Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2600 Hacker Quarterly Summer 2004
- A Guide To Internet Piracy
- --------------------------
- by b-bstf
- charmss5@hotmail.com
- I've written this article after reading a few
- letter which show that some readers seem to
- know little about piracy on the Internet. I don't
- know everything about piracy on the net, but I
- would go so far to say that I know a fair bit
- about it.
- First off, piracy isn't just a few guys who
- work at cinemas and software stores taking the
- odd film or game home and sharing it on their
- home FTP servers or KaZaA.
- Piracy on the Internet, or "the warez scene"
- (as those into it like to call it) is suprisingly
- organized. Pirated software/games/movies/
- anything are called warez and will referred
- to as that from now on.
- The Piracy "Food Chain"
- Top
- Warez/Release Groups - People who release
- the warez to the warez community. Often
- linked with Site Traders.
- Site Traders - People who trade the releases
- from the above groups on fast servers.
- FXP Boards - Skript Kiddies who
- scan/hack/fill vulnerable computers with
- warez.
- IRC Kiddies - Users of IRC (Internet Relay
- Chat) who download from "XDCC Bots" or
- "Fserves."
- KaZaA Kiddies - Users of KaZaA and other
- p2p (peer to peer) programs.
- We'll start at the bottom.
- KaZaA Kiddies
- At the bottom of the piracy food chain we
- have the KaZaA Kiddies. There appear to be
- two groups of these KaZaA Kiddies. First, the
- 13 year old kids with broadband downloading
- the odd mp3 here and there because they can't
- afford outrageously overpriced CDs from
- stores. Harmless kids, costing no one any real
- money, pursuing their musical interest. Also,
- these are the people being labeled "pirates."
- These are the ones "Killing the Music Indus-
- try." These are the ones who are being sued by
- the RIAA for thousands of dollars. Sigh.
- Second are the older, p2p veterans who use
- other p2p networks (Gnutella, BitTorrent,
- EMule) and programs as well as KaZaA. In ad-
- dition to using p2p for music the may also
- download games, programs, movies, etc.
- IRC Kiddies
- Not far up from KaZaA Kiddies we
- have the pople who go to IRC for their warez
- fix. These folks can be more knowledgeable
- about computers and the Internet but tend to be
- just as irritating as the KaZaA Kiddies. Warez
- Channels are often run by people who have ac-
- cess to a fair amount of pirated materieal (more
- about them later). There are generally two types
- of these Warez Channels:
- Fserve Chans. These can often be run by
- the same KaZaA or IRC kiddies. They don't re-
- ally have a reason to run them; they just like to
- feel important. They mainly use the mIRC
- client's File Server function and some "133t
- skript" to share their warez direct from their
- hard drives.
- XDCC Chans. These are usually run by
- people into FXP Boards and Sitetrading. They
- have access to fast, new warez. They "employ"
- people to "hack" into computers with fast In-
- ternet connections and install XDCC Clients
- (usually iroffer - www.iroffer.org) which are
- used to share out pirated goods. From what I've
- seen, the people running these channels must
- primarily do it because they like to have power
- over a lot of people (being a chan op), but also
- they will often be given free shell accounts to
- run BNCs, Eggdrops, etc. by shell companies
- in exchange for an advert in the topic of the
- channel.
- IRC Kiddies can be found on EFnet
- (irc.efnet.net) or Rizon (irc.rizon.net). Other
- servers and channels can be found through
- www.packetnews.org.
- FXP Boards
- FXP is the File eXchange Protocol. It isn't
- an actual protocol, just a method of transfer
- making use of a vulnerability in FTP. It allows
- the transfer of files between two FTP servers.
- Rather than client to server, the tranfer be-
- comes server to server. FXP usually allows
- faster transfer speeds altthough it is generally
- not enabled on commercial servers as it is also
- a vulnerability known as the "FTP Bounce
- Attack."
- The Boards. FXP Boards usually run Vbul-
- letion (from software from www.vbulletin.org) and
- its members consist of Scanners, Hackers, and
- Fillers. There are also usually a few odd mem-
- bers such as Graphics People or Administra-
- tors but they don't do much.
- The Scanner. The Scanner's job is to scan IP
- ranges where fast Internet connection are
- knwon to lie (usually university, etc.) for com-
- puters with remote-root vulnerabilities. We're
- talking brute forcing MS SQL and Netbios
- passwords, sacnning for servers with the IIS
- Unicode bug (yes that three-year-old one). Oh
- yes, FXP Boards are where the lowest of the
- low Script Kiddies lurk. The Scanner will of-
- ten use already "hacked" computers for his
- scanning (known as scanstro's), using "remote
- scan" programs such as SQLHF, XScan, Fs-
- can, and HScan alsong with a nice programs to
- hide them (hiderun.exe) from the user of the
- computer. Once the Scanner has gotten his re-
- sults, he'll run off to his FXP Board and post it.
- This is where the "Hacker" comes into play.
- The "Hacker"/Script Kiddie/dot-slash Kid-
- die. Now I think it's fairly obvious what the
- "Hackers" do. (They actually call themselves
- hackers!) Yes, they break into computers.
- Their OS of choice (for breaking into) is usu-
- ally Windows. There are many easy to exploit
- vulnerabilities and *nix scares these people.
- The Hacker's job is to run his application and
- "root" the scanned server. The program he uses
- (of course) depends upon the vulnerability the
- Scanner has scanned for. For example, if it's
- Netbios Password he will often either use
- psexec (www.sysinternals.com) or DameWare
- NT Utilities. There are various other vulnera-
- bilities and programs used - too many to list
- here. Once he has "rooted" the computer (this
- usually means getting a remote shell with ad-
- min rights), he will use a technique known as
- "the tftp method" or "the echo methods" (tftp -i
- IP get file.exe) to upload and install an FTPD
- (this is almost always Serv-U) on his target. (In
- the case of the IRC Kiddies this would also be
- iroffer.) Once the FTPD is installed and work-
- ing he'll post the "admin" logins to the FTP
- server on his FXP Board. Depending on the
- speed of the compromised computer's (or
- "pubstro"/"stro") Internet connection and the
- hard drive space, it will be "taken" either by a
- Filler or a Scanner.
- The Filler. Now if the "pubstro" is fast
- enough and has enough hard drive space, it's
- the Filler's job to get to work filling it with the
- latest warez (the Filler usually has another
- source for his warez such as Site Trading).
- Once he's done FXPing his warez, the Filler
- goes back to the board and posts "leech logins"
- (read only logins) for one and all to use. What
- a great community!
- FXP Boards are mostly full of Script Kid-
- dies and people with too much time on their
- hands. They like to think the FBI are after them
- and get very paranoid, but in reality no one re-
- ally gives a damn what they're up to except the
- unlucky sysops who get all their bandwidth
- eaten up because they forgot to patch a three
- year-old vulnerability. The true "n00b" FXP
- Boards can be found on wondernet (irc.won-
- dernet.nu) so, if you like, go sign up on one
- and see what it's all about. Tip: Pretend to be
- female. This will almost guarantee you a place
- on a board. Say you can scan/hack dcom, net-
- bios, sql, apache, and have a 10mbit.eu 0hour
- source.
- Site Trading
- Next on the list and pretty much at the top
- or near the top (as far as I've seen) are the Site
- Traders. These are generally just people with
- too much time on their hands who have possi-
- bly workrd their way up through FXP Boards.
- Site Trading is basically theraing of pirated
- material between sites.
- The Sites. These sites have very fast Inter-
- net connections (10mbit is considered the min-
- imum, 100mbit good, and anything higher
- pretty damn good) and huge hard disk drives
- (200GB would probably be the minimum).
- These sites are often hosted at schools, univer-
- sities, people's work,, and in Sweden (10mbit
- lines are damn cheap in .se). These sites are re-
- ferred to as being "legit." This means that the
- owner of the computer knowns that they are
- there and being run. Fast connections mean a
- lot to some people. If you have access to a
- 100mbit line (and are wiling to run a warez
- server there), there are people who would quite
- happily pay for and have a computer shipped
- to you just for hosting a site that they will
- make absolutely no profit from (you can meet
- them on EFnet). Unfortunately, this is where
- credit card fraud can come into Site Trading.
- This is frowned upon by pretty much everyone
- (there is already enough paranoia and risk in
- Site Trading) but some people do use stolen
- credit card information to buy hard drives and
- such. To be fair, Site Traders aren't a bad bunch
- - the majority don't even beleieve in making any
- money out of it and insist they are just do-
- ing it for fun. Anyways, back to the sites.
- GLFTPD is considered to be the FTPD to use
- (in fact, a lot of Site Traders and warez groups
- will not join a site unless it is running
- GLFTPD). This also means that *nix is the OS
- of choice (as there is no GLFTPD win port).
- As well as running FTPD, the sites run an
- eggdrop bot with various scripts installed. The
- bot will amke an annoucement on an IRC
- channel a directory is made or up-
- load completed. It will also give race informa-
- tiopn.
- The People. There are basically two ranks
- in sitetrading: "SiteOps" and "Racers."
- SiteOps, as you will have guessed are the
- administrators. There are usually between two
- and five SiteOps. One is often the supplier of
- the site, another the person who found the sup-
- plier and guided them through the installation
- of the FTPD. The other will be friends and
- people involved in the arez scene. One or
- more of the SiteOps will be the "nuker." IT is
- his job to "nuke" any releases that are old or
- fake (more about releases shorly).
- Racers are the folks who will "race" re-
- leases between sites. Usually they will have
- access to a number of sites and will FXP re-
- lease as soon as they're released. FXPing a re-
- lease will gain credits. The ratio is usually 1:3,
- so FXPing 100MB will get them 300MB cred-
- its on the site, allowing them to FXP 300MB of
- data from that site, which will gain them
- 900mb where they FXP that, etc., etc. "Rac-
- ing" of releases occurs when two or more rac-
- ers are uploading the same file. The "race" is to
- upload the most of the release at the fastest
- speed. Racing happends shortly after a release
- is... released.
- Warez/Release Groups/"grps"
- These are the ones basically supplying
- everyone with the warez. These are the ones
- the MPAA and RIAA don't seem to be too wor-
- ried about, or at least aren't making a big pub-
- lic fuss about. However, these groups are
- known to the FBI and they know that the FBI
- and whatever other authorities are watching
- them and collecting evidence. They know that
- one day these authorities will strike as they
- have done in the past. A lot of these people are
- just hoping that they won't be caught when it
- happens. As a result of this, anyone "high up"
- is extremely paranoid. Most users will use
- multiple BNCs (BouNCer, an IRC proxy) be-
- fore even going near an IRC network. A lot of
- large groups will own their own IRC Networks
- and SSL is used at every opportunity (FTP,
- IRC, etc.) It's hard to understand why these
- people actually do it when there is such a risk.
- The main reasons are, in my opinion, boredom.
- At the end of the day, if you're sitting in front
- of your computer for most of your life you may
- as well be doung something other than flaming
- AOLers on IRC, and this sort of thing keeps
- you busy. Another reason is geekiness. Know-
- ing that you were one of the first people on the
- Internet to see that film, or that's because of
- you that thousands of people are now playing
- that leaked Halflife 2 alpha and there are news
- articles everywhere about this "anonymous
- leaker" - it feels good, in a geeky kind of way.
- A lot of these people (not all, not all) may have
- rather uneventful lives and to know that, al-
- though at schol, college, or work they're con-
- sidered a loser, they can go home at night and
- be looked upon as some kind of god within
- their group of online friends would feel good.
- I do not believe that profit is a factor. These
- groups insist that they don't do this soft of
- thing for money, and I believe them.
- There's a quote from a DEViANCE.nfo file:
- We do this just for FUN. We are against any
- profit or commercialisation of piracy. We do
- not spread any release, others do that. In fact,
- we BUY all our hames with our own hard
- earned and worked for efforts. Which is from
- our own real life non-scene jobs. As we love
- game originals. Nother beats a quality origi-
- nal. "If you like this game, BUY it. We did!"
- A quote from Team Razor .nfo file: SUP-
- PORT THE COMPANIES THAT PRODUCE
- QUALITY SOFTWARE! IF YOU ENJOYED
- THIS PRODUCT, BUY IT! SOFTARE AU-
- THORS DESERVE SUPPORT!!
- Releases
- A release is a piece of pirated material
- packaged and released by a warez group. The
- format of the release varies, but in the case of
- games or programs the release is usually in
- bin/cue, compressed with RAR, and split into
- 15,000,000 bite files. The naming of the re-
- lease will usually by something along the lines
- of "New.Game.3-ReLEASEGROUP".
- The types of releases vary. In games there
- are mainly either CD Images (bin/cue format)
- or Rips. Movies are either DivX/Xivds (two or
- three bin/cue files). There are many different
- types of movie releases. A great list of these
- can be found at www.vcdquality.com. Releases
- will almost always be accompanied by a .nfo
- file. This will provide information about the re-
- lease and the group.
- Additional Info
- The following information is not from first
- hand experience, like the past information has
- been. This has been obtained from text files,
- told to me by people, and assumed. It will be
- mostly accurate, but there may well be errors.
- The main members of any release group
- are:
- The Supplier. This is the guy working at the
- local cinema or games store, the guy with the
- digital camera happy to sneak into the cin-
- ema , etc. Generally these people have to have
- access to new material, usually before anyone
- else gets to it. Often they will also have to have
- a fairly decent upload speed.
- The Cracker. (only in games/apps groups)
- This wlll vary between groups. For example, a
- VCD/SVCD group would not require a
- cracker. But the cracker plays an important
- role. He will have to crack the game's protec-
- tion that stops the game from being pleyed
- without the official CD. This guy usually has a
- fair bit of programming experience and can be
- quite smart.
- Site Supplier. Similar to Site Trading, how-
- ever warez groups are often more picky about
- the sites they choose. The minimum speed is
- usually 100Mbit and often groups will only
- accept site that are being supplied by the ac-
- tual System Ops/Admins themselves.
- Courier. This guy's role is basically Site
- Trading. He has to distribute the group's re-
- lease to other sites.
- Terms you may have hard and their mean-
- ings:
- PRE/PRE'd. When a release is released an-
- nouncements will be made across many IRC
- channels called "PRE Chans." This is called
- the "PRE Time" and is the official time of re-
- lease. PRE Time is used mainly in site trading.
- 0*. This is reference to how new the re-
- lease is.
- 0sec. This is a dream - n00b IRC Chans of-
- then use this term but they are lying.
- 0hour. Mean the release was PRE'd under
- an hour ago.
- 0day. Mean the release was PRE'd under a day
- ago. (Typo-error in article, was "an hour ago".)
- And so on...
- Nuked. If a release is Nuked, the uplaoder
- of the release will lose credits on the site he is
- Nuked on. A release is Nuked when it is break-
- ing site rules (like eight hours of PRE or ear-
- lier).
- Pubstro/Stro. This is a computer that has
- been compromised and has an FTPD running
- on it. It will be used to share warez, mainly to
- the FXP Community.
- ScanStro. Similar to the above, but is used
- to scan for other vulneralbe computers.
- Pub/Pubbing. Pubs are dard. These are
- from the old days when many university and
- business FTP servers had write access enabled
- on anonymous accounts. So instead of break-
- ing into a computer, the warez kiddies would
- just upload their warez and give the IP address
- to their friends. This war very popular but died
- out for obvious reasons.
- Tagging. Once found a Pub would be
- "tagged" (a folder with the name
- "tagged.by.lamepubkiddie" or something simi-
- lar would be made). The idea was that if a Pub
- war already "tagged" other Pubbers would
- leave it alone. This apparently worked for a
- while, with people respecting other people's
- tags and leaving the Pubs alone. But it cer-
- tainly hasn't worked for a very long time.
- Dir Locking. This war used in Pubbing to
- stop people other that your warez group find-
- ing and downloading your warez (and slowing
- the server down). You would hide it, using di-
- rectory names such as "com1" and "." These
- directory names would also be hard to delete or
- even open, so it could take some time before
- the warez were found by the server admin.
- Raping. The act of Raping an FTP server is
- when someone downloads pretty much every-
- thing then can from it at a very fast speed. It's
- frowned upon.
- Leeching. Downlaoding a lot without up-
- loading.
- PubStealing/Rehacking. Back "in the day"
- this would have been referring to as uploading
- to an already tagged Pub. Now it means replac-
- ing someone else's Serv-U with yours- Pub-
- Stealing is frowned upon and people will often
- be banned from FXP Boards if they are found
- to be doing it.
- Securing. The act of Securing a pubstro
- would involve deleting key files such as
- ftp.exe, tftp.exe, cmd.exe, etc. or changing the
- username/password. Securing methods depend
- upon the vulnerability.
- Some warez related links:
- www.nforce.nl - a site that archive .nfos and
- releases. This site is frowned upon by people
- in "the scene".
- www.isonews.com - a site seized by the federal
- government.
- www.vcdquality.com - for movies specifically.
- www.fxp.nl - fxp stuff
- www.jtpfxp.net - rather large archive of
- fxp/script kiddie tutorials.
- www.packetnews.org - XDCC search engine.
- www.downhillbattle.org - not related, but fuck
- the RIAA!
- If I've mentioned a program and not give a
- link it's because it can be easily found through
- Google.
- That's all. I hope this has give someone a
- better view of piracy.
- ---------------------------------------------------
- ASCII CONVERSION BY DALEK
- ----------------------------------------------
Add Comment
Please, Sign In to add comment