Slashdot Mirror
Anti-piracy Vigilantes Tracking P2P Users
brevard writes "From SecurityFocus comes news that a pair of coders with a deep hatred of software pirates have gone public with a months-old experiment to trick file sharers into running custom spyware they wrote that scolds users and phones home to a server. They circulated the program disguised as sought-after downloads like Unreal Tournament 2004 and Microsoft source code, and they have a website that updates in real time whever someone executes it. They've logged IP addresses for over 12,000 'pirates' since January. The EFF says the vigilantes may be committing a crime."
Out of curiosity, which crime would they be committing?
quidquid latine dictum sit altum videtur.
Who's to say these guys aren't mixing in IPs of people, who, for example, might have flamed them on message boards? I'm sure their end game is to get a job offer from the RIAA and MPAA . . .
Yeah, that's rich. They have a log of everyone who received a copy of their cracked software. Guess who gets that information in a deal with the Feds?
Actually, I think this is pretty clever.
Toronto-area transit rider? Rate your ride.
It'll be about two more days now till someone alters the code and delivers a REAL malicious payload through the damn program.
What I can't understand is why people would continue to share these programs once they realised they contained a trojan... The authors stopped sharing them because they found users were propogating them well enough anyway.
Surely any sane person would delete corrupted/malicous downloads from their shared directory?
As clifgriffin, I speak for myself when I say that "vigilante" is not a word we ever claimed. We aren't raging against internet piracy or p2p. We're just doing a social experiment...to see how a program spreads, who downloads it, etc... Kapersky has flagged it as a Trojan, though I still stand firm in my belief that this is in no way a trojan as it does nothing even slightly malicious. I don't think we'd have the "Trojan Horse" analogy to fall back on if all the soldiers in the horse had done was send back a message saying they'd arrived. :D
clifgriffin > blog
If I download some random file from kazaa and run it, I'm the only one to blame for what it does.
Its just irony that some of the filenames they used would contain illegal content if they were what they claimed to be.
the software's not disguised as actual pirated software, but the keygens and cracks. AFAIK, those are in much more of a legal gray area than actual pirated software. Theoretically, if someone legitimately owns a piece of software, and they're on another computer, and they have the original installation media and they forgot their cd key at home, it wouldn't be terribly illegal to load up a keygen so they could play a round or two.
Or hell, even take the Baldur's gate series. I bought every single game in the series, and I still crack all of those games since I don't want to have to put the cd in when I play. What about somone who has their GUID banned by punkbuster? I don't believe they have any right to stop me permanently from playing a game I bought online...what if I just use a keygen and get another key?
Anyways, there's really not much of a case for what these people are doing. Besides, if they like vigilantes so much, what do you say we show them what a DDOS looks like?
But there is another kind of evil that we must fear most... and that is the indifference of good men.
Um... with a clientside virus, what would stop them from tracking it? (and probably irc client independant as they can just read the IRC(and whatever else you use) protocol data directly)
;)
Evil crackers like these criminals are no less clever than the rest of us, they just put their cleverness into more questionable things
Oh, and a question about IRC to anyone: The '/me' command, aka special CTCP action thingy... why does it use CTCP!?!?!?
IANAL, but this is certainly illegal. It is akin to a sting operation, like when you open your car door for the hooker on the street and it turns out she's really a cop and you are arrested for soliciting & prostitution.
You can't drop dollar bills on the road & then arrest citizens for stealing when they pick them up.
Using temptation to get at potential thieves does not constitute law enforcement, unless I guess you are the FBI or somesuch.
but is it wrong? It doesn't spread itself, others spread it. When you download a piece of code off of a p2p network, you take a risk that it isn't what you think it is. Obviously, these people are rather intelligent, and it appears that they aren't evil, and just want to teach certain lawbreakers a lesson. And although it is vigilante in the sense that they are stepping outside of the law, they're not doing anything harmful. Now, if they were formating someone's hard drive when the executable was launched, it would be different, but this is just a small rebuke.
Props to these guys for sticking up for whats right.
Skill is successfully walking a tightrope over Niagara Falls. Intelligence is not trying. -- Anonymous
2. The software acts with the confines of its own entity. The program does not compromise their system in any way, shape, or form. Every action it performs it performs soley for the purposes of logging an event. We are not in this to compromise downloader's systems, only to learn a little bit about who they are. It's a social experiment.
Let me ask you something, if you went to install something, say what you thought was the google search bar for your browser, and instead found out it was giving out information, wouldn't you be a bit pissed? It's doing something other than what was intended. Sure, the software you're replacing might be illegal, but nonetheless, my point still stands.
WWJD.... for a Klondike bar?
This is pretty funny. The more successful the program gets, the more this pair is creating a potential distributed denial of service attack on their own web servers.
Sometimes I worry that I'll develop Alzheimer's disease, but no one will notice.
they just put their cleverness into more questionable things ;)
/me is not part of the irc protocol and therefore is considered 'something special'
:
/me is a client dependent implemtation of how to send : ^AACTION : $emote^A
like this : independent
The '/me' command, aka special CTCP action thingy... why does it use CTCP!?!?!?
because CTCP uses in band signalling that something special is happening
CTCP uses ^A or chr(1)
You'll see from this table that ^A is defined in ASCII as
A transmission control character used as the first character of a heading of an information message.
Curiously the authors chose to end the text with another ^A rather than ^C. In their defence there is no End of Heading marker defined.
You can see the other CTCP messages here
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Say an idiot employee downloads & runs this crack/warez/whatever at work. Unauthorized and all that, but that's his ass. Now, this software is reporting home to somewhere. Let's assume the idiot's sysadmin finds out. The employee might get sacked, but who do you think will get charged with hacking (cracking) the corporation's network?
You got it. Just the costs of verifying that it DIDN'T do anything else, didn't alter or delete any of the data on the computer, didn't transmit any of the potentially sensitive data and (if paranoid enough) rebuild the system is going to rack up to quite a bit.
If they give them one count of hacking for each machine on their incredibly self-incriminating list, I imagine even the minimum penalties would add up to life. So I would be very worried if I was them...
Kjella
Live today, because you never know what tomorrow brings
Wired has one on a vigilante group that goes after perverts in chat rooms that prey apon children. As much as I admire the intent of every day people to keep things clean, decent, and honest. I also have to agree with points in this other article where law enforcement is being hampered by scaring off the bad people to go deeper underground and the problem just gets burried and not delt with completely. Next thing you know you have a problem thats 10x's worse then before since it wasn't handled properly to begin with.
In the case of the software vigilantes. They're in for a world of legal hurt I think even though their basic intentions are good.
~~ Behold the flying cow with a rail gun! ~~
Okay, sort of off topic, but what if you asked if they wanted to buy some grass (as in slang for weed), and then you sold them real grass? Is that still illegal? Technically you offered to sell them grass, and you did.
WWJD.... for a Klondike bar?
I believe most of us feel angry when reading about these vigilantes. I know I do. However, I would encourage all of us to remember that if these vigilantes were, say... tracking down spammers... then we would be extatic.
Speak for yourself. Maybe you're a hypocrite, but I'd be just as pissed if the program was targeted at spammers by calling it "1millionemails.exe".
Computer crime is computer crime, and this is definately it. We need reasonable, legal, long-lasting solutions to the problems of the net, not some jackass breaking into system in a vain attempt to combat what he sees as a big problem.
Life is too short to proofread.
<head>
<title>Operation Dust Bunny: Deployment Status Page</title>
</head>
<body style="margin:0">
[1]
Offhand, I'd say today we're not tracking *anybody*...
High-speed Road Trip (18.000KPH)
I wonder if his desktop software product also contains trojan code?
Care to define how it's illegal?
It's illegal for the same reasons that selling you something that I call a "stolen car amlifier" that is really a tracking device or bomb is illegal. It's fraud, misrepresentation, and in this case, theft of services. It's also illegal under various state computer crime laws.
What they're doing is just as illegal as distributing a program called "Spywareremover.exe" that reformats your hard disk as soon as you run it.
They're lying about what the program is and using it to take control of someone's computer without their permission.
Life is too short to proofread.
OK, let's put this into perspective. Let's say that you write a trojan and send it out via email. The people who receive the email run the attachment and then forward the message on to their friends. After a while, you go public and let everybody know about the trojan. Don't you think you'll get a visit to Club Fed?
GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
If any of their victims were in the UK they have committed a crime - unauthorised modification of data on a computer - which carries a 5 year jail term.
So if the US don't want to prosecute them there are extradition treaties to fall back on...
In just the past two days, Unreal Tournament 2004 keygen and cracks have become popular filenames.
/.ed. Cute.)
I pre-ordered the special DVD edition of UT 2k4 about 2 weeks ago. $42 and change. I get it home, pop it in a DVD drive on a different machine in the network, mount the drive on mine, and install. Try to run it? *BZZT* "Wrong disc inserted." Many people on the official forums had the same error with the game in a drive on their local machines. Crack -> piracy? No. It's been rather long established that at least a few paying customers will have problems with the cd check. I can't say about UT2k3, but in the original UT, they removed the cd check in an official patch since so many had problems.
Although I was smart enough to get it from somewhere reputable. They could have gotten something a LOT worse than an IP tracker.
I could have been holding the legally purchased, pressed media, wearing the free headset and finding a place for my free Atari shameless-self-promotion stickers while these people posted my IP address (or even more information, I didn't actually go to the list to see) with a pirate label. (note: On their site, the images of the popup say "don't worry your secret is safe with me", and now the list has even been
Yarr indeed.
This brings back memories of The Twilight Zone and the box that says "Do not open until Doomsday".
I think it's long past time for Doomsday.
+++ATHZ 99:5:80
Hmm that's not illegal here... it's well known that when the new students arrive every year some jokers sell them 'grass' and make a nice income from it.
They're not actually claiming it's illegal, though... Saying 'Wanna buy some grass?' when the stuff you're selling really *is* grass isn't even fraud...
Tools are not imbued with some intrinsic legitimacy. That is determined by how they are used -- and who is judging them.
Your conclusions are wrong and your logic is faulty.
The person who ran that code didn't intend to compromise their machine. Ergo, they trusted the source.
As with tools, legitimacy is determined by the person making the judgement -- one person's legitimate source may be another's evil monopoly-abusing nemesis.
They probably also had some idea of the stated purpose of the tool and thought that it would be useful to them. That implies a basic level of understanding.
It is difficult to know what code to trust and what not. Running binaries downloaded from an unknown user is clearly unwise, but that's not a crime.
Finally, wishing to perform an action in private does not imply that the action is illicit, or believed to be illicit by the person performing that action. Your contention to the contrary is equivilent to saying "If they are commiting no crime, you have nothing to hide/fear."
Which is not always true, in fact it is rarely true.
-----
only means that the police officer cannot pressure you to commit a crime
-----
Hypothetical situation: A police officer stops you in the street and demands that you stop to answer some questions. You are in a hurry and ask if he's conducting an investigation. His response is negative, he's just lonely and wants to chat. You ignore his pleas and continue on your way.
The police officer arrests you for obstruction of justice. Additionally he uses the obstruction of justice as reason to search your person and finds a pack of cigarettes without the wrapper in your coat. He writes up an additional ticket for possession of contraband goods (cigarettes without the appropriate tax stamp).
Note: This isn't a hypothetical situation but REALLY DID HAPPEN.
So please, quit talking about legality. We live in a subjective police state and no lawyer really cares unless there's a potential to get rich quick.
+++ATHZ 99:5:80
To take someone's information (you don't even have to post it) and keep it is ilegal IANAL but it is my job to make sure my employer is compliant with this. If I were you I would stay away from the UK and Europe you could end up in jail for up to 5 years.
I would also stress that this information is harmless to them as we proved only that they downloaded a file with the same name as a crack...nothing that poses any kind of threat at all to them.
Irrelevant you did it without there permission.
Saying Apple is better than MS is like saying Botulism is better than rabies.
think roadrunner might be pissed at all the port 80 traffic to 24.31.106.207... now i don't have roadrunner but, if they are anything like comcast... these guys are breaking the AUP by running an illegal websever. But remember folks... they are the "good guys"
presmike
Capitalism is not a crime. In a truly capitalist system the demand feedback is moderated by the price of the supply.
We do not live in a capitalist society. Get the politic-speak out of your heads, people. A capitalist system which is subject to the tens of thousands of rules, regulations, and controls that we have in the US is... anyone...?
Communism.
Communism is an economic system controlled by the government. Capitalism is an economic system controlled by the flow of capital. In the United States we have an economic system that's controlled by... anyone...? The government.
This very simple concept is proof that our government run schools are working perfectly to obscure the dominant role that our government plays in the economic conditions of our time. To most educated people this is indicative of... anyone...? Socialism. To the cynical educated people this is indicative of... anyone...? Fascism.
Just because you want to live in a capitalist republic, and just because your politicians feed your dementia to garner your votes, doesn't make it real.
+++ATHZ 99:5:80
Let's say I drop on a copy of BackOrifice, and "accidently" rename it to "Paris_Hilton_Video"..
Am I now guilty of some form of digital luring or *entrapment*?
~m
"Yes, I have a Disaster Recovery Plan. It's called my Resume"
I had the same comment. Also use VMware for that untrusted app, so that no malicious code touches your real disk. You dont want BastardTrojan overwriting your winlogon.exe or other stuff like that...
IRC is more protected from fraud by a trust network than a technical protection. You see, the way it works is the channel operators limit who can serve files to users who are voiced, and the only way a user can get voiced is to earn the trust of the highly untrusting operators.
.
Now, say the vigilante behaves well in the channel for a few months, and the operators meet and vote that the vigilante is trustworthy and therefore can be voiced. The channel protection bots are given the vigilante's IP/Host/Nick combo to identify the vigilante and give him voice when he enters the channel.
Ok, it's been several months and now finally the vigilante and run the channel approve fserve software and is still watched by the operators since he/she is still new. Once someone downloads the keygen from the vigi. and discovers it is fake, they msg the channel ops and report it. The vigi loses voice rights and the whole matter is investigated and a decision is made to permanently ban the vigi since the trojan was discovered.
Now, the vigi can try to get voiced in several channels at once, but most channels won't voice you if you serve in more than 2 other channels, and some won't give you voice if you serve even in one other channel. The vigi still has the option of changing IP/Host/Nick and starting the process all over, but it will again be months before they will be considered for voice again. And if someone figures out that this is the same guy they banned before, his new identify will also get banned from the channel.
However, there are some computer illiterate people on IRC, so if the vigi spams people randomly with private messages ( spamming a channel can be easily blocked ) with the connection info to their server with the fake keygen, saying 'go here here to get UT2004 keygen;, I am sure some will fall for it. But if the vigi is reported to the IRCOPS and they can track home down, its kline time for him. Kline means he cannot connect to the IRC network at all, which is different than banning, which only excludes him from one IRC channel.
So you can see how the IRC system presents unique challenges to the vigilante that P2P applications current do not have. That said, I use the eMule client on the Overture network, and it autoblocks clients for various reasons, and it does have a system for both rating and commenting on shared files. Something very useful that is does is track files by md5 checksum, so you can actually see a file that is shared under several names. Its funny to see "Hardware Wars.mpg" was renamed to "Star Wars Episode 2:Attack of the Clones" and other names, flagging it as a fake.
Well, I feel like just wrote a term paper on IRC and P2P networks, so I am calling it a night(11PM here )
Until next post....
I can't afford a sig!