Digital Pirates and the "Warez" Wars

"Every program you can think of can be found on the web, in a thousand different places in its complete version many weeks before it ever appears in the best shops, as everyone with the intelligence level of an eggplant soon discovers."

-Fravia "The Reverser"

The software on your computer -- the programs you use to send emails, write memos, surf the web, whatever -- are nothing but ones and zeros neatly arranged on a magnetic disk. As such, they are easily copied verbatim to another disk, or even a million other disks. That ease of distribution, what tech heads call "propagation," is both the basis for the multi-billion dollar software industry, and its biggest threat.

Since before Bill Gates made his first million hawking MS-DOS, software developers have been searching for ways to protect their creations from unauthorized copying. Back then, they employed strategies like printing access codes on irreproducible paper, or even requiring the user to take a pop quiz, the answers for which could only be found in the software manual. The methods are different today but things haven't changed all that much; copy protection was unsuccessful then, and is unsuccessful now.

The millions spent on increasingly complex copy protection schemes have proved fruitless because for every new development, a new wave of hackers swoop in to undermine the protection. While digital music piracy -- Napster and MP3s -- grabs the headlines day in and day out, a war is quietly brewing in the software underground.

One increasingly powerful army in that war comprises highly knowledgeable software "gangs." These gangs, usually made up of software developers and technologists, work to reverse the protections built into software products, enabling others to distribute the products free of charge. Make no mistake -- these gangs are not your rogue technophiles from the MS-DOS days, but a large, highly organized movement interested in "cracking" every piece of software that sees the light of day.

The groups stay underground by using pseudonyms and exploiting the decentralized nature of the Internet. Some have been tracked to Norway, Russia, Hong Kong, Manila and various cities around the U.S. The hacked software they traffic is known as warez (pronounced like "where's"). According to the software industry, software piracy accounts for as much as $12 billion in losses.

That's enough lost revenue for the Department of Justice to take note. In December, warez grabbed front-page headlines when law enforcement agents busted a large piracy ring known as DrinkOrDie. The bust consisted of more than 100 raids across the country, from dorms at UCLA and MIT to the Bank of America's data centers. Over 120 computers were seized in the bust. DrinkOrDie members Kentaga Kartadinata, 29, and Mike Nguyen, 26 were officially charged with copyright infringement on January 23, and many more may face charges as well.

DrinkOrDie (DoD) got its start in Russia in 1993. Various reports credit one of two hackers -- Deviator and Jimmy Jamez -- with founding the organization. Despite modest beginnings, DoD garnered a worldwide membership by 1995, when its hackers completed their first claim to fame -- releasing Windows 95 over the Internet two weeks before Microsoft could release the software to the public. DoD was also integral in the development of software that defeats encryption of DVDs. That program -- DVD Speed Ripper -- along with the better known DeCSS, led to the indictment of 18 year-old Norwegian hacker Jon Johansen earlier this month. Because of these and hundreds more warez releases after it, the U.S. Customs service called DoD one of the most accomplished and sophisticated software piracy groups in the world.

Hacker's High

But unlike many other piracy groups, this breed of hacker isn't in it for the money. Rather, hackers like Kartadinata, Nguyen and Johansen thrive on the sheer exhilaration of showing up the corporate competition. To defeat a company's highly touted copy protection system is the warez hacker's opus. Such dreams drive otherwise reputable technologists and engineers to risk arrest, fines, imprisonment -- all for the thrill of belonging to the warez scene.

In the case of DrinkOrDie and similar groups, that scene is run with the efficiency of established corporations. Hierarchies headed by chief executives, presidents, vice-presidents and directors ensure that cells within the larger organization are hard at work cracking the latest and soon-to-be-released commercial software packages. It's a setup akin to organized crime, except that thrills replace money as the motivating factor.

Despite their sophisticated organization, DrinkOrDie maintained a carefree approach to their work. In an interview with an underground e-zine, DrinkOrDie president Jimmy Jamez said, "This is all for fun. I plan to stay active for some time."

Another hacker called Fravia -- a.k.a. "The Reverser" -- echoed Jimmy Jamez's statement, explaining the motives that help make him one of the most well known hackers on the Web.

"We are defeating copy protection schemes because that's fun ... for the challenge," says the reverse engineer expert.

Operation Enduring Software

Then again, it's all fun and games until someone gets busted. In the near future, more warez hackers may find themselves meeting federal agents face to face.

The DoD bust was part of a recent effort by authorities to step up investigations of piracy networks. The bust culminated two years of investigation to bring down warez hackers and their technological infrastructure. The three operations: Buccaneer, Bandwidth and Digital Piratez have been rattling the software underground.

In Operation Bandwidth, the U.S. Attorney's office for the District of Nevada led a complex sting operation. Agents created their own warez Web site and attracted 200 warez traders. These individuals proceeded to transfer over 100,000 pirated files. The investigation enabled law enforcement to seize computer hardware, file servers and digital storage used to trade warez.

Operation Digital Piratez targeted warez Web sites that serve as hubs for warez trading and downloading. And Operation Buccaneer targeted international networks of warez hackers, including DrinkOrDie. Given that the DoD operation was the largest computer crimes bust ever, the feds are clearly intent on stopping piracy gangs.

Software companies certainly appreciate the government's help. Some companies, like PACE Anti-Piracy, makers of a copy protection scheme called Interlok, have seen their entire business model threatened because of "crackz." On one side of the battle Interlok developers are continually updating their software to be hack proof. On the other side, the warez world is stripping those updates down and finding new ways to break Interlok. It's an endless cycle that can leave a company like PACE in the dust.

Without constant vigilance, Interlok could lose its effectiveness entirely. PACE spokesperson Laurie Mack says, "We are constantly updating our software tools and technology to deal with issues and increasing the security for our clients." So far they have done this well enough to maintain their clients' trust in Interlok, even though anti-PACE and Interlok-defeat software is readily available.

Warez for the People

Though PACE would certainly disagree, many warez hackers think they are performing a public service by cracking protections. Some believe in a kind of technical Darwinism -- if they challenge the protections, developers are forced to make more secure versions, and better programs emerge. Fravia, for one, goes as far as saying that hacking is necessary to preserve democracy. "Reverse engineering is the sine qua non for fighting back in a world that is getting more and more anti-democratic and oligarchic, where money counts more than knowledge," he says.

Not everyone agrees. Security expert Jericho, who is known in the mainstream as Brian Martin, doesn't buy the "software to the people" argument. He suggests that the average warez hack is more interested in getting something for nothing than saving the world from burdensome copy protection. "Most people download warez as a target of opportunity," he says. "The kids that are warezing MS Office wouldn't have paid for it if it wasn't available for free."

To security professionals like Jericho, who work alongside software companies to improve encryption and security, the warez hacker sits low on the hacker totem pole. Says Jericho, "They are not respected by real hackers [like] administrators [and] security professionals."

Finding Warez on the Web

Whatever their intentions, warez hackers work quickly, often cracking software before it is released to the public. Continuing the tradition that DoD set with Windows 95, Windows XP warez were released by hackers well before Microsoft had a chance to officially roll out the latest version of its ubiquitous operating system. With a little searching the average user could find XP and thousands of other programs on the Internet.

I searched for XP myself and found that the warez scene can be broken up roughly into three sections: warez, crackz, and serialz. Under the warez umbrella are complete application packages. These range from small utilities that cost under $30 to business and graphics applications which price in the tens of thousands of dollars. By downloading a warez file you get everything you would have gotten had you purchased the software at the store, except a manual and the fancy packaging. In most cases these are fully usable software packages, often with copyright protections disabled.

Crackz are small utilities that hackers create to strip a program of its copyright protections. If you've got a trial version of software that expires in thirty days, downloading the appropriate crack can extend the trial indefinitely. Cracks can also activate features that have been disabled in trial versions, essentially giving you a full-featured version free of cost. If the program requires a serial number, the right crack can disable the serial number requirement. That way you can install software without knowing a valid serial number.

Serialz refer to illegally obtained serial numbers. Most software is protected by serial numbers or key codes that are normally issued only to paying customers. But there's nothing to stop someone from posting their valid serial number on the Internet for millions to reuse. Lists upon lists of serialz can be found for just about any program using serial protection. Since no skill is involved in serialz, warez hackers consider it a lower form of hacking. But it is perhaps the most common way that users pirate software.

A subset of the serialz umbrella is "keygens." Keygens are programs that can generate valid serial numbers. If a serial number can't be found on any of the serialz lists, finding the appropriate keygen program could be the ticket to unlocking protected software.

Warez production and development cycles exist pretty much only underground. Now especially, warez hackers will be lying low to keep from the Department of Justice's radar. However, warez hackers intend for their illegal discoveries to be exploited by the masses. The fruits of the warez effort can be found all over the Internet.

The search engine Google, which has become known amongst the mainstream as the best search engine, is also recognized by warez traders as an excellent tool for finding warez. Just about any software program you want can be found by going to Google and typing the name of the program followed by "warez." For example, "photoshop warez" will often bring up hundreds of sites. Warez sites don't stay up for long because they are illegal so many of the sites brought up in a search will have bad links. Still, within the first 25 results it is usually easy to pull up a site with good links.

Once you hit a good site, the world of warez opens up. Thousands of serialz, mountains of crackz -- all primed for download.

New Versions

The terabytes of warez on the Internet and the legions of hackers behind them are a daunting mass of criminal activity the feds will have a difficult time policing. Through the Computer Crime and Intellectual Property Section (CCIPS), the government continues to investigate the warez scene. Its Web site lists several recent indictments and cases. Also the passage of the Digital Millenium Copyright Act has given authorities broader statutes with which to prosecute hackers. Still, staying ahead of a decentralized movement whose skills and methods change daily is nearly impossible.

Jericho believes, however, that the highly publicized DoD bust will have a deep effect. He says, "It will discourage piracy for a short while. It will make it harder for casual warez people to get new stuff as there will be a lack of trust and suspicion."

But will the increased energy invested in enforcing these laws really discourage the warez scene, or will it simply drive warez hackers further underground, making them stronger and harder to catch?

For hackers like Fravia, the answer is clear -- the war must go on, even if the most recent battle was lost. "We will change the world," Fravia says. "We are already doing it."

Omar J. Pahati is the associate editor of
ACLU By ACLUSponsored

Imagine you've forgotten once again the difference between a gorilla and a chimpanzee, so you do a quick Google image search of “gorilla." But instead of finding images of adorable animals, photos of a Black couple pop up.

Is this just a glitch in the algorithm? Or, is Google an ad company, not an information company, that's replicating the discrimination of the world it operates in? How can this discrimination be addressed and who is accountable for it?

“These platforms are encoded with racism," says UCLA professor and best-selling author of Algorithms of Oppression, Dr. Safiya Noble. “The logic is racist and sexist because it would allow for these kinds of false, misleading, kinds of results to come to the fore…There are unfortunately thousands of examples now of harm that comes from algorithmic discrimination."

On At Liberty this week, Dr. Noble joined us to discuss what she calls “algorithmic oppression," and what needs to be done to end this kind of bias and dismantle systemic racism in software, predictive analytics, search platforms, surveillance systems, and other technologies.

What you can do:
Take the pledge: Systemic Equality Agenda
Sign up