Pirated movies: Now playing on a server near you
COMMENTARY--Want to see the latest motion picture? You don't have to pay $8 at your local movie theater. An illegal 2GB DVD version of Spiderman or another recent Hollywood feature may already be stored on a college or university server, just waiting to be downloaded to your hard drive.This is Hollywood's worst nightmare, and a wake-up call to the motion picture industry comparable to the scare Napster gave the music industry two years ago.
THE MOVIES reached the academic networks through Internet relay chat (IRC), a free, distributed chat service that is now a favorite of hackers, script kiddies, and other malicious users. Unlike instant-messaging clients such as MSN Messenger, ICQ, and AIM, IRC is run entirely by volunteers.
"Bots"--robots that can execute remote commands--distribute files on IRC servers all over the world. These bots, which date back to the beginning of the service in 1988, can be automated and networked together. Some file-sharing IRC bot networks have 300 to 400 bots working off the same IRC channel.
If IRC acts as the party-line communication among large groups of people, then Direct Client Connection (DCC) functions as a direct private line. Hackers use DCC to communicate with their bots, and are able to execute commands--such as moving large files--on remote systems.
"Hackers are now trading network bandwidth around like currency," says Dan Ingevaldson, team lead for Internet Security Systems's X-Force R&D. His company warned last Friday that universities may be unknowingly storing pirated motion pictures and commercial software. "Hackers are penetrating these campus machines not just to read e-mail or files, but for the bandwidth."
HACKERS EXPLOIT high-bandwidth college servers by taking over a machine, and installing their own FTP servers on the system. Then they can upload, download, and even transfer large files to other networks. The pirate FTP servers are often hard to detect, and run on high ports such as 6666 and 7000. ISS identified "raidenftpd," "bulletproof FTP server," and "glftpd" as popular FTP servers used by pirates in its May 3 security alert. ISS urges system administrators to watch out for--and kill--IRC_DCC requests.
Ingevaldson says that many servers on college networks are wide open to pirates. With thousands of short-term user accounts, many of which use peer-to-peer file-sharing networks like Audiogalaxy and Morpheus, university networks typically do not perform packet filtering on all their Internet connections. Even before Napster, university servers have been secret havens for warez files, illegal copies of copyrighted software.
"What's news is that hackers and warez pirates are merging," says Ingevaldson. "They're looking to expand their universe to include larger files, such as motion pictures." For example, a 2GB copy of the recently released movie, Scorpion King.
What tipped off Ingevaldson and others to the presence of large files on college networks was server performance complaints from students and faculty at the University of Washington. Dan Dittrich, senior security engineer at the University of Washington, started investigating periods when the university's network slowed down. He discovered a distributed database of motion pictures and pirated software present on the university's server. Together, he and Ingevaldson began researching how widespread the problem was.
IT SEEMS hackers originally get hold of the latest movies by making copies of DVDs with a standard DVD burner. Once another person discovers the movie on a server, he can easily download the file and rip it to disk in no time. One program identified by Ingevaldson as a favorite with malicious users is Iroffer, a file server program that also has legitimate uses. With Iroffer IRC bots, hackers broadcast advertisements for the latest software, games, or motion pictures to appear on IRC channels. The ads include instructions on where to find and how to download the pirated files.
There is a whole culture that believes providing free copies of Windows XP or Attack of the Clones to others is a legitimate service. However, rightful owners of the intellectual property, including movie studios, do not agree.
Since it's impossible to tell who's legally responsible for these shadowy IRC botnets, copyright owners may have no option but to sue the hosting servers. A lot of companies have policies that ban peer-to-peer connections like IRC on their servers. The threat of legal action may be enough to convince those responsible for college networks to rethink their positions, as well.
Should universities be held responsible for pirated content on their networks? Why or why not? TalkBack to me below.