Pirates of the Web

[InfoSec News <isn () c4i org>]

Forwarded from: "eric wolbrom, CISSP" <eric () shtech net>

http://www.nytimes.com/2002/07/11/technology/circuits/11WARE.html?8ict=&pagewanted=all&position=top

By JENNIFER 8. LEE
July 11, 2002   

LAST week, at age 29, John Sankus Jr. moved out of his parents' house
for the first time. He and his parents drove 150 miles from their home
in suburban Philadelphia to his new one: a federal penitentiary in
Allenwood, Pa.

Mr. Sankus, who entered the minimum-security prison on July 2 to serve
a 46-month sentence, is a soft-spoken, churchgoing computer technician
who still has the plush stuffed whales from his childhood.

But United States Customs Service investigators and prosecutors say he
was also a ringleader of an international gang of software pirates
that deprived companies of millions of dollars through the illegal
distribution of copyrighted software, games and movies on the
Internet. In February, Mr. Sankus pleaded guilty to a felony count of
conspiracy to commit copyright infringement.

The piracy group, known as DrinkorDie, was among the chief targets of
more than 100 coordinated raids in the United States and abroad last
December. So far 15 people in the United States have pleaded guilty to
criminal charges as a result of the raids, including a Duke University
student, a programmer at the University of California at Los Angeles,
an employee at an Internet service provider and several executives at
technology companies. So far Mr. Sankus and five others have been
sentenced to prison.

Interviews with Mr. Sankus and others involved in the case, including
customs and law enforcement officials, offer an unusual glimpse into
the world of Internet piracy. It is a community of sorts, with perhaps
30 major groups that issue pirated products by cracking the
copy-protection codes of software or making illicit duplicates of
movies.

Many of the pirates say they were motivated less by money than by a
sense of competition, prestige and the entertainment value of
distributing the pirated goods, which they call "warez."

"Most of the people I have been around with are not out to cheat
anybody," said Mr. Sankus, a large, shy man who worked as a computer
technician at a Gateway store. "They are out to have fun. It's just a
hobby."

In an interview before he went off to prison, Mr. Sankus said he
earned no money from software piracy. He described it rather as a
social activity that consumed him.

He recounted the day when about 40 armed customs agents swooped into
his workplace. "I felt like someone who had just murdered 50 people,"
he said.

Prosecutors say that Mr. Sankus helped steal millions of dollars'
worth of intellectual property. And despite the guilty pleas from him
and others, they add, the stealing continues because of the nature of
the distribution medium.

"That's the difference -- in the old world, if you stopped the source,
you stopped the piracy," said Michael DuBose, a Justice Department
lawyer who played a pivotal role in the piracy investigation. "But all
the stuff that DrinkorDie put out there continues to be out there."

While Internet piracy slowed immediately after the December raids,
activity has picked up again, investigators say. For example, Warcraft
III, an eagerly anticipated game from Blizzard Entertainment, was
"cracked" and released to the Internet only one day after a master CD
for the game was created in mid-June.

For DrinkorDie members, piracy was the technological equivalent of joy
riding -- a form of bravado that could gain them acceptance in a
hierarchical social sphere.

"It's all about stature," said David Grimes of Arlington, Tex., a
DrinkorDie member who worked as a computer engineer at Check Point
Software, a company that specializes in security solutions for
software. "They are just trying to make a name for themselves for no
reason other than self-gratification." Mr. Grimes is serving a
37-month prison sentence after pleading guilty to the same charge that
Mr. Sankus did.

"It's the same reason that people join gangs," said Allan Doody, the
Customs Service investigator who led the DrinkorDie investigation,
part of a broader anti-piracy campaign called Operation Buccaneer.
"They're hanging out on the cyber-street corner."

But in contrast to petty criminals and warring gangs, Internet piracy
groups have a worldwide impact of at least tens of millions of
dollars, if not more. Such groups secure their reputations by
releasing thousands of free movies, games, music and software programs
on the Internet each year.

While such groups rarely profit financially from their activities,
their warez (pronounced like the word wares), proliferate rapidly
around the world, reaching those who do sell them for gain -- for
example, people who hawk the software through pay-for-access Web sites
or burn them on CD's for sale on the street, in shops or at Internet
auction sites.

The copies "become the raw materials that others use for commercial
piracy," said Bob Kruger, president of the Business Software Alliance,
an industry group that asserts that software piracy costs $10.1
billion a year in lost sales worldwide.

The victims of piracy take the threat very seriously. Havard Vold,
president of an eight-person company in Cincinnati called Vold
Solutions, was horrified to discover that DrinkorDie had released a
free version of a specialized engineering program that his company
sold for $9,500.

"That was very scary," Mr. Vold said. "They do not understand the
impact of copyright infringement, especially on the smaller
companies."

Although the warez scene took root only in the early 1990's, piracy
has expanded rapidly, particularly in the last five years.

Increasing access to the Internet worldwide, cheap computer storage
costs and the proliferation of digitized media have helped set off an
international online shopping spree in which just about anyone can
obtain a pirated version of a coveted software program, computer game
or movie openly and easily.

By contrast, the warez groups themselves tend to operate in secrecy,
relying on encryption technologies, disguised Internet Protocol
addresses and invite-only chat channels. And their world is highly
structured, with a strict hierarchy and rules.

The pirates are organized into two main types: release groups that
produce the pirated works and courier groups that serve as worldwide
distributors.

Government investigators estimate that there are roughly 30 major
release groups enlisting some 1,500 people around the world. In the
DrinkorDie raids last December, warrants were served on suspected
members in Britain, Australia, Finland, Norway and Sweden. Mr. DuBose
said that at least half of DrinkorDie's members lived outside the
United States.

Different warez groups focus on different product lines. Groups like
FairLight and Razor1911 are known for game releases. FTF and Immortal
VCD release movies, a pursuit that relies less on overcoming
protection schemes than on getting illegitimate access to recent films
to duplicate them. A group called POPZ, for Parents on 'Puterz,
focuses on children's games.

DrinkorDie, which is perhaps best known for having cracked Windows 95
weeks before it was released by Microsoft, has more recently
concentrated on expensive specialized software like Mr. Vold's
engineering program.

"It's cool to release something that costs $18,000," said Mr. Grimes,
the DrinkorDie member from Arlington, Tex. "Basically, if it wasn't
for us, you would never see this piece of software."

Warez involve frenzied competition. Groups race to be the first to
release popular movies and games, but quality is important too. Groups
take jabs at one another's releases. Immortal VCD called a
competitor's release of the Disney film "Lilo and Stitch" subpar,
describing the copy as "very dark, shaky and pixilated." It offered
its own version as an improvement.

The release groups typically have one or two leaders, two or three
other managers called "council members," 10 to 15 staff members who
work on releases and 50 to 100 members who simply have access to the
releases.

Mr. Sankus, one of the two leaders of DrinkorDie, went by the online
name Eriflleh, or "hellfire" spelled backward. The other leader, who
goes by the online name Bandido, lives in Australia and has not not
been charged, Justice Department officials said.

Like similar release groups, DrinkorDie divided the labor. Suppliers,
often insiders at a software company, provided versions of the
software. Crackers, who had the most technologically complex role,
stripped the programs of their protections. Testers then made sure
that the unprotected versions of the software worked properly.
Finally, there were packers and "pre-ers" who were responsible for
dividing the programs into small files and distributing them to
release sites.

Mr. Sankus started out as a tester and a packer for DrinkorDie before
moving into a leadership position. "There weren't that many people who
wanted to do testing and packing because it was considered grunt
work," he said.

The warez community has numerous databases to keep track of the
thousands of releases. People can perform what are known as "dupe
checks," or searches to determine whether a program or a movie has
already been released.

The Isonews Web site (www.isnonews.com) keeps a public database of the
information files that accompany each warez release. Such files
specify who was responsible for the release, when it was made
available and how many files the product has been broken down into, as
well as reviews. The warez groups privately maintain a database known
as Checkpoint that has automated software agents, or bots, that keep
abreast of warez releases as they occur.

Once the files arrive at the release sites, courier groups take over
and move them through a systematic distribution chain. Within 10
minutes of a warez release, the pirated product is copied to a few
dozen central distribution centers on the Internet.

Government officials estimate that within six hours, lower-level
couriers then copy files to about 10,000 publicly available sites
around the Internet. Within two or three days, the movies and program
trickle onto Usenet groups and onto peer-to-peer software networks
like KaZaA and Morpheus. Once the files become public, they are
essentially available to anyone who goes looking for them.

"All it takes is one person to put it on a newsgroup -- then it
explodes," said David Rocci, who runs Isonews.

The courier groups, like the release groups, are fueled by
competition. The government estimates that 3,500 people are involved
in the most elite courier groups, which include RISC and Moonshine.

Couriers are ranked in groups and as individuals with a scoring
system. There are weekly rankings, all-time rankings and regional
rankings (United States vs. Europe, for example).

Courier groups are sized up in shadowy e-mail publications like
American Courier Review and Courier Weektop Scorecard in sports-style
commentary. "Just not quite enough for RISC this time but an awesome
team effort in which we see some nice individual performance as well,"
a recent review read.

Although release and courier groups engage in little direct commercial
activity, a 1997 extension in federal copyright law made piracy a
crime even if there is no monetary profit.

Prosecutors say that money is beside the point in the underground
pirate economy. The releases form the basis of a bartering system in
which members trade, hoard and collect warez. Access to software
storage sites is granted in exchange for hardware, server space and
other technological goods.

"You don't need to make money, when you don't need money to buy this
stuff," Mr. DuBose said. "By participating in a group, they got the
key to the candy store. Any movie, game, software they could ever
want, they could get."

Still, given the absence of personal profit, some DrinkorDie members
were surprised by the prison sentences they received, generally from
three to four years. "We weren't criminal-minded," Mr. Grimes said.
"We never anticipated that a company would lose a sale as a result of
one guy in China downloading it and burning it onto a CD and selling
it to half of China."

But that argument fails to resonate for copyright holders like Mr.
Vold. "If you like torching houses for fun, you don't gain anything
from torching somebody's house," he said. "But that homeowner will
certainly suffer a material loss."

 
_______________________________________________________________________
Eric Wolbrom, CISSP                     Safe Harbor Technologies
President & CIO                         190 Goldens Bridge Ct.
Voice 914.767.9090 ext. 6000            Katonah, NY 10536
Fax   914.767.3911                              http://www.shtech.net
_______________________________________________________________________



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.