Opinion: Why Malware as an Anti-Piracy Method is Doomed to Fail

By Drew Wilson

Late last month, a report by the IP Commission caused a stir amongst advocates. Among the recommendations was the call to hack into an alleged copyright infringer’s computer and either delete infringing material, lock down the computer altogether, or physically destroy the computer entirely. Drew Wilson offers his thoughts on the subject of malware as an anti-piracy measure as mentioned in this report.

BoingBoing covered this story and pointed to 2 paragraphs in the 84 page PDF file. These paragraphs are found on page 81 in the PDF file. They are:

Additionally, software can be written that will allow only authorized users to open files containing valuable information. If an unauthorized person accesses the information, a range of actions might then occur. For example, the file could be rendered inaccessible and the unauthorized user’s computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account. Such measures do not violate existing laws on the use of the Internet, yet they serve to blunt attacks and stabilize a cyber incident to provide both time and evidence for law enforcement to become involved.

The second paragraph (immediately following on the same page) reads:

When theft of valuable information, including intellectual property, occurs at network speed, sometimes merely containing a situation until law enforcement can become involved is not an entirely satisfactory course of action. While not currently permitted under U.S. law, there are increasing calls for creating a more permissive environment for active network defense that allows companies not only to stabilize a situation but to take further steps, including actively retrieving stolen information, altering it within the intruder’s networks, or even destroying the information within an unauthorized network. Additional measures go further, including photographing the hacker using his own system’s camera, implanting malware in the hacker’s network, or even physically disabling or destroying the hacker’s own computer or network.

As is typically the case, reports like this are often written by people who have no idea how technology works. When I read these two paragraphs, it was immediately clear that the author was under the false assumption that computer files operate like physical property. As anyone with a hint of knowledge about how computers work know, if a file is downloaded, it’s simply copied from one computer to another rather than physically moved.

Additionally, when DRM is encoded into a file, release groups typically disable it before having it distributed amongst topsites which often make their way down the file-sharing food-chain. So, proposing the idea of using measures to disable access to certain files on a person’s computer has been defeated long ago. In fact, some software developers even went so far as to encode trojan horses into pieces of software should the copy protection be removed (Re: Gladiator vs. Air incident). This tactic failed in the end anyway. The only people who would be affected by such measures are people who purchase software legitimately. If their system was disabled by a false alarm, then it would only encourage software piracy, not deter it because the pirated version would be seen as more secure than the legal version by potential customers.

Even if it became the norm to implant rootkit technology or ransomware, there would be more of a deterrence to use Windows operating systems. People would be encouraged to use Linux distributions instead because rootkit technology is typically aimed at operating systems like Windows and Mac computers. In fact, as a user of legally purchased software, I’ve come across numerous instances where I am suddenly locked out of my own software because the key system was buggy. This was both in Mac environments and Windows environments on completely different networks. The common link between these cases was that it was Adobe software. If Adobe failed to create a properly functioning key system, what chances do other smaller vendors have in the first place?

The best possible result that such a policy and/or law would have is encourage users to have two separate computers – one for pirated software and one for legitimate software. That is the best case scenario this policy could hope to achieve.

There would be numerous pitfalls to such a policy as well. One of the biggest I can foresee is that vendors who are foolish enough to even attempt it are opening themselves to legal liability. If a computer system is locked down because of a false alarm on a business network, I would say that the company in question has every reason to sue for loss of productivity. If a whole network is disabled in an office building of a few hundred employees for a whole day because of a bug in whatever the DRM system has, it’s not out of the question that a seven figure lawsuit would result.

At the end of the day, this document was clearly drafted by someone who has, at best, a very distorted and inaccurate idea of how computers work. The author came up with this weird fantasy where computer programs operate like the Doctor from Star Trek Voyager. Reality ultimately disagree’s with the author of this report.

This article was published yesterday on ZeroPaid.

Drew Wilson on Twitter: @icecube85

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top