Anti-piracy Vigilantes Tracking P2P Users 864
brevard writes "From SecurityFocus comes news that a pair of coders with a deep hatred of software pirates have gone public with a months-old experiment to trick file sharers into running custom spyware they wrote that scolds users and phones home to a server. They circulated the program disguised as sought-after downloads like Unreal Tournament 2004 and Microsoft source code, and they have a website that updates in real time whever someone executes it. They've logged IP addresses for over 12,000 'pirates' since January. The EFF says the vigilantes may be committing a crime."
which crime? (Score:5, Interesting)
Heresay and Slander (Score:5, Interesting)
Re:Trojans (Score:5, Interesting)
Actually, I think this is pretty clever.
Just wait. (Score:4, Interesting)
Sharing Trojans (Score:3, Interesting)
Surely any sane person would delete corrupted/malicous downloads from their shared directory?
Re:Software is just INFORMATION (Score:1, Interesting)
Vigilante (Score:4, Interesting)
It is legal (Score:2, Interesting)
Its just irony that some of the filenames they used would contain illegal content if they were what they claimed to be.
From the looks of their page (Score:5, Interesting)
Or hell, even take the Baldur's gate series. I bought every single game in the series, and I still crack all of those games since I don't want to have to put the cd in when I play. What about somone who has their GUID banned by punkbuster? I don't believe they have any right to stop me permanently from playing a game I bought online...what if I just use a keygen and get another key?
Anyways, there's really not much of a case for what these people are doing. Besides, if they like vigilantes so much, what do you say we show them what a DDOS looks like?
Re:To me this seems basic... (Score:3, Interesting)
Evil crackers like these criminals are no less clever than the rest of us, they just put their cleverness into more questionable things
Oh, and a question about IRC to anyone: The '/me' command, aka special CTCP action thingy... why does it use CTCP!?!?!?
Legal precedent ? (Score:5, Interesting)
IANAL, but this is certainly illegal. It is akin to a sting operation, like when you open your car door for the hooker on the street and it turns out she's really a cop and you are arrested for soliciting & prostitution.
You can't drop dollar bills on the road & then arrest citizens for stealing when they pick them up.
Using temptation to get at potential thieves does not constitute law enforcement, unless I guess you are the FBI or somesuch.
Yes, its probably illegal... (Score:4, Interesting)
Props to these guys for sticking up for whats right.
Re:Vigilante (Score:3, Interesting)
but yeah, I also catch these lame attempts at trojans on the p2p networks... their file sizes are always way wrong, and if you notice, the same group of fools sharing it and the other incorrect files...
Re:Vigilante (Score:2, Interesting)
Which is why we did not shy away from obvious flags such as the Company Name "C.R.A.P: Citizens Raging Against Pirates".
Morons, yes.
Re:Here's another question... (Score:5, Interesting)
Let me ask you something, if you went to install something, say what you thought was the google search bar for your browser, and instead found out it was giving out information, wouldn't you be a bit pissed? It's doing something other than what was intended. Sure, the software you're replacing might be illegal, but nonetheless, my point still stands.
Re:Sharing Trojans (Score:4, Interesting)
When P2P file-sharing programs are in use, the users are usually downloading bucket-fulls of stuff. So between the time the download of the file has been completed, and the time that the file is unzipped and run, there is a window of opportunity for re-distribution to take place. Given the small size of the file, it would probably be ignored until the download of larger files such as movies and warez has been completed, if not forgotten entirely.
(Like your looters or panic-buyers during a power cut - they're grabbing everything they can get their hands on, because it's there for the taking, not because it's of any practical use to them).
Re:Vigilante (Score:5, Interesting)
Just like Robert Morris [wikipedia.org] did in 1988?
Trying to orchestrate a DDoS on themselves? (Score:3, Interesting)
Re:To me this seems basic... (Score:4, Interesting)
like this : independent
The '/me' command, aka special CTCP action thingy... why does it use CTCP!?!?!?
because CTCP uses in band signalling that something special is happening
CTCP uses ^A or chr(1)
You'll see from this table [cs.tut.fi] that ^A is defined in ASCII as
A transmission control character used as the first character of a heading of an information message.
Curiously the authors chose to end the text with another ^A rather than ^C. In their defence there is no End of Heading marker defined.
You can see the other CTCP messages here [invlogic.com]
Let me take the following example (Score:5, Interesting)
You got it. Just the costs of verifying that it DIDN'T do anything else, didn't alter or delete any of the data on the computer, didn't transmit any of the potentially sensitive data and (if paranoid enough) rebuild the system is going to rack up to quite a bit.
If they give them one count of hacking for each machine on their incredibly self-incriminating list, I imagine even the minimum penalties would add up to life. So I would be very worried if I was them...
Kjella
Grrr! (Score:1, Interesting)
This makes me really angry!
No, not the guys or their program, it's you lot. Yes, you complaining about "infiltration", "trojans", "illegal use of the 'victims'' computers" and so forth.
What's the matter - someone doing something to break up your cosy little gang of illegal copyright infringement?
So what if it's just cable-connected kids they're tracking - it's still infringement and should be punished, or at least discouraged. I'm all for this.
there goes my karma...
What about Manuel Miranda and Bill Frist? (Score:1, Interesting)
Vigilantes (Score:4, Interesting)
In the case of the software vigilantes. They're in for a world of legal hurt I think even though their basic intentions are good.
Re:And the third important point... (Score:0, Interesting)
The logging happens when they click a button.
Re:Of course it's a crime! (Score:3, Interesting)
Re:Yes, but watch out for hypocrisy... (Score:5, Interesting)
Speak for yourself. Maybe you're a hypocrite, but I'd be just as pissed if the program was targeted at spammers by calling it "1millionemails.exe".
Computer crime is computer crime, and this is definately it. We need reasonable, legal, long-lasting solutions to the problems of the net, not some jackass breaking into system in a vain attempt to combat what he sees as a big problem.
From their webpage (Score:4, Interesting)
<head>
<title>Operation Dust Bunny: Deployment Status Page</title>
</head>
<body style="margin:0">
[1]
Offhand, I'd say today we're not tracking *anybody*...
Re:Trojans (Score:5, Interesting)
Re:Care to define how it's illegal? (Score:3, Interesting)
It's illegal for the same reasons that selling you something that I call a "stolen car amlifier" that is really a tracking device or bomb is illegal. It's fraud, misrepresentation, and in this case, theft of services. It's also illegal under various state computer crime laws.
What they're doing is just as illegal as distributing a program called "Spywareremover.exe" that reformats your hard disk as soon as you run it.
They're lying about what the program is and using it to take control of someone's computer without their permission.
Re:Trojans (Score:1, Interesting)
Now, for those who say it isn't fraud because no money changed hands, I would make the same argument that we use against spammers:
the victim is defrauded out of the following
Re:Trojans (Score:3, Interesting)
OK, let's put this into perspective. Let's say that you write a trojan and send it out via email. The people who receive the email run the attachment and then forward the message on to their friends. After a while, you go public and let everybody know about the trojan. Don't you think you'll get a visit to Club Fed?
Re:Trojans (Score:5, Interesting)
So if the US don't want to prosecute them there are extradition treaties to fall back on...
shareware coder whiners indeed (Score:1, Interesting)
THIS ISNT A NEW IDEA someone who made a fucking GAMEBOY EMULATOR made a fake crack for it, which WIPED PEOPLES PALM DATA.. he later claimed it was 'a joke that got released by mistake'
ive had to use 'warez codes and cracks/keymakers' no-cd cracks for games I BOUGHT but lost the cd case for
having a crack isnt illegal.. its only illegal if you use it to warez something - these guys and their stupid trojan dont prove that at all... and if the crack theyre trojaning isnt even a real crack.. then theyre just 'outing' people who downloaded a FAKE crack. wow!
UT2k4 crack (Score:5, Interesting)
I pre-ordered the special DVD edition of UT 2k4 about 2 weeks ago. $42 and change. I get it home, pop it in a DVD drive on a different machine in the network, mount the drive on mine, and install. Try to run it? *BZZT* "Wrong disc inserted." Many people on the official forums had the same error with the game in a drive on their local machines. Crack -> piracy? No. It's been rather long established that at least a few paying customers will have problems with the cd check. I can't say about UT2k3, but in the original UT, they removed the cd check in an official patch since so many had problems.
Although I was smart enough to get it from somewhere reputable. They could have gotten something a LOT worse than an IP tracker.
I could have been holding the legally purchased, pressed media, wearing the free headset and finding a place for my free Atari shameless-self-promotion stickers while these people posted my IP address (or even more information, I didn't actually go to the list to see) with a pirate label. (note: On their site, the images of the popup say "don't worry your secret is safe with me", and now the list has even been
Yarr indeed.
Re:Illegally distributed software (Score:2, Interesting)
I think it's long past time for Doomsday.
Re:Well, their server *did* update in realtime... (Score:1, Interesting)
Re:which crime? (Score:3, Interesting)
You can't distribute or appear to be distributing copyrighted works (like Unreal Tournament). Even if what they give you is not the real thing they might still be punished under law (at least in the US).
It's the same thing as selling sugar as "cocain" in little baggies on the street. You'll still get arrested for selling drugs.
Re:Of course it's a crime! (Score:3, Interesting)
They're not actually claiming it's illegal, though... Saying 'Wanna buy some grass?' when the stuff you're selling really *is* grass isn't even fraud...
Re:which crime? (Score:4, Interesting)
Interesting.
Combine that with the recent report of a trojan that harvests codes from infected machines and you have a recipe for creating a new sort of havoc. If the trojan harvested codes are published in such a way that they get disabled, you'd have a sort of DDOS against a game company. It could overhelm their ability to sort out which users were legit, and piss off a lot of legit users at the same time. If you get enough personal info, you might even attack specific people to get them banned from the game for "sharing" their code if they do something you don't like.
Re:Trying to orchestrate a DDoS on themselves? (Score:1, Interesting)
Re:Trojans (Score:0, Interesting)
The real criminal is the company that charges $100 for the latest game knowing that it will sell at that price for no other reason than a carefully socially engineered populance. I know it sounds like a conspiracy theory but at what point is taking advantage of the ignorant going to be a crime? If it all falls under the "life's not fair" category then someone needs to tell that to the major media companies and software producers that do nothing but whine about their lost profits. They can dish it out but they can't take it.
Re:Illegally distributed software (Score:3, Interesting)
Tools are not imbued with some intrinsic legitimacy. That is determined by how they are used -- and who is judging them.
Your conclusions are wrong and your logic is faulty.
The person who ran that code didn't intend to compromise their machine. Ergo, they trusted the source.
As with tools, legitimacy is determined by the person making the judgement -- one person's legitimate source may be another's evil monopoly-abusing nemesis.
They probably also had some idea of the stated purpose of the tool and thought that it would be useful to them. That implies a basic level of understanding.
It is difficult to know what code to trust and what not. Running binaries downloaded from an unknown user is clearly unwise, but that's not a crime.
Finally, wishing to perform an action in private does not imply that the action is illicit, or believed to be illicit by the person performing that action. Your contention to the contrary is equivilent to saying "If they are commiting no crime, you have nothing to hide/fear."
Which is not always true, in fact it is rarely true.
Re:UT2k4 crack (Score:4, Interesting)
-
Re:Trojans (Score:1, Interesting)
Food for thought: imagine how much worse it could be. It could actually be erasing peoples' hard drives or attempting to flash random garbage into their BIOSes. There are so many destructive things that could be happening, I don't see what the big deal is in this case.
Hell, if I was Epic I would be putting 0-day versions of the game onto the p2p networks myself. And then after about two weeks have it completely trash the users machine. If they were quiet and a little bit discrete they'd get away with it.
Re:which crime? Probably Entrapment (Score:5, Interesting)
only means that the police officer cannot pressure you to commit a crime
-----
Hypothetical situation: A police officer stops you in the street and demands that you stop to answer some questions. You are in a hurry and ask if he's conducting an investigation. His response is negative, he's just lonely and wants to chat. You ignore his pleas and continue on your way.
The police officer arrests you for obstruction of justice. Additionally he uses the obstruction of justice as reason to search your person and finds a pack of cigarettes without the wrapper in your coat. He writes up an additional ticket for possession of contraband goods (cigarettes without the appropriate tax stamp).
Note: This isn't a hypothetical situation but REALLY DID HAPPEN.
So please, quit talking about legality. We live in a subjective police state and no lawyer really cares unless there's a potential to get rich quick.
Re:And the third important point... (Score:2, Interesting)
To take someone's information (you don't even have to post it) and keep it is ilegal [hmso.gov.uk] IANAL but it is my job to make sure my employer is compliant with this. If I were you I would stay away from the UK and Europe you could end up in jail for up to 5 years.
I would also stress that this information is harmless to them as we proved only that they downloaded a file with the same name as a crack...nothing that poses any kind of threat at all to them.
Irrelevant you did it without there permission.
Re:Whoa, we just Slashdotted a cablemodem!! (Score:2, Interesting)
Re:Trojans (Score:3, Interesting)
We do not live in a capitalist society. Get the politic-speak out of your heads, people. A capitalist system which is subject to the tens of thousands of rules, regulations, and controls that we have in the US is... anyone...?
Communism.
Communism is an economic system controlled by the government. Capitalism is an economic system controlled by the flow of capital. In the United States we have an economic system that's controlled by... anyone...? The government.
This very simple concept is proof that our government run schools are working perfectly to obscure the dominant role that our government plays in the economic conditions of our time. To most educated people this is indicative of... anyone...? Socialism. To the cynical educated people this is indicative of... anyone...? Fascism.
Just because you want to live in a capitalist republic, and just because your politicians feed your dementia to garner your votes, doesn't make it real.
Not just restricted to File-Sharing networks (Score:2, Interesting)
Let's say I drop on a copy of BackOrifice, and "accidently" rename it to "Paris_Hilton_Video"..
Am I now guilty of some form of digital luring or *entrapment*?
~m
Re:Legal precedent ? (Score:1, Interesting)
The police most certainly DO use bait cars like this that lock the theif inside.
The principle behind "entrapment" is that you cannot induce them to commit a crime they otherwise would not have. So they cannot, for example, ask you to steal a car for them (because they're actively inducing you to commit a crime), whereas they can leave out bait and if you take it, you're SOL.
That said, someone else pointed out that it's also illegal to sell people fake drugs (e.g. oregano as weed). Even if it were harmless, I understand that they still bust you for it. Now then, I do not know if that principle applies here, though it seems somewhat like it ought to.
The real problem is that we don't have very good bright line standards for what constitutes intrusion into one's computer (or rather, we have incredibly restrictive ones to which prosecutorial discretion is generally applied, meaning that by the time you're actually charged, you're probably SOL if you actually did so much as a portscan). The fact that they are doing this under false pretenses certainly does not work in their favor.
This is not, however, the first time such things have happened. I understand that there is at least one case of a fellow in the netherlands or somewhere similar (?) distributing trojans to catch child pornographers, then turning them in, one by one, to the police. The case was almost dissmissed due to the fact that the police there replied to him, saying that they appreciated his help, and they couldn't really bust him for anything (the act apparently not being illegal in his jurisdiction*), but that he had to know that while they were investigating this, they could not have him do it as an agent of the police. Since all they did was effectively fill him in on US law there, the court narrowly decided that he was not acting as an agent of the law, but if he had continued as such, they might well have had to throw out the cases against the pedophiles.
In short, nothing is all that clear-cut. Even all the folks here talking about downloading cracks or replacements for their broken CDs are probably actually breaking the law. That's not to say their actions would definately not be considered fair use, but that's not to say either that they couldn't be prosecuted for their actions. For example, the no-CD cracks when used in a more-or-less legitimate manner (by someone who owns a copy of the software) may still be in violation of the DMCA. The courts have NOT always been as kind as I wish they were in deciding what constitutes what, and we cannot assume that everything which we believe is morally right in some way is necessarily legal, that what is legal is necessarily morally right (think of SCO...), nor that what is illegal is necessarily morally wrong (many abused provisions of the DMCA, such as using it to attempt to extend one's monopoly on say, printer cartridges).
(* This star is here because courts have been known to excercise personal jurisdiction (e.g. make you answer for the laws of the jurisdiction of that court) for all sorts of reasons. Pretty much everywhere has a 'long arm of the law' statute, so it's pretty much a matter how much trouble someone wants to go to. There was a nice tutorial on this online somewhere, but I cannot remember the URL. I think that if you Google 'personal jurisdiction' you should find it at cyberlaw.com or somewhere with a URL akin to that...)
Re:HAH -- welcome to software firewalls. (Score:2, Interesting)
Re:To me this seems basic... (Score:3, Interesting)
Now, say the vigilante behaves well in the channel for a few months, and the operators meet and vote that the vigilante is trustworthy and therefore can be voiced. The channel protection bots are given the vigilante's IP/Host/Nick combo to identify the vigilante and give him voice when he enters the channel.
Ok, it's been several months and now finally the vigilante and run the channel approve fserve software and is still watched by the operators since he/she is still new. Once someone downloads the keygen from the vigi. and discovers it is fake, they msg the channel ops and report it. The vigi loses voice rights and the whole matter is investigated and a decision is made to permanently ban the vigi since the trojan was discovered.
Now, the vigi can try to get voiced in several channels at once, but most channels won't voice you if you serve in more than 2 other channels, and some won't give you voice if you serve even in one other channel. The vigi still has the option of changing IP/Host/Nick and starting the process all over, but it will again be months before they will be considered for voice again. And if someone figures out that this is the same guy they banned before, his new identify will also get banned from the channel.
However, there are some computer illiterate people on IRC, so if the vigi spams people randomly with private messages ( spamming a channel can be easily blocked ) with the connection info to their server with the fake keygen, saying 'go here here to get UT2004 keygen;, I am sure some will fall for it. But if the vigi is reported to the IRCOPS and they can track home down, its kline time for him. Kline means he cannot connect to the IRC network at all, which is different than banning, which only excludes him from one IRC channel.
So you can see how the IRC system presents unique challenges to the vigilante that P2P applications current do not have. That said, I use the eMule client on the Overture network, and it autoblocks clients for various reasons, and it does have a system for both rating and commenting on shared files. Something very useful that is does is track files by md5 checksum, so you can actually see a file that is shared under several names. Its funny to see "Hardware Wars.mpg" was renamed to "Star Wars Episode 2:Attack of the Clones" and other names, flagging it as a fake.
Well, I feel like just wrote a term paper on IRC and P2P networks, so I am calling it a night(11PM here )
Until next post....