Trojan P2P Nets

The NYTimes discusses the rise of the Trojan-based P2P network in Hackers Steal From Pirates, to No Good End (CNet’s version). What’s particularly notable, assuming that it’s legit, is the series of discussions cited with an online seller of spam services via a Trojan P2P net:

“Sinit appears to have been created as a money-making endeavor,” Mr. Stewart said in a research paper describing his discovery. “This Trojan is also further evidence that money, not notoriety, is now the major driving force behind the spread of malware these days.”

There is now a market for the services of networks of infected machines, which can allow illicit operators to carry out scams and activities prohibited by legitimate Internet service providers. On Web sites frequented by hackers, spammers and people who identify themselves as practitioners of credit card fraud, the remote-access networks, or “radmins,” are offered openly.

On one such site, Carder Planet, a typical pitch from “r00t3d” reads, “I have a steady supply of FAST radmins. I am wanting to offer these to those of you who need good hosting for your scam pages” for periods of a week to “six months or more” for a price of $50 per machine.

The hacker did not respond to online requests for further information, but in a general discussion on the site he defended his work on Trojan-infected machines by saying “money makes this forum and the world go around.” He added that “spam page hosting is obviously needed,” and therefore, “people will purchase that service.”

The implications for the Internet of the new breed of Trojan programs are troubling, said Bruce Schneier, the founder and chief technical officer of Counterpane Internet Security Inc. “A self-replicating peer-to-peer network is kind of scary,” he said, not just because a less easily detectable network is bad news, but because it offers proof that hackers, once primarily interested in breaking into systems for thrills, now have a profit motive.

Innovation — Just What This Market Needs

A New Use for a CD’s Flip Side

OneDisc Technologies of Dallas is in talks with major and independent labels to begin making a combination single-disc product that plays DVD video on one side and CD audio on the other, the company’s president, James Wilson, said.

A combination disc from the singer-songwriter Kathleen Edwards, “Live From the Bowery Ballroom” on Rounder Records, is already in stores. One side includes three songs that play in a standard CD player, while the flip side features two DVD music videos. OneDisc owns a license for the technology involved.

For years, artists have included video footage on enhanced music CD’s, but that video, viewable on a computer as a CD-ROM, does not have the same playback quality of DVD’s. More recently, record labels have been bundling bonus DVD’s with traditional CD’s to entice music fans to buy albums rather than illegally downloading or copying them. Those packages include two separate discs, one for audio content and other for video.

“The problem here, in general for the music industry, is that the value of the piece of plastic that has the music on it is going down,” Josh Bernoff, a principal analyst with Forrester Research, said.

The Forrester quote is pretty stupid, really — the piece of plastic has never been valuable. But the real point is legitimate; digital distribution means that the CD as a delivery vehicle has to compete on new fronts, and it has done so imperfectly. After all, the bandwidth in CD delivery is pretty substantial — it’s just that, more and more, the whole album is not what the consumer demands.

Google-washing Redux

Foes of Bush Enlist Google to Make Point

Anyone searching on Google for the phrase “miserable failure” was sent to the official White House biography of President Bush.

Google executives say they have no corporate opinion of the Bush presidency. Instead, the episode is another example of a form of cyber-graffiti known as “Google bombing.”

It is a group prank. If enough Web pages link a certain Web page to a phrase, the Google search engine will start to associate that page with the phrase – even if, as in the case of Mr. Bush’s official biography, the phrase does not occur on the destination Web site

I post this only to demonstrate just how poorly educated some corporate IS firms are. My wife’s been trying to learn from her IS group about Google rankings, and their responses to her have been tragically uninformed — an Amazonian headhunter could come up with a better explanation than some of the nonsense she’s shown me in their e-mails. Yet, here are some hackers readily manipulating the system.

On the other hand, it’s also clear that Google doesn’t quite get it either, as this quote reveals:

Craig Silverstein, Google’s director for technology, says the company sees nothing wrong with the public using its search engine this way. No user is hurt, he said, because there is no clearly legitimate site for “miserable failure” being pushed aside.

I’d love to know what Mr. Silverstein’s definition of "legitimate" is.


Mary Hodder points out that yesterday’s “Catching Up” posting exposes not so much how far behind I am, as it demonstrates the limitations of my RSS aggregator. October NYTimes articles, indeed. In fact, I’m pretty sure I cited them already. Must have been *really* worn out from shoveling.

While RSS aggregators have been somewhat useful to me when I’m in a hurry, I’m less enamored of them when I have a little more time. But, maybe that’s just the limitations/problems with the one I’m working with these days. Anyway, my apologies.

Catching up…..

  • CNet: Hollywood: Norwegian hacker a burglar

    “We consider this stealing,” Marsha King, executive vice president and general manager of Warner Home Video, told the Oslo Appeals Court. “It’s taking our key and breaking into our house and stealing what we’ve made,” she said.

    Good luck finding a judge dumb enough to buy that argument

  • CNet: Some compulsory licensing thoughts, inspired by the Canadian record industry’s initiative — Should ISP subscribers pay for P2P?

  • NYTimes’ David Pogue: The File-Sharing Debates

    Last week in this space, I wondered why the RIAA (Recording Industry Association of America) and movie studios get so worked up about online file swapping, when public libraries distribute their works freely without a penny of compensation.

    As usual, some of this column’s readers responded thoughtfully and with authority; I thought I’d share three of those reactions with you this week.

  • NYTimes: Online Music Business, Neither Quick Nor Sure — surprise…..

A look at our snow

The image with the yellowish cast is from last night at about 10:00 PM. I got up this morning to what looks to have been another 6 inches (although it could have just been drifts — the wind was really howling). They’re saying Boston got about 16 inches. This *so* not typical for December. (Gov. Menino is on the TV telling us that Boston schools will be closed tomorrow). Let’s just say that the weekend has been devoted to shoveling and not a lot of web browsing or generally catching up…..

Update: Here are a couple from the front of my home, following a morning of shoveling, and one looking out the back onto the deck — note that it’s still coming down, but not quite so hard anymore…..

KaZaA Lite Shutdown by Sharman

According to Slashdot, via Zeropaid, KaZaA Lite has been shutdown: Kazaa-lite Shut Down

Interesting — with Zeropaid Slashdotted, I thought I’d see what I could do to try to find other ways in using a Google search for Kazaa-lite and I got an interesing notice: "In response to a complaint we received under the Digital Millennium Copyright Act, we have removed 3 result(s) from this page. If you wish, you may read the DMCA complaint for these removed results." — a cute way around the requirement, since of course the compaint has to be public.

The subtler question is the question of whether Google has cross referenced all 11 complaints filed at Chilling Effects against the sites that come up in a Google search. See Chilling Effect’s search page (search for keywords "kazaa" and "google") to see all 11 complaints.

Ed Felten on the Alternative Compensation Meeting

Ed has posted his thoughts on the Alternative Compensation Meeting here: Reflections on the Harvard Alternative Compensation Meeting. He mentions that the weather has kept him in the city for a while (Logan’s been closed most of the day.) Sorry I didn’t get a chance to meet him…..

The afternoon discussion was about voluntary license schemes. And here an interesting thing happened. We talked for a while about how one might structure a system in which consumers can license a pool of copyrighted music contributed by artists, with the revenue being split up appropriately among the artists. Eventually it became clear that what we were really doing was setting up a record company! We were talking about how to recruit artists, what contract to sign with artists, which distribution channels to use, how to price the product, and what to do about P2P piracy of our works. Give us shiny suits, stubble, tiny earpiece phones, and obsequious personal assistants, and we could join the RIAA. This kind of voluntary scheme is not an alternative to the existing system, but just another entrant into it.

Mary Hodder’s tracking other postings on the subject.

Zack in the NYTimes Magazine

Nothing like a snowstorm to give you the time to work through the Saturday and the part of the Sunday NYTimes. So, I got to see that Zack Rosen (from ILaw 2003 at Stanford) gets some ink and a photo in the Magazine section. An odd slant on what brings people to Dean, but a good look at Zack (left in the photo to the right). Check it out: The Dean Connection [pdf]

Zack Rosen was a creator of DeanSpace, ”the revolution itself.” He started the project, originally called Hack for Dean, after reading about Dean on the campaign Web site for 20 minutes. ”I just knew this is the guy,” Rosen says. He recruited an unpaid team of nearly a hundred programmers, including his friends Neil and Ping, to write software for the campaign that would allow the many disparate, unofficial Dean Web sites to communicate directly with one another and also with the campaign. Typically, to reproduce information from one Web site to another, a user has to cut the information by hand and paste it into each Web site, a laborious process. The software that Zack’s group built allows any Dean Web site to reprint another’s stories, images and campaign feed automatically, as if they have a collective consciousness. It also will provide a ”dashboard” for the people in Burlington, where the campaign can track patterns on its unofficial sites and observe which content is most popular.

[…] It’s not hard to imagine that if the year were 1999, Rosen, an ambitious college kid with an exciting new software idea, could be easily recast in the role of child tycoon. But Rosen isn’t mourning being born a few years too late. It is not clear to him who owns the programs he invented — the Democratic National Committee? Howard Dean? — but he doesn’t really care.

Rosen says the true purpose of the Internet is to allow people to connect, and he isn’t surprised there wasn’t money to be made on that premise. Through his long fluorescent nights, Rosen takes breaks from coding to gaze happily at the personal e-mail messages Dean supporters compose and send using Dean software. ”Look,” he says wistfully, the light of the computer reflecting off of his glasses. ”This is Nelson. He spent real time on this letter. Look how long it is.”

Rosen is one of the more diehard programmers at the Dean office. He can easily discourse for half an hour about ”open-source political campaigns” or the possibility of using cellphones to overthrow dictatorships or ”recursive hard core CS225 data structures.” But he surprises me by saying he never would have come up with the Dean software, or left school, if his first serious girlfriend (like Johnson’s crush also named, coincidentally, Julie) hadn’t broken up with him last spring.

”The worst thing is we aren’t even friends,” he says glumly. ”I invited her to be my friend” — he gestures to his computer monitor — ”I mean on Friendster. No word yet.”

[…] Watching [Zack and his crew] work from their battered easy chair, I find it impossible to tell if they are gazing at the filmy, pixilated image of a Julie or the face of a new Dean supporter or a line of code; whether the peer-to-peer communication they are struggling with is related to the 2004 election and the fragmentation of American public life, or is something more private.

While the Times article seems to be arguing that people come to Dean to fill a missing piece of their lives, I’m not exactly sure why that’s supposed to be news. The very fact that they form a community is a strength, not terribly different from a host of other human activities. And the fact that the network has been an instrument in building that community has proven to be very powerful.

Update: Note that Doc Searls has assembled a number of comments that explain the issue I have with this writeup better than I did.

SCO Has To Go First

Slashdot is full of the GrokLaw reports that SCO lost both motions today in Utah, and has 30 days to produce all the supposedly infringing code.

Cool, but I like the fact that GrokLaw notes elsewhere that Linus Torvalds is getting his hands dirty after asserting that the law was to be left to lawyers. See Linus Digs Into Copyright Law and Notices Something Useful — a response to Slashdot on Daryl McBride’s Latest (updated)

I ended up looking up the exact wording of the US copyright law for the definition of ‘derivative’, and guess what I find a few lines below it:

The term “financial gain” includes receipt, or expectation of receipt, of anything of value, including the receipt of other copyrighted works.

This is from US Code Collection, Title 17 (copyrights), Chapter 1, Section 101: ‘Definitions’. In short, this is from the very first section in copyright law – the thing that defines terms even before those terms are used. What I’m trying to say – this is some pretty fundamental stuff when it comes to copyrights in the US. Pertinent, if you will.

And note how copyright law expressly includes ‘the expectation of receipt’ of anything of value, and expressly mentions ‘receipt of other copyrighted works’ as such a thing of value. And that’s the _definition_ of ‘financial gain’ as far as copyright law is concerned.

And guess what the GPL is all about? Maybe you can explain to Darl how the GPL is _designed_ so that people receive the value of other peoples copyrighted works in return for having made their own contributions. That is the fundamental idea of the whole license – everything else is just legal fluff.