Most
Recent Busts & News Reverse Engineering
The Myths
The Myths (Part 2) Most
Recent Busts & News Reverse Engineering
The Myths
The Myths (Part 2) The
Warez Scene CrackZ's
7 tips to avoid being bustedIts a mad world.....
It took a while, but US Customs today got their man: Hew Raymond Griffiths, a ringleader of the infamous warez group DrinkorDie, was sentenced today to 51 months in a US prison.
To recap, Griffiths, a 44 year-old British national, specialised in cracking software and distributing working versions over the internet - for free. In 1999, he stupidly boasted to an online publication that he controlled the world's 20 biggest warez servers and that he would never be caught.
Talk about red rag to a bull. US Customs set up three operations to target groups swapping warez - illegal software - over the internet, most especially DrinkorDie, the biggest and most notorious of them all.
Inevitably, in 2001, Griffiths was caught - like many other members of DrinkorDie. He was sent to the US for trial, instead of facing charges in Australia, where he lived when he committed his crimes. The UK took a different view on jurisdiction. In 2005, two British members of Drink or Die were sentenced to jail, after a court trial in England, for their roles in distributing warez.
Griffiths spent three years in detention in Australia, fighting extradition. It is unclear if the time already spent in imprisonment will be deducted from his sentence. We suspect not - judging by the extreme lengths to which America is prepared to go to stamp out copyright theft.
"Whether committed with a gun or a keyboard - theft is theft," said U.S. Attorney Chuck Rosenberg, who led the prosecution against Griffiths. If we were being charitable, we put this down to rhetorical excess, the speechifying of an excitable man. But, alas, he probably believes what he is saying, just like the rest of America's copyright ayatollahs.
What a topsy-turvy world we live in. ®
25th April 2007
The kingpin for one the world's oldest and best-known piracy groups has pleaded guilty to software piracy charges, bringing a close to an international cat-and-mouse game that took more than five years to play out.
Hew Raymond Griffiths - better known in warez circles as Bandido - faces up to 10 years in prison and $500,000 in fines at sentencing, which is currently scheduled for June 22 in federal court in Alexandria, Virginia. The 44-year-old British national pleaded guilty to one count each of criminal copyright infringement and conspiracy to commit criminal copyright infringement. He was extradited to the US in February after spending three years fending off extradition attempts from a detention center in Australia.
According to US prosecutors, Griffiths rose through the ranks to assume the top spot at DrinkOrDie, which came to prominence after releasing a pirated copy of Windows 95 days before the OS was officially available. It was formed in 1993 and was among the first "security-conscious" warez groups, meaning it used passwords, encryption and other sophisticated measures to thwart law enforcement efforts.
DrinkOrDie specialized in cracking anti-piracy measures in popular software, movies and other digital content, so it could be copied and used over and over. The group then distributed the warez using online storage sites filled with tens of thousands of titles, prosecutors allege. DrinkOrDie is estimated to have caused the piracy of more than $50 million worth of digital material.
The group was dismantled after the US Justice Department and the Immigration and Customs Enforcement carried out more than 70 raids on targets in the US and five other countries in late 2001. To date, "Operation Buccaneer," as the campaign came to be called, has netted more than 40 convictions.
Griffiths is accused of heading several other warez groups, including Razor1911 and RiSC. Prosecutors also say he boasted in a published report that he ran all of DrinkOrDie’s day-to-day operations and controlled access to more than 20 of the top warez servers worldwide. Federal prosecutors returned an indictment against him in 2003.
Griffiths isn't accused of profiting financially from his deeds. His case marks one of the first time a defendant has been extradited on charges related to intellectual property. ®
Bandido has finally lost his fight against extradition, original link here. No doubt we'll all be sleeping easier in our beds tonight knowing that this 44-year-old 'kingpin', who's sole occupation was caring for his father and who wasn't breaking any laws in his own country has been extradited at huge expense to appear in front of a DoJ kangaroo court and thus spend 10 years languishing in some US federal hell-hole.
"It took three years of legal wrangling with Australia, but the U.S. government finally got their man Tuesday.
Hew Raymond Griffiths, an alleged warez kingpin, appeared in a U.S. district court and was charged with conspiracy to commit criminal copyright infringement and criminal copyright infringement.
If convicted on both counts, Griffiths could receive a maximum sentence of 10 years in prison and a $500,000 fine. Warez groups act as first providers of copyrighted works to Internet release groups. The release groups are the original sources for a majority of the pirated works distributed and downloaded via the Internet.
In an indictment originally issued in 2003, the Department of Justice (DoJ) claims the 44-year-old Griffiths was the head of an international software piracy ring known as DrinkorDie. Since the indictment was issued, Griffiths has been jailed in Australia, fighting extradition to the United States.
"Griffiths claimed to be beyond the reach of U.S. law, and today, we have proven otherwise," Assistant Attorney General Alice Fisher said in a statement. "This extradition represents the Department of Justice's commitment to protect intellectual property rights from those who violate our laws from the other side of the globe."
According to the DoJ, DrinkOrDie was founded in Russia in 1993 and expanded internationally throughout the 1990s. The DoJ and the U.S. Immigration and Customs Enforcement broke up the group in 2001, with more than 70 raids conducted in the U.S., United Kingdom, Finland, Norway, Sweden and Australia.
Dubbed Operation Buccaneer, the DoJ raids on DrinkorDie have so far resulted in 30 felony convictions and 10 convictions of foreign nationals overseas.
The DoJ claims Griffiths was a key leader of DrinkorDie, directing the illegal reproduction and distribution of more than $50 million worth of pirated software, movies and games. According to the indictment, Griffiths also held leadership roles in several other well-known warez groups, including Razor1911 and RiSC.
Members of DrinkorDie stockpiled illegal software on Internet computer storage sites around the world and used encryption and other sophisticated technological security measures to hide their activities. The DoJ claims Griffiths at one time controlled more than 20 of the top warez servers worldwide.
"The indictment charges that Griffiths was co-leader of DrinkOrDie, which was part of an underground online community that consisted of individuals and organized groups who used the Internet to engage in the large-scale, illegal distribution of copyright protected [materials]," Assistant Secretary of Homeland Security Julie Myers said in a statement."
If you ever needed any further proof that the US legal system has totally lost the plot then this news item ought to provide the confirmation, you'd probably get less jail time for armed robbery.
"A Portland man accused of illegally downloading and distributing computer games and other copyrighted works on the Internet pleaded guilty Thursday in the first case of its kind prosecuted in Maine.
Kurt M. Brink, 25, pleaded guilty to conspiring to commit criminal copyright infringement in U.S. District Court. The felony is punishable by up to five years in prison, but because Brink has no criminal background, the guidelines recommend a term of 30 to 37 months. He also faces a fine of up to $250,000 and three years of probation.
Brink, a University of Maine graduate, was charged after more than 20 search warrants were executed around the country in April 2003. It was the culmination of a 15-month investigation by U.S. Immigration and Customs Enforcement and the Justice Department.
The investigation is designed to punish those who circumvent - or "crack" - copy protections on software, movies, computer games and other copyrighted works and make them available on hidden Internet sites. These postings sometimes occur before their official release.
Groups involved in so-called "warez" - pronounced "wares," as in "software" - activity may compete to see who can crack the material and make it available first. Brink was a courier, whose role was to upload copyrighted material to a server for members. In return, he had access to materials there. He was accused of downloading nine items, mostly games and movies, and uploading 31 others to a site called the Ether Net.
Brink and his lawyer, Robert Ruffner, declined comment. Brink's sentencing date has not been set.
Warez release groups act as the first suppliers of illegal copyrighted works, said Michael DuBose, deputy chief of the computer crime and intellectual property section of the Justice Department. Within hours of being placed on a warez site, a work spreads to tens of thousands of other sites, including for-profit sites and peer-to-peer sites, he said.
Increasingly, warez groups are becoming the source for illegal DVDs and other items sold on the street, he said. "In a sense, they're at the top of the distribution chain," DuBose said.
Since a game typically generates 60 percent to 80 percent of its revenue within the first two months of its release, the dissemination of an early cracked version can cut into a game's earnings, even if crackers aren't in it for the money, said Ric Hirsch, senior vice president for intellectual property enforcement for the Entertainment Software Association.
"The fact is that their activities do significant harm to legitimate investments by game publishers," he said.
Annalee Newitz, a policy analyst with the Electronic Frontier Foundation in San Francisco, was skeptical about the connection between computer enthusiasts who like to solve puzzles and those who profit from the sale of bootleg material. "Any operation where people are actually making money - selling the stuff in Russia or wherever - they have their own hackers and crackers who can do this stuff," she said."
This letter was released to the scene in April 2004, although much of what is here might be classed as 'rantings' and the plea at the end to the enforcement agencies something of an afterthought; take heed of some of the information within or you might soon have the local law enforcement teams paying you a visit at some ungodly hour of the day - and trust me we'd all hate to have that happen, but your not stupid of course and wouldn't dream of having anything that could be construed as illegal on your hard drives, god forbid.....
"The Recent Busts & Future of the Scene"
The raids and site busts that have taken place yesterday have
shoken up the
scene and taken many by surprise it seems. Though should they
really come as
a surprise when you know what the status of the scene is like
at the moment,
they were bound to happen. The scene has probably never been as
easy to gain
access to as now and in a few good months time with a lot of time
dedication
by federal infiltrants it isn't too hard of a job gaining access
to some of
the very decent topsites and gain contacts with some of the pre-retail
groups
which are at most risk (obviously).
By publically accessible places I mean places like fxp-boards.
Many of the
sceners started in these yet and I hope they can admit that getting
higher
up from those is not the hardest thing to do. Even by starting
off on a
public fxp board which anybody can register on it doesn't really
take that long
with a bit of kind words to admins to gain access to private sections,
get to
know more about the functioning of matters and then get access
to the bigger
private boards. It is partly via these measures that infiltrants
have managed
to conduct a series of raids in Germany in mid-March. This was
triggered by
agents who became members on LiquidFXP.
http://www.gvu.de/ [check the press announcement of 03.18.2004]
Oh, but this is old stuff, everybody knows about it...then
how can this still
happen?? I say the releasing scene as a whole makes a clear and
ultrastrict
barrier between itself and these boards or any of these members
and if
necessary that site userdb's get shrunk quite an amount to accomplish
this.
One would be surprised how many of these fxpboard-kiddies have
access to a
site, whether it'd be a proper one or even a small 10mbit bbb
with a couple
of gb on which they get to learn people who are not affiliated
with their
little fxp-scene world and thereby exchange a couple of nice words
and start
building contacts to get onto another site, and like that one
can easily get
deeper into it. About getting onto fxp boards, one just has to
know the name
fxp do a google and come up with something like the following:
http://fxp.startkabel.nl/ and from then on try on several boards.
See how
frighteningly easy it is, and it is these that provide the gateway
to entry
in the scene. Via these entry methods 9 .de sites were busted
last month,
and using similar methods undercover agents have been able to
gain access to
the scene and coordinate the current worldwide busts.
With an estimated 40,000+ people the scene has become way too large
Those who spread to irc dcc channels must also be separated
from the real
releasers in the scene, the release groups. And the number of
couriers can
also be very drastically brought down.
How else could security be increased, maybe a couple of tips
will be of some
use to siteops who have not yet implemented these methods of increase
their
site security:
- usage of site entry bnc's -
- keeping userdb to a minimum, sites having a userdb of 300+ users
is just
ridiculous, unless its a massive ring site or a site with 20 odd
sections.
- usage of encrypted HDs
- encryption of glftpd and sitebots with loop-aes.sf.net
- SSL secure your channels
- movement to Linknet or private-based secure irc servers owned
by sceners
- usage of Blowfish sitechannel encryption
- usage of different bot/channel names to the actual group/site
names they are
for
- no affiliance to new groups unless they have proved themselves
worthy or
happen to be formed by already existing sceners
- higher respect to the long-living groups in all scene-sections
whose old
members can be discarded of being linked to any federal agent.
Scene is a place of friendship and is for most a hobby, not
some profit-making
business (note I say "most"). On a sidenote, when I
see these "i-am-leeter-than
-you attitude in sitechans, specially at the times of these busts
where many on
sitechans claim to know more than the other and a war of flames
commences, I
think this is just ridiculous and immature. Even if some make
a mistake and
the info they have mentioned is incorrect let it be and let that
person feel
a moment of superiority by being able to supply information that
others
apparently do not know of. They are probably only trying to help
but have
obtained false information, unless its some immature child who
likes to
spread rumours. So it would be much nicer to see this arrogance
disappear,
there is already enough group competition in the scene (though
I consider this
quite healthy competition).
That brings me to another point, when you are getting to know
new people and
deal with them, don't let them know everything about you immediately,
even
though if it makes you feel good bragging about these leet sites
you are on.
And before dealing with hardware or other suppliers get to know
the people at
first a little and be sceptic if they appear out of nowhere and
you or your
fellow old-scener haven't heard of them yet. Be aware ! :)
PS:
And a note to the federals. Most of the sceners, more-so in the
non-pre-
retail releasing sections but those who release classic films
encoded in
XviD or release music by unknown artists are not causing harm
to the music
and film industries in my honest opinions. Many of us would not
have rented
as many DVDs as we do in classic divx groups as we do now, or
go to the cinema
as much. And by releasing mp3s of unknown artists speaking on
a personal basis
and in the name of 100s of others we have actually gotten to know
and like
artists whom we previously had not heard of before and have now
bought a
retail CD of for personal usage. Regarding the releases of films
(pre-retail)
this is the same, the XviD compression technology is still not
as good as
quality perceived on DVDs and by releasing these films we are
simply promoting
the technology AND the films on DVD. Everything on the DVD is
not included
in our releases and the DVD still offers far better quality.
Okey, this is all. Peace my friends.
Respect to all quality release groups who do this for a hobby.
-= The Scene Stand United =-
- 2004.04.22
Greetings,
SX & xl0
On the above question, unlike many other sites I won't try to pull the wool over your eyes or justify something I don't believe in, the fact of the matter is that reverse engineering purely protection schemes is probably illegal under current laws, of course the issue for you is whether any time soon this specific violation is likely to be enforced to the letter of the law and the answer to that as I write this is probably not :-).
The problem with copyright law is its complexity and the nature of the Internet means that laws applicable in one country are seldom applicable to violations in another, of course under said laws just possessing video recordings of programs for longer than 30 days is also illegal yet no case has ever been brought to test this because just about everyone you can think of and their dog is in breach.
The reality is that the law enforcement agencies of the world are only really interested in those profiteering from copyright infringement and usually only in areas over which they have jurisdiction. As an American software author you probably have more chance of flying than getting the Chinese or Russian authorities to pursue pirates of your software. The majority of illegal activities really don't relate to reverse engineering, most is CD copying on a massive scale, and this applies to many other industries.
In many areas of the world, 'warez' is a very big business, if you should by chance visit Hong Kong, Taiwan, Korea or Sri Lanka, even parts of Eastern Europe you'll not need much help finding the complete M$ suite or all the Adobe packages on a CD for less than the price of a good meal.
As for licensing agreements, (like you actually ever read and understood all those EULA's or the small print on the back of your manuals), I've seen many variations upon the main text which usually goes something like this :-
"YOU MAY NOT: i). Reverse engineer, decompile, disassemble, or create derivative works of the Program"
This seems pretty set in stone, yet many games producers are happy to ignore the many sites out there offering programs which add-value too or publicise their game (most of which probably break this condition), so legally whats good for the goose is not necessarily good for the gander. One company I like and respect is GraphiTech Ltd in Israel, here's their license agreement :-
No part of this publication or software may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, for any purpose other than the purchaser's personal use, without the express written consent of GraphiTech Ltd.
The enclosed software license agreement states the free
use and limitations of the product. This software may be used
and reproduced only as specified in this license agreement. GraphiTech
Ltd. makes no representations or warranties with respect to the
contents hereof and specifically disclaims any implied warranties
or merchantability or fitness for any particular purpose.
Further, GraphiTech Ltd. reserves the right to revise this publication
and software and to make changes in the content thereof without
obligation to notify any person of such revisions or changes.
In no event shall Cimatron Ltd. or GraphiTech Ltd. be liable for
any incidental, direct or indirect, special or consequential damages
whatsoever (including, but not limited to loss of profits) arising
out of or related to this manual, or the use of the product, or
any use thereof.
Here is a quite unusual agreement as there is no 'anti-reverse engineering' condition at all and thus owners of this program are given the implied permission to debug/reverse engineer at will, an eminently sensible policy I mighten add. Finally, I'll just analyse the key point from Microsoft's EULA (End User License Agreement), thats the dialog box you didn't read, the one you just selected 'I Accept' when you last installed Windows 98 for the umpteenth time :-).
* Limitations on Reverse Engineering, Decompilation, and
Disassembly.
You may not reverse engineer, decompile, or disassemble the SOFTWARE
PRODUCT, except and only to the extent that such activity is expressly
permitted by applicable law notwithstanding this limitation.
See how ambiguous or how subject to interpretation Microsoft's EULA actually is. I'm sure the gods at NuMega must be breaking this to produce such marvels as SoftICE and probably anyone else doing low-level work, say like Borland, must be doing exactly the same. Its clear therefore that Microsoft's strategy will be more focused to 'trace' the illegal users of Windows using covert means rather than wage war against reverse engineers.
Well whats my conclusion then?. I really don't think careful reverse engineers will be having too many serious legal problems in the near future. If you are fortunate enough to own a CD-RW (as I do) you ought probably to avoid burning copies of software, say Microsoft Office or Visual C++ and selling them by the thousand or 10 to your local law enforcement undercover teams :-), of course you might need to do a few archival copies, giving them to your friends and such for safe storage, but your intelligent because in some countries this might be considered as illegal and of course heaven forbid, you wouldn't dream of doing such a thing.
I've read a lot of documents regarding the legal position of reverse engineering as well as many commentators espousing their opinions. As you might expect the vast majority of these commercially orientated documents condemn reversers outright, some descriptions being less flattering than others. Like most of societies well intentioned campaigns the protectionists have yet again vilified the wrong people, I list you now some of the most commonly quoted propaganda (I shouldn't even need to debunk this stuff its that transparent).
"Crackers are not super-geniuses .. they are simple programmers who have learned some techniques to counteract common protection schemes".....
Simply not true or at best an ill-informed mass generalisation. In any endeavour there will always be those less skilled than others and cracking/reverse engineering is much the same, whilst some crackers do fall into the category of simple minded fools who have learned ad nauseam simple techniques many could leave competent programmers for dust with their knowledge. You see dear protectionists, trying to stop those who quest for knowledge is never going to be the way to proceed, try waging war against the zillions of sites offering cracks for your programs instead.....yet, I doubt you'll do that, its too much effort, far easier to try and conceal the knowledge providers. The sad fact is that 90% of protections are indeed banal and thus are beaten on a week-in, week-out basis.
"Software pirates, students which think it's cool to offer "Warez" and "Crackz" and other strange kinda persons especially love the free services offered by sites like GeoCities, Xoom, Tripod and others to offer their stuff".
After the belittle comes the stereotype, all reversers are either social misfits, wierd or just lazy students with too much time on their hands, in fact many reversers are competent professional programmers and the vast majority of pirates/crack users are corporate blue/white collar employees. I personally would love to shut all of the type of sites you are referring to, I loathe them, but we all know that will never happen.
"Unlike what politicians are trying to suggest to the public, it's in most cases quite easy to track down who is posting cracks, serial numbers or even full licensed copies of your software in newsgroups like alt.cracks.* and others."
No arguments at all with this one, these mindless peddlers (some of whom make vast amounts of money) are to be despised, they have little interest in software, little intelligence to crack it themselves and would be very easy to blitz completely were there actually the will. I don't post any cracks/serials/warez to my page because it is i) a waste of space and ii) incredibly easy to find out who I am. It sometimes amazes me that the big organisations haven't set up 'sting' operations to track people, a simple piece of CGI/JavaScript would uncover 80% of them.
"You could be liable for anything that you do that contributes to the infringement of copyrighted works. This includes facilitating a download by linking to remote files."
A stupid and worthless point, I could quite easily now go to virtually any site on the web which has a link somewhere to a site containing copyright infringements, and I don't limit this to warez, if you want to enforce this to the letter of the law then look no further than all unofficial music sites which should instantly be closed, (strange how the likes of Sony isn't clamouring for this).
"A disclaimer cannot shift your liability to someone else. You are still contributing to copyright infringement."
Another for the unenforceable in-tray. Just how far exactly does my legal liability extend for other people?, can I somehow stop them downloading warez? or cracking software if they really want to, I think not. I also believe that my site is very anti-crack use anyhow and in no way encourages anyone to break the law unlike many other sites. At the end of the day I use a disclaimer to draw attention to my position, there is absolutely nothing I can physically do to prevent anyone from cracking a piece of software and I positively discourage all illegal activities.
"Free speech refers to your right to provide opinions and original content without censure. Even so, free speech has limits. You cannot use this right to break the law. Internet sites that provide access to others' copyrighted materials - whether it's on the same site or a remote site - violate the author's right to control distribution of their works, which is against the law."
I don't violate this in anyway. Educating someone on ASM protections does not contribute to them breaking the law, there are literally millions of other sites on the web (need I mention the anarchic, porn & racist sites) that give out far more disturbing messages & dangerous information ..... I am perfectly entitled to provide information in the same way a gun store owner can provide sales information on an Uzi 9mm, at the end of it all a crime will only be committed if the individual decides to do so.
"Legal software comes with required numbers or keys to install the software. It should not be necessary to get these off the Internet. Providing them for others to use with pirated software contributes to copyright infringement and is illegal."
I quite agree, close those appalling serial lists immediately, they do more harm to software sales than ALL the reverse engineering sites on the web. Besides which anyone pathetic enough to register software to the various scene crackers ought to be shot.
"An author can seek civil damages in the amount of their actual value, or statutory damages of $100,000 per work infringed. (Note that some "programs" are actually bundles of more than one copyrighted work.) Criminal penalties include fines of up to $250,000 and jail terms up to 5 years, or both. In December 1997, President Clinton signed a law called the "No Electronic Theft" (NET) Act that allows for criminal prosecution of copyright infringement, even where there is no profit motive, closing a loophole in U.S. copyright law."
Fine, I have not a single pirated program on my HD or this website, not 1, nor do I make any profit whatsoever. Again refer to point 6, there are millions of places that detail illegal activities e.g. bomb-making, in great detail (probably your local public library), just having access to the information doesn't automatically transform everyone into a criminal.
There you have it, the debatable truth about reverse engineering legality although in some countries this may not apply (certainly in the US & UK and most of Europe it does). I am 100% confident in my belief that my site cannot be censored or embroiled in any legal action, software authors make your way to Yahoo or MetaCrawler, type in "warez" and start your war there.
Some other links, for those of you really interested in this ;-), plug into Google the terms 'legality' 'reverse' 'engineering'. There is much material out there.
I've shamelessly lifted this page from purveyors of fine protectionist nonsense Aladdin. The original page can be found here.
1. Software piracy is a victimless crime.
Nothing could be further from the truth! According to industry statistics, illegal software use costs developers worldwide nearly $40 billion a year in lost revenues, with more than $8 billion lost in North America alone. In Central and Eastern Europe, an average of 68% of the software in use is illegal. In some Asian and Eastern European markets, over 88% of software is unlicensed.
".....and the news just in, according to my own statistics (based on some dubious numbers I've lifted from some survey that looked like it would support my case), and with no element of bias whatsoever, oh no, illegal software use is actually a whole lot less than any pie in the sky vested organisations figures could ever prove, that and the counting of 'lost revenue' method is pretty flawed as well, you see someone in Vietnam earning $1 a day isn't ever going to buy AutoCAD at $4000, its not a lost sale, EVER, it isn't depriving anyone, the guy simply is NEVER going to buy the software, he can't afford it you see, well not unless he works out a way to live without food for 20 years which is of course what the BSA and its cronies would no doubt expect.
2. Software copy protection makes software more expensive.
On the contrary: the price of software copy protection is negligible compared to the losses incurred by developers through the pirating of their software. In fact, by protecting their software and thereby increasing their revenues, developers can afford to supply better software at competitive prices. True, not everyone who copies software today would buy it tomorrow if it were protected, and protection may put off a few potential customers. However, there is no doubt that in the vast majority of cases the investment in protection pays off handsomely in increased sales and profit.
"So you've got the developers time learning his protectionists new API, integrating it into the software (when he could be improving it) and then of course those nice little USB hardware tokens, they don't cost anything either, especially when they get lost or stolen. Then we have the help desk support time when end users have difficulties with the protection system and don't forget the opportunity cost of the protection scheme deterring a legitimate sale as well.....Ah, but never mind, its all negligible, add a dongle and your profits will SOAR!....."
3. Software copy protection gets in the way of the legitimate user.
The new, more sophisticated types of software copy protection - of which HASP is the leading example - not only don't get in the way of legitimate end-users, they actually benefit them. Protection safeguards the integrity of the software. The end-user is thus assured that the software cannot be tampered with in any way. Plus, higher revenues for developers mean that down the line, users will benefit from better, high-quality software. Large organizations that are legally liable for the software they purchase, have a clear interest in preventing the unauthorized distribution of their software. Often, the users themselves request that the software be protected, to ensure that it won't be used illegally - thus causing the organization harm.
"I'm just completely mystified how the presence of a HASP actually safeguards the integrity of anything, aside from Aladdin's profit margin of course, the laughable suggestion that end-users request software protection is simply that, *laughable*, large organisations usually have auditing procedures in place with regards to illegal usage of their software, a HASP key really isn't going to stop anyone, its simply an additional irritation for the end-user."
4. Inexpensive software is not copied.
Some people attack the concept of software protection by arguing: "Make software cheaper, that's all. People don't copy inexpensive software, and you'll sell more copies of your product". But things are not so simple. Developing a software product requires a huge investment of time and money and this work never ends. To succeed in tomorrow's market, developers must invest today. The argument that people don't copy inexpensive software is obviously false. Check a few PCs around you and you'll probably find that most copied programs are actually the cheaper ones.
"There are many different factors that ultimately determine whether or not software is copied, price is certainly one, but ability to pay and quality of product are usually much more important in the "paid for" software arena. Often its the cheaper software providing value for money that will eventually get paid for, you can't really compare a mass-market product with an expensive niche market application where there will always be much more of a financial incentive for someone to find a way around, the software market just isn't as simplistic as the copy protectionists would like you to believe."
5. Any protection system can be cracked. Therefore, software copy protection is useless.
Only the first part of this myth is true: any software protection system can be cracked, just as any lock can be picked or any door can be broken. However, the aim of software copy protection is to provide protection for a reasonable period of time. Software cannot be protected forever, but it can definitely be protected long enough - i.e., until a new version of the product is released. This new version should be protected again, with a protection system that was also improved in parallel, thus assuring a long and profitable sales life for the protected application.
"Indeed any software protection can be cracked, at last something everyone can agree on, but the job of a protection system is to keep the good guys honest and rewarded with continued improvements / updates and not to unduly inconvenience / penalise them with intrusive and over-enthusiastic copy protection. If the bad guys will never purchase your software why actually care about them?, they are non-existant in marketing terms, I really can't think of one application or instance where the copy protection forced someone to buy the software legitimately. A far better strategy is to focus on your end-users, add features, enhance your product and by all means protect it, but don't try and win the unwinnable race."
Unlike reverse engineering which you may legitimately use to study potential holes in software security and base a viable legal defence around (should you really have too), partaking in the warez scene in any capacity is definitely illegal. In the US, the DOJ & FBI have scored very significant busts in recent operations (most recently the 2004 busts of FLT (FairLight)), FL (FastLane), PWA (Pirates With Attitude) & DOD (DrinkOrDie) members have all found their backs firmly against the wall fighting federal prosecutions and huge (millions of $) in fines, don't think that you'll be safe in Europe either, most countries are now working closely with the US regarding alleged copyright violations, even resulting in extradition requests, although you can at least expect lighter sentencing in Europe and at least one high profile extradition request has failed (don't bet your life on it happening to you though).
The tragic event of 9/11 has been cynically exploited by organisations such as the BSA (and its founding members) to portray the warez scene as some kind of threat to homeland security (rather than a simple matter of economics), a virtual terrorist training camp if you will, of kids opposed to the system of paying corporate pigopolists for neverending versions of bug ridden software. In these organisations mind there is now just one answer, and that is to let a few kids be made examples of, fear of a 4 year jail sentence and $2,500,000 fine will keep the pesky sods in line.....
Of course it really doesn't matter whether you believe that the BSA's claims of billion $ losses and of course the 1000's of jobs that don't exist are grossly exaggerated, or that warez sellers alone fund international terrorist organisations, might as well put a RPG in the hand of your favourite extremist organisation the next time you download Microsoft Office or some such - what really matters is what your law enforcement officials (with the full weight of the 'system' behind them) believe..... * Please note that I have recently read reports that a small proportion of pirate CD sales do fund terrorist cells, the majority however is still probably funded by other means.
In fact you might accuse me of being somewhat of a hypocrite, well perhaps so, I've been involved in the warez scene and I'd be lying profusely through my front teeth if I said I hadn't enjoyed it at times, mind you I've never pushed files around or sold CD's from my back yard to anyone. However being a reverse engineer requires a real world awareness, the net (pardon the pun) is closing in on copyright infringers, inept organisations, having been caught with their technological pants down for the last 10 years are now throwing millions of $ into tracking and prosecuting individuals through the legal and civil system. It is best to defend yourself NOW.
Here are some basic and fundamental rules for keeping the legal boys away from your door. I think you'd better do these instantly or at least think about it for a while.....
1. Retire from the scene NOW, that means TODAY. If you are currently an active or publicly identifiable member of a high profile warez group, give it up (this is not a joke). Make a very public statement to your group that you are going for good (new job, family commitments, choose your excuse), you can always retain an anonymous link during your 'retirement period' if going cold turkey proves too much. Fortunately, when groups are busted federal prosecutors are deluged with legal paperwork which makes going after and proving the roles of minor participants less attractive (hence why you'll see mainly site operators and couriers in the courts), the caveat being, if you are small time enough you might escape simply via the bureaucracy or you might be deemed a minor player and not worth prosecuting.
2. Work only with people you have known for many years (3+), federal investigations generally have a timeline before the corporate paymasters want to see some kids in court, say a maximum of 18 months - 2 years. Generally groups are infiltrated via couriers or site operators so if you do plan on accessing deprotected material better make sure you aren't accessing the new federal box with an agent sat recording everything you do ;-), its highly advisable not to push files around for anyone, uploading in any significant quantity will almost guarantee you a significant sentence. Avoid downloading anything from sites based in the US.
3. Don't run a FTP server for anyone to access - Also don't store any cracked software on your computer that you aren't immediately using. This is so obvious, but the number of people who have been convicted of much more serious charges for having copies of high value software they would never use in a lifetime is substantial, by slimming down on your collection (do you really need AutoCAD?) you'll save big in the event of a conviction.
4. Download EnCase NOW and use it NOW. EnCase is a little known forensic analysis tool (dubious name but think of the old Norton Utils for Windows) that is a "court-validated solution used by law enforcement, government investigators and corporate investigators world-wide". If you start down the federal prosecution path this is the program the investigators will be running on your hard drives ;-) so it might be expedient to see now what they might be putting in front of the judge. There are many programs that claim to be good at wiping drives or securely encrypting them, most of these are poor products that provide little more than paper security, even those that do may well not save you since judges can simply direct that your refusal to allow your files to be scrutinised in itself is an inference of guilt.
5. For gods sake DON'T LOG any conversations you have on IRC or anywhere else. IRC logs are admissible as evidence and make proving 'conspiracy' a lot easier, the 'conspiracy to commit .....' part (if proven) guarantees you at least a few extra years in jail.
6. Avoid like the plague any groups who commit or involve themselves in credit card fraud / CD sales / paid member access to sites / P2P distribution etc, etc, making money from the scene is not only highly unethical its also another likely 'in' for federal investigators. Thankfully, most respectable groups do now disassociate themselves with such activities and a wise reverse engineer should follow suit.
7. Finally, don't bet your life on ANY encryption, it might slow down the investigation into your activities but it won't stop them completely, remember that ultimately your ISP may be sub-poena'd into providing the locations you've connected to (fortunately, a lot of ISP's are actually quite resistant to providing this information). Finally, remember that the smart reverse engineer avoids any legal entanglements whatsoever, even if you can dodge the criminal aspects of the warez scene you might still wind up sued for financial restitution in the civil courts, in civil cases the burden of proof is a lot less than criminal ones so its almost a certainty you'll wind up financially ruined for life if an organisations lawyers come after you.
If you have any further advice, drop me an e-mail and I'll add it here.
Return
to Main Index