Slashdot Mirror


Anti-piracy Vigilantes Tracking P2P Users

brevard writes "From SecurityFocus comes news that a pair of coders with a deep hatred of software pirates have gone public with a months-old experiment to trick file sharers into running custom spyware they wrote that scolds users and phones home to a server. They circulated the program disguised as sought-after downloads like Unreal Tournament 2004 and Microsoft source code, and they have a website that updates in real time whever someone executes it. They've logged IP addresses for over 12,000 'pirates' since January. The EFF says the vigilantes may be committing a crime."

26 of 864 comments (clear)

  1. which crime? by slavemowgli · · Score: 4, Interesting

    Out of curiosity, which crime would they be committing?

    --
    quidquid latine dictum sit altum videtur.
    1. Re:which crime? by dheltzel · · Score: 3, Interesting
      However, I'm fairly sure that Epic has the ability to remotely de-activate codes that were being illegally distributed (with the game validating your code with a central server before you're allowed to play online) - they already have a system in place for dealing with people spreading codes.

      Interesting.
      Combine that with the recent report of a trojan that harvests codes from infected machines and you have a recipe for creating a new sort of havoc. If the trojan harvested codes are published in such a way that they get disabled, you'd have a sort of DDOS against a game company. It could overhelm their ability to sort out which users were legit, and piss off a lot of legit users at the same time. If you get enough personal info, you might even attack specific people to get them banned from the game for "sharing" their code if they do something you don't like.

  2. Heresay and Slander by PeeAitchPee · · Score: 5, Interesting

    Who's to say these guys aren't mixing in IPs of people, who, for example, might have flamed them on message boards? I'm sure their end game is to get a job offer from the RIAA and MPAA . . .

  3. Re:Trojans by s20451 · · Score: 5, Interesting

    Yeah, that's rich. They have a log of everyone who received a copy of their cracked software. Guess who gets that information in a deal with the Feds?

    Actually, I think this is pretty clever.

    --
    Toronto-area transit rider? Rate your ride.
  4. Just wait. by Moryath · · Score: 4, Interesting

    It'll be about two more days now till someone alters the code and delivers a REAL malicious payload through the damn program.

  5. Sharing Trojans by ravydavygravy · · Score: 3, Interesting

    What I can't understand is why people would continue to share these programs once they realised they contained a trojan... The authors stopped sharing them because they found users were propogating them well enough anyway.

    Surely any sane person would delete corrupted/malicous downloads from their shared directory?

    1. Re:Sharing Trojans by SmackCrackandPot · · Score: 3, Interesting

      why people would continue to share these programs once they realised they contained a trojan

      When P2P file-sharing programs are in use, the users are usually downloading bucket-fulls of stuff. So between the time the download of the file has been completed, and the time that the file is unzipped and run, there is a window of opportunity for re-distribution to take place. Given the small size of the file, it would probably be ignored until the download of larger files such as movies and warez has been completed, if not forgotten entirely.
      (Like your looters or panic-buyers during a power cut - they're grabbing everything they can get their hands on, because it's there for the taking, not because it's of any practical use to them).

  6. Vigilante by clifgriffin · · Score: 4, Interesting

    As clifgriffin, I speak for myself when I say that "vigilante" is not a word we ever claimed. We aren't raging against internet piracy or p2p. We're just doing a social experiment...to see how a program spreads, who downloads it, etc... Kapersky has flagged it as a Trojan, though I still stand firm in my belief that this is in no way a trojan as it does nothing even slightly malicious. I don't think we'd have the "Trojan Horse" analogy to fall back on if all the soldiers in the horse had done was send back a message saying they'd arrived. :D

    1. Re:Vigilante by Anonymous Coward · · Score: 3, Interesting

      The best way to detect crap like this is to use one of the websites that list CRC's of known safe/good files on kazaa.. simply match up after download and voila... you got a good, not virused to hell copy of LOTR MRTG early Beta Keygen + server..

      but yeah, I also catch these lame attempts at trojans on the p2p networks... their file sizes are always way wrong, and if you notice, the same group of fools sharing it and the other incorrect files...

    2. Re:Vigilante by biobogonics · · Score: 5, Interesting

      As clifgriffin, I speak for myself when I say that "vigilante" is not a word we ever claimed. We aren't raging against internet piracy or p2p. We're just doing a social experiment...to see how a program spreads, who downloads it, etc...

      Just like Robert Morris did in 1988?

  7. From the looks of their page by IshanCaspian · · Score: 4, Interesting

    the software's not disguised as actual pirated software, but the keygens and cracks. AFAIK, those are in much more of a legal gray area than actual pirated software. Theoretically, if someone legitimately owns a piece of software, and they're on another computer, and they have the original installation media and they forgot their cd key at home, it wouldn't be terribly illegal to load up a keygen so they could play a round or two.

    Or hell, even take the Baldur's gate series. I bought every single game in the series, and I still crack all of those games since I don't want to have to put the cd in when I play. What about somone who has their GUID banned by punkbuster? I don't believe they have any right to stop me permanently from playing a game I bought online...what if I just use a keygen and get another key?

    Anyways, there's really not much of a case for what these people are doing. Besides, if they like vigilantes so much, what do you say we show them what a DDOS looks like?

    --

    But there is another kind of evil that we must fear most... and that is the indifference of good men.
  8. Re:To me this seems basic... by Leffe · · Score: 3, Interesting

    Um... with a clientside virus, what would stop them from tracking it? (and probably irc client independant as they can just read the IRC(and whatever else you use) protocol data directly)

    Evil crackers like these criminals are no less clever than the rest of us, they just put their cleverness into more questionable things ;)

    Oh, and a question about IRC to anyone: The '/me' command, aka special CTCP action thingy... why does it use CTCP!?!?!?

  9. Legal precedent ? by agslashdot · · Score: 4, Interesting
    From the article - programs have circulated disguised as activation key generators and cracks for Unreal Tournament 2004, Pinnacle Studio 9, Norton Antivirus, TurboTax

    IANAL, but this is certainly illegal. It is akin to a sting operation, like when you open your car door for the hooker on the street and it turns out she's really a cop and you are arrested for soliciting & prostitution.

    You can't drop dollar bills on the road & then arrest citizens for stealing when they pick them up.

    Using temptation to get at potential thieves does not constitute law enforcement, unless I guess you are the FBI or somesuch.

  10. Yes, its probably illegal... by breakinbearx · · Score: 4, Interesting

    but is it wrong? It doesn't spread itself, others spread it. When you download a piece of code off of a p2p network, you take a risk that it isn't what you think it is. Obviously, these people are rather intelligent, and it appears that they aren't evil, and just want to teach certain lawbreakers a lesson. And although it is vigilante in the sense that they are stepping outside of the law, they're not doing anything harmful. Now, if they were formating someone's hard drive when the executable was launched, it would be different, but this is just a small rebuke.

    Props to these guys for sticking up for whats right.

    --
    Skill is successfully walking a tightrope over Niagara Falls. Intelligence is not trying. -- Anonymous
  11. Re:Here's another question... by flewp · · Score: 5, Interesting

    2. The software acts with the confines of its own entity. The program does not compromise their system in any way, shape, or form. Every action it performs it performs soley for the purposes of logging an event. We are not in this to compromise downloader's systems, only to learn a little bit about who they are. It's a social experiment.

    Let me ask you something, if you went to install something, say what you thought was the google search bar for your browser, and instead found out it was giving out information, wouldn't you be a bit pissed? It's doing something other than what was intended. Sure, the software you're replacing might be illegal, but nonetheless, my point still stands.

    --
    WWJD.... for a Klondike bar?
  12. Re:To me this seems basic... by DrSkwid · · Score: 3, Interesting

    they just put their cleverness into more questionable things ;)

    like this : independent

    The '/me' command, aka special CTCP action thingy... why does it use CTCP!?!?!?

    because CTCP uses in band signalling that something special is happening /me is not part of the irc protocol and therefore is considered 'something special'

    CTCP uses ^A or chr(1)
    You'll see from this table that ^A is defined in ASCII as :

    A transmission control character used as the first character of a heading of an information message.

    Curiously the authors chose to end the text with another ^A rather than ^C. In their defence there is no End of Heading marker defined. /me is a client dependent implemtation of how to send : ^AACTION : $emote^A

    You can see the other CTCP messages here

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  13. Let me take the following example by Kjella · · Score: 5, Interesting

    Say an idiot employee downloads & runs this crack/warez/whatever at work. Unauthorized and all that, but that's his ass. Now, this software is reporting home to somewhere. Let's assume the idiot's sysadmin finds out. The employee might get sacked, but who do you think will get charged with hacking (cracking) the corporation's network?

    You got it. Just the costs of verifying that it DIDN'T do anything else, didn't alter or delete any of the data on the computer, didn't transmit any of the potentially sensitive data and (if paranoid enough) rebuild the system is going to rack up to quite a bit.

    If they give them one count of hacking for each machine on their incredibly self-incriminating list, I imagine even the minimum penalties would add up to life. So I would be very worried if I was them...

    Kjella

    --
    Live today, because you never know what tomorrow brings
  14. Vigilantes by CFBMoo1 · · Score: 4, Interesting

    Wired has one on a vigilante group that goes after perverts in chat rooms that prey apon children. As much as I admire the intent of every day people to keep things clean, decent, and honest. I also have to agree with points in this other article where law enforcement is being hampered by scaring off the bad people to go deeper underground and the problem just gets burried and not delt with completely. Next thing you know you have a problem thats 10x's worse then before since it wasn't handled properly to begin with.

    In the case of the software vigilantes. They're in for a world of legal hurt I think even though their basic intentions are good.

    --
    ~~ Behold the flying cow with a rail gun! ~~
  15. Re:Yes, but watch out for hypocrisy... by theLOUDroom · · Score: 4, Interesting

    I believe most of us feel angry when reading about these vigilantes. I know I do. However, I would encourage all of us to remember that if these vigilantes were, say... tracking down spammers... then we would be extatic.

    Speak for yourself. Maybe you're a hypocrite, but I'd be just as pissed if the program was targeted at spammers by calling it "1millionemails.exe".

    Computer crime is computer crime, and this is definately it. We need reasonable, legal, long-lasting solutions to the problems of the net, not some jackass breaking into system in a vain attempt to combat what he sees as a big problem.

    --
    Life is too short to proofread.
  16. From their webpage by ottffssent · · Score: 3, Interesting


    <head>
    <title>Operation Dust Bunny: Deployment Status Page</title>
    </head>
    <body style="margin:0">
    [1]

    Offhand, I'd say today we're not tracking *anybody*...

  17. Re:Trojans by bcolflesh · · Score: 5, Interesting

    I wonder if his desktop software product also contains trojan code?

  18. Re:Trojans by Tony+Hoyle · · Score: 5, Interesting

    If any of their victims were in the UK they have committed a crime - unauthorised modification of data on a computer - which carries a 5 year jail term.

    So if the US don't want to prosecute them there are extradition treaties to fall back on...

  19. UT2k4 crack by nukem1999 · · Score: 4, Interesting

    In just the past two days, Unreal Tournament 2004 keygen and cracks have become popular filenames.

    I pre-ordered the special DVD edition of UT 2k4 about 2 weeks ago. $42 and change. I get it home, pop it in a DVD drive on a different machine in the network, mount the drive on mine, and install. Try to run it? *BZZT* "Wrong disc inserted." Many people on the official forums had the same error with the game in a drive on their local machines. Crack -> piracy? No. It's been rather long established that at least a few paying customers will have problems with the cd check. I can't say about UT2k3, but in the original UT, they removed the cd check in an official patch since so many had problems.

    Although I was smart enough to get it from somewhere reputable. They could have gotten something a LOT worse than an IP tracker.

    I could have been holding the legally purchased, pressed media, wearing the free headset and finding a place for my free Atari shameless-self-promotion stickers while these people posted my IP address (or even more information, I didn't actually go to the list to see) with a pirate label. (note: On their site, the images of the popup say "don't worry your secret is safe with me", and now the list has even been /.ed. Cute.)

    Yarr indeed.

    1. Re:UT2k4 crack by WormholeFiend · · Score: 3, Interesting

      From what I read on the Atari forum threads, Epic (the game makers) is pretty much against CD checks, but Atari (the game publishers) forces them to put it in.
      -

  20. Re:which crime? Probably Entrapment by maximilln · · Score: 4, Interesting

    -----
    only means that the police officer cannot pressure you to commit a crime
    -----
    Hypothetical situation: A police officer stops you in the street and demands that you stop to answer some questions. You are in a hurry and ask if he's conducting an investigation. His response is negative, he's just lonely and wants to chat. You ignore his pleas and continue on your way.

    The police officer arrests you for obstruction of justice. Additionally he uses the obstruction of justice as reason to search your person and finds a pack of cigarettes without the wrapper in your coat. He writes up an additional ticket for possession of contraband goods (cigarettes without the appropriate tax stamp).

    Note: This isn't a hypothetical situation but REALLY DID HAPPEN.

    So please, quit talking about legality. We live in a subjective police state and no lawyer really cares unless there's a potential to get rich quick.

    --
    +++ATHZ 99:5:80
  21. Re:Trojans by maximilln · · Score: 3, Interesting

    Capitalism is not a crime. In a truly capitalist system the demand feedback is moderated by the price of the supply.

    We do not live in a capitalist society. Get the politic-speak out of your heads, people. A capitalist system which is subject to the tens of thousands of rules, regulations, and controls that we have in the US is... anyone...?

    Communism.

    Communism is an economic system controlled by the government. Capitalism is an economic system controlled by the flow of capital. In the United States we have an economic system that's controlled by... anyone...? The government.

    This very simple concept is proof that our government run schools are working perfectly to obscure the dominant role that our government plays in the economic conditions of our time. To most educated people this is indicative of... anyone...? Socialism. To the cynical educated people this is indicative of... anyone...? Fascism.

    Just because you want to live in a capitalist republic, and just because your politicians feed your dementia to garner your votes, doesn't make it real.

    --
    +++ATHZ 99:5:80