Game Studio Found To Install Malware DRM On Customers' Machines, Defends Itself, Then Apologizes
from the that-was-quick dept
The thin line that exists between entertainment industry DRM software and plain malware has been pointed out both recently and in the past. There are many layers to this onion, ranging from Sony's rootkit fiasco, to performance hits on machines thanks to DRM installed by video games, up to and including the insane idea that copyright holders ought to be able to use malware payloads to "hack back" against accused infringers.
What is different in more recent times is the public awareness regarding DRM, computer security, and an overall fear of malware. This is a natural kind of progression, as the public becomes more connected and reliant on computer systems and the internet, they likewise become more concerned about those systems. That may likely explain the swift public backlash to a small game-modding studio seemingly installing something akin to malware in every installation of its software, whether from a legitimate purchase or piracy.
FlightSimLabs, a studio that specialises in custom add-ons for other company’s flight sims, has been found to be secretly installing a program onto user’s computers designed to check whether they’re playing a pirated copy of their software.
The code—basically a Chrome password dumping tool— was discovered by Reddit user crankyrecursion on February 18, and as TorrentFreak reportwas designed to trigger “a process through which the company stole usernames and passwords from users’ web browsers.”
Whatever fuzzy line might exist between DRM payloads and malware, this specific deployment appears to have crossed it in a very big way. The extraction of user names and passwords for infringers would be a step too far on its own, but the real problem is that the executable that does all of this was included in every copy of the software FlightSimLabs provided, including those from legit purchases.
Lefteris Kalamaras, who runs FlightSimLabs, admitted that the installation of a file named "test.exe" was included in the software installation, but insisted that it was only weaponized when a pirated copy of the software is detected.
First of all - there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.
If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. “Test.exe” is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).
This attempt at an explanation failed to assuage the gaming community for understandable reasons. To include a program capable of extracting passwords in a flight simulator mod is flatly insane. The only proper description for such software would be malware and that malware was installed on the machines of customers of FlightSimLabs that had properly paid for its products. The claim that this malware remained dormant for those purchasing the mods would be the same as claiming that each of our homes have been outfitted with bombs without our knowledge, but those bombs will only be activated if the home builder thinks we're doing something illegal. This is all wide open for mistakes, abuse, and for other bad actors to swoop in on these customers and make use of the software for nefarious reasons.
Shortly after Kalamaras' "explanation", FlightSimLabs updated the mods in question with the malware removed entirely. The company also updated its community with an apology that still somewhat misses the mark.
We have already replaced the installer in question and can only promise you that we will do everything in our power to rectify the issue with those who feel offended, as well as never use any such heavy-handed approach in the future. Once again, we humbly apologize!
This isn't about "feeling offended", it's about the company breaking the trust of its customers by installing what is clearly malware on their machines. That isn't the type of bad act a company should be able to come back from.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: drm, flight sim, keylogger, malware
Companies: flightsimlabs
Reader Comments
The First Word
“- First, this is clearly illegal. No matter the motivation, they installed malware that has the express purpose of taking someone else's credentials. Furthermore, there's claims that they actually have used the logins obtained and posted screenshots as evidence in their forums. That's another law broken.
- Second, the installer exists on every copy that was installed. While the devs claim it was never triggered, every copy contained malware that was distributed to users' machines.
- Thirdly, while the devs claim it would never have been triggered on an innocent user's machine, they have acted so dishonestly that we cannot simply take their word. How do we know their information about "pirate serial numbers" was accurate? How do we know there wasn't the wrong number in the wrong database or wrongly flagged details? How do we know it couldn't be triggered by a reinstall, legitimate install on another machine, etc.? Even if they think their detection code was perfect (and no code is), there's room for error. That's one major reason I'm opposed to DRM - it inevitably affects innocent people.
- Finally, even if they are correct that *they* never used the malware on innocent people, what about others? From what I understand, they actually told people to disable their anti virus products when installing this because they were (correctly) identifying the installer as malware. As well as the chance their own malware could be misused, they subjected their customers to a non-zero chance of being infected with others.
Honestly, I hope they're prosecuted to the limits of the law. Which shouldn't be hard, since as I understand it they're headquartered in the EU, and we tend to have strict data protection laws. They have committed crimes and need to be punished. Whatever your opinion on piracy, committing further crimes and endangering your customer base is not the way to fight it.
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
https://arstechnica.com/information-technology/2013/05/secret-bitcoin-mining-software-added-to-v ideo-game-sparks-outrage/
[ link to this | view in chronology ]
- First, this is clearly illegal. No matter the motivation, they installed malware that has the express purpose of taking someone else's credentials. Furthermore, there's claims that they actually have used the logins obtained and posted screenshots as evidence in their forums. That's another law broken.
- Second, the installer exists on every copy that was installed. While the devs claim it was never triggered, every copy contained malware that was distributed to users' machines.
- Thirdly, while the devs claim it would never have been triggered on an innocent user's machine, they have acted so dishonestly that we cannot simply take their word. How do we know their information about "pirate serial numbers" was accurate? How do we know there wasn't the wrong number in the wrong database or wrongly flagged details? How do we know it couldn't be triggered by a reinstall, legitimate install on another machine, etc.? Even if they think their detection code was perfect (and no code is), there's room for error. That's one major reason I'm opposed to DRM - it inevitably affects innocent people.
- Finally, even if they are correct that *they* never used the malware on innocent people, what about others? From what I understand, they actually told people to disable their anti virus products when installing this because they were (correctly) identifying the installer as malware. As well as the chance their own malware could be misused, they subjected their customers to a non-zero chance of being infected with others.
Honestly, I hope they're prosecuted to the limits of the law. Which shouldn't be hard, since as I understand it they're headquartered in the EU, and we tend to have strict data protection laws. They have committed crimes and need to be punished. Whatever your opinion on piracy, committing further crimes and endangering your customer base is not the way to fight it.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
How many 'false positive' computers did FS Labs troll through in order to find the one person that they doxxed?
Seems to me those each one of those 'searches' would constitute a serious invasion of privacy both criminal and civil.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
But, it's worth pointing out that "I was only trying to steal the passwords of the bad guy" is not and should not be a valid defence in court. It's a serious invasion of privacy whether or not you believe the victim deserved it.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
We know it's not. Whatever they call a "pirate" number would've been a legitimate one for the first person that got it, who may not even have any relation to whoever leaked the number. Maybe, ironically, that user had malware leak it to the "pirate".
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
This could also happen with school computers.
[ link to this | view in chronology ]
Offended - such an odd word choice to use when you introduced malware on to your customers computers.
Offended would have covered you if you had put in a german bomber with nazi insignia. You deliberately made your customers computers less safe. You used your key to SIGN malware as being okay.
This isn't an apology, this is a oh we got caught so we're gonna say sorry & move on.
You destroyed your brand. You took all possible goodwill from paying customers & flushed it to nail some pirates. This is the same lesson we see companies missing over and over... you care more about pirates than if your paying customers are getting the best possible product... then are shocked that the numbers of pirates grow because the pirate product sucks way less.
You signed malware.
How do you expect a single customer to trust you ever again?
How do you expect that no one is going to complain to all sorts of legal bodies about you knowingly & willingly disguising malware as trusted software & put it on the computers of paying customers?
This isn't the oh an ad on our site did it... this was a thought out plan to punish a few that opened up your paying customer base to bad things. We thought he might steal and apple so we mixed in grenades painted red... but trust us they'll only go off if the bad guy touches them.
You were most likely never going to see any money from people who pirated your product, and how much money did you just lose in refunds to 'offended' customers & future customers who enjoy the game but can't trust you moving forward?
But hey you cut your nose off, I'm sure your face feels the spite.
[ link to this | view in chronology ]
Re:
-Pete Townsend
[ link to this | view in chronology ]
Re:
Because the gamers don't care, they buy this shit by the boat load, DRM, and they'll continue buying it. Hell, there's probably a few obsessed fans out there that are cheering them on for taking aim at the "pirates". They won't change their behavior at all. Much like a beaten wife, they're sympathetic to their torturer's cause. Much like an addict, they need the release from it. I'm not saying that they are stupid, but don't expect change to come from them, and don't expect them to side with you if you try to change the state of things yourself. They in many instances, but not all, are just as much your enemy as the company is, and they will fight you to the last to protect it.
In retrospect, this should be another nail in the coffin for "trusted" software. Or at least it should be. All that signature says is that some identity approved of it, and that it hasn't been altered since that approval was made. But as we've seen here, real trust isn't based on remote attestation, or blind faith, like how all of these "secure" and "trusted" platforms demand. Real trust is based on actions. If you ignore that simple fact, you shouldn't be surprised when something like this happens. You put blind faith into some random identity and they abused it. Worse, now you can't correct that without their blessing. That is the worst possible state of affairs you could possibly imagine. Being at the whims of someone ready and willing to take advantage of you with no reasonable way to stop it.
Buckle up guys, it's only going to get worse from here on out.
[ link to this | view in chronology ]
Re: Re:
The problem is the same as it is in every industry - mainstream audiences only know what they're told by mainstream press, and even then it has to be explained in a way they understand. When this happens, Battlefront II suffers a noticeable sales loss and causes at least them pretending to make a change in their behaviour. Attacking gamers, even the ones who are boycotting, as if they're stupid because they didn't manage to get the people who only buy one game a year to care as passionately about the product as they do is just dumb.
Stop being a dickhead, and do something that will actually help if you're that bother. Otherwise, you're just being an asshole for the sake of it, and the only person of questionable actions is the person who decided to spent their Sunday making shit up about other people to attack them with. What a pathetic waste your life must be.
"Buckle up guys, it's only going to get worse from here on out."
Quite possibly. But, it'll be the kinds of people like you, who spent their Sunday afternoon attacking people who generally agree about the problem rather than doing something positive to change it, who bear some of the blame.
[ link to this | view in chronology ]
You would think that, but no
They'll do just fine. They'll offer a discount or some free add-ons, they'll obfuscate, they'll lie, they'll deny, they'll issue bogus apologies (just like this one), and in the end they'll survive. Or they'll just shut down, rename themselves, and re-open, then get right back to what they were doing.
This is a textbook example of a company that gamers should immediately drive out of business. But they won't. Because ...repeat after me: gamers are stupid.
Think I'm wrong? Okay. Let's wait and see. I'd be delighted to be proved wrong, and if I am, I'll post here and admit it. But I doubt I will be.
[ link to this | view in chronology ]
Re: You would think that, but no
But, hey, you can attack other people rather than address any of the issues raised and feel smug about it so it's all good, right?
[ link to this | view in chronology ]
Re: Re: You would think that, but no
[ link to this | view in chronology ]
Re: Re: Re: You would think that, but no
[ link to this | view in chronology ]
Re: Re: Re: Re: You would think that, but no
Yeah, funny how that works.
Article about video game company doing something stupid/malicious? Guaranteed comments about how stupid 'gamers' are and how they deserve everything that happens to them because they keep paying said company.
Article about non-video game company doing something stupid/malicious? Not a peep about how stupid their customers are or how they deserve everything that happens to them because they keep buying.
EA screws over their customers again? 'You idiots, you had it coming!'
Disney screws over their customers again? 'Hey, that company did something bad!'
[ link to this | view in chronology ]
Re: Re: You would think that, but no
[ link to this | view in chronology ]
Re: You would think that, but no
Please present a better argument than this.
[ link to this | view in chronology ]
Re: Re: You would think that, but no
If this company is driven out of business by gamers, then I'll acknowledge that I was wrong -- this time.
But if this company survives (either in its current name/form, or after a dodge), then I was right -- again.
But you should notice that the reason this company thought they could do this and get away with it is that they agree with me: they've watched the same things that I have, and they've realized that gamers are stupid. There's no way they would have tried this trick if they felt otherwise.
[ link to this | view in chronology ]
Re: Re: Re: You would think that, but no
You realize that it takes a lot to run a business into the ground, right? You're not just talking about punishing the company for this misdeed; you're going to have to exhaust whatever war chest full of resources they have. Probably through litigation, which in itself is unlikely to come to fruition, because who's going to fund that initiative? Gamers are not going to have that sort of disposable income; that shit's for corporations. And how much punishment do you expect to be levied out? This is shady behavior, I'll agree, but it's not Enron-level conspiracy that a judge would think merits cleaning the company out of house and home.
In other words, that's a pretty bloody ridiculous set of criteria. Companies think they can get away with shit all the time regardless of what industry they're in. What will it take for you to not blame gamers for once, especially those who didn't buy or pirate the game to begin with? Have the company employees summarily executed and their corpses nuked from orbit? Is that the only way to make sure?
[ link to this | view in chronology ]
Re: Re: Re: Re: You would think that, but no
From what I've read, these are people who are buying very specialised add-ons for flight simulator programs, the add-ons alone costing $100+. They want hugely accurate simulations of particular aircraft, and are willing to pay a premium for that detail.
That audience have hugely specific needs and few suppliers, so even if they do "get away" with this, it's probably because there's nobody else doing the work they do. These aren't people up for a quick game of the latest MMO or FPS, they're a very particular group of people who don't have another company lining up to give them the specific add-on they need to "fly" the plane they want to with the required level of accuracy.
He's a dick with a stupid idea of a point to begin with, but to refer to these people as being the same as mainstream gamers is particularly stupid.
[ link to this | view in chronology ]
Re: Re: Re: Re: You would think that, but no
No matter how deep their pockets, if their sales drop to zero and stay there, they'll have a difficult time continuing. (Well at least in current form. I wouldn't be surprised to see them shut down and resurface under another name.)
Let's see if gamers can collectively make this happen. I would applaud that. (Yes really.) But I think the more likely outcome is that the storm will pass, this company will survive and they'll do it again.
Let's check back on this in 2020 and see which way it went.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: You would think that, but no
Sigh...
Once again - most gamers are *already* not buying their stuff. This is a hugely niche market with very limited appeal, and the people who do buy them are only "gamers" by the vaguest application of the term.
Also, once again, why do you think that "gamers" are a hive mind? Lots of gamers already boycott the likes of EA due to their actions. Do they not count just because they supply mainstream audience who don't know or care about this stuff? If so, do you also attack music listeners because Sony Music isn't out of business yet, or are you just hypocritical?
[ link to this | view in chronology ]
Re: Re: Re: Re: You would think that, but no
One commercial failure can sink a company, and there are myriad examples of such. Their "warchests" are generally smaller that you think. How diversified do you think this company called "FlightSimLabs" is?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: You would think that, but no
[ link to this | view in chronology ]
Re: Re: Re: You would think that, but no
People who play games are no different, as are people who fly kites - no different, they are all stupid ......
But not you - amirite?
[ link to this | view in chronology ]
Re: Re: Re: You would think that, but no
Also, mainstream audiences are usually not aware of these things, and you handily ignore the many, many people who do indeed react to them. It must be nice to have such a simplistic view of the world and not have to deal with complicated reality when you have a handy group to scapegoat.
"There's no way they would have tried this trick if they felt otherwise."
Bull. They thought that a) they wanted to get back at the people they felt were "stealing" from them, b) that the ends justified any means and c) nobody would find out. Adding anything else is just your own prejudices getting in the way.
Plus, as I mentioned, referring to flight simulation enthusiasts as "gamers" in the general sense is a hell of a stretch, even if you were right about gamers being a hive mind (which you are absolutely not).
[ link to this | view in chronology ]
Re: Re: Re: Re: You would think that, but no
Yes. I do. Consumers have enormous power and they have an incredibly simple way of exerting it: do nothing.
That is, don't buy certain goods or services. It's free. It's easy. It can be done anytime, anywhere. It's simple. It's straightforward. And it has a long track record of being quite successful when it's done diligently. But it does require self-control. It means not going to that movie that you want to see or not buying that car or whatever. You have to be willing to forgo the good/service (in the short term) in order to make it better (in the long term).
I do it. Let me give you an example: years of reading this site (among others) have convinced me that I need to boycott the MPAA/Hollywood/etc. I haven't been to a movie theater in well over a decade. I haven't purchased or rented any movies either. Yes, this is sometimes annoying and inconvenient; sometimes I take crap for it from my family; sometimes I miss out on things I'd like to see. But I do it because I believe that I should.
I expect no more and no less from anyone else, as it applies to them. (That is, I don't expect everyone to boycott movies just because I do. If they don't agree with my viewpoint, of course they shouldn't.) JFC, if this company did to me what it did to its customers, I would never even DREAM of giving them another dime and I would yell from the rooftops trying to tell everyone else to boycott them too.
"Bull. They thought that a) they wanted to get back at the people they felt were "stealing" from them, b) that the ends justified any means and c) nobody would find out. "
Maybe. That's possible. But I think (d) they didn't care if anyone found out. They knew, as I do, that even in the worst case, they'd end up getting away with it. I hope I'm wrong and you're right. But I'm not betting that way. It will be fascinating to see if we ever find out the truth: maybe, if this ends up in court, there will be a discovery process and that will tell us what reasoning really took place. Or maybe we'll never know.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: You would think that, but no
OK, good. I never see people like you attack them as a group when something affects their chosen medium, but if you're telling me the truth then at least you're honest even if I don't agree with you.
"That is, don't buy certain goods or services"
Good for you. But, this is where you get stupid - so do a lot of gamers. When you attack gamers as a group, you're attacking people who ARE doing exactly what you want them to.
"Or maybe we'll never know."
Honestly, the company in this case is so insignificant and caters to such a small market to begin with, the only way you'll ever notice is on a followup article on sites like this saying "hey, remember these assholes?". Their success or failure will mean nothing to the overall industry.
Which is another reason why your attacking all gamers on the basis of this is moronic. The vast majority of gamers are already essentially boycotting their products. You'd have some semblance of a point if you were attacking people who still buy EA products (although, again, by attacking all gamers you'd be attacking those who DO boycott EA), but to pretend that the audience for this company represent all gamers is idiotic.
[ link to this | view in chronology ]
Re: Re: Re: You would think that, but no
[ link to this | view in chronology ]
Re: Re: Re: You would think that, but no
[ link to this | view in chronology ]
Re: Re: You would think that, but no
[ link to this | view in chronology ]
Re: Re: You would think that, but no
You know he isn't going to. You also know that by responding to him, you're only encouraging him. Or at least you should know that.
[ link to this | view in chronology ]
Re: Re: You would think that, but no
[ link to this | view in chronology ]
Re: You would think that, but no
[ link to this | view in chronology ]
Re: You would think that, but no
The Corrupted Blood incident of W.O.W led to research by people from universities using the incident as a model for the spread of real word spread of diseases. One known example was a paper co-written by Nina Fefferman from Tufts University and Eric Lofgren from The University of North Carolina.
Researchers also once used a game about protein folding named Foldit to solve the structure of an enzyme used by HIV/AIDS for reproduction.
To assume that the audience of an entire of an entire medium is stupid would be not only prejudice, but also 'stupid' because it means willfully overlooking the benefits to society to promote an incorrect ideal for them to attempt to justify.
[ link to this | view in chronology ]
Re: Re: You would think that, but no
[ link to this | view in chronology ]
Re: Re: Re: You would think that, but no
[ link to this | view in chronology ]
Re: You would think that, but no
The bottom line is this company (like EA) makes content that people think is high quality that can't be found anywhere else, by any other company, and the customers are willing to pay for. I'm not accusing any gamers of being "stupid" or anything like that, but when a company like this is the only one making high-quality aircraft sim models, then the customers will overlook and forget issues like this.
[ link to this | view in chronology ]
Re: Re: You would think that, but no
Here's the real issue - as strange as it may seem to those of us who pay attention, the vast majority of mainstream audiences don't know. If they are informed, they're usually not knowledgeable enough to care.
This is why the constant character attacks on gamers is so idiotic and pointless. In the case of a mainstream products, thousands of gamers are boycotting but unless the issue is well publicised in mainstream sources (such as Star Wars Battlefront II's lootbox fiasco recently), boycotts will have limited impact. In the case of the company currently under discussion, there is literally zero competition for the products in question.
Attitudes can be made to change somewhat by making sure that news of this kind of thing is both made general knowledge and the impact of such behaviour explained to a mainstream crowd. Unfortunately, some people think it's enough to come into a non-mainstream forum and personally attack the audience most likely to be participating in a boycott to begin with.
[ link to this | view in chronology ]
"I have already left the house in question and can only promise you that I will do everything in my power to rectify the issue with those who feel offended, as well as never use any such heavy-handed approach in the future. Once again, I humbly apologize!"
While sitting on a pile of the family's stuff....
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
The feds went after A.S. for less, why shouldn't they go after FSL?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I've purchased a game and found the original shrink-wrap still inside the box. Apparently purchased, the serial number recorded, returned and re-shrink-wrapped.
In both cases legitimately purchased. And in both cases they would be declared "pirated." These crooks would have used that to harvest my passwords and use them against me.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Isn't it time we see some jail time for those DRM-based blackhats?
[ link to this | view in chronology ]
"“Test.exe” is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product."
The problem with creating this sort of thing is that eventually, you're going to screw over legitimate customers with false positive detections, as inevitably happens with DRM systems. When will developers finally learn from their repeated mistakes?
[ link to this | view in chronology ]
Re:
Most of the push for DRM comes not from the developers, but rather from the senior management, because they are making sure that the companies investment is protected.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Slight correction:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Offended?!
I doubt anyone authorized them to take usernames/passwords from their machine, so it becomes an unauthorized use of a computer - and thus wouldn't it be subject to the Computer Fraud Act?
[ link to this | view in chronology ]
Re: Offended?!
No doubt the user had to click "I Agree" on a license agreement with 30 pages of legalese, with a clause vaguely authorizing the malware.
[ link to this | view in chronology ]
I'mma stop you right there. No such line exists, or has ever existed. The sooner we acknowledge this simple fact, the sooner we can get around to fixing it.
[ link to this | view in chronology ]
I doubt it. There is no equality here, greed rules while society suffers.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
From the Ars article: "Kalamaras confirmed that the suspicious tool included with From the the installer was intended to extract Chrome Web browser information from those using pirated copies of the game. However, he writes, that tool was only activated in the case of one specific pirate who had been identified as creating and distributing illicit registration keys via an offline key generation tool.
"We even went so far as to figure out exactly who the cracker was (we have his name available upon request of any authorities), but unfortunately we could not be able to enter the registration-only websites he was using to provide this information to other pirates," Kalamaras writes. "We found through the IP addresses tracked that the particular cracker had used Chrome to contact our servers, so we decided to capture his information directly—and ONLY his information (obviously, we understand now that people got very upset about this—we're very sorry once again!) as we had a very good idea of what serial number the cracker used in his efforts."
Using this method, Kalamaras writes, the FSLabs team was able to "dump that cracker's information needed for us to gain access to those illicit websites, so we could then forward the information to proper legal authorities." What he and his team found, he writes, was "an entire web of operations" dedicated to pirating multiple flight simulators.
Kalamaras emphasized numerous times in his message that the browser-dumping tool in question "will never execute on your machine" unless you are that one specific, targeted cracker. Nonetheless, he also apologized multiple times for even temporarily placing the inactive tool on users' hard drives during the installation process and said he understood why people felt their trust had been violated. Any legitimate customers can request a full refund from the company."
[ link to this | view in chronology ]
I know this becuase back in the late 1990s, I used CyberSitter without paying for it, becuase credit card transactions were not as secure back then, and I was not going to risk my credit or debit card numbers.
My dad had a cleaning lady that sometimes brought her kids with her, so I had that on my computers, to keep them from accessing porn.
What I did was find the IP address that Solid Oak used to report installations to Solid Oak and I never heard a thing from them.
Blocking a "tattle tale" device, as it were, did not violate the DMCA, as I was not doing that for any kind of commercial gain, so I was not committing a felony crime blocking those IP addresses at the firewall level
[ link to this | view in chronology ]
I really hope that vigilante-ware is illegal, not just piracy
Even if that wasn't possible, no consumer would like (over the) maximum surveillance on their system under the excuse of “oh just in case if someone pirates our things”. Really? That is like having security cameras hidden in the bathroom (even inside the toilet) for people doing anything suspicious.
Vigilante-ware should be illegal and shouldn't be used at all. I'm not pro-piracy, I'm saying maximum surveillance and hidden methods to enforce copyright without being officially disclosed should be abolished.
[ link to this | view in chronology ]