[ISN] Pirates of the Web

From: InfoSec News (isnat_private)
Date: Fri Jul 12 2002 - 06:11:16 PDT

  • Next message: InfoSec News: "[ISN] Cyberterror test checks connections"

    Forwarded from: "eric wolbrom, CISSP" <ericat_private>
    July 11, 2002   
    LAST week, at age 29, John Sankus Jr. moved out of his parents' house
    for the first time. He and his parents drove 150 miles from their home
    in suburban Philadelphia to his new one: a federal penitentiary in
    Allenwood, Pa.
    Mr. Sankus, who entered the minimum-security prison on July 2 to serve
    a 46-month sentence, is a soft-spoken, churchgoing computer technician
    who still has the plush stuffed whales from his childhood.
    But United States Customs Service investigators and prosecutors say he
    was also a ringleader of an international gang of software pirates
    that deprived companies of millions of dollars through the illegal
    distribution of copyrighted software, games and movies on the
    Internet. In February, Mr. Sankus pleaded guilty to a felony count of
    conspiracy to commit copyright infringement.
    The piracy group, known as DrinkorDie, was among the chief targets of
    more than 100 coordinated raids in the United States and abroad last
    December. So far 15 people in the United States have pleaded guilty to
    criminal charges as a result of the raids, including a Duke University
    student, a programmer at the University of California at Los Angeles,
    an employee at an Internet service provider and several executives at
    technology companies. So far Mr. Sankus and five others have been
    sentenced to prison.
    Interviews with Mr. Sankus and others involved in the case, including
    customs and law enforcement officials, offer an unusual glimpse into
    the world of Internet piracy. It is a community of sorts, with perhaps
    30 major groups that issue pirated products by cracking the
    copy-protection codes of software or making illicit duplicates of
    Many of the pirates say they were motivated less by money than by a
    sense of competition, prestige and the entertainment value of
    distributing the pirated goods, which they call "warez."
    "Most of the people I have been around with are not out to cheat
    anybody," said Mr. Sankus, a large, shy man who worked as a computer
    technician at a Gateway store. "They are out to have fun. It's just a
    In an interview before he went off to prison, Mr. Sankus said he
    earned no money from software piracy. He described it rather as a
    social activity that consumed him.
    He recounted the day when about 40 armed customs agents swooped into
    his workplace. "I felt like someone who had just murdered 50 people,"
    he said.
    Prosecutors say that Mr. Sankus helped steal millions of dollars'
    worth of intellectual property. And despite the guilty pleas from him
    and others, they add, the stealing continues because of the nature of
    the distribution medium.
    "That's the difference -- in the old world, if you stopped the source,
    you stopped the piracy," said Michael DuBose, a Justice Department
    lawyer who played a pivotal role in the piracy investigation. "But all
    the stuff that DrinkorDie put out there continues to be out there."
    While Internet piracy slowed immediately after the December raids,
    activity has picked up again, investigators say. For example, Warcraft
    III, an eagerly anticipated game from Blizzard Entertainment, was
    "cracked" and released to the Internet only one day after a master CD
    for the game was created in mid-June.
    For DrinkorDie members, piracy was the technological equivalent of joy
    riding -- a form of bravado that could gain them acceptance in a
    hierarchical social sphere.
    "It's all about stature," said David Grimes of Arlington, Tex., a
    DrinkorDie member who worked as a computer engineer at Check Point
    Software, a company that specializes in security solutions for
    software. "They are just trying to make a name for themselves for no
    reason other than self-gratification." Mr. Grimes is serving a
    37-month prison sentence after pleading guilty to the same charge that
    Mr. Sankus did.
    "It's the same reason that people join gangs," said Allan Doody, the
    Customs Service investigator who led the DrinkorDie investigation,
    part of a broader anti-piracy campaign called Operation Buccaneer.
    "They're hanging out on the cyber-street corner."
    But in contrast to petty criminals and warring gangs, Internet piracy
    groups have a worldwide impact of at least tens of millions of
    dollars, if not more. Such groups secure their reputations by
    releasing thousands of free movies, games, music and software programs
    on the Internet each year.
    While such groups rarely profit financially from their activities,
    their warez (pronounced like the word wares), proliferate rapidly
    around the world, reaching those who do sell them for gain -- for
    example, people who hawk the software through pay-for-access Web sites
    or burn them on CD's for sale on the street, in shops or at Internet
    auction sites.
    The copies "become the raw materials that others use for commercial
    piracy," said Bob Kruger, president of the Business Software Alliance,
    an industry group that asserts that software piracy costs $10.1
    billion a year in lost sales worldwide.
    The victims of piracy take the threat very seriously. Havard Vold,
    president of an eight-person company in Cincinnati called Vold
    Solutions, was horrified to discover that DrinkorDie had released a
    free version of a specialized engineering program that his company
    sold for $9,500.
    "That was very scary," Mr. Vold said. "They do not understand the
    impact of copyright infringement, especially on the smaller
    Although the warez scene took root only in the early 1990's, piracy
    has expanded rapidly, particularly in the last five years.
    Increasing access to the Internet worldwide, cheap computer storage
    costs and the proliferation of digitized media have helped set off an
    international online shopping spree in which just about anyone can
    obtain a pirated version of a coveted software program, computer game
    or movie openly and easily.
    By contrast, the warez groups themselves tend to operate in secrecy,
    relying on encryption technologies, disguised Internet Protocol
    addresses and invite-only chat channels. And their world is highly
    structured, with a strict hierarchy and rules.
    The pirates are organized into two main types: release groups that
    produce the pirated works and courier groups that serve as worldwide
    Government investigators estimate that there are roughly 30 major
    release groups enlisting some 1,500 people around the world. In the
    DrinkorDie raids last December, warrants were served on suspected
    members in Britain, Australia, Finland, Norway and Sweden. Mr. DuBose
    said that at least half of DrinkorDie's members lived outside the
    United States.
    Different warez groups focus on different product lines. Groups like
    FairLight and Razor1911 are known for game releases. FTF and Immortal
    VCD release movies, a pursuit that relies less on overcoming
    protection schemes than on getting illegitimate access to recent films
    to duplicate them. A group called POPZ, for Parents on 'Puterz,
    focuses on children's games.
    DrinkorDie, which is perhaps best known for having cracked Windows 95
    weeks before it was released by Microsoft, has more recently
    concentrated on expensive specialized software like Mr. Vold's
    engineering program.
    "It's cool to release something that costs $18,000," said Mr. Grimes,
    the DrinkorDie member from Arlington, Tex. "Basically, if it wasn't
    for us, you would never see this piece of software."
    Warez involve frenzied competition. Groups race to be the first to
    release popular movies and games, but quality is important too. Groups
    take jabs at one another's releases. Immortal VCD called a
    competitor's release of the Disney film "Lilo and Stitch" subpar,
    describing the copy as "very dark, shaky and pixilated." It offered
    its own version as an improvement.
    The release groups typically have one or two leaders, two or three
    other managers called "council members," 10 to 15 staff members who
    work on releases and 50 to 100 members who simply have access to the
    Mr. Sankus, one of the two leaders of DrinkorDie, went by the online
    name Eriflleh, or "hellfire" spelled backward. The other leader, who
    goes by the online name Bandido, lives in Australia and has not not
    been charged, Justice Department officials said.
    Like similar release groups, DrinkorDie divided the labor. Suppliers,
    often insiders at a software company, provided versions of the
    software. Crackers, who had the most technologically complex role,
    stripped the programs of their protections. Testers then made sure
    that the unprotected versions of the software worked properly.
    Finally, there were packers and "pre-ers" who were responsible for
    dividing the programs into small files and distributing them to
    release sites.
    Mr. Sankus started out as a tester and a packer for DrinkorDie before
    moving into a leadership position. "There weren't that many people who
    wanted to do testing and packing because it was considered grunt
    work," he said.
    The warez community has numerous databases to keep track of the
    thousands of releases. People can perform what are known as "dupe
    checks," or searches to determine whether a program or a movie has
    already been released.
    The Isonews Web site (www.isnonews.com) keeps a public database of the
    information files that accompany each warez release. Such files
    specify who was responsible for the release, when it was made
    available and how many files the product has been broken down into, as
    well as reviews. The warez groups privately maintain a database known
    as Checkpoint that has automated software agents, or bots, that keep
    abreast of warez releases as they occur.
    Once the files arrive at the release sites, courier groups take over
    and move them through a systematic distribution chain. Within 10
    minutes of a warez release, the pirated product is copied to a few
    dozen central distribution centers on the Internet.
    Government officials estimate that within six hours, lower-level
    couriers then copy files to about 10,000 publicly available sites
    around the Internet. Within two or three days, the movies and program
    trickle onto Usenet groups and onto peer-to-peer software networks
    like KaZaA and Morpheus. Once the files become public, they are
    essentially available to anyone who goes looking for them.
    "All it takes is one person to put it on a newsgroup -- then it
    explodes," said David Rocci, who runs Isonews.
    The courier groups, like the release groups, are fueled by
    competition. The government estimates that 3,500 people are involved
    in the most elite courier groups, which include RISC and Moonshine.
    Couriers are ranked in groups and as individuals with a scoring
    system. There are weekly rankings, all-time rankings and regional
    rankings (United States vs. Europe, for example).
    Courier groups are sized up in shadowy e-mail publications like
    American Courier Review and Courier Weektop Scorecard in sports-style
    commentary. "Just not quite enough for RISC this time but an awesome
    team effort in which we see some nice individual performance as well,"
    a recent review read.
    Although release and courier groups engage in little direct commercial
    activity, a 1997 extension in federal copyright law made piracy a
    crime even if there is no monetary profit.
    Prosecutors say that money is beside the point in the underground
    pirate economy. The releases form the basis of a bartering system in
    which members trade, hoard and collect warez. Access to software
    storage sites is granted in exchange for hardware, server space and
    other technological goods.
    "You don't need to make money, when you don't need money to buy this
    stuff," Mr. DuBose said. "By participating in a group, they got the
    key to the candy store. Any movie, game, software they could ever
    want, they could get."
    Still, given the absence of personal profit, some DrinkorDie members
    were surprised by the prison sentences they received, generally from
    three to four years. "We weren't criminal-minded," Mr. Grimes said.
    "We never anticipated that a company would lose a sale as a result of
    one guy in China downloading it and burning it onto a CD and selling
    it to half of China."
    But that argument fails to resonate for copyright holders like Mr.
    Vold. "If you like torching houses for fun, you don't gain anything
    from torching somebody's house," he said. "But that homeowner will
    certainly suffer a material loss."
    Eric Wolbrom, CISSP			Safe Harbor Technologies
    President & CIO				190 Goldens Bridge Ct.
    Voice 914.767.9090 ext. 6000		Katonah, NY 10536
    Fax   914.767.3911				http://www.shtech.net
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Jul 12 2002 - 09:17:21 PDT