Flight Sim Company Embeds Malware To Steal Pirates' Passwords

TorrentFreak: Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure. Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.

Re:Too Late

[Calydor]

I have to wonder how they intend to use illegally obtained information in a court case without getting the case thrown out.

I mean, they installed hacking tools on someone's computer, and then the judge has to trust they didn't plant the evidence?

Re:Meh

[Oswald+McWeany]

> You copy some electrons harmlessly therefor you deserve your real world information stolen, potentially to real harm.

  News flash, but piracy doesn't harm anyone. It's either people that wouldn't have paid anyway, and thus not a loss, or people that use piracy as a demo and end up paying BECAUSE of it.

That's true for some people but clearly not true for everyone; clearly not true for the majority of people either. I know lots of people who pirate material to avoid having to pay. Not many people PAY for something they have already. And, even if that were to occur isn't it up to the owner of that intellectual property to decide?

If you stole a TV set from Walmart and told the cops you were going to go back and pay for it later if you liked it you wouldn't get much sympathy. Or if you snuck into a cinema and went into a room and watched a movie you wouldn't get much sympathy if you told the cops you were going to pay for the movie if you liked it.

If you can't afford to buy a game, movie, or album... go without. Don't steal. There is actually lots of free content out there that is legitimately free and legally available for you to consume. Seek that out instead.

More criminal than the pirates

[gweihir]

These people should go to prison for criminal hacking. In many penal codes what they did is at least one order of magnitude worse than piracy.

It's a class issue: power over the users is unjust

[jbn-o]

The lesson is you and your son have been had, taken advantage of by a system intent on deceiving you.

The chief underlying problem here is proprietary (non-free, user-subjugating) software. Software you're not allowed to run, inspect, modify, or share (also known as 'software freedom'). Proprietary software is licensed and distributed to keep you from running the program despite doing normal maintenance, software meant to keep you from treating your friends as friends by sharing a copy, inspecting the program to see what it does, and distributed to prevent you from modifying your copy the program should you wish to for any reason.

I experienced something quite similar with the Commodore 64: A video game called Elite on the C-64 had an anti-copying scheme so clumsy and prone to problems it drove me to understand what was really going on. Today we'd properly call this DRM—digital restrictions management (expanded that way because I take the side of the user class, not the publisher class) which was only visited upon those who obtained their copy of the program in a way the publisher found acceptable. Typically this meant buying a copy, but I later came to understand some copies were distributed gratis. The packaged game came with media, a manual, and a flat plastic device with a see-through window. The device could be bent so it resembled a table like an inverted letter "U". On starting the game, the user was shown some blocky image that looked incomprehensible. When the plastic device was folded, placed on the monitor at the proper distance (via the "legs" of the device), and peered through one could see the blocky image turn into something readable. If I recall correctly, the readable image was a page number reference in the manual one was expected to look up and type in the proper word to get past this stage of the loading program.

After I did this a couple of times it dawned on me that those who engage in filesharing and treating friends like friends (sometimes propagandistically called "pirates") never have to put up with this. Only the people who used the publisher-distributed copy did. And most of those users had paid for this treatment.

Those who shared copies were doing us all a favor: they let us try programs before buying a copy, they let us run copies that didn't have what we now call DRM; the anti-copying code had been stripped away. They let us have copies that one could copy in an ordinary fashion, no need for special copiers (such as "nibblers", or any copier that knew how to get past the errors which were deliberately added to the disk to defeat the standard file and disk copiers). There was no need to work around the issue by using audio tapes instead of disks (since audio tapes didn't have copy-prevention added to the media). These so-called "pirates" were doing us a service, a service I might have paid for if offered the opportunity to pay a publisher for a headache-free copy of the program.

Later I obtained a memory snapshotting cartridge called "Isepic" which let me make my own copy of the RAM-resident portion of the game. Isepic produced a copy which loaded faster, never prompted me for the manual lookup, and played identically to the other copy loaded from the distributor's media (no surprise there, it was the same code being loaded into memory). I never loaded the distributor's media again. But this got me to thinking about all the other programs (not just games) that treated the users this way across all the computers I had used. And I began to realize that this was a scam perpetrated on the people who treated the publishers the best. We were literally exchanging our money for being treated badly. And this harm pushed on the users was indiscriminate, just like the flight simulator company did here.

There was one more issue to wrestle with: proprietary software. This was an issue even the filesha

Federal Pound-Me-In-The-Ass Prison or equiv in EU

[Randseed]

So in summary: 1) FlightSimLabs just destroyed their company by intentionally inserting malware into a product they were charging for. 2) FSL was asked on their forums about it when various antivirus programs identified their product as malware. They responded by saying "turn off your AV software." 3) FSL transmitted the material over an open HTTP stream. 4) The server that they have stored this stolen information on is itself secured in a very piss-poor manner. (RDP is open for God's sake.) 5) As this was intentional, and not a mere "bug," it can theoretically be prosecuted in the U.S. as a felony. (Read: Quality time in Federal pound-me-in-the-ass prtison.) 6) Even if merely incompetent, their failure to secure the data they stole is itself criminal in the EU. 7) I guarantee you that they cannot prove that at no time was any of their unencrypted HTTP steams intercepted, NOR can they prove that their obviously insecure server was not comproimised, meaning: 8) How do we know that this wasn't intentional to steal information and go sell to identity thieves? They charge $100 by identity theft. https://www.fidusinfosec.com/f... Oh, where did I get #8? That's the only logical reason they would have stolen the data in the first place. It doesn't do shit for piracy. I hope these assclowns have a good lawyer.

Re:That's pretty funny

[mjwx]

Probably also illegal. Just because someone has done something illegal, doesn't give you the right to do something illegal yourself in response.

I think the best anti-piracy measure that I've heard

Is to try to turn them customers. DRM ultimately doesn't work, stealing passwords ultimately gets you sued out of existence (how do we know they aren't stealing passwords of paying customers) and it's been demonstrated time and time again that piracy fuels sales rather than taking them away.

The problem FlighSimLabs has is that they're charging $100 for something that isn't worth it.