Inside the Shadow Internet

Paladin144 writes "Wired has a report about the mysterious 'pirate networks' that obtain new movies, music & games before they are released and spread them throughout the net. It's not as simple as putting a movie on LimeWire. These people are highly organized and very paranoid about secrecy. They maintain a hidden network of top-level FTP sites that get the best files first and allow them to trickle down the pyramid and into many a slashdotter's sweaty little fingers."

Well..

[lightdarkness]

Well... I used to be apart of one of the pyramids, before I got caught.

I used to have access to the Distro section of an elite IRC channel, known across the net.

They would give movies to those few, who would then take them to the regular channel.

It's really crazy, and insanly hard to get in to, but you would get stuff very early.

Also, easier to get caught, as I found out.

Re:Well..

[dont_think_twice]

Details, please. How did you get caught? What was the punishment?

Re:Well..

[lightdarkness]

Supprising, they punishment wasn't bad.

They shut off our internet, until they could get a letter to us, and we had to sign it, saying we wouldn't do it again.

Re:Well..

[lightdarkness]

I didn't watch 75% of the videos I downloaded

The motivation was the statistics. Seeing that I shared 10 gigs of movies in a day kinda made me feel important. I was almost op'd in one of the channels due to how much I was doing.

I just did a little search, and found out the site I used to do this for is still going. Very supprised at how they keep at it, when I was caught so easily.

Re:Well..

[lightdarkness]

Yes, my address is 48 Archbald Lane, Albany NY, 29578.

Just kidding (obviously), been clean for 3 years!

Re:Well..

[dirkdidit]

The Movie Depot! Man they kicked ass. Had the good movies weeks before release.

I remember them well. I wasn't at the very top of their pyramid, but I wasn't at the bottom, either. I was lucky enough to have a DSL connection back then (late '98-early '99) with a nice upload speed, so I was able to become one of the distribution FTPs. Once you established your "legitness", you'd easily be able to get movies 2 weeks or more, sometimes a month even, before they actually came out in theaters. I remember I had "The Matrix" three weeks before it ever came out. I thought I was cool shit, then again I was doing this as a rather naive 12 year old.

As for what got me out the scene. A bunch of people that I regularly traded with were getting nailed, so I bailed. They were good times while they lasted, though. Haven't used a FTP for anything but legimate traffic since.

Re:Well..

[dstech]

That's because you were what is called a "mule" in the world of drug dealing. A mule is the low-end pusher/dealer, the person that deals with individual users, and always the fall guy. Not that I'm saying file sharing and drug dealing are analogous...

In the warez community, as I understand it, you were probably either an "IRC/P2P Kiddie" or a "Racer" (if you got into sitetrading). Both of these are fairly easy to spot (from the perspective of syndicates like the RIAA & MPAA and the feds) because you are moving a lot of copyrighted data in plain text, with unobscured filenames. Until the very recent past, these "middlemen" were seen as fairly harmless by the FBI & co.

Before the MPAA/RIAA campaigns against end users came into play, you would have been given a slap on the wrist (which, it would seem, is what happened). If you were doing the same stuff today, your personal information might have undergone the subpeona process the RIAA & MPAA have become infamous for, and you might have faced a civil suit and/or criminal charges. Consider yourself lucky to have gotten caught back then!

(Most of my information comes from the article "A Guide to Internet Piracy" in 2600 Magazine, issue 21:2. It looks to be the same information, pretty much, as the Wired article mentioned in the top post, although I admit I have not RTFA. This is slashdot, after all...)

Re:Well..

[ReeprFlame]

Damned MPAA. Surprised they even knew about the IRC channels stuff back then and still have not done much about it until recently...

Re:Well..

[dstech]

Yes. It is obvious. Which might be why no one else said it.

Granted, the obvious needs to be stated pretty often; in my estimation, people don't seem able to grok many things that are, to my mind, pretty blatant.

See the 2600 article I mentioned in the grandparent ("A Guide to Internet Piracy" from 21:2) for a slightly more realistic, and much less reactionary, portrayal of the Warez community in it's current state.

The problem, of course, is that 2600's readership is a fraction of Wired's readership... and the most common readers of both magazines are in the same community (by which I mean they are tech/geek types). I don't know if said readers would agree with that statement, but oh well.

Re:Well..

[YOU+LIKEWISE+FAIL+IT]

Paramount pictures recently dinged a bunch of my friends for IP violations - not only were the infringement notices sent to their ISP's electronically ( and PGP signed at that ) - they came with an attached XML document specifying their infringements.

This is the schema for anyone interested.

YLFI

Curious tone

[mistersooreams]

The tone of the Slashdot article summary makes these people sound like rather romantic pirates (in the original sense), having exciting adventures with clandestine societies and having a strict code of secrecy.

The truth of the matter, as the article reveals, is that it's people like these that caused so many problems for our friends at Valve and are responsible for most of the other irritating leaks of software. While I'm for P2P, fair use, BitTorrent et al as much as the next Slashdotter, I don't think these people are really up to any good. They are not much more than Internet criminals.

Re:Curious tone

[Forbman]

Well, how evil exactly were the old Caribbean pirates of yore?

Sure, they were not paragons of any society. Dregs, really.

But of all that gold and silver that was flowing back to Europe from Central and South America, who mined it? The natives or slaves.

Could the activities of the classical Pirate be looked at then as slightly, romantically ahead of their time? The long-term actions of the Pirates certainily did slow down the flow of this blood money back to Europe. And was it a big deal, really in the grand scheme of things? How many Spanish Galleons were lost to pirate raiders and privateers vs hurricanes?

Didn't the "inherent" value of gold and silver in Spain essentially lose any level of reasonability, because soooo freaking much of it was available in Spain?

It's like someone gifting you a pound of nice chocolate fudge (yes, that's a LOT of fudge). You eat a piece or two. "Cool, this is some good SHIT!". After about 4 or 6 more pieces, you find it very hard to stop, but you also notice that you're just pounding it down, and not enjoying each piece of it. Next thing you know, it's gone, and you have one hellofa sugar coma waiting for you in 15 minutes...

So you next then go to See's Candy, and order another couple of pounds. "Why did I do that!?!" GRMMFMMMOh...yeah....oink oink oink.

I've got about 300 5.25" floppies of C-64 games in the garage. I paid for about 10 or 15 myself, and really did want those games. I got the rest from others in exchange for them copying the games I bought. After a very short time, it did not matter if I got a cool game or not. Wow, another 10 cool games to check out. Eventually it was a game to see how many I got. After leaving for college, it quickly lost interest. Those stupid Z-19 terminals had much more power, especially getting a "Rita" account!

Same thing with music. I don't buy much music any more, and one of the reasons is that I burned myself out on it. I had so many cassettes that I did not enjoy or look forward to any of them that I had. They were a pain in the ass to move, and, well, after a time, I found I did not care about them much anymore. So I picked out a few that meant the most to me (and mostly have now on CD), and the rest, I don't know where they are. I remember songs occaisionally, but...nothing is going to make me go out and blow $200-300 on a "CD Binge" anymore.

People will eventually get to this point. The RIAA should figure out how to get into the middle of this crack cocaine game, instead of trying to fight it. It might even let them sneak out such glossy turds as "Gigli" on an unsuspecting group of "early adopters" who can give far more useful feedback quicker than can carefully crafted and demographic'd focus groups, and kill them quietly instead of letting $100million die on the screen on opening weekend. Speaking of "Gigli", has it even made it to DVD yet?

Excellent overview of the pirate network

[IO+ERROR]

The pirate release networks have been operating like this ever since people figured out how to connect two computers together. There has always been one or more topsites for any pirate group, and you can only get in by invitation.

Back in the day, these sites were run on BBSs whose phone numbers were non-published and which only a few people had access to. These days it's FTP sites, but the principle is the same. And frequently it's not their own FTP sites, but someone else's site which isn't properly secured, but this happens more at the lower levels.

Anyway, the networks run the same as they always have. You're either in or you're out. And most people are out.

In the day

[rockwood]

I also remember certain #'s on irc. #warez and man others, that had hundreds of users in them, though always password protected. I would try and try to get in... but to no avail. I even went as far as setting up a bot network and when the irc split, I jump in and took it over, frantically posting whatever I could think of to get them to allow me to stay. Problem was.. with hundreds of users already having access, I got stomped with other splits by several hundred bots. I lastest but a glorious few seconds. Ah, but those few seconds were the best seconds of my life... those few seconds when I was, for a vague moment, 'in' one of the channels.

Anyway, I always wondered that is they kept things such a secret, how does *anyone* find out about them, or get access to them, etc. I used to own a local ISP, had dual T1's and dealt with thousands of users and net-friends, spent sleepness nights +O on numerous icr #'s /ctcp & /dcc and fserving what I could get and give back... but nothign worked. And hell, at that time I was merely looking for early release of OS's, prior to buying them so that I could get a techincal jump on questions from customers who were running those OS's. I always bought my software, I merely liked being ahead of the game.

Re:In the day

[poopdeville]

A "friend" of mine spent some time doing mp3 trading through several forums for a few years before Napster came out. Basically, he joined a niche channel on EFnet and got to know the regulars. I talked with them too -- they were really nice actually. Within a few months, he was a channel operator, was constantly invited to the "big" channels, and had access to a terabyte of mp3's (in 1997!) through various ftp servers. It's kind of like buying drugs -- you have to know when you've met the right people. Being really funny helps, too.

Pissed off people

[mellon101]

This article, and whoever it was they interviewed... really has some of these guys pissed off. http://www.vcdquality.com/index.php?page=nfo&id=46 020

Re:Let me guess...

Heh heh. I'm 33 and let me tell you a 'when-I-was-your-age' story... When I was your age, you weren't even born yet, me and some friends had two C64s and two Amiga 1000s set up in an apartment. Back then, you called long distance to the BBS of interest. We used all the phreaker tricks to get free phone calls. The phone company knows when you do this and when you exceed a certain amount of time, they come to get you. And they did. Heh heh. I wasn't there when it happened, I was the hardware guy. But anyways those were the days.

Spooks and cracks

[rueger]

Hmmm, once again a post about piracy seems to be populated with replies warning about The Danger, and telling how some guy has mended his ways and now refuses to be a pirate. Coincidence? An attempt to make file sharing seem a lot more risky than it is?

Don't these posts seem to have a real "Reefer Madness" feel to them?

What the Wired article really demonstrates is how it will continue to be difficult if not impossible to stop electronic piracy.

Even though I don't condone such theft, and would prefer that all media be acquired through legitimate channels, the fact is that the genie is out of the bottle. The folks who like to distribute music, film, and warez will continue to stay one technological step ahead of the RIAA, MPAA, and the police.

Re:I thought it was generally known

[saskboy]

You're exactly right. The people who do the most sharing, and especially the bleeding edge stuff are in it simply for the thrill of going against the Machine, and there aren't even enough hours in the day to listen to every song they have, or watch every movie. They simply have it, because it is there, and it gives them status with their peers. And I don't mean peers in the P2P software sense, I mean peers as in people. These people have no or little offline life. Their friends are mostly online, and may be in other countries even. I wasn't being a troll when I said they have no social life. I mean they have no social life, as 80%+ of society views a "real" social life.

the obligatory conspiracy theory

[spyrochaete]

Isn't it possible that such a powerful and exclusive ruling group of warez illuminati could have supplied this reporter with false information? A supposed squealer dishing out red herrings? Or perhaps there are two duelling top-level release organizations and one is trying to rat the other out.

Re:the obligatory conspiracy theory

[Zan+Zu+from+Eridu]

I've seen operation Fastlink in action here in the Netherlands and the only red herring I can spot is the denial of money being involved, people I know have been offered up to 100 euro/month to run a 10TB dumpsite on a 100mbit (universitiy campus) line.

Re:Thank goodness for these people

[kamapuaa]

But CDs and DVDs haven't always been widely pirated. It's not like prices got halved since bittorrent got released.

simple: sftp to OpenSSH servers

[morgue-ann]

I would think they'd just use freenet, tor or i2p and be done with it?

Or how about just sftp? The original "darknet" paper and articles suggested that filesharing would turn into from large anonymous groups to small groups of people that knew each other and were suspicious of newcomers

I remember discussions of ftp servers used for small sharing "clubs" and I can't figure out why sftp isn't used for this. Knowing how to set up OpenSSH properly is a widely held skill that has value outside "piracy." Use DSA authentication instead of passwords for a start.

It should be nearly impossible for outsiders to gain net access to the server. The mere presence of a secured box shouldn't be enough for court ordered physical accesss. While it's also possible to have encrypted filesystems, if they can get my box out of my house, I fscking give up.

I'm planning to write an sftp "browser" front end in python or maybe just figure out how to use rsync over an ssh tunnel.

Traffic analysis in the absence of IP "bouncing" (whatever that is) could reveal who's in the network, but not what they're trading. A "chatter" app that keeps the channels full of noise (or files- who's to know?) could make traffic analysis more difficult. I'd be willing to sacrifice download time so my real downloads can be hidden in an always-on 16kbps stream. I'm trying to share my 20GB of rock with a friend who has 50GB of jazz. If it takes a couple of weeks to exchange collections, that's OK.

Maybe we should just FedEx hard drives to each other.

Re:I thought it was generally known

[Danathar]

Back in my C-64 days, I knew a guy who tried to copy everything he got his hands on. Not that he used any of it, or even distributed it.

It was the thrill of trying to break the copy protection, of finding the "cRaK" to pirate the software.

He even went so far to paint his 1541 disk drive with "War Copy" paint....truely over the edge.

The thrill for these people is like breaking a code somebody else devised, it's an Ego booster. And like drugs that give you pleasure, it's addictive.

The process of getting the latest movie in the best quality on a 700MB CD (with DVD's so cheap..WHY do they continue to want to fit it on 700 MB CD's!) and getting it done first is somewhat similar.

Re:Thank goodness for these people

[pediddle]

Haven't they? Premier DVDs are on sale now for $9.95, whereas just a year or two ago nothing was available for less than $20-25. IMO, publishers have realized that crappy Hollywood blockbusters that lots of people want to buy but nobody wants to pay for are prime targets for piracy. God knows I wouldn't pay $20 for a copy of Hellboy that I'd watch exactly once, but I'd more than likely download one. But I might pay $9.95 for one, especially if that's less than I would have paid in a theater the first time around.

Re:Let me guess...

[eliza_effect]

I knew quite a few people who got taken down as part of a bust of a formerly well-known group. The ones who were minors signed a letter, for the most part. Those that weren't generally got very large fines (in the hundred-thousand dollar range) and some got jailtime. It's not really something you want to take lightly, and I'm not surprised they're "paranoid" about privacy. It's not paranoid if they're actually out to get you, however.

Re:Let me guess...

[spac3manspiff]

same thing happened to me when i was 13. My mom got a letter from verizon and uhh yeah. I got really scared then but they just told me to stop. I'm 18 now and the entire 'warez' scene seems like just another addiction and a really big waste of time.

Re:This whole thing sounds bogus

[twitter]

This sounds like some MPAA exec's fantasy of how the Internet works. Small armies of "curries" manually FTPing files from one server to another? Get real.

Ah yeah, the mythical movie/music pirate pyramid distribution network. If there is one, the RIAA/MPAA or it's employees are the ones feeding the first layer. That's why the author was talking to some supposed "elder statesman" and uses the word "Pirate". Arrrr, me hardies!

The article intentionally ignores lots of things. Fundamental issues, the fact that you can get out of publication music on P2P, and the whole CD and DVD publishing industry that exists without computer networks. Those out of publication files were not put up by someone who broke into some server someplace, they were put there by someone who had they record. DVDs and CDs from intentional production over runs and other publications are in markets all over the world. It's not just in 3rd world markets either. I know a local store owner who got burnt by his supplier who sent him unlicensed coppies of Windoze. The packages were identical and there was no way he or the supplier could tell the difference. It took him years and nearly all of his money to beat Microsoft in Federal court. All of these little issues ignore the real change that's happened in publishing. The cost of publishing has gone to zero and the encouragement for publication needs to fall in proportion. It's silly that while publication is cheaper than ever, copyright is stricter than ever.

Me too.

[Grendel+Drago]

Hard to get into? Pfft. No damn way.

Back in my callow college years, I was a ripper for EPiC. I only did three or four releases; I was flush with the success of having learned to encode amateur porn using DivX (these were the heady days when DivX 3.11 with all that toolkit crap on top of it was the preferred encoding solution), and I put it to use.

The guys had an ad on one of the XDCC channels---#imp-iso on EFNet, if I recall---asking for encoders. So I joined a chat channel, they helped me get set up, I got a Netflix account, and started encoding.

Then Netflix didn't send me the DVDs, and kept charging me until I notified my card company and they stopped the autopayment. I don't know if it's changed since then, but there was no fucking way to get in touch with Netflix.

But in the meantime, I had ratio access to some great big FTP dump in Europe. I was, at the time, frickin' amazed at how easy it was, and how clearly the feds either (a) didn't care, at that point, or (b) were horribly inept. I leaned towards (a).

But, indeed, I was impressed at how sophisticated the tools (RaidenFTPD, mostly, seeming way, way better than the basic FTP daemons legit sites used) and organizations were, for people who never bothered to spell right or use there real names.

And it wasn't like it was a really big or impressive group like Centropy. (They were, maybe still are, the guys who had telesync releases of every new movie the week it was in the theater. Watchable ones, which was the impressive part.)

Ah, youth.

--grendel drago

Quote of the Article ...

[onosendai]

has to be ...

Last summer Jun Group dropped a collection of live videos and MP3s from Steve Winwood on the topsites. "We got 2.9 million downloads," says Forest, "and album sales took off."

..Small sample set maybe, but hopefully soon, 'they' will understand that #downloads ~= #sales

Re:Release groups

[ultranova]

A solution needs to be found for finding .torrent files that are cryptographically authenticated to be from a certain trusted release group.

Unfortunately, such torrent files would all have to point to the same tracker; change the tracker, change the signature. Take down the tracker, invalidate all those torrent files.

Of course, you could leave the the tracker address out of the signature - but then the RIAA could simply spread torrent files with honeytrap tracker addresses.

A better solution might be to use Freenet as the distribution method. Sure, it's slow, but:

• It's perfectly possible to download even whole movies out of it.
• It should be resistant to the Slashdot effect - popular files get spread around the network caches, so they should stay available without slowdowns.
• It is propably the most anonymous of current networks. It was designed to make it impossible to know who's uploading and who's downloading. Of course, it's impossible to guarantee absolute security, but Freenet does put paranoia before efficiency.
• All content is cryptographically hashed (with SHA1) to produce the CHK key, which is used to request content (CHK is Freenet analogue to URL). Freenet also supports cryptographically signed keys (SSK), which allow content authors to proof that they authored some file, while still keeping their real-world identity secret. The de-facto Freenet communication tool, Frost, also supports crypted boards (with reading and posting requiring different keys), private (crypted) messages in-board, signed messages, and uploading files to the board, with a search function and signatures.
• Both the Freenet Daemon (Fred) and Frost are Java, so they should work in every machine. The batch upload tool FUQID is a Windows program, but works under Wine in Linux.
• All significant Freenet programs are open source, so the truly paranoid can check them by themselves, to make sure there isn't any nasty surprises.
• It works. It's slow, but it works right now. AFAIK a translated Freenet version is used by dissidents in China for communication, and even the RIAA is unlikely to be worse than the Chinese government ;) (but please note that I can't read chinese, so I don't really know what the linked page says, apart from it having in-Freenet links).

WelcomeToTheScene.com

[goldenglove]

Take a look at jungroup.com now, they have a link pointing to their "entertainment division" and their latest project "The Scene," a TV show about an NYU student who is the leader of a top movie group in the darknet. After watching the series, it seems that much of the information that is in the darknet article is displayed (graphically) to create a TV drama. Take a look if you're interested.