Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Piracy Privacy Security The Internet

Flight Sim Company Embeds Malware To Steal Pirates' Passwords (torrentfreak.com) 225

TorrentFreak: Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure. Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.
This discussion has been archived. No new comments can be posted.

Flight Sim Company Embeds Malware To Steal Pirates' Passwords

Comments Filter:
  • by ArtemaOne ( 1300025 ) on Monday February 19, 2018 @03:05PM (#56153790)

    That's probably naughty, but hilarious.

    • by alvinrod ( 889928 ) on Monday February 19, 2018 @03:14PM (#56153844)
      Probably also illegal. Just because someone has done something illegal, doesn't give you the right to do something illegal yourself in response.

      I think the best anti-piracy measure that I've heard anyone take was a simulation game about video game development. If you were playing on a pirate copy, eventually sales for the virtual games you were developing as part of the sim would tank because of virtual in-game pirates not paying for copies. It was especially hilarious because people would complain about it on the developer forums and then have it explained to them. Utterly harmless (well outside of social embarrassment) and perhaps even effective at getting people to buy the game since they might have been able to play enough of it to decide if they'd like to spend money on it.
      • By naughty I did mean illegal. I heard of that one before. There was an article I read a few years ago listing all the in-game tricks to get the pirates, good read if you can find it.

      • Just because someone has done something illegal, doesn't give you the right to do something illegal yourself in response.

        And thus ... license servers have once again been reinvented.

        I don't disagree but I do have sympathy for those whose software has been pirated.

      • by Major_Disorder ( 5019363 ) on Monday February 19, 2018 @03:25PM (#56153906)
        Best one I ever saw was on Operation Flashpoint. In network play, if it saw another player with the same serial number, it would work fine for an hour or so, then start randomly crashing, slowly getting worse. A reinstall would fix it. It was kind of cool that you could get a quick 2 player game up, but then you were stuck with a reinstall.
        But once it saw the other player with the same serial number, you were going to have to reinstall even if it never saw that player again.
      • by pegr ( 46683 )

        Funny you mention that. When I first heard of it, I bought the game. I didn't download it or play it, I just bought it. And I explained to them why I did as well! ;)

      • Nope.
        The best one has to be "No Time To Explain"
        If it's a "pirate" copy, everyone is wearing pirate hats :D
      • by gweihir ( 88907 )

        Actually a felony. Hence one order of magnitude worse than the piracy they claim to fight.

      • by Hal_Porter ( 817932 ) on Monday February 19, 2018 @07:16PM (#56154998)

        Probably also illegal. Just because someone has done something illegal, doesn't give you the right to do something illegal yourself in response.

        It works for Batman.

      • There's a funny screenshot here from Spyro : Enter The Dragon (Playstation) where a fairy tells you you're playing with a hacked copy and 'may experience problems'. Spyro : EOTD had a multiple checksum routines. If the pirates patched some but not all of them the game would crash

        https://www.gamasutra.com/view... [gamasutra.com]

        At one point Microsoft had an unkillable elite with a laser sword which wasn't actually a player - it was a software bot which targeted pirates (Halo?/XBox?)

      • The best anti-piracy measure I know of is a great product at a reasonable price.

      • by mjwx ( 966435 ) on Tuesday February 20, 2018 @07:46AM (#56156520)

        Probably also illegal. Just because someone has done something illegal, doesn't give you the right to do something illegal yourself in response.

        I think the best anti-piracy measure that I've heard

        Is to try to turn them customers. DRM ultimately doesn't work, stealing passwords ultimately gets you sued out of existence (how do we know they aren't stealing passwords of paying customers) and it's been demonstrated time and time again that piracy fuels sales rather than taking them away.

        The problem FlighSimLabs has is that they're charging $100 for something that isn't worth it.

      • by Luthair ( 847766 )
        Given they probably aren't violating rights, they could probably include vague terminology in the EULA and be fine legally. That said, this is much like the Sony rootkit which has the possibility for abuse by attackers.
    • by mwvdlee ( 775178 )

      Microsoft will probably still provide them with certification to allow installing with administrative privileges without warning, even though this company now has a proven track record of installing spyware.

    • The Copyright Act actually permits this as long as they use the stolen credentials to buy exactly one license seat for the flight sim and then set the user's home page to this video [youtube.com].
  • by fred911 ( 83970 ) on Monday February 19, 2018 @04:07PM (#56154130) Journal

    "âoe[T]here are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products."

    All others gave us explicit permission to all usernames and passwords entered in the the computer. It's in our EULA your honor, we committed no crime.

    • It's in our EULA your honor, we committed no crime.

      Did the pirated copy contain an EULA?

    • All others gave us explicit permission to all usernames and passwords entered in the the computer. It's in our EULA your honor, we committed no crime.

      In most countries the EULA cannot supersede the law and people cannot sign away their legal rights

      Also computer intrusion crime is considered to have happened in the country where the target computer is, not where the attacker was at the time

  • FBI/CIA job as real pilots pay for sims.
    So it's some punk kid who thinks it's fun to crash planes or it's the people who don't need to learn how to land.

    • Who doesn't think it is fun to crash planes? (In simulation)
      The first Flight sim I ever had, I would take the plane as high as possible, then dive and see if I could break the sound barrier on the way down. Or extend the flaps at extreme speed, and tear the wings off.
      I doubt a computer could count how many time I crashed the 737 into the twin towers, trying to fly between them in level flight. Or how many times I crashed into the river trying to fly under the bridge in MS flight sim.
      Strangely, I am not n
  • Cuphead (Score:2, Interesting)

    by Anonymous Coward
    My 10 year old spent some of his money on a download of Cuphead from the Windows store a few months ago when it came out (so paid full price). After a Windows update it stopped working completely, crashing out shortly after the splash screen. After an hour or two of trying to debug this, I found the torrented repack worked just fine, and he has been using that since. Not sure what the lesson there is.
    • Buy it on gog.com for a DRM free install
    • The lesson is you and your son have been had, taken advantage of by a system intent on deceiving you.

      The chief underlying problem here is proprietary (non-free, user-subjugating) software. Software you're not allowed to run, inspect, modify, or share (also known as 'software freedom'). Proprietary software is licensed and distributed to keep you from running the program despite doing normal maintenance, software meant to keep you from treating your friends as friends by sharing a copy, inspecting the program to see what it does, and distributed to prevent you from modifying your copy the program should you wish to for any reason.

      I experienced something quite similar with the Commodore 64: A video game called Elite on the C-64 had an anti-copying scheme so clumsy and prone to problems it drove me to understand what was really going on. Today we'd properly call this DRM—digital restrictions management [gnu.org] (expanded that way because I take the side of the user class, not the publisher class) which was only visited upon those who obtained their copy of the program in a way the publisher found acceptable. Typically this meant buying a copy, but I later came to understand some copies were distributed gratis. The packaged game came with media, a manual, and a flat plastic device with a see-through window. The device could be bent so it resembled a table like an inverted letter "U". On starting the game, the user was shown some blocky image that looked incomprehensible. When the plastic device was folded, placed on the monitor at the proper distance (via the "legs" of the device), and peered through one could see the blocky image turn into something readable. If I recall correctly, the readable image was a page number reference in the manual one was expected to look up and type in the proper word to get past this stage of the loading program.

      After I did this a couple of times it dawned on me that those who engage in filesharing and treating friends like friends (sometimes propagandistically called "pirates [gnu.org]") never have to put up with this. Only the people who used the publisher-distributed copy did. And most of those users had paid for this treatment.

      Those who shared copies were doing us all a favor: they let us try programs before buying a copy, they let us run copies that didn't have what we now call DRM; the anti-copying code had been stripped away. They let us have copies that one could copy in an ordinary fashion, no need for special copiers (such as "nibblers", or any copier that knew how to get past the errors which were deliberately added to the disk to defeat the standard file and disk copiers). There was no need to work around the issue by using audio tapes instead of disks (since audio tapes didn't have copy-prevention added to the media). These so-called "pirates" were doing us a service, a service I might have paid for if offered the opportunity to pay a publisher for a headache-free copy of the program.

      Later I obtained a memory snapshotting cartridge called "Isepic" which let me make my own copy of the RAM-resident portion of the game. Isepic produced a copy which loaded faster, never prompted me for the manual lookup, and played identically to the other copy loaded from the distributor's media (no surprise there, it was the same code being loaded into memory). I never loaded the distributor's media again. But this got me to thinking about all the other programs (not just games) that treated the users this way across all the computers I had used. And I began to realize that this was a scam perpetrated on the people who treated the publishers the best. We were literally exchanging our money for being treated badly. And this harm pushed on the users was indiscriminate, just like the flight simulator company did here.

      There was one more issue to wrestle with: proprietary software. This was an issue even the filesha

  • by gweihir ( 88907 ) on Monday February 19, 2018 @06:37PM (#56154862)

    These people should go to prison for criminal hacking. In many penal codes what they did is at least one order of magnitude worse than piracy.

  • by Randseed ( 132501 ) on Monday February 19, 2018 @08:05PM (#56155162)
    So in summary: 1) FlightSimLabs just destroyed their company by intentionally inserting malware into a product they were charging for. 2) FSL was asked on their forums about it when various antivirus programs identified their product as malware. They responded by saying "turn off your AV software." 3) FSL transmitted the material over an open HTTP stream. 4) The server that they have stored this stolen information on is itself secured in a very piss-poor manner. (RDP is open for God's sake.) 5) As this was intentional, and not a mere "bug," it can theoretically be prosecuted in the U.S. as a felony. (Read: Quality time in Federal pound-me-in-the-ass prtison.) 6) Even if merely incompetent, their failure to secure the data they stole is itself criminal in the EU. 7) I guarantee you that they cannot prove that at no time was any of their unencrypted HTTP steams intercepted, NOR can they prove that their obviously insecure server was not comproimised, meaning: 8) How do we know that this wasn't intentional to steal information and go sell to identity thieves? They charge $100 by identity theft. https://www.fidusinfosec.com/f... [fidusinfosec.com] Oh, where did I get #8? That's the only logical reason they would have stolen the data in the first place. It doesn't do shit for piracy. I hope these assclowns have a good lawyer.
    • I hope they don't have a good lawyer and are utterly destroyed.

    • by nnull ( 1148259 )
      No sympathy here. Some of these flightsim developers have some of the most absurd anti-piracy practices and forum rule requirements which would make privacy advocates head spin *cough* PMDG *cough*. Complain and they ban you. It's almost as bad as some of these HAM software tool developers who ban you from ever using their software again for saying anything bad about them.
    • by Alsee ( 515537 )

      Note to FlightSimLabs management: Just because you broke the law does not make it legal for your prison cellmate to assrape you.

      -

  • by duke_cheetah2003 ( 862933 ) on Monday February 19, 2018 @09:54PM (#56155468) Homepage

    Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.

    If any individual was found to be installing this kind of malware on remote computers, they would be charged with all kinds of computer hacking crimes, just as a start.

    Where's the criminal charges? This company needs to be made example of, this kind of behavior is utterly unacceptable.

  • specifically harvest bank info and use it to transfer funds equal to the purchase price to my company. Plus any applicable taxes. Then I'd send them an email telling them not to worry, we corrected the accounting oversight that resulted in them ending up with a bad serial number. Oh, and that as a courtesy we waived the service fee. What service fee you ask? It doesn't matter, we waived it. Stop worrying so much.

"The Computer made me do it."

Working...