Forwarded from: "eric wolbrom, CISSP" <ericat_private> http://www.nytimes.com/2002/07/11/technology/circuits/11WARE.html?8ict=&pagewanted=all&position=top By JENNIFER 8. LEE July 11, 2002 LAST week, at age 29, John Sankus Jr. moved out of his parents' house for the first time. He and his parents drove 150 miles from their home in suburban Philadelphia to his new one: a federal penitentiary in Allenwood, Pa. Mr. Sankus, who entered the minimum-security prison on July 2 to serve a 46-month sentence, is a soft-spoken, churchgoing computer technician who still has the plush stuffed whales from his childhood. But United States Customs Service investigators and prosecutors say he was also a ringleader of an international gang of software pirates that deprived companies of millions of dollars through the illegal distribution of copyrighted software, games and movies on the Internet. In February, Mr. Sankus pleaded guilty to a felony count of conspiracy to commit copyright infringement. The piracy group, known as DrinkorDie, was among the chief targets of more than 100 coordinated raids in the United States and abroad last December. So far 15 people in the United States have pleaded guilty to criminal charges as a result of the raids, including a Duke University student, a programmer at the University of California at Los Angeles, an employee at an Internet service provider and several executives at technology companies. So far Mr. Sankus and five others have been sentenced to prison. Interviews with Mr. Sankus and others involved in the case, including customs and law enforcement officials, offer an unusual glimpse into the world of Internet piracy. It is a community of sorts, with perhaps 30 major groups that issue pirated products by cracking the copy-protection codes of software or making illicit duplicates of movies. Many of the pirates say they were motivated less by money than by a sense of competition, prestige and the entertainment value of distributing the pirated goods, which they call "warez." "Most of the people I have been around with are not out to cheat anybody," said Mr. Sankus, a large, shy man who worked as a computer technician at a Gateway store. "They are out to have fun. It's just a hobby." In an interview before he went off to prison, Mr. Sankus said he earned no money from software piracy. He described it rather as a social activity that consumed him. He recounted the day when about 40 armed customs agents swooped into his workplace. "I felt like someone who had just murdered 50 people," he said. Prosecutors say that Mr. Sankus helped steal millions of dollars' worth of intellectual property. And despite the guilty pleas from him and others, they add, the stealing continues because of the nature of the distribution medium. "That's the difference -- in the old world, if you stopped the source, you stopped the piracy," said Michael DuBose, a Justice Department lawyer who played a pivotal role in the piracy investigation. "But all the stuff that DrinkorDie put out there continues to be out there." While Internet piracy slowed immediately after the December raids, activity has picked up again, investigators say. For example, Warcraft III, an eagerly anticipated game from Blizzard Entertainment, was "cracked" and released to the Internet only one day after a master CD for the game was created in mid-June. For DrinkorDie members, piracy was the technological equivalent of joy riding -- a form of bravado that could gain them acceptance in a hierarchical social sphere. "It's all about stature," said David Grimes of Arlington, Tex., a DrinkorDie member who worked as a computer engineer at Check Point Software, a company that specializes in security solutions for software. "They are just trying to make a name for themselves for no reason other than self-gratification." Mr. Grimes is serving a 37-month prison sentence after pleading guilty to the same charge that Mr. Sankus did. "It's the same reason that people join gangs," said Allan Doody, the Customs Service investigator who led the DrinkorDie investigation, part of a broader anti-piracy campaign called Operation Buccaneer. "They're hanging out on the cyber-street corner." But in contrast to petty criminals and warring gangs, Internet piracy groups have a worldwide impact of at least tens of millions of dollars, if not more. Such groups secure their reputations by releasing thousands of free movies, games, music and software programs on the Internet each year. While such groups rarely profit financially from their activities, their warez (pronounced like the word wares), proliferate rapidly around the world, reaching those who do sell them for gain -- for example, people who hawk the software through pay-for-access Web sites or burn them on CD's for sale on the street, in shops or at Internet auction sites. The copies "become the raw materials that others use for commercial piracy," said Bob Kruger, president of the Business Software Alliance, an industry group that asserts that software piracy costs $10.1 billion a year in lost sales worldwide. The victims of piracy take the threat very seriously. Havard Vold, president of an eight-person company in Cincinnati called Vold Solutions, was horrified to discover that DrinkorDie had released a free version of a specialized engineering program that his company sold for $9,500. "That was very scary," Mr. Vold said. "They do not understand the impact of copyright infringement, especially on the smaller companies." Although the warez scene took root only in the early 1990's, piracy has expanded rapidly, particularly in the last five years. Increasing access to the Internet worldwide, cheap computer storage costs and the proliferation of digitized media have helped set off an international online shopping spree in which just about anyone can obtain a pirated version of a coveted software program, computer game or movie openly and easily. By contrast, the warez groups themselves tend to operate in secrecy, relying on encryption technologies, disguised Internet Protocol addresses and invite-only chat channels. And their world is highly structured, with a strict hierarchy and rules. The pirates are organized into two main types: release groups that produce the pirated works and courier groups that serve as worldwide distributors. Government investigators estimate that there are roughly 30 major release groups enlisting some 1,500 people around the world. In the DrinkorDie raids last December, warrants were served on suspected members in Britain, Australia, Finland, Norway and Sweden. Mr. DuBose said that at least half of DrinkorDie's members lived outside the United States. Different warez groups focus on different product lines. Groups like FairLight and Razor1911 are known for game releases. FTF and Immortal VCD release movies, a pursuit that relies less on overcoming protection schemes than on getting illegitimate access to recent films to duplicate them. A group called POPZ, for Parents on 'Puterz, focuses on children's games. DrinkorDie, which is perhaps best known for having cracked Windows 95 weeks before it was released by Microsoft, has more recently concentrated on expensive specialized software like Mr. Vold's engineering program. "It's cool to release something that costs $18,000," said Mr. Grimes, the DrinkorDie member from Arlington, Tex. "Basically, if it wasn't for us, you would never see this piece of software." Warez involve frenzied competition. Groups race to be the first to release popular movies and games, but quality is important too. Groups take jabs at one another's releases. Immortal VCD called a competitor's release of the Disney film "Lilo and Stitch" subpar, describing the copy as "very dark, shaky and pixilated." It offered its own version as an improvement. The release groups typically have one or two leaders, two or three other managers called "council members," 10 to 15 staff members who work on releases and 50 to 100 members who simply have access to the releases. Mr. Sankus, one of the two leaders of DrinkorDie, went by the online name Eriflleh, or "hellfire" spelled backward. The other leader, who goes by the online name Bandido, lives in Australia and has not not been charged, Justice Department officials said. Like similar release groups, DrinkorDie divided the labor. Suppliers, often insiders at a software company, provided versions of the software. Crackers, who had the most technologically complex role, stripped the programs of their protections. Testers then made sure that the unprotected versions of the software worked properly. Finally, there were packers and "pre-ers" who were responsible for dividing the programs into small files and distributing them to release sites. Mr. Sankus started out as a tester and a packer for DrinkorDie before moving into a leadership position. "There weren't that many people who wanted to do testing and packing because it was considered grunt work," he said. The warez community has numerous databases to keep track of the thousands of releases. People can perform what are known as "dupe checks," or searches to determine whether a program or a movie has already been released. The Isonews Web site (www.isnonews.com) keeps a public database of the information files that accompany each warez release. Such files specify who was responsible for the release, when it was made available and how many files the product has been broken down into, as well as reviews. The warez groups privately maintain a database known as Checkpoint that has automated software agents, or bots, that keep abreast of warez releases as they occur. Once the files arrive at the release sites, courier groups take over and move them through a systematic distribution chain. Within 10 minutes of a warez release, the pirated product is copied to a few dozen central distribution centers on the Internet. Government officials estimate that within six hours, lower-level couriers then copy files to about 10,000 publicly available sites around the Internet. Within two or three days, the movies and program trickle onto Usenet groups and onto peer-to-peer software networks like KaZaA and Morpheus. Once the files become public, they are essentially available to anyone who goes looking for them. "All it takes is one person to put it on a newsgroup -- then it explodes," said David Rocci, who runs Isonews. The courier groups, like the release groups, are fueled by competition. The government estimates that 3,500 people are involved in the most elite courier groups, which include RISC and Moonshine. Couriers are ranked in groups and as individuals with a scoring system. There are weekly rankings, all-time rankings and regional rankings (United States vs. Europe, for example). Courier groups are sized up in shadowy e-mail publications like American Courier Review and Courier Weektop Scorecard in sports-style commentary. "Just not quite enough for RISC this time but an awesome team effort in which we see some nice individual performance as well," a recent review read. Although release and courier groups engage in little direct commercial activity, a 1997 extension in federal copyright law made piracy a crime even if there is no monetary profit. Prosecutors say that money is beside the point in the underground pirate economy. The releases form the basis of a bartering system in which members trade, hoard and collect warez. Access to software storage sites is granted in exchange for hardware, server space and other technological goods. "You don't need to make money, when you don't need money to buy this stuff," Mr. DuBose said. "By participating in a group, they got the key to the candy store. Any movie, game, software they could ever want, they could get." Still, given the absence of personal profit, some DrinkorDie members were surprised by the prison sentences they received, generally from three to four years. "We weren't criminal-minded," Mr. Grimes said. "We never anticipated that a company would lose a sale as a result of one guy in China downloading it and burning it onto a CD and selling it to half of China." But that argument fails to resonate for copyright holders like Mr. Vold. "If you like torching houses for fun, you don't gain anything from torching somebody's house," he said. "But that homeowner will certainly suffer a material loss." _______________________________________________________________________ Eric Wolbrom, CISSP Safe Harbor Technologies President & CIO 190 Goldens Bridge Ct. Voice 914.767.9090 ext. 6000 Katonah, NY 10536 Fax 914.767.3911 http://www.shtech.net _______________________________________________________________________ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Jul 12 2002 - 09:17:21 PDT