Slashdot Mirror
Flight Sim Company Embeds Malware To Steal Pirates' Passwords (torrentfreak.com)
TorrentFreak: Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure. Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.
That's probably naughty, but hilarious.
That's what I do with everything. Pirate it, install on a box I don't care about. If I like it, I buy it since it's easier than trying to patch a pirated copy and I don't need to worry about security.
I remember many years ago I purchased The Sims for my wife. The install wouldn't work. I called tech support and they told me that it sounded like what happens when someone removed a pirated version and tried to install the official copy. I just said Yeah, that's what I did. They seemed to appreciate my honesty and willingness to pay for it and helped me clear the registry of the offending entries that let me install the legit copy.
I have to wonder how they intend to use illegally obtained information in a court case without getting the case thrown out.
I mean, they installed hacking tools on someone's computer, and then the judge has to trust they didn't plant the evidence?
-=This sig has nothing to do with my comment. Move along now=-
Exactly. That's why I install bombs in all the cars I sell. If the car is started without the original key, it blows up! What could POSSIBLY go wrong?
This is a situation where corporations are conveniently not people. So no one person will truly be held accountable.
"âoe[T]here are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products."
All others gave us explicit permission to all usernames and passwords entered in the the computer. It's in our EULA your honor, we committed no crime.
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
> You copy some electrons harmlessly therefor you deserve your real world information stolen, potentially to real harm.
News flash, but piracy doesn't harm anyone. It's either people that wouldn't have paid anyway, and thus not a loss, or people that use piracy as a demo and end up paying BECAUSE of it.
That's true for some people but clearly not true for everyone; clearly not true for the majority of people either. I know lots of people who pirate material to avoid having to pay. Not many people PAY for something they have already. And, even if that were to occur isn't it up to the owner of that intellectual property to decide?
If you stole a TV set from Walmart and told the cops you were going to go back and pay for it later if you liked it you wouldn't get much sympathy. Or if you snuck into a cinema and went into a room and watched a movie you wouldn't get much sympathy if you told the cops you were going to pay for the movie if you liked it.
If you can't afford to buy a game, movie, or album... go without. Don't steal. There is actually lots of free content out there that is legitimately free and legally available for you to consume. Seek that out instead.
"That's the way to do it" - Punch
My 10 year old spent some of his money on a download of Cuphead from the Windows store a few months ago when it came out (so paid full price). After a Windows update it stopped working completely, crashing out shortly after the splash screen. After an hour or two of trying to debug this, I found the torrented repack worked just fine, and he has been using that since. Not sure what the lesson there is.
They will attempt to extort first and seek an out-of-court settlement a la the RIAA / MPAA through their hired lawyer brigade once they've ID'd the "pirates." Much easier and cheaper than actual litigation, where they'd have little chance of success for the reason you cite, among others.
Don't steal.
I agree with everything you said... minus that. I don't like seeing copyright infringement described as stealing. It is certainly depriving a copyright holder of revenue you may or may not have given them... But you have stolen nothing from them. You have breached their statutory rights to control copies of something they made. There was no theft.
These people should go to prison for criminal hacking. In many penal codes what they did is at least one order of magnitude worse than piracy.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The lesson is you and your son have been had, taken advantage of by a system intent on deceiving you.
The chief underlying problem here is proprietary (non-free, user-subjugating) software. Software you're not allowed to run, inspect, modify, or share (also known as 'software freedom'). Proprietary software is licensed and distributed to keep you from running the program despite doing normal maintenance, software meant to keep you from treating your friends as friends by sharing a copy, inspecting the program to see what it does, and distributed to prevent you from modifying your copy the program should you wish to for any reason.
I experienced something quite similar with the Commodore 64: A video game called Elite on the C-64 had an anti-copying scheme so clumsy and prone to problems it drove me to understand what was really going on. Today we'd properly call this DRM—digital restrictions management (expanded that way because I take the side of the user class, not the publisher class) which was only visited upon those who obtained their copy of the program in a way the publisher found acceptable. Typically this meant buying a copy, but I later came to understand some copies were distributed gratis. The packaged game came with media, a manual, and a flat plastic device with a see-through window. The device could be bent so it resembled a table like an inverted letter "U". On starting the game, the user was shown some blocky image that looked incomprehensible. When the plastic device was folded, placed on the monitor at the proper distance (via the "legs" of the device), and peered through one could see the blocky image turn into something readable. If I recall correctly, the readable image was a page number reference in the manual one was expected to look up and type in the proper word to get past this stage of the loading program.
After I did this a couple of times it dawned on me that those who engage in filesharing and treating friends like friends (sometimes propagandistically called "pirates") never have to put up with this. Only the people who used the publisher-distributed copy did. And most of those users had paid for this treatment.
Those who shared copies were doing us all a favor: they let us try programs before buying a copy, they let us run copies that didn't have what we now call DRM; the anti-copying code had been stripped away. They let us have copies that one could copy in an ordinary fashion, no need for special copiers (such as "nibblers", or any copier that knew how to get past the errors which were deliberately added to the disk to defeat the standard file and disk copiers). There was no need to work around the issue by using audio tapes instead of disks (since audio tapes didn't have copy-prevention added to the media). These so-called "pirates" were doing us a service, a service I might have paid for if offered the opportunity to pay a publisher for a headache-free copy of the program.
Later I obtained a memory snapshotting cartridge called "Isepic" which let me make my own copy of the RAM-resident portion of the game. Isepic produced a copy which loaded faster, never prompted me for the manual lookup, and played identically to the other copy loaded from the distributor's media (no surprise there, it was the same code being loaded into memory). I never loaded the distributor's media again. But this got me to thinking about all the other programs (not just games) that treated the users this way across all the computers I had used. And I began to realize that this was a scam perpetrated on the people who treated the publishers the best. We were literally exchanging our money for being treated badly. And this harm pushed on the users was indiscriminate, just like the flight simulator company did here.
There was one more issue to wrestle with: proprietary software. This was an issue even the filesha
Digital Citizen
So in summary: 1) FlightSimLabs just destroyed their company by intentionally inserting malware into a product they were charging for. 2) FSL was asked on their forums about it when various antivirus programs identified their product as malware. They responded by saying "turn off your AV software." 3) FSL transmitted the material over an open HTTP stream. 4) The server that they have stored this stolen information on is itself secured in a very piss-poor manner. (RDP is open for God's sake.) 5) As this was intentional, and not a mere "bug," it can theoretically be prosecuted in the U.S. as a felony. (Read: Quality time in Federal pound-me-in-the-ass prtison.) 6) Even if merely incompetent, their failure to secure the data they stole is itself criminal in the EU. 7) I guarantee you that they cannot prove that at no time was any of their unencrypted HTTP steams intercepted, NOR can they prove that their obviously insecure server was not comproimised, meaning: 8) How do we know that this wasn't intentional to steal information and go sell to identity thieves? They charge $100 by identity theft. https://www.fidusinfosec.com/f... Oh, where did I get #8? That's the only logical reason they would have stolen the data in the first place. It doesn't do shit for piracy. I hope these assclowns have a good lawyer.
I hope they don't have a good lawyer and are utterly destroyed.
"Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.
If any individual was found to be installing this kind of malware on remote computers, they would be charged with all kinds of computer hacking crimes, just as a start.
Where's the criminal charges? This company needs to be made example of, this kind of behavior is utterly unacceptable.
As to the sony rootkit, it was in a gray area of the law, so it would take somebody with more lawyers they can throw than sony can to win that kind of lawsuit.
This is utterly not a grey area. This is clearly an attempt to commit fraud, identity theft, and intrusion into a remote computer without permission. Every single person in that company who had anything to do with this needs to be dragged in to criminal court and charged with numerous felonies.
Completely unacceptable. No company should be allowed to get away with this. This company needs to be made example of.
This is one of those rare instances where I actually wish I was a lawyer with prosecutor-powers, I'd charge head first into this and rip that company to shreds.