A little below the respectable surface of the Internet lies the largest kingdom of thieves in the world. You don't have to be a private detective or secret agent to discover this. It is there for all to see. You just have to know where to look, to enter a code name or two, download a decoding program and you can start cracking programs, collect MP3 files, dabble in pornography, learn to write viruses or activate programs that will topple servers.
It is easy to be a thief on the Internet, and what's worse, it seems that the companies that are robbed are afraid of the thieves. Otherwise, it is hard to explain why they are all sitting quietly while billions of dollars are being stolen from them in broad daylight.
Any program within an hour
"No problem, I can get you any program you want within an hour," says M., who describes himself as an "amateur cracker," as he sits in front of his home computer. "I love to crack programs, but I would not say that I am particularly good at it. I have read a manual or two, but it is a pretty complicated business. It is something for children who have a lot of time to fiddle with." M. is about 35 years old. Like the other people interviewed for this article, he requested anonymity.
"I am a marketing person for a company that is the Israeli branch of a very very very big software company," says R. "The last thing I need is for them to find out that my computer is full of stolen software."
I ask M. to guide me down the alleyways to breaking into a program, one step at a time, and mention a program that is in high demand by Macintosh users. M. goes online, loads his browser, goes to the Google search engine and types "surfers serials" in the search window. Google responds with a list of addresses, the first of which is a French site called Macist. "All the serial numbers and codes to all Macintosh programs," declares the site in French. One click on the link under the declaration and within a minute the code program is downloaded onto M.'s hard drive.
M. launches the program and a skull-and-crossbones appears on the screen. M. types in the name of the program I had mentioned. A window appears at the side of the screen, displaying the username and serial number of the desired program. "Now we have the serial number of the program," says M., "but you probably want the program itself, right?" Of course.
"Hotline" - the thieves' stronghold
M. switches to another program, Hotline. "This program has already been around for a few years," explains M., "and is the program for downloading cracked programs. All you need is the trackers' list and a bit of patience."
M. goes to a site called "Eric's place," but takes no interest in the site itself. "There's nothing here, he says, though he does download a program called "trackers.txt," which is the list that he wanted. Arbitrarily choosing an address, he adds "macness.dyndns.org" to the list of trackers in his Hotline window. Hotline displays a list of three sites that macness will access, and the second one, a filter, shows that seven people are currently online there.
The opening blurb at the filter site is a bit frightening: "Read the news every time you enter!!! Cypher is the supreme ruler - the administrators are always right. If you argue with them you will be blocked." Then comes a long detailed legal advisory that basically says, "if you enter this server, you are violating article 431.322.12 of the Internet Privacy Law (1995)," which means that the site is a private site and no one, private, commercial or government, has permission to enter it. The advisory notes that all the files at the site are for backup purposes only and anyone who downloads them is violating copyright laws. Other sillier clauses permit access only to people with green hair over the age of 2,069 who were also friendly with Jesus during his lifetime.
M. of course disregards the threatening warning, saying that all such sites have similar advisories, supposedly designed to protect them from lawsuits.
Flattery will get you everywhere
M. goes to the site's news section, noting that he always checks out the programs other people are seeking and then uploads the goods. Cypher and his friends always want something in return for what others download from them, and what they want now is the latest updated version of Microsoft Office. M. changes the name of a compressed file he has on his hard drive to something reminiscent of MSOffice and sends it off to the site, then waits for permission to download. Five minutes later we're inside, with carte blanche to download anything we want. In the games section we find Warcraft, Deus Ex and other popular games. Microsoft's file contains the program I am seeking, and we start to download it. Within an hour or two, M. will own an illegal copy of a program that costs several hundred dollars.
This method - the uploading of a bogus file - is not the only one used by amateur thieves. M. admits that it can only be used once at any given site. "When Cypher sees I fooled him, he'll block my access forever."
Some counterfeit program sites use what's known as the "banner" method. When a surfer gets to the site, he has to click his way through a number of advertising screens until he gets to the access code. The idea is apparently to force surfers to view the advertising before they can reach the program they want to download.
A more common method requires the surfer to develop a friendly "conversation" with the site managers. "In order to download," explains A., "you have to have something to upload. I have a few discs of programs specifically for uploading to sites. I myself don't use them."
Hotline is not alone
Hotline is not the only vehicle for downloading stolen software. Hotline and its cohorts operate on the server-client system. Someone opens a server (which in the case of Hotline is a simple procedure that takes only a few minutes) and other surfers access it via the Internet and download files. Other systems use software that allows direct connections between the subjects of the kingdom of thieves, via the Internet. At the popular CNET site, for example, 85 percent of all downloads of the 10 most popular programs are for Peer-to-Peer programs such as Morpheus, BearShare, LimeWire, KaZaa or iMesh, which allow surfers to seek out and download software from the hard discs of other surfers around the world.
The revolution started by Napster, which focused on music files, spread long ago to other fields. All peer-to-peer programs declare that they enable users to download "all types of files." This in effect refers to illegal software and pornographic films.
If the connection between two peers is via regular modems and the speed is far from impressive, but if both peers have ADSL or faster connections, data transfer speed can reach 20-30 kilobytes per second. The downloading of a complete version of Photoshop, for example, could take less than an hour.
Another way to obtain stolen programs is via Internet auction sites. Auction sites like eBay claim they do whatever they can to prevent the sale of stolen software, but all the software sections of such sites offer copies of updated programs at a tenth of their market prices, or less. A short visit to the site revealed versions of Photoshop for $75, Microsoft Publisher for $1, Pagemaker for $10, etc. In most cases these are copied CDs.
Helping Microsoft
"Don't you feel like a thief?" I asked R.
"No," he replies, and has a number of ready explanations up his sleeve for his behavior. First, R. sites the corruption charges leveled at the company for which he works. "Do you know how much money they make? Do you think these companies even feel it (the effects of the theft)?"
Other thieves site economic reasons. "We are returning the power to the customer," claim many of them, saying that the programs cost so much, and they say that they are actually helping by letting customers try out the software before buying it. The administrator of one downloading site actually said that Adobe should thank him for distributing the software.
S-c-a-r-e-d
When there is very high demand, anything can be cracked. Windows XP and the Office XP set are a case in point. Last month, the first after the release of Windows XP, the newspapers were already reporting a few instances of cracking. A British newspaper, the Register, reported that pirated copies of Windows XP were available for £10 and for as little as £2 in places like Singapore and Bangkok. The Register's reporter was amazed that the merchandise was openly displayed at market stalls. He shouldn't have been. This type of illegal activity attracts underworld operators who are willing to take risks and their presence deters those who are supposed to be enforcing the law.
Both the counterfeit copies and the fears have reached Israel. While this article was being prepared, we were shown three separate instances in which Windows XP was downloaded from the Internet or copied to a CD without authorization from Microsoft. It is reasonable to assume that when pirated copies of Windows XP do reach the market stalls, little action will be taken against the vendors. No one, including income tax inspectors, police officers and other law enforcement agents, wants to get involved with this type of criminal.
Ineffective defense mechanisms
Software companies have taken several measures to protect themselves from theft. First, they tried to convince the thieves that counterfeiting programs was not worthwhile. Software company representatives claimed that pirated copies would not function well and warned that when problems cropped up, users would not receive technical support. In truth, almost all programs that can be cracked easily (with a username and password) can be installed completely and function just fine.
The argument of lack of technical support is also not convincing. Many software companies distribute user manuals online, because it is cheaper than having them printed and included with the authorized program CDs. These companies, however, are sawing the branch on which they are sitting. If the online versions of programs are the same as the authorized ones, why should consumers shell out money for the legal versions?
Other companies have taken more active steps, with a two-stage installation and operation system. Before installing a program, the user must register the program's serial number either online or with a telephone operator, in exchange for the code for activating the program. This method works when a program is particularly expensive or has a small number of users, but when there are massive numbers of users, or when each call must be handled individually, this method digs deeply into the profits from the sale of the program. If, for example, Microsoft had to handle the activation of every copy of Windows XP by telephone, it would have to employ 6,000 extra workers for that task alone. Other protective measures require even more manpower.
The last type of action software companies are taking to defend themselves against thieves is pinpointing and then suing of the criminals. As the case against Napster proved, however, winning such lawsuits is very difficult.
When Napster was forced out of the picture, dozens of other programs cropped up in its place, with even better protection from lawsuits. The nature of cracking sites and their managers also make it hard to conduct legal proceedings. The sites are constantly on the move and are constantly changing their names, so tracking them down and serving them with indictments is very costly.
Most managers of illegal download sites do it for their own pleasure, to enjoy the programs donated by others, and for the ego trip of being a successful cracker. The cost of preparing and filing a law suit is far more than the damages a software company could ever receive from the cracker, who is usually just a teenager with no assets and whose parents would probably roll their eyes at the judge who doesn't understand that their son just wanted to have a bit of fun.
How much is stolen?
It is hard to obtain exact figures on the extent of software theft, the counterfeiting of discs and similar illegal activities. It is even harder to calculate the extent of theft via illegal downloads from the Internet. All the sources we contacted admitted their figures were not accurate and were only estimates.
According to BSA, the software manufacturers association, three out of every four programs used on home computers are stolen. BSA has no firm basis for this estimate, but it is not much different from assessments made by Israeli marketers, who put the rate of software theft at 60-90 percent.
The Photoshop photograph-editing program, for instance, is sold with a thick user manual. Even so, tens of thousands of Photoshop user manuals are sold each year, including the same manual as comes with the program. Almost all these books are bought by people using a stolen copy of the software.
Practically the only solid figure comes from the International Intellectual Property Alliance (IIPA), which is based in the United States. The IIPA claims that the rate of videocassette piracy stood at 50 percent in 2000, up from an estimated 20 percent in 1995. Music piracy rose from 13 percent to 30 percent in the same period, while the illegal copying of educational computer software and games rose from 40 percent to 45 percent (as of 1999). There was actually a drop in the counterfeiting of other types of software, from 74 percent down to 41 percent. These figures are quite alarming, but they also include copies made by illegal factories that make a business of exporting counterfeit discs and tapes.
The IIPA reports that in 2000 alone, there were 343 civil suits filed against counterfeiters, with 275 of these relating to the illegal recording and copying of video cassettes and just 11 of them dealing with software. Backlogs at the courts work in the counterfeiters' favor. In 2000 there were 40 criminal convictions against video counterfeiters, only 3 convictions for the theft of business software, and not one for the theft of computer games and educational software. According to IIPA, the courts managed to clear their desks of only 15 percent of the suits filed that year.
