Forgot your password?
typodupeerror
The Internet Security

Anti-piracy Vigilantes Tracking P2P Users 864

Posted by CowboyNeal
from the trojans-of-a-different-breed dept.
brevard writes "From SecurityFocus comes news that a pair of coders with a deep hatred of software pirates have gone public with a months-old experiment to trick file sharers into running custom spyware they wrote that scolds users and phones home to a server. They circulated the program disguised as sought-after downloads like Unreal Tournament 2004 and Microsoft source code, and they have a website that updates in real time whever someone executes it. They've logged IP addresses for over 12,000 'pirates' since January. The EFF says the vigilantes may be committing a crime."
This discussion has been archived. No new comments can be posted.

Anti-piracy Vigilantes Tracking P2P Users

Comments Filter:
  • Trojans (Score:5, Insightful)

    by myownkidney (761203) on Friday March 19, 2004 @09:10AM (#8608567) Homepage
    That's what they are essentially spreading. There's asses should land in jail as soon as possible.
    • Re:Trojans (Score:5, Interesting)

      by s20451 (410424) on Friday March 19, 2004 @09:13AM (#8608588) Journal
      Yeah, that's rich. They have a log of everyone who received a copy of their cracked software. Guess who gets that information in a deal with the Feds?

      Actually, I think this is pretty clever.
      • Re:Trojans (Score:3, Insightful)

        by tomhudson (43916)
        Isn't it a crime to intentionally compromise a computer system?

        This is soooo stupid on their part.

        • Re:Trojans (Score:5, Insightful)

          by plugger (450839) on Friday March 19, 2004 @09:31AM (#8608731) Homepage
          I'm not so sure. The file was freely downloaded from their machine by others, who then passed it on. Ok, the software they offered has different functionality than the victims expected, but that could apply to any program that 'phones home' without the user's knowledge. As soon as the downloader opens the file, it declares its function on the screen. If this is illegal, so are the likes of Bonzai Buddy.
          • Re:Trojans (Score:5, Funny)

            by TykeClone (668449) <TykeClone@gmail.com> on Friday March 19, 2004 @09:39AM (#8608799) Homepage Journal
            Then please (oh please!) let them be illegal!
          • Its still illegal (Score:4, Informative)

            by nurb432 (527695) on Friday March 19, 2004 @11:35AM (#8610069) Homepage Journal
            However, you may loose your ability to countersue in civil court for damaages due to the intent on your part to commit a criminal transaction.

            Just like the drug dealer, he's still commiting a crime by selling, regardless of the crime you committed by purchasing..

            The Feds could also demand their logs..

        • Re:Trojans (Score:5, Interesting)

          by Tony Hoyle (11698) <tmh@nodomain.org> on Friday March 19, 2004 @10:28AM (#8609247) Homepage
          If any of their victims were in the UK they have committed a crime - unauthorised modification of data on a computer - which carries a 5 year jail term.

          So if the US don't want to prosecute them there are extradition treaties to fall back on...
    • Just wait. (Score:4, Interesting)

      by Moryath (553296) on Friday March 19, 2004 @09:13AM (#8608592)
      It'll be about two more days now till someone alters the code and delivers a REAL malicious payload through the damn program.
    • Re:Trojans (Score:3, Insightful)

      by Anonymous Coward
      If they should be locked up, then so should all the b4st4rds who shove their spyware into innocent users computers and actually corrupt their operating system to steal extra viewers for their own pathetic adverts and websites.

      I have been contacted many times by customers of mine complaining their website has been hacked, when in fact it's just their own computer that was hacked by supposedly legitimate US companies to alter the behaviour of IE!
    • Re:Trojans (Score:4, Funny)

      by negacao (522115) * <dfgdsfg@asdasdasd.net> on Friday March 19, 2004 @09:25AM (#8608684)
      Can anybody point me to the proper network [e.g. kazaa, gnutella, etc] and maybe one or two of the filenames?

      I'd like to get it, and examine it. Wouldn't it be hilarious if their own trojan DDOS'd thier own site? ;)

      [I'd look on thier site, but it's already smoking.]

      • Re:Trojans (Score:3, Funny)

        by AndroidCat (229562)
        Since their site seems to be slashdotted, perhaps they did DDoS themselves in a round-about way?
        • by bonch (38532) on Friday March 19, 2004 @01:35PM (#8611644)
          <CmdrTaco> CD sales went up in Australia
          <Hemos> cool lets get an article up
          <Hemos> we'll call it "File-Sharing Increases CD Sales"
          <CmdrTaco> lol
          <Hemos> seriously. file-sharing is good. distributing someone's intellectual property is good
          <CmdrTaco> hey, did we ever get dailyslash shut down?
          <Hemos> not yet. you know some people actually think we have a double-standard for declaring them illegal?
          <CmdrTaco> rofl
          <CowboyNeal> hey guys
          <CmdrTaco> hey
          <Hemos> hi
          <CowboyNeal> some guys ar posting information on pirates
          <CmdrTaco> fuckers
          <Hemos> yeah, nobody should post information on people breaking the law
          <CmdrTaco> dude nobody's breaking the law
          <CmdrTaco> they're INCREASING CD SALES
          <Hemos> oh yeah
          <CowboyNeal> i'll get an article up and call them "vigilantes"
          <CmdrTaco> lol
          <Hemos> that'll get the discussions going...more page hits
          <CowboyNeal> ya
          <CmdrTaco> it sucks that people can't participate in the mp3 culture movement by illegally distributing other people's product
          <Hemos> i know
          <Hemos> hmm
          <CowboyNeal> ?
          <Hemos> isn't that a contradiction, since we expect everybody to follow the licensing restrictions of a GPL.TXT file and raise a piss if they don't?
          <CmdrTaco> rofl
          <CowboyNeal> haha
          <CmdrTaco> yeah expect everyone to follow the GPL...
          <Hemos> ya, i know..oh well, nobody said we were perfect
          <CmdrTaco> whatever gets page hits
          <michael> i'm perfect
          <CmdrTaco> you scare me
    • by WIAKywbfatw (307557) on Friday March 19, 2004 @09:39AM (#8608798) Journal
      That's what they (the "victims") are essentially spreading. There's asses should land in jail as soon as possible.

      Sorry, that's not my personal view (I don't believe in locking people up for small-scale copyright infringment) but it is the view of some, such as the content creators whose property is being infringed on.

      I just find it ironic that just changing the subject line of your message from "Trojans" to "Illegally distributed software" gives us a whole new look at this issue: after all, most of the people engaging in P2P distribution of copyrighted material live in countries where it's illegal and probably punishable by a jail sentence.

      The majority of people here seem to be engaging in double think: messaging people who engage in P2P copyright infringement that what they're doing is wrong and publishing their IP addresses is a Bad Thing, yet tracking down the online behaviour of spammers and then publishing their real world addresses (without any consideration for what might happen as a consequence) is a Good Thing.

      Can someone please explain to me how one is so wrong yet the other is so right? (Preferably without resorting to the kind of language that you wouldn't use in front of your mother?)
      • by Walkiry (698192) on Friday March 19, 2004 @10:15AM (#8609126) Homepage
        Can someone please explain to me how one is so wrong yet the other is so right?

        It's quite simple, with P2P sharing networks person A is passively letting their computer open so that any person B that comes and asks can grab a file if they like what they see.

        A spammer, on the other hand, will make everything possible to get past the locks I put in my computer to try and give me a file I didn't ask for in the first place.
      • You've missed the point of the argument. The argument is that intentionally distributing trojan code for installation on machines you don't own or control is a crime; in the UK it would fall under the Computer Misuse Act. That's bad, and you can be charged by the state and put in jail for commiting that crime.

        Whether or not the end-user is doing something legally / morally wrong by downloading what they believe to be material under copyright to which they have no permission to use is a completely independent discussion.
        • by R.Caley (126968) on Friday March 19, 2004 @10:26AM (#8609227)
          You've missed the point of the argument. The argument is that intentionally distributing trojan code for installation on machines you don't own or control is a crime;

          Interesting question. If you clearly label it as something no one should touch (even if the label is false), but leave it where it can be taken, are you distributing it.

          Imagine someone who packaged up some illegal-to-distribute physical substance in boxes labeled `private, personal and mine, do not touch', then left them around. Can they be done for distributing the substance if someone comes along and steals it?

      • Rule of law (Score:4, Insightful)

        by sita (71217) on Friday March 19, 2004 @10:22AM (#8609188)
        Can someone please explain to me how one is so wrong yet the other is so right?

        Vigilantilism is wrong. Period. Rule of law is characterized by a state monopoly on justice. If you don't like rule of law, there are plenty of countries where it doesn't apply.

        Or, in a language your mother would use: Two wrongs don't make one right.

    • Re:Trojans (Score:3, Insightful)

      by PhotoBoy (684898)
      Isn't this totally pointless for finding "real" pirates anyway? For starters what people downloaded wasn't even illegal. I mean if I write a "Hello World" program and call it UT2004.exe does that mean everyone who downloads it is likely to be an evil pirate?

      Unless these guys have created fake files that match the size of the real thing (UT2004 is ~4Gb) and present it in the form of a CD image, surely the only people who would be fooled by this would be people who think a little 100k program could be a full
    • Re:Trojans (Score:5, Interesting)

      by bcolflesh (710514) on Friday March 19, 2004 @10:09AM (#8609075) Homepage
      I wonder if his desktop software product [extenshun.com] also contains trojan code?
  • ... until about 30 seconds ago. Now it just sorta smokes.

    I guess what they say about examining the hex code for any file you download to look for suspicious strings seems really valid now.

    And if you don't see any, run an unpacker and see if there is anything embeded.

    Of course, you could just avoid running software someone else gives you....
    • by flimnap (751001) on Friday March 19, 2004 @09:23AM (#8608671) Homepage

      Their results page simply lists the following info--

      Average time wasted: 12.888078236572 Seconds
      Total time: 1383.75 Minutes
      Hours: 23.0625 Hours
      Operating for: 928.40555555556 Hours

      Then there's a big table full of entries like this (reformatted to make it easier to view here)--

      ID: 6442
      PID: 3578
      FPID: 1
      Date: Mar 19 2004 07:42:53AM
      IP: xxx.xxx.xxx.xxx
      (Well really, let's not pick on one person ;)
      Location: Germany
      Run time: 17
      Filename: Unreal Tournament 2004 ALL VERSIONS KeyGen Crack (1).exe

      The site continues in that vein for some time... fascinating stuff.

      My thoughts: Software piracy is bad, m'kay, but two wrongs don't make a right!

  • by tweakt (325224) * on Friday March 19, 2004 @09:10AM (#8608569) Homepage
    "...and they have a website that updates in real time whever someone executes it."

    Yeah, not for long...

  • which crime? (Score:5, Interesting)

    by slavemowgli (585321) on Friday March 19, 2004 @09:11AM (#8608572) Homepage
    Out of curiosity, which crime would they be committing?
    • by Anonymous Coward on Friday March 19, 2004 @09:13AM (#8608589)
      Out of curiosity, which crime would they be committing?

      The same crime we commit every night, Pinky...

      TRYING TO TAKE OVER THE WORLD!
    • Re:which crime? (Score:3, Insightful)

      by Anonymous Coward
      For the same crimes virus creators are jailed.
    • Re:which crime? (Score:5, Informative)

      by Anonymous Coward on Friday March 19, 2004 @09:33AM (#8608751)
      which crime would they be committing?

      Electronic trespassing. Making use of system resources that are not theirs. Stealing electricity, hard drive, memory space and performing unauthorised network communications. Crackers have been put in jail for much, much less than the above.

      If they were disguised as codes for games like Unreal Tournament 2004 - I also imagine Epic games would have something to say about them:

      (1) Distributing what is effectively a virus using the Unreal name.
      (2) Taking the law into their own hands without the permission of the copyright holders.

      Only the copyright holder can determine 100% if distributing such codes are illegal. There are circumstances where wanting a new code is legitimate (loss of the manual, living in a country where the game is not available at retail). However, I'm fairly sure that Epic has the ability to remotely de-activate codes that were being illegally distributed (with the game validating your code with a central server before you're allowed to play online) - they already have a system in place for dealing with people spreading codes.

      Doubtless Epic wouldn't want to piss off potential customers by having a virus associated with them. And you bet your bottom dollar that the cracking groups are going to attempt to fight back and double their efforts to produce working codes now (if they've not done so already).
      • Re:which crime? (Score:4, Interesting)

        by dheltzel (558802) on Friday March 19, 2004 @10:45AM (#8609439)
        However, I'm fairly sure that Epic has the ability to remotely de-activate codes that were being illegally distributed (with the game validating your code with a central server before you're allowed to play online) - they already have a system in place for dealing with people spreading codes.

        Interesting.
        Combine that with the recent report of a trojan that harvests codes from infected machines and you have a recipe for creating a new sort of havoc. If the trojan harvested codes are published in such a way that they get disabled, you'd have a sort of DDOS against a game company. It could overhelm their ability to sort out which users were legit, and piss off a lot of legit users at the same time. If you get enough personal info, you might even attack specific people to get them banned from the game for "sharing" their code if they do something you don't like.

    • Probably "entrapment". An equivalent situation would be if the local law enforcement decided to leave a palette of boxed electrical goods on the street (let's say laptops or toasters), but which had wireless surveillance cameras built in. Once turned on, the machine would then broadcast images of the users back to headquarters. The authorities would then claim they had captured photographs of known thieves. Is that fair?
  • Heresay and Slander (Score:5, Interesting)

    by PeeAitchPee (712652) on Friday March 19, 2004 @09:12AM (#8608582)
    Who's to say these guys aren't mixing in IPs of people, who, for example, might have flamed them on message boards? I'm sure their end game is to get a job offer from the RIAA and MPAA . . .
  • by Mononoke (88668) on Friday March 19, 2004 @09:12AM (#8608584) Homepage Journal
    Once again, Mac users are left out of all the fun.

    Dang it!

  • by mobiux (118006) on Friday March 19, 2004 @09:13AM (#8608594)
    They say they are tracking software pirates.
    But realy pirates don't use p2p apps for warez.
    That's kiddie crap.
    More like they are tracking 14 year old's with a cable modem.

    try IRC, now if they could track that, it'd probably blow their minds.
    • Um... with a clientside virus, what would stop them from tracking it? (and probably irc client independant as they can just read the IRC(and whatever else you use) protocol data directly)

      Evil crackers like these criminals are no less clever than the rest of us, they just put their cleverness into more questionable things ;)

      Oh, and a question about IRC to anyone: The '/me' command, aka special CTCP action thingy... why does it use CTCP!?!?!?
      • by DrSkwid (118965) on Friday March 19, 2004 @09:45AM (#8608852) Homepage Journal
        they just put their cleverness into more questionable things ;)

        like this : independent

        The '/me' command, aka special CTCP action thingy... why does it use CTCP!?!?!?

        because CTCP uses in band signalling that something special is happening /me is not part of the irc protocol and therefore is considered 'something special'

        CTCP uses ^A or chr(1)
        You'll see from this table [cs.tut.fi] that ^A is defined in ASCII as :

        A transmission control character used as the first character of a heading of an information message.

        Curiously the authors chose to end the text with another ^A rather than ^C. In their defence there is no End of Heading marker defined. /me is a client dependent implemtation of how to send : ^AACTION : $emote^A

        You can see the other CTCP messages here [invlogic.com]
  • by BenSpinSpace (683543) on Friday March 19, 2004 @09:14AM (#8608600)
    I believe most of us feel angry when reading about these vigilantes. I know I do. However, I would encourage all of us to remember that if these vigilantes were, say... tracking down spammers... then we would be extatic.

    Yes, I'm aware that there's a difference between pirates and spammers. But keep in mind that the RIAA probably sees P2P users the same way that we see spammers. Annoying, a growing threat, and obsessed with large penises.
    • by theLOUDroom (556455) on Friday March 19, 2004 @10:06AM (#8609042)
      I believe most of us feel angry when reading about these vigilantes. I know I do. However, I would encourage all of us to remember that if these vigilantes were, say... tracking down spammers... then we would be extatic.

      Speak for yourself. Maybe you're a hypocrite, but I'd be just as pissed if the program was targeted at spammers by calling it "1millionemails.exe".

      Computer crime is computer crime, and this is definately it. We need reasonable, legal, long-lasting solutions to the problems of the net, not some jackass breaking into system in a vain attempt to combat what he sees as a big problem.
  • Sharing Trojans (Score:3, Interesting)

    by ravydavygravy (230429) on Friday March 19, 2004 @09:15AM (#8608602) Homepage
    What I can't understand is why people would continue to share these programs once they realised they contained a trojan... The authors stopped sharing them because they found users were propogating them well enough anyway.

    Surely any sane person would delete corrupted/malicous downloads from their shared directory?
    • - to never share someone elses trojan. That could lead to a disease somewhere where you usually don't want any irritation. ...
    • Re:Sharing Trojans (Score:4, Insightful)

      by Gabrill (556503) on Friday March 19, 2004 @09:18AM (#8608634)
      The same users that are too lazy to look up free alternative software are going to go through their file sharing archives looking for virii and trojans?
    • Re:Sharing Trojans (Score:3, Insightful)

      by Anonymous Coward
      Not true, most people that use P2P software are total morons, or at least there are enough to keep it spreading

      you would also think a 2mb file size would tip people off that its not UT2k4 or Win2k Source Code
    • Re:Sharing Trojans (Score:4, Interesting)

      by SmackCrackandPot (641205) on Friday March 19, 2004 @09:41AM (#8608809)
      why people would continue to share these programs once they realised they contained a trojan

      When P2P file-sharing programs are in use, the users are usually downloading bucket-fulls of stuff. So between the time the download of the file has been completed, and the time that the file is unzipped and run, there is a window of opportunity for re-distribution to take place. Given the small size of the file, it would probably be ignored until the download of larger files such as movies and warez has been completed, if not forgotten entirely.
      (Like your looters or panic-buyers during a power cut - they're grabbing everything they can get their hands on, because it's there for the taking, not because it's of any practical use to them).
  • Vigilante (Score:4, Interesting)

    by clifgriffin (676199) on Friday March 19, 2004 @09:20AM (#8608652) Homepage
    As clifgriffin, I speak for myself when I say that "vigilante" is not a word we ever claimed. We aren't raging against internet piracy or p2p. We're just doing a social experiment...to see how a program spreads, who downloads it, etc... Kapersky has flagged it as a Trojan, though I still stand firm in my belief that this is in no way a trojan as it does nothing even slightly malicious. I don't think we'd have the "Trojan Horse" analogy to fall back on if all the soldiers in the horse had done was send back a message saying they'd arrived. :D
    • Re:Vigilante (Score:5, Insightful)

      by 68K (234318) on Friday March 19, 2004 @09:28AM (#8608701)
      It is a Trojan - it doesn't have to do anything malicious, just something that is blatently NOT what its description (filename in this case) suggests. And you're capturing data from the users that run it, so it could be argued that it is in fact malicious.
    • Re:Vigilante (Score:5, Informative)

      by WARM3CH (662028) on Friday March 19, 2004 @09:31AM (#8608734)
      This can certainly be classified as a torjan. Being malicious or not has nothing to do with classifying a program as torjan. The simple fact that you have a way to spread it, implemented some form of call-home functionality in it is sufficient to classify it as a torjan. About being malicious or not, some may say that sending private information (like IP address) back home can be considered as a malicious act.
    • Re:Vigilante (Score:5, Insightful)

      by sprouty76 (523155) <stephen_douglas.yahoo@com> on Friday March 19, 2004 @09:37AM (#8608784) Homepage
      It doesn't have to do anything malicious to be considered a trojan. It just has to be an executable masquerading as something it isn't.

      And some of us consider phoning home fairly malicious.

    • Re:Vigilante (Score:5, Interesting)

      by biobogonics (513416) on Friday March 19, 2004 @09:43AM (#8608828)
      As clifgriffin, I speak for myself when I say that "vigilante" is not a word we ever claimed. We aren't raging against internet piracy or p2p. We're just doing a social experiment...to see how a program spreads, who downloads it, etc...

      Just like Robert Morris [wikipedia.org] did in 1988?

    • Re:Vigilante (Score:3, Insightful)

      by agslashdot (574098)
      We're just doing a social experiment...

      Not too long ago, Soviet Russia embarked on a long hard social experiment, called communism...:)
      See, the problem with social experiments is, you have to get the buy-in from society. Can I go to the local girl's school and start looking under people's skirts and claim I'm just doing a social experiment...I'd be arrested in an instant.

      Here's what you are really doing -

      Malone: You said you wanted to get Capone. Do you really wanna get him? You see what I'm saying i

    • Re:Vigilante (Score:5, Insightful)

      by YrWrstNtmr (564987) on Friday March 19, 2004 @10:18AM (#8609154)
      I speak for myself when I say that "vigilante" is not a word we ever claimed. We aren't raging against internet piracy or p2p.

      Oh really? Your statements on website [blogzine.net] would seem to disagree with that
      "At the start of this year, we (Justin and Clif, Clif and Justin) decided to start a new project. We declared war on illegal file sharing and pirates. The goal was to waste their time and bandwidth while tracking them and how the file moves around.

      Other 'interesting statements:
      3. We dissagree with the notion that this is a "Trojan".
      Our program is aboslutely dormant unless specifically and purposefully executed by the downloader.


      Exactly the same as the Beagle and other email trojan variants.

      We aren't reporting these people to anyone in the law enforment field, even though we should be.

      Yes you are. By posting it online, in real time.


      We could go on...
    • Re:Vigilante (Score:5, Informative)

      by Sklivvz (167003) * <marco.cecconi@g[ ]l.com ['mai' in gap]> on Friday March 19, 2004 @10:47AM (#8609468) Homepage Journal
      this is in no way a trojan as it does nothing even slightly malicious

      You are tricking users in sending their personal information to you. This is a serious offense in Italy (where I live) and most of Europe. We take our privacy most seriously.
      Furthermore, cracks are legal in Italy (if you own a registered copy), because it is considered wrong for companies who sell you the software to try and restrict your access to it. For example, Playstation mod-chips are perfectly legal (tested in a court of law).
      So, you are actually defamating and violating the privacy people who are in fact not pirates or doing anything illegal.

      Thank you.
  • by handy_vandal (606174) on Friday March 19, 2004 @09:22AM (#8608666) Homepage Journal
    The EFF says the vigilantes may be committing a crime.

    Vigilantes are, by definition, committing crimes.

    A vigilante [ncwc.edu] is a private citizen who acts outside the law, taking the law into their own hands.

    Some people (e.g. the vigilantes themselves) see this as a Good Thing -- enforcing Justice, where Justice would otherwise go unenforced.

    Others (such as myself) see vigilantism as the roots of rebellion and chaos -- acting as a private government, in defiance of duly constituted authority.

    Not that I have a hell of a lot of respect for duly constituted authority. Most of the cops I've met have been decent people, however, there's a long, sad history of cops acting as vigilantes, outside the law. Not to mention police states, governments run by mobsters, etc. etc.

    -kgj
  • by Anonymous Coward on Friday March 19, 2004 @09:22AM (#8608670)
    I don't much care one way or another about the issue of going after software pirates, as there are some major assholes on both sides of the issue. But the problem with this approach is that if there are bugs in the antipiracy software it could end up screwing up a lot of people's systems and causing major expense and loss of time and effort. Moreover, it looks like people could convert this into intentional malware by renaming it, so that someone looking to download freeware documents on, say, the history of microprocessors, could end up with this crap on his machine. So I object strongly to the means, though I am ambivalent about the intent.
  • by IshanCaspian (625325) on Friday March 19, 2004 @09:23AM (#8608674) Homepage
    the software's not disguised as actual pirated software, but the keygens and cracks. AFAIK, those are in much more of a legal gray area than actual pirated software. Theoretically, if someone legitimately owns a piece of software, and they're on another computer, and they have the original installation media and they forgot their cd key at home, it wouldn't be terribly illegal to load up a keygen so they could play a round or two.

    Or hell, even take the Baldur's gate series. I bought every single game in the series, and I still crack all of those games since I don't want to have to put the cd in when I play. What about somone who has their GUID banned by punkbuster? I don't believe they have any right to stop me permanently from playing a game I bought online...what if I just use a keygen and get another key?

    Anyways, there's really not much of a case for what these people are doing. Besides, if they like vigilantes so much, what do you say we show them what a DDOS looks like?
    • by Lumpy (12016) on Friday March 19, 2004 @09:43AM (#8608826) Homepage
      you forget one more thing...

      I own a 100% legal copy of Cakewalk home studio 2002

      my install CD is broken so I have a choice of buying another copy or making my LEGAL copy work.

      so I download off Kazaa the iso file of the CD burn a new one and voila...

      now the frothing at the mouth Software people here would want me hanged for stealing money out of their mouths by not buying a new copy of their software every 30 seconds but who cares... I am doing NOTHING illegal and simply circumventing a disdain for customer service fr omthe company that makes the software.. I'm still using MY legal serial number and codes... I STILL have the legal license (AKA the box and other paper drivel that says so.)

  • by baryon351 (626717) on Friday March 19, 2004 @09:23AM (#8608676)
    And again, mac users don't have to worry about their malware.
  • by NinjaPablo (246765) <ninjapablo@smash t e ch.net> on Friday March 19, 2004 @09:24AM (#8608679) Homepage Journal
    The article is pretty light on that point. I think anyone who downloads "UT2K4 Keygen.exe" or "Photoshop Full.exe" knows exactly what they are trying to get, and they know the risks of what they are doing. And therefore, if someone wants to write an app that phones home and tells the companies that someone is trying to use a crack, what's the harm?
    • by Kjella (173770) on Friday March 19, 2004 @09:47AM (#8608872) Homepage
      Say an idiot employee downloads & runs this crack/warez/whatever at work. Unauthorized and all that, but that's his ass. Now, this software is reporting home to somewhere. Let's assume the idiot's sysadmin finds out. The employee might get sacked, but who do you think will get charged with hacking (cracking) the corporation's network?

      You got it. Just the costs of verifying that it DIDN'T do anything else, didn't alter or delete any of the data on the computer, didn't transmit any of the potentially sensitive data and (if paranoid enough) rebuild the system is going to rack up to quite a bit.

      If they give them one count of hacking for each machine on their incredibly self-incriminating list, I imagine even the minimum penalties would add up to life. So I would be very worried if I was them...

      Kjella
  • by clifgriffin (676199) on Friday March 19, 2004 @09:25AM (#8608683) Homepage
    For those of you attempting to probe the moral questions of this project.

    What if my software, downloaded with no warranty from Gnutella, displayed the weather conditions in Kenya?

    I'd have their IP, and I could even safely retrieve the ID with legitimate pretenses.

    However, since my software rebukes the downloader for downloading a file that appeared to be a crack, it is a Trojan and a danger to the peoples of the free world.

    Just a thought.
    • by flewp (458359) on Friday March 19, 2004 @09:38AM (#8608791)
      2. The software acts with the confines of its own entity. The program does not compromise their system in any way, shape, or form. Every action it performs it performs soley for the purposes of logging an event. We are not in this to compromise downloader's systems, only to learn a little bit about who they are. It's a social experiment.

      Let me ask you something, if you went to install something, say what you thought was the google search bar for your browser, and instead found out it was giving out information, wouldn't you be a bit pissed? It's doing something other than what was intended. Sure, the software you're replacing might be illegal, but nonetheless, my point still stands.
  • Legal precedent ? (Score:5, Interesting)

    by agslashdot (574098) <sundararaman,krishnan&gmail,com> on Friday March 19, 2004 @09:29AM (#8608717)
    From the article - programs have circulated disguised as activation key generators and cracks for Unreal Tournament 2004, Pinnacle Studio 9, Norton Antivirus, TurboTax

    IANAL, but this is certainly illegal. It is akin to a sting operation, like when you open your car door for the hooker on the street and it turns out she's really a cop and you are arrested for soliciting & prostitution.

    You can't drop dollar bills on the road & then arrest citizens for stealing when they pick them up.

    Using temptation to get at potential thieves does not constitute law enforcement, unless I guess you are the FBI or somesuch.

    • Re:Legal precedent ? (Score:3, Informative)

      by JBMcB (73720)
      -It is akin to a sting operation...

      To get caught in a sting, the "stingee" needs to solicit something illegal from the "stinger." Just opening your car door for a prostitue doesn't necessarily constitute an illegal act, unless you solicited sex for money beforehand.

      - You can't drop dollar bills on the road & then arrest citizens for stealing when they pick them up.

      True, but you also can't sell baking soda to people in dime baggies telling them it's cocaine. Although, technically, p2p isn't really se
  • by breakinbearx (672220) <breakinbearx@hCO ... m minus language> on Friday March 19, 2004 @09:31AM (#8608730)
    but is it wrong? It doesn't spread itself, others spread it. When you download a piece of code off of a p2p network, you take a risk that it isn't what you think it is. Obviously, these people are rather intelligent, and it appears that they aren't evil, and just want to teach certain lawbreakers a lesson. And although it is vigilante in the sense that they are stepping outside of the law, they're not doing anything harmful. Now, if they were formating someone's hard drive when the executable was launched, it would be different, but this is just a small rebuke.

    Props to these guys for sticking up for whats right.
  • Good for them (Score:5, Insightful)

    by Cereal Box (4286) on Friday March 19, 2004 @09:34AM (#8608755)
    I've said many times on Slashdot that if you want P2P to be taken seriously and not be labeled as a haven for pirates, you need to actively engage in discouraging the use of P2P for illegal file trading. These guys are actually doing that. Good for them. At least they're not acting like some hand-waving Slashbots ranting about how no one takes P2P seriously, all the while refusing to acknowledge that the majority of data transfered on P2P networks is copyrighted, and furthermore refusing to do anything about it.

    My favorite comeback line: "Maybe we should outlaw knives because someone might do something illegal with them!" -- completely off-target. Right now, the situation with P2P isn't that a minority of people are using P2P networks to trade copyrighted materials, but that a minority of people are using P2P networks for trading non-copyrighted materials. Until P2P fans actively pursue and discourage the use of P2P for illegitimate uses, P2P will continue to have a bad rap and be pursued by copyright holders.
  • by clifgriffin (676199) on Friday March 19, 2004 @09:42AM (#8608811) Homepage
    We only collect this information if they click the button.

    If they use any other means of exiting the program (ie, Alt+F4) it simply exits.

    Yet again, it all depends on what they do....we don't collect anything without them making defined, deliberate actions.

    It is not my belief that we are required to tell them that we logged the fact that they clicked "I'm Sorry. I Promise Never to Do it Again."

    I would also stress that this information is harmless to them as we proved only that they downloaded a file with the same name as a crack...nothing that poses any kind of threat at all to them.
  • by Uninvited Guest (237316) on Friday March 19, 2004 @09:43AM (#8608834)
    This is pretty funny. The more successful the program gets, the more this pair is creating a potential distributed denial of service attack on their own web servers.
  • Server hosed (Score:5, Informative)

    by yknott (463514) on Friday March 19, 2004 @09:45AM (#8608856) Homepage Journal
    Behold: Walk the Plank and Operation Dust Bunny
    Note: Due to responses by certain detractors, we've updated our legal section (again) to further clarify our stance.

    Apparently, this is becoming more and more newsworthy. Security Focus called today and interviewed me. Here is the resulting article: http://securityfocus.com/news/8279

    At the start of this year, we (Justin and Clif, Clif and Justin) decided to start a new project. We declared war on illegal file sharing and pirates. The goal was to waste their time and bandwidth while tracking them and how the file moves around.

    Results Pages for the Impatient: Walk the Plank Status Page | Dust Bunny Status Page

    Walk the Plank, You Pirates!

    The first version of this was more-or-less a test to see if it would work. We created a program in C# that would pop-up a message scolding the user. When the program closes, it would "phone home" to our servers, giving us the filename, how long the program ran (run time), and their IP address. We entered the information we collected into a database.

    We copied the binary then renamed it to a bunch of warez-like filenames that we found via Jigle.com and searching different P2P networks. We put it up on the Gnutella file sharing network and waited. Within minutes, we had downloads. However, we didn't have entries in the database. The next day we came to the conclusion that people didn't have .NET installed and thus couldn't run the C# binary.

    So we rewrote it in C++. Once finished, we replaced all of the C# binaries with the C++ binary. Again within moments, we had downloads and this time we have entries in the database. Goes to show the penetration of .NET.

    After about two weeks, we noticed something: The file was spreading without our help. We stopped sharing after we realized this and the file kept propagating, and propagating, and propagating. In no time flat, we wasted over 16 hours of pirate time.

    Screenshot: (Top: WTP, Bottom, ODB)

    The Next Step: Operation Dust Bunny

    The original idea we had went beyond simply logging filename and run time. We wanted to track who got what file from who. So a month after WTP, we wrote Dust Bunny. It was a two-binary system that would read the Pirate ID (PID) encoded in itself, send it to a server, then grab a unique PID returned from the server, and rewrite the ID that is encoded in the binary. Using this information, we could see who got what binary from who.

    Written with one person using Visual Studio 2003, another using Dev-C++; one binary in C++, the other in C; and only one person knowing how to code in either language. It was a challenge since the "rabbit" (the GUI program) had to include the "eye" (the program that contacted the server and rewrote the rabbit) for execution. Plus the eye needed an offset that could only be gathered once the rabbit was compiled with eye included. Thanks to TightVNC and a lot of trading of information, we got through it.

    Just to be safe, we added a "kill switch" to the eye. If the server returned a special ID number, the eye would delete the rabbit. This way, in case it got out of control as WTP did, we could stop it. Also, if someone renamed it to a filename we didn't like, we could add that filename to the "evil filename list" on the server.

    After it was completed, we replaced all the binaries with the new version. Once again, they started to be downloaded instantly. The next day, we already had redistributions -- someone downloaded a copy from someone other then us. We could tell since we were logging the PIDs. It didn't take long until we had multi-branch trees of pirates.

    We decided after one month time of sharing Dust Bunny, we'd stop and let it propagate on it's own. That marker was around March 9th, 2004.

    Current Status

    By now, WTP has racked up over 62 hours in wasted pirate time. Dust Bunny is well on its way with 20 hours. Dust Bunny has around 3,500 unique pirates and over 6,200 ex
  • Vigilantes (Score:4, Interesting)

    by CFBMoo1 (157453) on Friday March 19, 2004 @09:53AM (#8608915) Homepage
    Wired has one on a vigilante group that goes after perverts in chat rooms that prey apon children. [wired.com] As much as I admire the intent of every day people to keep things clean, decent, and honest. I also have to agree with points in this other article where law enforcement is being hampered by scaring off the bad people to go deeper underground and the problem just gets burried and not delt with completely. Next thing you know you have a problem thats 10x's worse then before since it wasn't handled properly to begin with.

    In the case of the software vigilantes. They're in for a world of legal hurt I think even though their basic intentions are good.
  • Social Experiment? (Score:5, Insightful)

    by PhxBlue (562201) on Friday March 19, 2004 @10:05AM (#8609034) Homepage Journal

    If this was in fact a "social experiment," I have a few questions:

    • What was the thesis for the experiment? What were these guys setting out to prove?
    • How does the data they collected actually bear upon the experiment itself?
    • What is their conclusion based upon the data they've received?

    If this was a genuine social experiment, these questions have already been answered, somewhere. Otherwise, I think we can chalk this up as a prank designed to embarass people.

  • From their webpage (Score:4, Interesting)

    by ottffssent (18387) on Friday March 19, 2004 @10:07AM (#8609063)
    <html>
    <head>
    <title>Operation Dust Bunny: Deployment Status Page</title>
    </head>
    <body style="margin:0">
    [1]

    Offhand, I'd say today we're not tracking *anybody*...
  • by reality-bytes (119275) on Friday March 19, 2004 @10:08AM (#8609068) Homepage
    That link http://walktheplank.ath.cx is a dynamic DNS re-router for people on Cablemodems / DSL etc.

    Ouch, I almost feel sorry for them :D
  • Trojans of trojans (Score:4, Insightful)

    by maximilln (654768) on Friday March 19, 2004 @10:27AM (#8609240) Homepage Journal
    Even if we assume that these vigilantes are doing nothing morally wrong themselves at what point should they be responsible for opening a security hole in a system which can be exploited by other more malicious stalkers? Can these vigilantes show that their code is 100% secure such that only they can make use of the resources that it provides?

    Spyware and malware and P2P programs and instant messaging programs may not be malicious in and of themselves but they're all coded by half-hacks who aren't very interested in security. Do they properly check their buffer overflows, input validation, or ensure perfect alignment with a proper handshake protocol?

    I think not...

    Let's say that the law would tolerate the vigilante retrieval of stolen property. At what point is the vigilante liable for leaving the backdoor open?

    Let's say that malware and spyware and spammers really are nothing more than advertising methods used to boost the economy (which can be argued as "good"). At what point are the authors of those progams liable for the malicious attacker or stalker who relies on them to identify easy targets?

    Let's say that posting signs for your candidate on someone else's front lawn would be legal. Are you liable if a serial killer decides to pick his targets based upon lawn signs?

    Implications are more than just one step removed from the source.
  • UT2k4 crack (Score:5, Interesting)

    by nukem1999 (142700) on Friday March 19, 2004 @10:29AM (#8609258)
    In just the past two days, Unreal Tournament 2004 keygen and cracks have become popular filenames.

    I pre-ordered the special DVD edition of UT 2k4 about 2 weeks ago. $42 and change. I get it home, pop it in a DVD drive on a different machine in the network, mount the drive on mine, and install. Try to run it? *BZZT* "Wrong disc inserted." Many people on the official forums had the same error with the game in a drive on their local machines. Crack -> piracy? No. It's been rather long established that at least a few paying customers will have problems with the cd check. I can't say about UT2k3, but in the original UT, they removed the cd check in an official patch since so many had problems.

    Although I was smart enough to get it from somewhere reputable. They could have gotten something a LOT worse than an IP tracker.

    I could have been holding the legally purchased, pressed media, wearing the free headset and finding a place for my free Atari shameless-self-promotion stickers while these people posted my IP address (or even more information, I didn't actually go to the list to see) with a pirate label. (note: On their site, the images of the popup say "don't worry your secret is safe with me", and now the list has even been /.ed. Cute.)

    Yarr indeed.
  • How ironic... (Score:4, Insightful)

    by telstar (236404) on Friday March 19, 2004 @10:54AM (#8609558)
    They purport to have a list of pirates...
    What they have is a list of people that downloaded something that most likely isn't a copyrighted work written by them (and admittedly made available freely online by themselves).

    Not only that, they're infringing on the trademarks of the software they purport to be in order to run this little experiment, and a case could also be made that they're doing damage to the name of that software by associating it with their invasive software without consent from the actual publisher of the original work.

    I'm all for protecting a product with the laws that are in place, but the laws shouldn't be taken into people's own hands with invasive and untested software.
  • by WormholeFiend (674934) on Friday March 19, 2004 @11:17AM (#8609869)
    they re not using pr0n to spread their trojans...
    -
  • by Ketnar (415489) <KetnarNO@SPAMketnar.org> on Friday March 19, 2004 @11:54AM (#8610312) Homepage
    Can you spot the shoot-self-in-foot-notes?

    1. No data is collected by our software that isn't already collected when our software is downloaded. The only personally identifiable information that we have would be the executer's IP address. However this information is freely available at time of download and is completly public information.

    Uhm, wait, but collecting IP addys is data. And you also collect what file they were trying to download, and where/who they got it from? I'd say building a track list of a 'social' network of where a file goes and by how/whom is plenty of data.

    I'm sorry,but thats a load. Get a better legal advisor, next!

    3. We dissagree with the notion that this is a "Trojan".
    A trojan horse gains access to a system through deviant methods. Not through user initiated downloads on a P2P network. Secondly, a trojan horse by definition has a payload or attempts to give the author access by working from the inside. Our program is aboslutely dormant unless specifically and purposefully executed by the downloader. And the program is riddled with cues to what the contents might be. For instance, the company name is "C.R.A.P. Citizens Raging Against Pirates". Not what you'd expect from a "legitimate" crack or keygen.

    Okay, lets see, its not a trojan, yet its a trojan. It's not a trojan because it comes from a p2p network, and not ..what, outlook? Got it! Thanks for clearing that up!

    Okay, great idea, really, very funny! But WTF are these guys going to do with all this when, say, MS steps in with a great big legal order of doom saying 'we want to know everybody who thought they were downloading the windows source code'? Are these people even thinking that far ahead?

    And I love the broad thinking that anybody downloading a keygen is a pirate, What, these guys never lost a Cd key before? Yesh. Get a grip kids.

    Points for some very crative programing, but they lost points for not finding something better to do and not thinking ahead a few more feet of them.

Prototype designs always work. -- Don Vonada

Working...