FBI raids cripple software pirates

Law enforcement's war on warez causes chaos among online file sharers, with top-level "rippers" laying low and a major piece of the underground network disrupted.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
5 min read
The informal community of Internet software pirates has been ripped apart by the recent international law-enforcement raids on many of its elite crackers, members of the shadowy scene said this week.

"This is a bad hit for warez," one self-described 18-year-old programmer, who has been a member of the community for four years, wrote in an online chat with CNET News.com. "Right now, every scene is at a standstill. Every one of them."

Warez is the generic online name for digital content such as games, movies or software whose copy protection has been defeated by skilled programmers. The programs can then be used on any PC without first buying the software.

The chaos is the result of what has been billed as the largest action against online software pirates to date.

Early last week--with the cooperation of the U.S. Justice Department and international law-enforcement agencies--the U.S. Customs Service, the FBI and the U.S. Department of Defense's Defense Criminal Investigative Service (DCIS) led simultaneous strikes stemming from three separate investigations targeting suspected members of the warez community worldwide.

The U.S. Customs Service, the U.S. Justice Department and law enforcement from the United Kingdom, Australia, Finland and Norway seized more than 130 computers worldwide between Dec. 10 and Dec. 12 as part of the first overt enforcement action in their 15-month investigation, dubbed "Operation Buccaneer," of a warez group known as DrinkOrDie.

On Dec. 11, the DCIS, the Environmental Protection Agency's Office of Inspector General and the FBI served 34 search warrants in the United States and Canada. The searches came at the culmination of a sting, known as "Operation Bandwidth," in which an FBI office operated a fake warez site. More than 144,000 programs were uploaded to and downloaded from the site, said Alan Peters, supervisory special agent for the FBI's Las Vegas office.

The undercover operation didn't just target casual file traders, he said. "We aimed as high up the food chain as we could possibly get."

A second undercover investigation by the FBI in New Hampshire also resulted in a dozen searches across the country on Dec. 11. The yearlong investigation, known internally as "Digital Piratez," focused on the upper echelons of the warez community: suspected crackers.

U.S. Customs spokesman Kevin Bell said it is unclear what effect the raids have had to date, but he said the investigation has yielded new leads and is expanding, with as many as 15 other countries expected to aid worldwide law-enforcement efforts in the future.

Moreover, most suspected warez group members questioned in the past week of raids have been willing to give details about others in the community, said Bell.

"Nearly everyone we are talking to is cooperating," he said. "They are not only cooperating but providing us additional information."

As a result, the agency has been adding search warrants daily based on new information, with nearly a dozen new searches executed in the past few days on top of 37 searches that lead off the agency's sweep last week.

He said the agency is looking at 50 terabytes of data, which will take several weeks to review.

Schools form hubs
In a Web site posting that continues to be updated, warez gadfly "ttol" wrote that the two major hubs for communications between pirate groups, one at the Rochester Institute of Technology (RIT) in New York and the other at the University of Twente in the Netherlands, have been compromised as a result of the crackdown.

While no raids have yet been confirmed in the Netherlands, reports of warez group surveillance have chilled activity in the country, according to "ttol."

"These two universities were the mother ship," the underground scribe wrote, alleging that Twente is the favored network for moving pirated programs between sites in Europe and that RIT has a similar status in the United States. In addition, many crackers--as those who break the security on desired programs are known--have been driven into anonymity.

On Dec. 11 and Dec. 12, U.S. Customs Service agents took six computers from the residences of six students at RIT, a university representative confirmed. Identified only by their Internet addresses, which the university had to match with students, the computers are thought to hold a large amount of pirated software.

"As far as we know, it's just the six," said Laurie Maynard, spokeswoman for RIT. "What Customs is doing with the computers and the information, we don't know."

Maynard said she was surprised to hear that RIT was well known in the underground as a place to stash pirated digital content, and added that the students' status had not changed.

It's "too early to tell what this means," she said.

Officials at Twente could not immediately be reached for comment.

Cracking in
The warez community can be divided into smaller "scenes" based on the type of content their members are interested in. Typical divisions are the DivX scene for movies available in MPEG-4 format, the MP3 scene for music available in that popular format, and the PS2 scene for pirated PlayStation 2 games.

"Everyone that had a significant role in the community is worried that the (DrinkOrDie) takedown will change the way the scene works," said the warez programmer, who asked that his name and online handle not be used. "It won't be quite so public anymore."

Typically, a "leak"--someone who supplies a copy of a yet-to-be-released program--uploads the data to an online drop box. The supplier often is someone who works in the company and sells the code for money or to get back at the company for some perceived slight.

The cracker then takes the program, breaks through the security and "rips" a copy that works without the CD-ROM. This step is, by far, the most time-consuming. Typically, the cracker then uses a private site to pass the program to a courier, or curry, who distributes the program to publicly accessible download sites.

Although the raids mainly targeted those suspected of cracking content, the effects will trickle down to hit the software pirates on the street, the warez programmer said. Such pirates depend on the warez community for their supply of copy-protection-free content.

For example, VideoCDs--popular in the Asia-Pacific region--might become scarce, especially those made from newer movies.

"VCD groups have stopped releasing," the warez programmer said. "Asian markets can't get copies of American movies to subtitle, which means they can't sell them on the street."

The discord within the community has been heightened by the FBI's ability to infiltrate at least one online group, RogueWarriorz. In his posting, "ttol" describes RogueWarriorz as a group of about 70 members with access to more than 40 sites belonging to other groups.

The FBI's Peters confirmed that the target of its Operation Bandwidth investigation was the RogueWarriorz.

Peters also predicted that the investigation will drive the remaining software pirates underground. "I think the trend is more, for their own protection, to keep the sites from outside access," he said. "Many have password protections added to them now."

Despite the discord, at least one member of the warez scene believes the law-enforcement victory is fleeting.

"I'm just sure that whatever the FBI decides to do, there will still be people ripping and releasing (warez) internally through groups," wrote one member of the music scene, who used the handle "dsif0r."

"We have finally lost; but I assure you, the FBI cannot keep us down."