Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flight Sim Company Embeds Malware To Steal Pirates' Passwords (torrentfreak.com)

Posted by msmash on from the extreme-measures dept.

TorrentFreak: Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure. Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.

3 of 225 comments (clear)

  1. Re:Too Late by Calydor · · Score: 4, Insightful

    I have to wonder how they intend to use illegally obtained information in a court case without getting the case thrown out.

    I mean, they installed hacking tools on someone's computer, and then the judge has to trust they didn't plant the evidence?

    --
    -=This sig has nothing to do with my comment. Move along now=-
  2. More criminal than the pirates by gweihir · · Score: 4, Insightful

    These people should go to prison for criminal hacking. In many penal codes what they did is at least one order of magnitude worse than piracy.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  3. Federal Pound-Me-In-The-Ass Prison or equiv in EU by Randseed · · Score: 5, Insightful

    So in summary: 1) FlightSimLabs just destroyed their company by intentionally inserting malware into a product they were charging for. 2) FSL was asked on their forums about it when various antivirus programs identified their product as malware. They responded by saying "turn off your AV software." 3) FSL transmitted the material over an open HTTP stream. 4) The server that they have stored this stolen information on is itself secured in a very piss-poor manner. (RDP is open for God's sake.) 5) As this was intentional, and not a mere "bug," it can theoretically be prosecuted in the U.S. as a felony. (Read: Quality time in Federal pound-me-in-the-ass prtison.) 6) Even if merely incompetent, their failure to secure the data they stole is itself criminal in the EU. 7) I guarantee you that they cannot prove that at no time was any of their unencrypted HTTP steams intercepted, NOR can they prove that their obviously insecure server was not comproimised, meaning: 8) How do we know that this wasn't intentional to steal information and go sell to identity thieves? They charge $100 by identity theft. https://www.fidusinfosec.com/f... Oh, where did I get #8? That's the only logical reason they would have stolen the data in the first place. It doesn't do shit for piracy. I hope these assclowns have a good lawyer.