The Hunt For Warez

It’s not hard for broadband users to think back to the very first moment they
downloaded a Web page after ditching dial-up access. In many ways, it is reminiscent of a first sexual encounter: first, the anticipation, then exhilaration, and lastly immediate gratification.

Depending on whom you talk to, digital subscriber line (DSL), cable,
satellite and fixed wireless has opened up a whole new world to people who were used
to puttering through a 56-Kbps modem.

But like any part of the world, there are good places and there are the
places you don’t take your children. One of those latter places is the
illegal world of online piracy, where the latest applications — from
full-version Windows XP to the PC game Black & White — are there for the
download.

It’s really, really easy; don’t let anyone ever tell you different. A
Google search using the words “warez” or “appz” will produce hundreds of
Web sites containing literally thousands of the latest software titles you
thought only sat on the shelves at Best Buy or Circuit City.

The “checkout” process is just as simple: merely click on the title you’re
looking for, wade through the attendant banner ads, and click
“download.” What might have taken hours, even days to download via dial up
is now just a matter of minutes.

Figures released by the International Planning & Research Corp. in 2001
show online piracy cost U.S. software makers $2.6 billion in 2000, $11.8
billion worldwide. The report also shows online piracy is on the decline,
the result of lower software prices and increased distribution throughout
the world. North America, home to most of the PC software developed, ranks
dead
last
in online piracy, at 37 percent. Western Europe comes in second last.

The fact is much of Internet piracy comes from out-of-the-way countries
that don’t have easy access to software most Americans consider commonplace.

But according to Bob Kruger, vice president of enforcement for the Business
Software Alliance, the fact the study shows little growth doesn’t minimize
the damage international software piracy over the Internet causes the industry.

“Why do people continue to break the law?” Kruger said. “For one, they
don’t think they’ll get caught, another is they think it’s no big deal. We
can deal with the ignorance, because we can educate people, but the people
who don’t think they’ll get caught need to educate themselves. One of the
problems is many people do this knowing the risks they take.”

To that end, the alliance of software companies is doing whatever it takes
to prosecute warez site operators, when found, to protect its
software. BSA member companies, which through absolutely no hint of
coincidence make up software that are popular downloads at warez sites,
include: Microsoft , Symantec ,
Macromedia and Adobe Systems .

Organizations like the BSA send out warnings to Internet service providers
(ISPs) and Web hosting companies on a regular basis, telling them when they
are hosting an illegal site. Compliance is spotty, at best, depending on
whether the site actually has the files on its servers.

The U.S. Department of Justice, headed by John Ashcroft, has rallied to the
software industry’s call for protection, prosecuting many so-called
“electronic thieves” under the No Electronic Theft Act of 1997.

The NET Act closed a loophole in previous Internet laws, which kept warez
distributors free of legal prosecution as long as they didn’t profit from
the activities.

Thankfully, Kruger said, the old law was changed, so that “if you set up a
web site with free downloads, you can still be criminally prosecuted,” he
said. “It’s not the case they will just get probation or just a slap on
the wrist, quite likely they’re going to go to jail.”

The Justice Department’s efforts culminated in 100 search warrants to
members of the warez site “DrinkOrDie” in December 2001. The worldwide
sting, the result of a two-year covert investigation, operated under the
codenames “Buccaneer,” Bandwidth” and “Digital Piratez.”

Many people wonder, ‘well, you have the URL to the Web site right here, why
can’t you just bust them?’ You would think the opportunities to
distribute warez would be extremely limited, given the federal attention
the activities draw.

Not so, says David Smith, a knowledge specialist at the Gartner Group.

“Warez distribution is still a very big problem,” he said. “(The Justice
Department’s) three major investigations have turned up a couple of
distributors, but there are a lot of them still out there, mostly
overseas. It’s going to be very difficult to prosecute them.”

So why do warez operators continue to run their sites, knowing the
potential danger they’re in if caught?

See Page 2.

For some, namely adolescent kids, the thrill of doing something illegal is sometimes too tempting especially if there is very little chance of getting caught. For others though,
the underground elite that host these sites, it’s about the spiraling cost
of software that’s often-time buggy and not worth the investment.

NXSonic is a site administrator for the warez forum group IX and
NXS. NXSonic uses revenues from banner ad sales at some of his legal sites
to help pay for the maintenance of the warez site.

“It is my opinion people do it because we are tired of paying outrageous
prices for software,” NXSonic said in an instant messaging (IM)
interview. “I mean, paying $300 for a word processing and Spreadsheet
suite is nuts. Of course there are alternatives that have some free suites
like MS Office, but they also are resource hogs. I believe people also do
it for the challenge of finding the software and the hint of doing
something illegal.”

With close to 800 registered members, the site caters to surfers looking
for the latest applications and games for download, minus the cost of the
software, naturally.

Avoiding the law isn’t nearly as hard as most would think. Like the
proverbial needle in a haystack, finding the sites in the first place can
lead agents can be a major headache. Even if they somehow do get caught,
NXSonic said, most of the smart warez operators know how to avoid
prosecution — they hope.

“As long as sites do not have actual software on the sites it is fine,” he
said. “The admins of some of the bigger forums sites have talked with
lawyers and know the boundaries.

“Does it worry us?” he continued. “Sure, deep down everyone is a little
scared but that is also what keeps us going.”

What also keeps warez sites like NX and IX going is the state of affairs in
the registrar business, which has a difficult time keeping up with the
people who register for domain names and use them to operate their illegal
sites.

Most of the contact information found in a WHOIS record for warez sites are
bogus, from the phone number to the mailing address. The only
legitimate-seeming contact method is through a relatively anonymous Web
e-mail account.

Take for example NavNetwork.net, a forum that posts the links of popular
software titles at warez sites. A look at its registration information
shows the owner of the domain is “Someone, Nobody” in Ontario, Canada. The
phone number (655) 556-6655 is phony, and you can contact the owner only at
[email protected]

His/her account is paid up until 2003.

Since the domain registration process is wholly automated, most registrars
never even notice a new domain name has been claimed, other than a notation
in a database. As long as the fees are paid, registrars are happy.

VeriSign , like most registrars, takes a passive
approach to handling and eliminating illegal online piracy sites. After
receiving notification of a potentially bogus registration, registrars
attempt to contact the domain owner, a process that can take weeks.

“If we find out the registration information given to us is inaccurate,
they will be found to be in breach of contract with us and we will delete
them from the database,” said Patrick Burns, a VeriSign spokesperson.

Of course, when the domain is shut down by a registrar, it goes back into
the pool of available domain names for purchase, and there’s nothing to
stop “Someone, Nobody” from going right back and re-registering the name
the next day.

This puts the burden of tracking down and closing down warez sites on
organizations like the BSA and federal law enforcement agencies. It’s an
uphill battle, they acknowledge, given the rapid pace of technology advances.

“We’ve got to be just as good as they are at how to get around the efforts
they make to disguise their identities and work with law enforcement and
civil justices around the country,” BSA’s Kruger said. “There’s been some
progress, both in the case of law enforcement attention and with the
courts. They’ve had a period of time to get themselves up to speed and
investigate and take appropriate action.”

For now, that’s the only effective tool in the software business’ arsenal,
primarily because the International Corporation for Assigned Names and
Numbers (ICANN) has been unable to develop a resolution to fight the
growing number of overseas-hosted warez sites. ICANN is the ultimate
authority for domain name and root server system management.

The closest the U.S. root server authority has been able to come in regards
to a policy is a position paper drafted in 2000 to the country code
top-level domain (ccTLD) organization, saying foreign domain registries
“must include policies aimed at minimizing the use of the ccTLD to carry
out infringements of intellectual property rights (including piracy and
cybersquatting) … These policies will also discourage the use of ccTLDs
to carry out consumer fraud and other illegal activity.”

According to Gartner Group’s Smith, the best software companies can hope to
do is keep plugging away at the warez community.

“They’re just going to have keep doing what they’re doing now, getting them
one at a time and shutting them down,” he said.

News Around the Web