Slashdot Mirror
Flight Sim Company Embeds Malware To Steal Pirates' Passwords (torrentfreak.com)
TorrentFreak: Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure. Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.
Probably also illegal. Just because someone has done something illegal, doesn't give you the right to do something illegal yourself in response.
I think the best anti-piracy measure that I've heard anyone take was a simulation game about video game development. If you were playing on a pirate copy, eventually sales for the virtual games you were developing as part of the sim would tank because of virtual in-game pirates not paying for copies. It was especially hilarious because people would complain about it on the developer forums and then have it explained to them. Utterly harmless (well outside of social embarrassment) and perhaps even effective at getting people to buy the game since they might have been able to play enough of it to decide if they'd like to spend money on it.
I remember many years ago I purchased The Sims for my wife. The install wouldn't work. I called tech support and they told me that it sounded like what happens when someone removed a pirated version and tried to install the official copy. I just said Yeah, that's what I did. They seemed to appreciate my honesty and willingness to pay for it and helped me clear the registry of the offending entries that let me install the legit copy.
I have to wonder how they intend to use illegally obtained information in a court case without getting the case thrown out.
I mean, they installed hacking tools on someone's computer, and then the judge has to trust they didn't plant the evidence?
-=This sig has nothing to do with my comment. Move along now=-
These people should go to prison for criminal hacking. In many penal codes what they did is at least one order of magnitude worse than piracy.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Probably also illegal. Just because someone has done something illegal, doesn't give you the right to do something illegal yourself in response.
It works for Batman.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
So in summary: 1) FlightSimLabs just destroyed their company by intentionally inserting malware into a product they were charging for. 2) FSL was asked on their forums about it when various antivirus programs identified their product as malware. They responded by saying "turn off your AV software." 3) FSL transmitted the material over an open HTTP stream. 4) The server that they have stored this stolen information on is itself secured in a very piss-poor manner. (RDP is open for God's sake.) 5) As this was intentional, and not a mere "bug," it can theoretically be prosecuted in the U.S. as a felony. (Read: Quality time in Federal pound-me-in-the-ass prtison.) 6) Even if merely incompetent, their failure to secure the data they stole is itself criminal in the EU. 7) I guarantee you that they cannot prove that at no time was any of their unencrypted HTTP steams intercepted, NOR can they prove that their obviously insecure server was not comproimised, meaning: 8) How do we know that this wasn't intentional to steal information and go sell to identity thieves? They charge $100 by identity theft. https://www.fidusinfosec.com/f... Oh, where did I get #8? That's the only logical reason they would have stolen the data in the first place. It doesn't do shit for piracy. I hope these assclowns have a good lawyer.