Slashdot Mirror
Anti-piracy Vigilantes Tracking P2P Users
brevard writes "From SecurityFocus comes news that a pair of coders with a deep hatred of software pirates have gone public with a months-old experiment to trick file sharers into running custom spyware they wrote that scolds users and phones home to a server. They circulated the program disguised as sought-after downloads like Unreal Tournament 2004 and Microsoft source code, and they have a website that updates in real time whever someone executes it. They've logged IP addresses for over 12,000 'pirates' since January. The EFF says the vigilantes may be committing a crime."
That's what they are essentially spreading. There's asses should land in jail as soon as possible.
Indefinitely Detained US Citizen
... until about 30 seconds ago. Now it just sorta smokes.
I guess what they say about examining the hex code for any file you download to look for suspicious strings seems really valid now.
And if you don't see any, run an unpacker and see if there is anything embeded.
Of course, you could just avoid running software someone else gives you....
Yeah, not for long...
Out of curiosity, which crime would they be committing?
quidquid latine dictum sit altum videtur.
Who's to say these guys aren't mixing in IPs of people, who, for example, might have flamed them on message boards? I'm sure their end game is to get a job offer from the RIAA and MPAA . . .
Dang it!
NetInfo connection failed for server 127.0.0.1/local
It'll be about two more days now till someone alters the code and delivers a REAL malicious payload through the damn program.
They say they are tracking software pirates.
But realy pirates don't use p2p apps for warez.
That's kiddie crap.
More like they are tracking 14 year old's with a cable modem.
try IRC, now if they could track that, it'd probably blow their minds.
I believe most of us feel angry when reading about these vigilantes. I know I do. However, I would encourage all of us to remember that if these vigilantes were, say... tracking down spammers... then we would be extatic.
Yes, I'm aware that there's a difference between pirates and spammers. But keep in mind that the RIAA probably sees P2P users the same way that we see spammers. Annoying, a growing threat, and obsessed with large penises.
What I can't understand is why people would continue to share these programs once they realised they contained a trojan... The authors stopped sharing them because they found users were propogating them well enough anyway.
Surely any sane person would delete corrupted/malicous downloads from their shared directory?
You may not like it or agree with it (I sure don't) but right now it's the law. If we don't like a particular law (such as copyright) then we need to get our elected officials to change it.
As clifgriffin, I speak for myself when I say that "vigilante" is not a word we ever claimed. We aren't raging against internet piracy or p2p. We're just doing a social experiment...to see how a program spreads, who downloads it, etc... Kapersky has flagged it as a Trojan, though I still stand firm in my belief that this is in no way a trojan as it does nothing even slightly malicious. I don't think we'd have the "Trojan Horse" analogy to fall back on if all the soldiers in the horse had done was send back a message saying they'd arrived. :D
clifgriffin > blog
The EFF says the vigilantes may be committing a crime.
Vigilantes are, by definition, committing crimes.
A vigilante is a private citizen who acts outside the law, taking the law into their own hands.
Some people (e.g. the vigilantes themselves) see this as a Good Thing -- enforcing Justice, where Justice would otherwise go unenforced.
Others (such as myself) see vigilantism as the roots of rebellion and chaos -- acting as a private government, in defiance of duly constituted authority.
Not that I have a hell of a lot of respect for duly constituted authority. Most of the cops I've met have been decent people, however, there's a long, sad history of cops acting as vigilantes, outside the law. Not to mention police states, governments run by mobsters, etc. etc.
-kgj
-kgj
I don't much care one way or another about the issue of going after software pirates, as there are some major assholes on both sides of the issue. But the problem with this approach is that if there are bugs in the antipiracy software it could end up screwing up a lot of people's systems and causing major expense and loss of time and effort. Moreover, it looks like people could convert this into intentional malware by renaming it, so that someone looking to download freeware documents on, say, the history of microprocessors, could end up with this crap on his machine. So I object strongly to the means, though I am ambivalent about the intent.
the software's not disguised as actual pirated software, but the keygens and cracks. AFAIK, those are in much more of a legal gray area than actual pirated software. Theoretically, if someone legitimately owns a piece of software, and they're on another computer, and they have the original installation media and they forgot their cd key at home, it wouldn't be terribly illegal to load up a keygen so they could play a round or two.
Or hell, even take the Baldur's gate series. I bought every single game in the series, and I still crack all of those games since I don't want to have to put the cd in when I play. What about somone who has their GUID banned by punkbuster? I don't believe they have any right to stop me permanently from playing a game I bought online...what if I just use a keygen and get another key?
Anyways, there's really not much of a case for what these people are doing. Besides, if they like vigilantes so much, what do you say we show them what a DDOS looks like?
But there is another kind of evil that we must fear most... and that is the indifference of good men.
The article is pretty light on that point. I think anyone who downloads "UT2K4 Keygen.exe" or "Photoshop Full.exe" knows exactly what they are trying to get, and they know the risks of what they are doing. And therefore, if someone wants to write an app that phones home and tells the companies that someone is trying to use a crack, what's the harm?
SmashTech - No smashing of tech involved
For those of you attempting to probe the moral questions of this project.
What if my software, downloaded with no warranty from Gnutella, displayed the weather conditions in Kenya?
I'd have their IP, and I could even safely retrieve the ID with legitimate pretenses.
However, since my software rebukes the downloader for downloading a file that appeared to be a crack, it is a Trojan and a danger to the peoples of the free world.
Just a thought.
clifgriffin > blog
On a related note, isn't it illegal to sell grass to someone while saying it's marijuana?
yeah, it's intent to supply, no controlled susbtances required.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
IANAL, but this is certainly illegal. It is akin to a sting operation, like when you open your car door for the hooker on the street and it turns out she's really a cop and you are arrested for soliciting & prostitution.
You can't drop dollar bills on the road & then arrest citizens for stealing when they pick them up.
Using temptation to get at potential thieves does not constitute law enforcement, unless I guess you are the FBI or somesuch.
but is it wrong? It doesn't spread itself, others spread it. When you download a piece of code off of a p2p network, you take a risk that it isn't what you think it is. Obviously, these people are rather intelligent, and it appears that they aren't evil, and just want to teach certain lawbreakers a lesson. And although it is vigilante in the sense that they are stepping outside of the law, they're not doing anything harmful. Now, if they were formating someone's hard drive when the executable was launched, it would be different, but this is just a small rebuke.
Props to these guys for sticking up for whats right.
Skill is successfully walking a tightrope over Niagara Falls. Intelligence is not trying. -- Anonymous
I've said many times on Slashdot that if you want P2P to be taken seriously and not be labeled as a haven for pirates, you need to actively engage in discouraging the use of P2P for illegal file trading. These guys are actually doing that. Good for them. At least they're not acting like some hand-waving Slashbots ranting about how no one takes P2P seriously, all the while refusing to acknowledge that the majority of data transfered on P2P networks is copyrighted, and furthermore refusing to do anything about it.
My favorite comeback line: "Maybe we should outlaw knives because someone might do something illegal with them!" -- completely off-target. Right now, the situation with P2P isn't that a minority of people are using P2P networks to trade copyrighted materials, but that a minority of people are using P2P networks for trading non-copyrighted materials. Until P2P fans actively pursue and discourage the use of P2P for illegitimate uses, P2P will continue to have a bad rap and be pursued by copyright holders.
That's what they (the "victims") are essentially spreading. There's asses should land in jail as soon as possible.
Sorry, that's not my personal view (I don't believe in locking people up for small-scale copyright infringment) but it is the view of some, such as the content creators whose property is being infringed on.
I just find it ironic that just changing the subject line of your message from "Trojans" to "Illegally distributed software" gives us a whole new look at this issue: after all, most of the people engaging in P2P distribution of copyrighted material live in countries where it's illegal and probably punishable by a jail sentence.
The majority of people here seem to be engaging in double think: messaging people who engage in P2P copyright infringement that what they're doing is wrong and publishing their IP addresses is a Bad Thing, yet tracking down the online behaviour of spammers and then publishing their real world addresses (without any consideration for what might happen as a consequence) is a Good Thing.
Can someone please explain to me how one is so wrong yet the other is so right? (Preferably without resorting to the kind of language that you wouldn't use in front of your mother?)
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
We only collect this information if they click the button.
If they use any other means of exiting the program (ie, Alt+F4) it simply exits.
Yet again, it all depends on what they do....we don't collect anything without them making defined, deliberate actions.
It is not my belief that we are required to tell them that we logged the fact that they clicked "I'm Sorry. I Promise Never to Do it Again."
I would also stress that this information is harmless to them as we proved only that they downloaded a file with the same name as a crack...nothing that poses any kind of threat at all to them.
clifgriffin > blog
Behold: Walk the Plank and Operation Dust Bunny
.NET installed and thus couldn't run the C# binary.
.NET.
Note: Due to responses by certain detractors, we've updated our legal section (again) to further clarify our stance.
Apparently, this is becoming more and more newsworthy. Security Focus called today and interviewed me. Here is the resulting article: http://securityfocus.com/news/8279
At the start of this year, we (Justin and Clif, Clif and Justin) decided to start a new project. We declared war on illegal file sharing and pirates. The goal was to waste their time and bandwidth while tracking them and how the file moves around.
Results Pages for the Impatient: Walk the Plank Status Page | Dust Bunny Status Page
Walk the Plank, You Pirates!
The first version of this was more-or-less a test to see if it would work. We created a program in C# that would pop-up a message scolding the user. When the program closes, it would "phone home" to our servers, giving us the filename, how long the program ran (run time), and their IP address. We entered the information we collected into a database.
We copied the binary then renamed it to a bunch of warez-like filenames that we found via Jigle.com and searching different P2P networks. We put it up on the Gnutella file sharing network and waited. Within minutes, we had downloads. However, we didn't have entries in the database. The next day we came to the conclusion that people didn't have
So we rewrote it in C++. Once finished, we replaced all of the C# binaries with the C++ binary. Again within moments, we had downloads and this time we have entries in the database. Goes to show the penetration of
After about two weeks, we noticed something: The file was spreading without our help. We stopped sharing after we realized this and the file kept propagating, and propagating, and propagating. In no time flat, we wasted over 16 hours of pirate time.
Screenshot: (Top: WTP, Bottom, ODB)
The Next Step: Operation Dust Bunny
The original idea we had went beyond simply logging filename and run time. We wanted to track who got what file from who. So a month after WTP, we wrote Dust Bunny. It was a two-binary system that would read the Pirate ID (PID) encoded in itself, send it to a server, then grab a unique PID returned from the server, and rewrite the ID that is encoded in the binary. Using this information, we could see who got what binary from who.
Written with one person using Visual Studio 2003, another using Dev-C++; one binary in C++, the other in C; and only one person knowing how to code in either language. It was a challenge since the "rabbit" (the GUI program) had to include the "eye" (the program that contacted the server and rewrote the rabbit) for execution. Plus the eye needed an offset that could only be gathered once the rabbit was compiled with eye included. Thanks to TightVNC and a lot of trading of information, we got through it.
Just to be safe, we added a "kill switch" to the eye. If the server returned a special ID number, the eye would delete the rabbit. This way, in case it got out of control as WTP did, we could stop it. Also, if someone renamed it to a filename we didn't like, we could add that filename to the "evil filename list" on the server.
After it was completed, we replaced all the binaries with the new version. Once again, they started to be downloaded instantly. The next day, we already had redistributions -- someone downloaded a copy from someone other then us. We could tell since we were logging the PIDs. It didn't take long until we had multi-branch trees of pirates.
We decided after one month time of sharing Dust Bunny, we'd stop and let it propagate on it's own. That marker was around March 9th, 2004.
Current Status
By now, WTP has racked up over 62 hours in wasted pirate time. Dust Bunny is well on its way with 20 hours. Dust Bunny has around 3,500 unique pirates and over 6,200 ex
Say an idiot employee downloads & runs this crack/warez/whatever at work. Unauthorized and all that, but that's his ass. Now, this software is reporting home to somewhere. Let's assume the idiot's sysadmin finds out. The employee might get sacked, but who do you think will get charged with hacking (cracking) the corporation's network?
You got it. Just the costs of verifying that it DIDN'T do anything else, didn't alter or delete any of the data on the computer, didn't transmit any of the potentially sensitive data and (if paranoid enough) rebuild the system is going to rack up to quite a bit.
If they give them one count of hacking for each machine on their incredibly self-incriminating list, I imagine even the minimum penalties would add up to life. So I would be very worried if I was them...
Kjella
Live today, because you never know what tomorrow brings
Was that an intentional part of the design? Or did you guys just overlook the ALT-F4 shortcut when you designed the program?
!#@%*)anks for hanging up the phone, dear.
Wired has one on a vigilante group that goes after perverts in chat rooms that prey apon children. As much as I admire the intent of every day people to keep things clean, decent, and honest. I also have to agree with points in this other article where law enforcement is being hampered by scaring off the bad people to go deeper underground and the problem just gets burried and not delt with completely. Next thing you know you have a problem thats 10x's worse then before since it wasn't handled properly to begin with.
In the case of the software vigilantes. They're in for a world of legal hurt I think even though their basic intentions are good.
~~ Behold the flying cow with a rail gun! ~~
If this was in fact a "social experiment," I have a few questions:
If this was a genuine social experiment, these questions have already been answered, somewhere. Otherwise, I think we can chalk this up as a prank designed to embarass people.
!#@%*)anks for hanging up the phone, dear.
<head>
<title>Operation Dust Bunny: Deployment Status Page</title>
</head>
<body style="margin:0">
[1]
Offhand, I'd say today we're not tracking *anybody*...
High-speed Road Trip (18.000KPH)
That link http://walktheplank.ath.cx is a dynamic DNS re-router for people on Cablemodems / DSL etc.
:D
Ouch, I almost feel sorry for them
Ripping an new rectum in the fabric of spacetime.
Can someone please explain to me how one is so wrong yet the other is so right?
Vigilantilism is wrong. Period. Rule of law is characterized by a state monopoly on justice. If you don't like rule of law, there are plenty of countries where it doesn't apply.
Or, in a language your mother would use: Two wrongs don't make one right.
Even if we assume that these vigilantes are doing nothing morally wrong themselves at what point should they be responsible for opening a security hole in a system which can be exploited by other more malicious stalkers? Can these vigilantes show that their code is 100% secure such that only they can make use of the resources that it provides?
Spyware and malware and P2P programs and instant messaging programs may not be malicious in and of themselves but they're all coded by half-hacks who aren't very interested in security. Do they properly check their buffer overflows, input validation, or ensure perfect alignment with a proper handshake protocol?
I think not...
Let's say that the law would tolerate the vigilante retrieval of stolen property. At what point is the vigilante liable for leaving the backdoor open?
Let's say that malware and spyware and spammers really are nothing more than advertising methods used to boost the economy (which can be argued as "good"). At what point are the authors of those progams liable for the malicious attacker or stalker who relies on them to identify easy targets?
Let's say that posting signs for your candidate on someone else's front lawn would be legal. Are you liable if a serial killer decides to pick his targets based upon lawn signs?
Implications are more than just one step removed from the source.
+++ATHZ 99:5:80
In just the past two days, Unreal Tournament 2004 keygen and cracks have become popular filenames.
/.ed. Cute.)
I pre-ordered the special DVD edition of UT 2k4 about 2 weeks ago. $42 and change. I get it home, pop it in a DVD drive on a different machine in the network, mount the drive on mine, and install. Try to run it? *BZZT* "Wrong disc inserted." Many people on the official forums had the same error with the game in a drive on their local machines. Crack -> piracy? No. It's been rather long established that at least a few paying customers will have problems with the cd check. I can't say about UT2k3, but in the original UT, they removed the cd check in an official patch since so many had problems.
Although I was smart enough to get it from somewhere reputable. They could have gotten something a LOT worse than an IP tracker.
I could have been holding the legally purchased, pressed media, wearing the free headset and finding a place for my free Atari shameless-self-promotion stickers while these people posted my IP address (or even more information, I didn't actually go to the list to see) with a pirate label. (note: On their site, the images of the popup say "don't worry your secret is safe with me", and now the list has even been
Yarr indeed.
They purport to have a list of pirates...
What they have is a list of people that downloaded something that most likely isn't a copyrighted work written by them (and admittedly made available freely online by themselves).
Not only that, they're infringing on the trademarks of the software they purport to be in order to run this little experiment, and a case could also be made that they're doing damage to the name of that software by associating it with their invasive software without consent from the actual publisher of the original work.
I'm all for protecting a product with the laws that are in place, but the laws shouldn't be taken into people's own hands with invasive and untested software.
they re not using pr0n to spread their trojans...
-
-----
only means that the police officer cannot pressure you to commit a crime
-----
Hypothetical situation: A police officer stops you in the street and demands that you stop to answer some questions. You are in a hurry and ask if he's conducting an investigation. His response is negative, he's just lonely and wants to chat. You ignore his pleas and continue on your way.
The police officer arrests you for obstruction of justice. Additionally he uses the obstruction of justice as reason to search your person and finds a pack of cigarettes without the wrapper in your coat. He writes up an additional ticket for possession of contraband goods (cigarettes without the appropriate tax stamp).
Note: This isn't a hypothetical situation but REALLY DID HAPPEN.
So please, quit talking about legality. We live in a subjective police state and no lawyer really cares unless there's a potential to get rich quick.
+++ATHZ 99:5:80
However, you may loose your ability to countersue in civil court for damaages due to the intent on your part to commit a criminal transaction.
Just like the drug dealer, he's still commiting a crime by selling, regardless of the crime you committed by purchasing..
The Feds could also demand their logs..
---- Booth was a patriot ----
Can you spot the shoot-self-in-foot-notes?
..what, outlook? Got it! Thanks for clearing that up!
1. No data is collected by our software that isn't already collected when our software is downloaded. The only personally identifiable information that we have would be the executer's IP address. However this information is freely available at time of download and is completly public information.
Uhm, wait, but collecting IP addys is data. And you also collect what file they were trying to download, and where/who they got it from? I'd say building a track list of a 'social' network of where a file goes and by how/whom is plenty of data.
I'm sorry,but thats a load. Get a better legal advisor, next!
3. We dissagree with the notion that this is a "Trojan".
A trojan horse gains access to a system through deviant methods. Not through user initiated downloads on a P2P network. Secondly, a trojan horse by definition has a payload or attempts to give the author access by working from the inside. Our program is aboslutely dormant unless specifically and purposefully executed by the downloader. And the program is riddled with cues to what the contents might be. For instance, the company name is "C.R.A.P. Citizens Raging Against Pirates". Not what you'd expect from a "legitimate" crack or keygen.
Okay, lets see, its not a trojan, yet its a trojan. It's not a trojan because it comes from a p2p network, and not
Okay, great idea, really, very funny! But WTF are these guys going to do with all this when, say, MS steps in with a great big legal order of doom saying 'we want to know everybody who thought they were downloading the windows source code'? Are these people even thinking that far ahead?
And I love the broad thinking that anybody downloading a keygen is a pirate, What, these guys never lost a Cd key before? Yesh. Get a grip kids.
Points for some very crative programing, but they lost points for not finding something better to do and not thinking ahead a few more feet of them.
My new top secret key -> C>N|KB
Um no it isn't. You don't download keygens and full copies of programs off P2P to "tune up" your software. You do that to pirate it, to violate the rights of the producer and to be a little prick.
Woah, way to go Mr. Assumptions. Why exactly can't I just rip out the CD protection code off the program I paid for? It's far more convenient for me to just install the whole thing in my 120 Gb hard drive, stash the box with the CDs safely and be on my merry way. I don't have to throw a tantrum, call the software company 100 times and make a revolution to change the system so that programs come without CD protection. I can simply spend 5 minutes downloading a tool and getting rid of it. Or I can put the keygen with the game in the hard drive so that I don't even have to worry where the manual or the box will end up.
What you're presenting here is a fallacy known as the False Dichotomy. The world is not "either you get the crack to pirate the program or you return it if you don't like the CD protection". After I paid for that software I'll modify it as I see fit to make it more convenient for me to use it, be it cracking the CD protection, installing 100 zillion mods or even cheating the crap out of it so that I can headshot the bots every time I want to. And I'll be damned if I let anyone tell me what I can or cannot do in my computer with the software I paid for.
---- Take the Space Quiz!
I don't stand up for it installing spyware, but if it just pops up a message with a black pirate flag and says you have been logged...the only thing that is harmed is the privacy of a criminal.
If they start using this information for blackmail...that is illegal!
No, unauthorized modification of a computer is a crime, in both the UK and the US (and probably most other developed nations' jurisdictions).
What we have here are felons (system crackers planting trojans on people's PCs) who are compromising the privacy of individuals who have committed civil offenses (copyright violations). The seriousness of the former crime is much greater than the seriousness of the crimes of their victims.
That having been said, the FBI has protected murderers who were on their payroll (including sending an innocent man to jail for the murder committed by one of their informants), who turned evidence against people guilty of far less. So the alluded to by others remains: given the current political climate the feds are likely to overlook the felonies being committed in the interest of persuing the civil offenses being committed against their primary constituency, namely the copyright cartels.
The Future of Human Evolution: Autonomy
<CmdrTaco> CD sales went up in Australia
<Hemos> cool lets get an article up
<Hemos> we'll call it "File-Sharing Increases CD Sales"
<CmdrTaco> lol
<Hemos> seriously. file-sharing is good. distributing someone's intellectual property is good
<CmdrTaco> hey, did we ever get dailyslash shut down?
<Hemos> not yet. you know some people actually think we have a double-standard for declaring them illegal?
<CmdrTaco> rofl
<CowboyNeal> hey guys
<CmdrTaco> hey
<Hemos> hi
<CowboyNeal> some guys ar posting information on pirates
<CmdrTaco> fuckers
<Hemos> yeah, nobody should post information on people breaking the law
<CmdrTaco> dude nobody's breaking the law
<CmdrTaco> they're INCREASING CD SALES
<Hemos> oh yeah
<CowboyNeal> i'll get an article up and call them "vigilantes"
<CmdrTaco> lol
<Hemos> that'll get the discussions going...more page hits
<CowboyNeal> ya
<CmdrTaco> it sucks that people can't participate in the mp3 culture movement by illegally distributing other people's product
<Hemos> i know
<Hemos> hmm
<CowboyNeal> ?
<Hemos> isn't that a contradiction, since we expect everybody to follow the licensing restrictions of a GPL.TXT file and raise a piss if they don't?
<CmdrTaco> rofl
<CowboyNeal> haha
<CmdrTaco> yeah expect everyone to follow the GPL...
<Hemos> ya, i know..oh well, nobody said we were perfect
<CmdrTaco> whatever gets page hits
<michael> i'm perfect
<CmdrTaco> you scare me