowboyNeal> i'll get an article up and call them "vigilantes"
<CmdrTaco> lol
<Hemos> that'll get the discussions going...more page hits
<CowboyNeal> ya
<CmdrTaco> it sucks that people can't participate in the mp3 culture movement by illegally distributing other people's product
<Hemos> i know
<Hemos> hmm
<CowboyNeal> ?
<Hemos> isn't that a contradiction, since we expect everybody to follow the licensing restrictions of a GPL.TXT file and raise a piss if they don't?
<CmdrTaco> rofl
<CowboyNeal> haha
<CmdrTaco> yeah expect everyone to follow the GPL...
<Hemos> ya, i know..oh well, nobody said we were perfect
<CmdrTaco> whatever gets page hits
<michael> i'm perfect
<CmdrTaco> you scare me

Raise the double standard...

[WIAKywbfatw]

A spammer pushes their wares onto you, which is clearly a bad thing, but it's not like anybody forced the people who downloaded the files that contained this trojan to do so. It's not like person A in your example is shoving files down person B's throat, is it?

Are people here (not you specifically, Walkiry) really suggesting that downloaders aren't responsible for the consequences of their own actions? Generally speaking, are they really "victims" of anything but their own greed?

And aren't "it's their own damn fault" and "they should have had a decent firewall running", etc, the standard lines that most Slashdotters arrogantly reach for when it's non-technical users (AOLers, "Windows lusers", or whatever derogratory label we're using today) being hit by trojans, etc?

Caveat emptor is great advice, especially so when you're buying blind and what you're buying is being freely given.

So this whole story and related discussions leave us with yet more examples of Slashcrowd hypocrisy. I swear that the Slashdot motto should be changed to "Hypocrisy for Nerds. Double Standards that matter."

Re:Raise the double standard...

[karnal]

Having an illegal act done to you doesn't get negated if you're doing an illegal act as well.

Consider if I attempt to rob a bank. If I catch someone stealing my car before I can get away, they can still be charged with theft.

And yes, I know it's not a perfect analogy, but that's why they call it an analogy.

Dude...

[Aldric]

Did you get legal advice before doing this? You could be completely wrong about it not being a crime.

Even if you did, you are getting so much exposure that you are bound to end up in court. Even in the best of all possible worlds, the legal fees are going to ruin you.

Trojans-Demos

Bad point. You do realize that game companies release demo's for a reason? If you don't like the demo, I doubt you're going to like the full game.

So the "I'll download a full, cracked version to get a feel for the game" doesn't hold up, and makes you look like a "I want something for nothing" type of person(1).

(1) Same with all the other software out there.

Re:Trojans-Demos

[Jaysyn]

If I had to download (on dial-up, remember it's 1999 )the UT Demo, I wouldn't have bothered with it, and they wouldn't have made around $250+ on me in future sales. I was handed a (copy of the) full version of the game by someone that said "Here, check this out." and I did. And I loved it. And I've bought every PC release since.

Jaysyn

Re:which crime? Probably Entrapment

[npsimons]

Note: This isn't a hypothetical situation but REALLY DID HAPPEN.

Damn, and I thought I was just being subversive by having this in my pocket.

I think everyone should have an ACLU Pocket Card on Police Encounters. I'm tempted to make some more and start handing them out.

Crime under Federal Law

What they are committing with their trojan horses is clearly a crime under federal law. Plus if it happened to me and I'd notice it i would sue the hell out of them.

HAH -- welcome to software firewalls.

[karmaflux]

BastardTrojan is trying to access the internet.
o Permit this application internet access
o Deny this application internet access
[] Always use this policy for this program

It's as simple as that.

Re:HAH -- welcome to software firewalls.

[sublimespot]

I had the same comment. Also use VMware for that untrusted app, so that no malicious code touches your real disk. You dont want BastardTrojan overwriting your winlogon.exe or other stuff like that...

Re:We aren't angry at them because they're asshole

Did you read the article?

You can easily download their ware and you WON'T be logged on their site. You must OPEN IT. If you are in fact OPENING it than that proves intent (you are, afterall, 'using' it in the computer software sense).

You can download any .exe from these guys and you are 100% innocent, won't get logged on their site. Don't misinterpret what they are saying.

Running software cracks and/or warez = INTENT ...and that folks, is where they begin to log your IP.

What I find really amusing about the whole thing..

[weslocke]

Is how many times one of the creators has been modded down and labelled a 'troll'. ;^)

http://slashdot.org/~clifgriffin

(Though to be fair, he did get a couple of up-mods as well... but still... he's a troll. .snicker.)

Typical slashbot reply:

They can make their money doing tours!!!1!!!!111!L0lllll!!!!

How different from an Anti-Spam Bl(a|o)cklist?

[michaelwexler]

Ok, hold off on the trojan thing for just a second. If they are logging IPs that they believe pirated software, and they report these on a site, then they are doing nothing wrong. They are doing the same thing that an anti-spam blacklist (or blocklist) does: They report their opinion about specific IPs.

Obviously, spam IPs are handed out on message headers, while these people used a software tool to get them. But IPs aren't all that hard to snag; they could just have easily taken pirated software, re-zipped them with a password, and then packed them into another zip file with a readme.html containing the password. That readme.html would have an image tag, iframe, or other server request to give the IP. User loads up readme.html to get the password, IP is logged, and in the passworded zip file is a corrupted file that is the right size, but won't execute, so it looks like "legit 0-day" but isn't. These vigilantes wouldn't be guilty of distributing anything, and they would still have the IPs of the downloaders.

So, I agree that the use of the spyware oriented sw is not cool. But as much as I think they are jerks, I can't fault them for just reporting IPs and their opinions about them. IANAL, so I have no idea about legality of this, but if MAPS is legal, then so is this.

Michael

Re:its a dropper as well as a trojan

Yeah, its not like you could can register with fake info and direct it at someone you hate.

Break out the tinfoil hats!

Yeah, thats a good excuse. Well, back to playing my warzed UT2004 that I never intended to pay for in the first place on my warzed copy of XP.

Re: site that updates in realtime

Yeah, I bet those little pirating warze kiddies are also trying to DoS it with all the infected machines they broke into.

bootlegger backlash

[Doc+Ruby]

"disguised as ... Unreal Tournament 2004 and Microsoft source code"

UT2004 and Microsoft source code are trademarked. Distributing something that isn't the product, but bearing the mark, is a serious trademark violation. Interestingly, the Lanham Act, that governs trademarks, requires the owner of the mark to vigorously defend the mark from such acts of dilution/confusion. Or lose exclusive rights to the mark. So unless UT2004 owner Epic Games and Microsoft attack these bootleggers, stopping their fraud, Epic and M$ will lose their exclusive trademark rights. It's a win/win scenario for software users when animals attack other animals.

How is this any different...

[mrgrey]

How is this any different than any other spyware program? Bonzi Buddy, Morpheus, KaZaa, etc, etc, contain reporting spyware. How is this any different?

So it doesn't have terms and agreements. Big deal. If they added Terms and Agreements that said it was not a valid crack but indeed may report minor PC information would it make it ok? I think it's a rather interesting idea.

Once again, what makes this any different than other hidden spyware applications?

Fraud

[Phurd+Phlegm]

As you say, the software they offer has different functionality than the victim expects. Sounds like fraud to me.

Hmmm. If I offer someone a bag of marijuana (presuming its possession to be illegal in the locality this takes place) and it turns out to be dried lawn clippings, can I be prosecuted for fraud? I doubt it, but luckily I'm not a lawyer.

I do know you'd have a pretty hard time getting someone to prosecute. I think in most of the United States private citizens can't bring a criminal case themselves. I know there are places (e.g., the United Kingdom) where that's not the case. [At least my exhaustive research of John Mortimer's work suggests that.]

Re:Fraud

[tomhudson]

Hmmm. If I offer someone a bag of marijuana (presuming its possession to be illegal in the locality this takes place) and it turns out to be dried lawn clippings, can I be prosecuted for fraud? I doubt it, but luckily I'm not a lawyer.

Actually, in Canada you will be prosecuted - but not for fraud. You will be charged and convicted for selling a controlled substance (marry jane). This is one of those strange loopholes in the law that crop up from time to time. (Note: try to get arrested first, though - VERY hard - the cops don't really care, as long as you turn over your stash to them - or so I've been told, over, and over, and over again)

It's like people being convicted of drunken driving while sleeping it off in their car. The key point is they had care and control of the vehicle. Also, refusal to take a breathalyser test results in a conviction for drunken driving.

Not just restricted to File-Sharing networks

[dos4who]

So, what if I open up both my Wireless Access Point and my ADSL Router to the world, and drop a file on my shared box that's "incorrectly" named??

Let's say I drop on a copy of BackOrifice, and "accidently" rename it to "Paris_Hilton_Video"..

Am I now guilty of some form of digital luring or *entrapment*?

~m

Software Copyrights will die

[Peaker]

One way or another.

The only reason the unprecedented blatantly-unjustified restrictions on every human on the planet currently survive in public opinion, is that everyone infringes on these copyrights and they are not enforced.

One of two things is likely to happen:
A) The status-quo continues for a long while, where most infringe on copyrights, and a few fund the companies that keep these restrictions running - until Free Software and increased infringement squeezes out almost all Copyrighted software out of existence.

B) "Trusted computing" (more accurately described "Treacherous computing") actually enforces Copyrights on most humans in the planet. The public, suddenly suffering the true consequences of copyright, will quickly change its opinion on copyrights and they will not survive for long, if politicians want to stay in office.

Those programmers that distribute the malicious software on P2P networks are just examples of the moral decay society has been experiencing in regard to Freedom of information, backed by the media companies and their successful name-calling campaigns ("copyright infringers are pirates, thieves", etc).
Fortunately, people do value this freedom and will vote for it if they can no longer infringe on it - so our freedom is most probably safe.

What's the big deal?

[KenBot_314]

I know the RIAA and other Copyright holders already post random files (or worse) on the P2P networks with the names of thier copyrighted works for a long time

i.e. "Nobody Knows Me" by Madonna

Re:which crime? Probably Entrapment

OMG!11! dude; LOL!!! a l@wy3r!!!

Sure you are, asshole..

morality, black-white-gray

[handy_vandal]

Let me remind you that calling up Darl McBride and reminding him that he is an asshole is also considered vigilantism. So is subscribing known spammers to mailing lists. Morality isn't as black and white as you appear to beleive.

I don't call up anyone to remind them they're an asshole. And I don't approve of other people making such calls. Ill-mannered insult is the sport of barbarians, not the act of a lawful citizen.

Black and white morality? I thought my various qualifiers about "in the eyes of", etc., expressed my moral ambiguity.

-kgj

Slashdot Comments

[abertoll]

It's amazing to see how many people on slashdot are having problems with this. Is slashdot just made up of a bunch of kids who think it's cool and ok to steal software and make illegal copies of other copyrighted materials? Maybe some of the people here didn't understand that the fight for freedom wasn't for illegal activities! It was for the freedom to trade LEGAL files. File sharing itself is good. Trading music and pirated software illegally is BAD BAD BAD. Mod me as troll or flamebait if you want to. Just grow up!

IP Addresses Gathered

If they're grabbing the public address the host appears on to the Internet as, they're grabbing a lot of proxy addresses - and thus accusing everyone behind the proxy of being a "pirate".

If they're looking at the interface address on the machine before "phoning home", they've crossed into the domain of network intrusion, since the private address space the host sits on is NOT public information (the "public" information is the Internet-routable gateway for the NAT'd/proxy'd host).

I'd have no qualms about calling in the FBI on these guys if the're posting the address bound to the NIC on a NAT'd/proxy'd host. Essentially, they know the address of the host and the gateway, therefore they've got two key pieces in any attack.

Sounds like someone didn't think this plan through too well. Either that or the idea of a 300lb. guy nicknamed "Crusher" (doing 15 to 25 for manslaughter, of course) calling them "sweetie" appealed to them.

My Opinion

[panthro]

Slurp that 15 minutes of fame up.

My take on these lamers.

Releasing into the Wild

So what happens when this file gets renamed to "Tutorial for Word" or some such on P2P by some other filesharer besides the original authors? Their program would be mislabeled, but it would still amount to an illegal invasion of someone's privacy. Once you release something into the wild, other people may modify the filename... but you still have to take responsibility for it, because it is YOUR program and it is phoning home to YOU. Imagine this: "Honestly, judge, we never named it that, and we didn't intend for innocents to be harmed by our program." This is like releasing a lion to capture a single criminal in a crowd of civilians...

So, basically, these guys are idiots. All someone has to do is rename the file on the network, and then some innocent person will download a legit looking thing (such as a tutorial or freeware app). I think what these guys are doing is the wrong way to go about making p2p legit.

Fruit of the Poisonous Tree

[core+plexus]

Perhaps, but any 'evidence' thus obtained, including any leads resulting from it, would likely be inadmissable under fruit of the poisonous tree

"n. in criminal law, the doctrine that evidence discovered due to information found through illegal search or other unconstitutional means (such as a forced confession) may not be introduced by a prosecutor. The theory is that the tree (original illegal evidence) is poisoned and thus taints what grows from it. For example, as part of a coerced admission made without giving a prime suspect the so-called "Miranda warnings" (statement of rights, including the right to remain silent and what he/she says will be used against them), the suspect tells the police the location of stolen property. Since the admission cannot be introduced as evidence in trial, neither can the stolen property." I had to be very careful of this when I was a detective.

-cp-

President Bush to Liberate Alaska

Trojans-Demos-Magazines.

So basically you're telling me that you couldn't have gotten the demo off a magazine CD? And in some places I've seen computer shops give out demo CDs.

" I was handed a (copy of the) full version of the game by someone that said "Here, check this out." and I did. And I loved it. "

Drug dealer: "Here kid, try this. It's good."
Hmmm...I don't know. Should I try it or not? Your call.

Re:Trojans-Demos-Magazines.

You're missing the point. One thing was passed on to him in a word-of-mouth network (which is what software piracy really is). The other requires him to go out and go to some effort. The more effort, the less likely people will do something - and when you're talking about something as ephemeral, unimportant, and likely to be crap as a computer game, the amount of required effort that's acceptable is pretty close to nil.

Your magazine demo not only requires that he go out and find it, but costs money (quite a lot considering gaming magazines are utter tripe and all the software on the CD is freely available, so all you're being asked to pay for is the convenience in this case). Compare to the effort to accept what someone was offering him anyway. See the distinction?

As for the drug dealer line, you're the one smoking something if you think that attempted analogy is worth anything at all.

Re:Trojans-Demos-Magazines.

[Jaysyn]

PC game mags are crap for the most part, plus the fact that it had been out for a while before I had even heard of it. i.e. I had never heard of the demo when I was handed the full version. BTW when did they start making illegal addictive video games?

Jaysyn

P2P filesharing scum

What a refreshing story. Just when I'm ready
to give up hope, there's always something,
however small, that helps restore my faith
in humanity.

I remember a few years ago there was a sting
operation that nabbed a bunch of fugitives
by running a bogus sweepstakes. The
criminals were lead to believe they'd won
superbowl tickets and when they showed up to
claim their prize, they were arrested. Some
of these idiots were so dumb and brazen that
they were still asking for their tickets as
they were being carted away.

That's how I think of the criminals who are
complaining about this prank -- only they're
not being carted off to jail, where they
belong, but just being gently reminded that
there's a difference between right and wrong.

I wonder. Who out there would be nasty
enough to give the P2P criminals what they
really deserve? Hey, having your hard drive
wiped is better than doing time.

Do vigilantes ... vigilate?

[Buskaatt]

So everybody is shrieking: "Jailtime for the vigilantes!"

Well duh. Vigilantes generally break the law to be vigilantes.

But they do it for a reason. I didn't get through more than 90 of the highest modded comments, but I saw very little honestly asking why somebody would choose to go outside the law like this.

Hint: read the definition in the link above.

Another hint: read the part in parenthesis.

Now my question: is it true? Then why can't anybody admit it?

Do you mind YOUR address being posted, Cliff?

Since you seem to enjoy posting other people's addresses... do you mind yours being known? After all, it IS public information, right? Clifton Griffin 503 Piedmont St. Reidsville, North Carolina 27320 And does Mr. Leinecker know about your little project, and how because of your affiliation it could give his company a bad name? I just figured since posting addresses all over the place is one of your hobbies, the rest of us should join in!

Re:Get what you deserve

[Lyran]

I BUY all my software. I really do not like searching for the CDs of the games I play. I will use no-CD patches.

Sad part about this is that I bought SimCity 4 and then later the Rush Hour add-on. I had to go to a pirate site - just to use the software that I legally purchased.

A better protection method would be what StarDock Systems use. Constant free updates and patches requiring your original key. Lose/ destroy the media? No problem. You can download the entire game/ program from their servers.

Most idiotic thing software publishers do - they but the CD-Key on that lousy plastic case. - the ones usually thrown out after original CD is placed in binder. Now if US manufacturers would adopt the European way of using DVD cases for software. Much nicer that cheap plastic cases that break.

Slashdotted

[carterhawk001]

I think the submitter of this story was trying to get them slashdotted, to make them pay!

Use VMware for Untrusted Apps

[sublimespot]

ALWAYS use VMware for running untrusted apps. Also make sure that VMware instance has a Personal Firewall installed.

Slashdotted

It appears they've been Slashdotted out of excistance, or at least the site hosted by freewebs.

Slashdot repeater effect!

[Java+Ape]

Hey Taco,
We smoked their server today, but it seems to be shut down rather than struggling valiently to service the onslaught. Cowards! I can't smell the smoke or hear the platters whine as they overload swap. More importantly, I suspect we're not really racking up the bandwidth charges I'd like for them -- can you please schedule this article for duplication several times over the next month or two?
Thanks in advance,
Java Ape

So... do you REALLY trust those generators?

[TeddyR]

So... do you REALLY trust those generators?

How do you know that the software companies are not doing so already with their own products so that they can get a list of users/ip addresses that are willing to use key generators of their products. This would give the software companies an idea of "where" to look for/ crack down on.

This can also be an easy way to distribute "special" keys that can then easily be detected/disabled suddenly by a patch... [all pirated versions would have the same "set" of pirated keys that would make it MUCH easier to disable them suddenly and all at once with a required "protocol" or "minimum service pack" patch....

They are breaking the law

offering copyrighted programs for download is breaking the law regardless if they're the actuall programs. otherwise it would be legal to commit fraud. i could sell MS office for download and just have this trojan on there. price doesnt change if its fraud. it being trojan versus the real thing doesnt change the fact im infringing on copyrighted material.

So not that i know

[future+assassin]

Unreal Tournament 2004 is not a real Unreal Tournament 2004 but a fake, I can downlod it as many times as I want legaly? And then execute the file. Have my IP show up retared amount of times. Just for fun

Turnabout is fair play

Lets see how you like it bitch

Registrant:
Blogzine
503 Piedmont St.
Reidsville, North Carolina 27320
United States

Registered through: GoDaddy.com
Domain Name: BLOGZINE.NET
Created on: 01-Sep-03
Expires on: 01-Sep-04
Last Updated on: 02-Sep-03

Administrative Contact:
Griffin, Clifton Cliffgriffin@jsventures.com
Blogzine
503 Piedmont St.
Reidsville, North Carolina 27320
United States
3364327174 Fax --
Technical Contact:
Griffin, Clifton
Blogzine
503 Piedmont St.
Reidsville, North Carolina 27320
United States
3364327174 Fax --

Domain servers in listed order:
NS.INFINITEVISION.NET
NS2.INTREX.NET

i hope the spammers enjoy Cliffgriffin@jsventures.com Cliffgriffin@jsventures.com Cliffgriffin@jsventures.com Cliffgriffin@jsventures.com

ARE WE HAVING FUN YET?? now im a vigilante too. YAY. time to go register some magazine subscriptions!

Trojans-Demos-Magazines-ethics.

So basically people are too lazy to be ethical, or moral? Message coming through loud and clear. And people wonder why the planet's going down the crapper.

As far as the drug dealer line. Basically saying "he offered, I couldn't refuse" is a poor excuse.

Re:Trojans-Demos-Magazines-ethics.

[Jaysyn]

#1 My morals & ethics aren't your morals & ethics & vice-versa.

#2 It could have just as easily been a demo the guy handed me, but it wasn't. In the end it had the same net effect though. Epic didn't lose any money & they got a customer for life.

As for your crappy analogy, it was more like he offered & I didn't see any harm in not refusing.

Supermodel: "Here kid, try this. It's good."
Hmmm...I don't know. Should I try it or not? Your call

I guess you'd say no right? Right.

Jaysyn

Get what you deserve-Electric chair.

I agree that key-gens and full programs aren't necessary if you've purchased the actual program. Patches to remove annoying features(1) is in a seperate catagory altogether.

(1) The only exception is using a patch to convert a limited to a full, but then if that get's out of hand? Companies will just put out crippled "go out and buy full", instead of the present one which is for the convience of their "will not abuse a privledge" customers.

As for the key? Get yourself a labelmaker and put it on the CD. Less chance of losing it, and makes it easier to sell.

White, More or Less

[handy_vandal]

I'm gonna go out on a limb and guess that you're white.

Close enough: I look white, I live a white life.

Strictly speaking I'm a mongrel: a mix of Latvian, Scotch-Irish, and Plains Indian.

-kgj

Who Are The Net.Police?

[DynaSoar]

Can someone please tell me who is specified as the people authorized to track software pirates?

When we pulled off the various Usenet Death Penalties, all sorts of media called us "vigilantes". Only Rob Pegoraro from the Washington Post seemed to understand that the word means "someone who assumes or usurps a power invested in a recognized authority". Since there is no one specified as responsible for tracking software pirates via P2P (although there are reporting agencies like BSA, and although publishers CAN undertake this on their own, no one is specified as the authority) then they are NOT vigilantes. Even the EFF got this wrong, and they're the ones that need to be most right about it.

Regardless of methodology, these are not vigilantes, these are just volunteers, same as anti-spammers.

Hypocrisy boots.

"You intentionally waste bandwidth of innocents (the ISPs)"

[falls out of chair laughing]

Oh now this is rich. When P2P'ers run full throttle 24/7 eating everyone elses resources. Then when someone calls them upon it, they're violating the P2P'ers rights. When someone else supposedly uses it (minimally at that), then it's wasting bandwith of innocents.

"you break into a computer system without invitation"

And willfully running a P2P program with "UT2K" in the search bar with the expectation (1) they're going to get a full version is?

(1) before you pull a "but I'm just getting the demo", you can get the demo through regular means.
Just because you think everyone else is stupid, doesn't mean all of us are.

"steal computing time"

To borrow a euphemism " clock cycles just want to be free".

A ticking timebomb...

You know, I wonder why there isn't any viruses which tries to imitate P2P downloads by replacing files in a P2P folder, including filesize so as to not alert porential downloaders of their malicious content until they're already downloaded (and too late).

Re: site that updates in realtime

Where is this place going? Is /. now a manual DDOS?

Disagree, all right (I do too), but doing something like that on purpose is not right either. Two wrongs don't make a right you know.

well... almost...

[Ieshan]

So!!?? If you say "this box is full of money" so I take it, and it turns out to be a bomb, you're somehow not responsible since I willingly took it after you lied to me about what it is? That's stupid (and not how the law works).

It's more like this:

I have a bag of money which is labeled "If you're the guy who keeps stealing money from people, please take this extra money!". Inside is a note that says, "Hey, asshole, don't steal money anymore!", and a wireless camera which snaps a photo of you.

I think you'd have a difficult time arguing that you took the money because the label said to and are somehow being denied your rights by the mislabeling of goods for trade.

trouble

all it takes is a clever person to reverse engineer thier little program to something more malicious to frame them.

here here

beautifully put.

Re:We aren't angry at them because they're asshole

[f0rt0r]

LOL, it does equal intent...intent to what you don't know. Intent to reverse engineer the file they knew wasn't the real keygen because the md5 checksum didn't match, just to see how it ticked? Just curious as to if it was a virus or not ( they opened it on a computer they didn't care if it trashed just to see what it did ), opened it because their friend down the street renamed it to HotBabeScreenSave.exe and emailed it to them as a joke? Do you see the big picture now?

Dude, get a clue

[IshanCaspian]

Punkbuster doesn't just issue GUID bans for cheating.

This is a true story...happened the first time PB had to update. I hopped in this game, and boom, team spectator. I didn't know what happened, so I just hit join game. I played for five minutes, boom, back to spectator. It was printing warning messages in my console, but I didn't think to check unitl after the third time I got booted...then it booted me out of the game clear back to the title screen. I tried logging in, and it flagged my 100% legit purchased cd key with a GUID ban. I had to get a new one!

Before you accuse me of cheating, why don't you get your facts straight. I don't need any kind of cheats to kick your ass six ways from Sunday....if you doubt me, just send a PM and I'll hop on A51's instagib and fry your ass till you whimper for mercy...bitch.

Not true.

[IshanCaspian]

Read.

Spying back

[www.demalaga.net]

Hello

Spanish' internauts association did it at:
http://seguridad.internautas.org/article.php? sid=2 92&mode=thread&order=0
(in spanish, sorry)

Antonio

Might be illegal, but...

[herbierobinson]

Well, it is technically a Trojan and it sounds like they forgot to put in the legal blather that keeps the spyware people from getting busted, BUT it also seems pretty clear that anybody who is in a position to file a complaint would be foolish to do so.

Also, I should point out that it would be fairly easy to do this legally (i.e., just bury the the permissions in the legal blather that the installer throws up) and that the real copyright owners could do a similar thing.

Re:which crime? Probably Entrapment

[Rogerborg]

You, sir, are utterly full of shit. Show case law to prove your point, or get in the queue to suck my dick.

Solution:

Just ask slashdot, someone here avocated Alcohol 120%'s "legal uses," and in the same post suggested they download a warzed copy.

Try posting a question about it in one of the various piracy articles, the slashdot "free warze!" supporters will be kind to help you out for all your piracy needs.

Wow!

WTF, did we get taken over by the greedy whinny selfish brats at various piracy supporting sites?

IANAL but this should be an 'attractive nusiance'

[PsiPsiStar]

Consider attractive nusiance law. If you own a pool, and a kid breaks in and uses your pool and hurts themselves, you can be held liable. You'd have to prove in court that you took reasonable steps to keep other people from using your pool. A court would have to determine whether your effort was reasonable. In this case, the trojan could be considered an attractive nusiance. The programmers obviously weren't making a reasonable effort to keep it from being downloaded (quite the contrary) and can be held liable for any damage that it does.

I love the phrase 'attractive nusiance.'
It perfectly describes some girls I knew in college.

Re:which crime? Probably Entrapment

[PsiPsiStar]

Just out of curiousity, how'd you get 'a number of incidents like this'.

It's even more elite...

[Perianwyr+Stormcrow]

...when you use UCITA to then go and dig through everyone's machine that you think might have your random $10,000 100-line program. W00!

Re:Trojans up to 10 years in jail

[tomhudson]

... which is a compromise of the computer system's security. It is leaking information without the owners' consent or knowledge.

S.342.1 Unauthorized Use of Computer
342.1 (1) Every one who, fraudulently and without colour of right,

(a) obtains, directly or indirectly, any computer service,

(b) by means of an electro-magnetic, acoustic, mechanical or other device, intercepts or causes to be intercepted, directly or indirectly, any function of a computer system,

(c) uses or causes to be used, directly or indirectly, a computer system with intent to commit an offence under paragraph (a) or (b) or an offence under section 430 in relation to data or a computer system, or

(d) uses, possesses, traffics in or permits another person to have access to a computer password that would enable a person to commit an offence under paragraph (a), (b) or (c)

is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years, or is guilty of an offence punishable on summary conviction.

Definitions
(2) In this section,

"computer password"
"computer password" means any data by which a computer service or computer system is capable of being obtained or used;

"computer program"
"computer program" means data representing instructions or statements that, when executed in a computer system, causes the computer system to perform a function;

"computer service"
"computer service" includes data processing and the storage or retrieval of data;

"computer system"
"computer system" means a device that, or a group of interconnected or related devices one or more of which,

(a) contains computer programs or other data, and

(b) pursuant to computer programs,

(i) performs logic and control, and

(ii) may perform any other function;

"data"
"data" means representations of information or of concepts that are being prepared or have been prepared in a form suitable for use in a computer system;

"electro-magnetic, acoustic, mechanical or other device"
"electro-magnetic, acoustic, mechanical or other device" means any device or apparatus that is used or is capable of being used to intercept any function of a computer system, but does not include a hearing aid used to correct subnormal hearing of the user to not better than normal hearing;

"function"
"function" includes logic, control, arithmetic, deletion, storage and retrieval and communication or telecommunication to, from or within a computer system;

"intercept"
"intercept" includes listen to or record a function of a computer system, or acquire the substance, meaning or purport thereof.

"traffic"
"traffic" means, in respect of a computer password, to sell, export from or import into Canada, distribute or deal with in any other way.

R.S., 1985, c. 27 (1st Supp.), s. 45; 1997, c. 18, s. 18.