Scammers Use The Public's Fear Of Copyright Culture To Trick People Into Installing Malware
from the look-what-you've-done dept
It isn't some novel revelation that scammers and malware purveyors have used the public's fear and lack of knowledge about copyright laws and processes to pull off their nefarious deeds. For more than a decade, bad actors have looked at the shady methods of copyright trolls and noticed that those tactics are perfectly suited to convince the public to download malware or fraudulently extract money from people's wallets. None of this is new or surprising. What should be surprising, however, is that absolutely nothing has been done about any of this. Never has a hard look been taken as to why copyright enforcement so resembles these illegal activities, nor has any serious consideration been given to what this culture of permission and fear has done to so well prepare the public to be susceptible to these scams.
As a result, these bad acts continue to the present. TorrentFreak has a post about how scammers are currently using fake notices sent to the public, made to look like copyright threats or warnings, all in an effort to get them to click links and download malware.
Just a few weeks ago, we reported how pirates are lured into downloading malware and trojans. However, people who want to avoid copyright troubles are facing similar risks. As it turns out, fake copyright warnings and takedown notices are commonly used by scammers as well.
These scammers cleverly use the threat that copyright infringement claims pose to recipients. Many website operators fear legal repercussions and are eager to resolve these matters swiftly. Social media users, who risk losing their accounts, are equally concerned.
This happens in a variety of ways. Those hosting or running websites get notices that their sites will be taken down if they don't click the links and respond to a general accusation of copyright infringement. But the scammers are also going after random social media accounts as well, with the same push via threats of account termination to click links. Those links are typically used to steal account credentials, just like a typical phishing email scam. Some, however, actually deploy a payload of malware instead.
Careful readers will notice that there are several mistakes in the notice. However, in their panic, some people may simply read over these errors. Instead, they will click on the Google link where they can download a “Copyright Infringement Evidence” package.
Needless to say, downloading and running these files will infect people’s computers with all kinds of nastiness. Google takes these links down when they are reported and we couldn’t find a live one. However, Techlicious linked one package to a Ransomware trojan.
Why does this work so well? Well, as I mentioned above, it starts to get really tough to tell apart the notices coming from copyright trolls and the scammers. While the end goal is somewhat different, the overall tactic is the same: use threatening language about copyright infringement to scare the shit out of the target in order to get them to hastily do what you want. In the case of copyright trolls, that means so-called "settlement" payments. For the other scammers, this can also mean handing over money, or clicking a link to steal credentials or deliver malware.
It used to be said that only pirates had to worry about copyright culture creating security risks for those infringing copyright. Now, thanks to the expansion of that copyright culture, unsuspecting and innocent members of the public are at risk as well.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
The First Word
“Techdirt gets these every few days...
So Tim wrote up this story before I had a chance to let him know that we actually get these notices every few days, either as emails or spam comments, from people (with ever changing names) claiming to be professional photographers, and saying that we have infringed on their copyright (usually pointing to articles that have no images at all) and threatening to sue. We know enough to ignore them, but seeing how many we get, I do wonder if they're effective for the scammers.
Subscribe: RSS
View by: Time | Thread
Techdirt gets these every few days...
So Tim wrote up this story before I had a chance to let him know that we actually get these notices every few days, either as emails or spam comments, from people (with ever changing names) claiming to be professional photographers, and saying that we have infringed on their copyright (usually pointing to articles that have no images at all) and threatening to sue. We know enough to ignore them, but seeing how many we get, I do wonder if they're effective for the scammers.
[ link to this | view in chronology ]
Re: Techdirt gets these every few days...
About as effective, or maybe a little more so that other spamming efforts.
[ link to this | view in chronology ]
Re: Techdirt gets these every few days...
This makes me wonder: Copyright maximalist often wax on about the "cost" of copyright infringement. But how much is having our modern copyright (that basically lasts forever, since "after you are dead" is not a time you will live to see), as opposed to say, something that only lasts 5-14 years, and that has much closer definitions and limits.
Clearly some non-trivial amount of effort is being put forth to deal with it (and even if people delete the notices, time is money, and the maximalist will surely argue for padding their numbers).
[ link to this | view in chronology ]
Re: Re: Techdirt gets these every few days...
The problem isn't just the amount spent on enforcement. New works build all the time on the public domain and on homages to older works. If this is prevented by robbing the public domain of works that should be there, or by creating a chilling effect where people can't risk putting work into something that could be found infringing, then we don't know what we're missing out on because it's never created.
As a random example - Night Of The Living Dead famously entered the public domain earlier than it technically should have done due to a clerical error. Its public domain status led to it being shown regularly on TV, which has led to generations of fans creating their own imitations (anything using the modern zombie myth is directly descended from NOTLD as it originated the tropes). This led first to George Romero being able to make sequels, which decades later allowed Zack Snyder to make his directorial debut with its remake (with James Gunn on writing duties). Gunn and Snyder have been a major part of different blockbuster comic book universes, while this week Netflix have a new $90 million zombie action movie from Snyder.
Why is this significant? Well, if NOTLD had been "correctly" licensed according to the maximalists, most of this wouldn't exist. Not just the hugely lucrative zombie genre that's made an unknown (but clearly huge) amount of money off the back of the public domain nature of that film, but the careers of people handling multi-billion dollar franchises may not have got off the ground. Yet, nobody in the alternate reality where NOTLD remains copyrighted and thus remained less seen and less influential could ever guess what they lost as a result of over-enforcement.
So, the problem isn't the money we can see being wasted, the problem is how many lucrative projects never exist as a result. We will never know.
[ link to this | view in chronology ]
Re: Re: Techdirt gets these every few days...
Copyright lasts 70 years after the original creator dies, and/or the estate loses control. At that point copyright maximalists are not going to care because they'll have made bank and laughed all the way to it before dropping six feet under just like the rest of us.
It's "fuck you, got mine" all the way down when it comes to copyright.
[ link to this | view in chronology ]
Re: Re: Re: Techdirt gets these every few days...
stares at you in Happy Birthday
They do still care, because if someone makes something remotely like it they claim ownership over it and demand a cut.
Of course this thought process has lead to them having the left hand paying the right hand for stealing the "feel" of music as opposed to anything copyright actually covers.
Just because they think they bled it dry, they will not let go of it. There might be a few more cents they can get.
[ link to this | view in chronology ]
Re: Re: Re: Techdirt gets these every few days...
I can tell you've not attended many burials. The usual depth is three feet, not six.
[ link to this | view in chronology ]
Re: Techdirt gets these every few days...
It would be informative for them to be publicised somewhere, with headers where appropriate...
[ link to this | view in chronology ]
Re: Techdirt gets these every few days...
We know enough to ignore them, but seeing how many we get, I do wonder if they're effective for the scammers.
i imagine they operate under the same model as copyright extortionists in that the cost of sending out the threats are minimal and if even one person in a hundred/thousand falls for it and pays out the costs have more than been recouped.
[ link to this | view in chronology ]
Re: Techdirt gets these every few days...
It's the Richard Liebowitz business model. Hell, it's the Prenda Law business model. They probably made more than enough off the backs of the uninformed.
[ link to this | view in chronology ]
Re: Re: Techdirt gets these every few days...
Remember as sleazy as Pretenda was, I don't think they were the braintrust who printed out a list of other alleged downloads (that they had no interest in) & asked would they like the neighbors to be asked if they downloaded it using the targets internet.
[ link to this | view in chronology ]
Re: Re: Re: Techdirt gets these every few days...
If memory serves, Prenda was certainly not the ones who used that strategy. Malibu Media wasn't the first, but they were the ones who brought the "Exhibit C" tactic to judges' attention and got their asses kicked for it. Good riddance.
[ link to this | view in chronology ]
Re: Techdirt gets these every few days...
9 out of 10 Nigerian princes agree its effective.
[ link to this | view in chronology ]
Re: Techdirt gets these every few days...
Tim also missed this bit;
"...it starts to get really tough to tell apart the notices coming from copyright trolls and the scammers."
There never was much of a difference. Both are fraudulent attempts to use shady, unpredictable law to extort compliance and money from largely innocent people én másse.
It's just that a certain kind of fraud can be rendered pseudo-legitimate because the law it relies on was written with the express intent to provide a platform for this type of fraud. The sole difference, then, is that which lies between Rightscorp and Prenda.
[ link to this | view in chronology ]
One of the hallmarks of spam is lacking specific information., but when "legitimate" DMCA notices go out of their way to be as opaque and lacking in detail as possible (looking at you, twitch), how are people supposed to tell the difference?
[ link to this | view in chronology ]
Re:
being able to tell the difference would be a "bug" from some peoples perspective.
(I guess Amazon is included in that group.... since they should have both the knowledge and capability to make twitch otherwise.)
[ link to this | view in chronology ]
Congratulations, copyright maximalists — you’re no better than scam artists now.
[ link to this | view in chronology ]
Re:
'Now'?
[ link to this | view in chronology ]
Re:
Now? Prenda, Righthaven, etc... Inventing the art of copyright scamming / trolling long ago!
[ link to this | view in chronology ]
Re:
They always have been scam artists. They just have a different grift from others.
[ link to this | view in chronology ]
Re:
What part of "I own 0.1% of the footage in your video, therefore I get monetize it 100% for myself" isn't fraud?
[ link to this | view in chronology ]
Re: Re:
Its the COPYRIGHT!!!!!!!
(its like the aristocrats but way worse)
[ link to this | view in chronology ]
Re:
"Congratulations, copyright maximalists — you’re no better than scam artists now."
They never were.
Go google Rick Falkvinge's "The Copyright Industry - A century of deceit" for some context. It's always been a grifter's game pushed by industries of middlemen trying to protect their market niche against technology.
[ link to this | view in chronology ]
Re: Re:
Thanks for that pointer -- despite my interest, I've somehow managed to have not actually read it yet.
[ link to this | view in chronology ]
Related, and I'll probably post it again.
In the podcast You're Wrong About Michael Hobbes tells the story of The Chicks (the artists formerly known as the Dixie Chicks) and their rise to fame before getting cancelled(-ish) by the right-wing anti-fandom media talk engine.
One of the smaller bits is about their early albums before the incident. But Dan Rather notes that Sony made about $150 million from the sales and so the artists themselves should have gotten about $50 million of that, right?
Less than one million. IIRC about $500,000. It lead to a big lawsuit and was the beginning of the end of the Chicks as a country band for daring to rock the boat. Hobbes goes into some detail about how Hollywood Accounting is much like hospital billing, in which expenses charges are overinflated to deplete artist royalties.
Copyright as it is today is giant rent-seeking scams, and piracy is minimally unethical by comparison, and the story of the Chicks is one out of hundreds (if not thousands).
Regardless, it's the most recent ep as of today, found here. Definitely worth the hour-ish listen.
[ link to this | view in chronology ]
Re: Related, and I'll probably post it again.
It's been a known problem for a long time. Here's a copy of producer Steve Albini's article from 1993 on the same sort of issue:
https://thebaffler.com/salvos/the-problem-with-music
[ link to this | view in chronology ]
Re: Re: Related, and I'll probably post it again.
Hadn't read that specific one but it parses much like other examples I did read. Thanks for the link.
Copyright has always been a con game meant to benefit the middleman and turn the author or artist into an indentured serf. Ever since it was just a glint in the eye of The guild of Stationers under Queen Anne.
[ link to this | view in chronology ]
'I learned it from watching you!'
Given how scummy yet profitable copyright extortionists and their tactics are I can't say I'm surprised that scammer would pick up on their tactics and run with it, with the added 'benefit' that the original racket is already only legal thanks to copyright induced madness it's not like the scammers had to change much to adapt it for their use.
[ link to this | view in chronology ]
Re: 'I learned it from watching you!'
And the fact that many of the extortionists are actually scammers & the punishment 99% of the time is nothing, why wouldn't actual scammers want to get paid too?
I mean we have a Judge ruling that the mere allegation of having downloaded is enough to terminate your internet without any due process.
[ link to this | view in chronology ]
Re: Re: 'I learned it from watching you!'
We have "rights" groups that collect licensing fees directly to their own pockets and never even try to find they artists they claim to represent. Complete scam.
[ link to this | view in chronology ]
There's only so much that one can do to stop stupid people from being stupid. Yes, scammers are a problem, but scammers will always exist and remaining oblivious to the technology one is blindly using is not an option.
[ link to this | view in chronology ]
Re:
stares in have you not been paying attention
A woman who did not own a computer was shaken down by a 'legit' scammer claiming she downloaded a movie.
The 'scammer' threatens to tell your neighbors you are being investigated for downloading CP or bestiality videos.
A grandmother was accused of downloading a hyper-violent white power movie in Germany, she was fined.
There was the "legit' company who was using their settlement website to increase their payoff by getting people to admit guilt & then adding more claims against them.
Perhaps if the law hadn't created an entire cottage industry of legit scammers, people could spot the scams easier.
I do enjoy the completely self centered view point of its other peoples problems rather than admitting that the entire topic is completely screwed up & gives rise to actual scammers.
We have people falling victim to all sorts of scams all the time & rather than finding out why we can just call them stupid and move on. It's their fault they were fooled, not that they are using tactics amazingly similar to "real" tactics.
So while you are busy blaming the victims, what sins are you trying to distract us from?
[ link to this | view in chronology ]
Re: Re:
Don't be a moron. The reason those things happen is precisely because people don't understand those they elect pass laws that screw them over. Those cases you mentioned happened because copyright holders are allowed to go unchecked. If you're technologically clueless, how do you expect to know how you might be affected when strong protections against being misidentified don't make into a bill? How can you even know if you want to make use of a particular technology if you're technologically ignorant? Next time, skip the strawman arguments.
[ link to this | view in chronology ]
Re: Re: Re:
Take your own advice.
[ link to this | view in chronology ]
giggles
The better question is are the actual scammers pulling in more than the regular scammers?
I mean both of these kinds of notices are fairly scammy...
[ link to this | view in chronology ]