Flight Sim Company Embeds Malware To Steal Pirates' Passwords

TorrentFreak: Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure. Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.

Re:That's pretty funny

[alvinrod]

Probably also illegal. Just because someone has done something illegal, doesn't give you the right to do something illegal yourself in response.

I think the best anti-piracy measure that I've heard anyone take was a simulation game about video game development. If you were playing on a pirate copy, eventually sales for the virtual games you were developing as part of the sim would tank because of virtual in-game pirates not paying for copies. It was especially hilarious because people would complain about it on the developer forums and then have it explained to them. Utterly harmless (well outside of social embarrassment) and perhaps even effective at getting people to buy the game since they might have been able to play enough of it to decide if they'd like to spend money on it.

Federal Pound-Me-In-The-Ass Prison or equiv in EU

[Randseed]

So in summary: 1) FlightSimLabs just destroyed their company by intentionally inserting malware into a product they were charging for. 2) FSL was asked on their forums about it when various antivirus programs identified their product as malware. They responded by saying "turn off your AV software." 3) FSL transmitted the material over an open HTTP stream. 4) The server that they have stored this stolen information on is itself secured in a very piss-poor manner. (RDP is open for God's sake.) 5) As this was intentional, and not a mere "bug," it can theoretically be prosecuted in the U.S. as a felony. (Read: Quality time in Federal pound-me-in-the-ass prtison.) 6) Even if merely incompetent, their failure to secure the data they stole is itself criminal in the EU. 7) I guarantee you that they cannot prove that at no time was any of their unencrypted HTTP steams intercepted, NOR can they prove that their obviously insecure server was not comproimised, meaning: 8) How do we know that this wasn't intentional to steal information and go sell to identity thieves? They charge $100 by identity theft. https://www.fidusinfosec.com/f... Oh, where did I get #8? That's the only logical reason they would have stolen the data in the first place. It doesn't do shit for piracy. I hope these assclowns have a good lawyer.